Off the Wire

Off The Wire Archive

News items for January 2008

Where's my iPhone? A lesson in incident response
What follows is the incident response procedure that I followed once I found out my iPhone had been stolen. It's not a comfortable feeling to know that someone else has control over a device containing your information. However, you must remain calm and follow some sort of incident response procedure. Sometimes this is not as easy as it sounds, as you will see in this article. Once the incident is over the most important thing you must do is learn from it. Hopefully you can learn from my experience. [more]
Wednesday, 30 January 2008, 7:06 PM CET

Terror suspects hone anti-detection skills
Simple codes, remote sites, Internet phone calls among means used to foil high-tech surveillance. [more]
Wednesday, 30 January 2008, 3:22 PM CET

Anonymous hackers find and punish the wrong guy
Anti-Scientology agitators have repeatedly harassed and threatened violence against a 59-year-old PG&E worker and his wife, who were mistakenly flagged as pro-Scientology hackers. [more]
Wednesday, 30 January 2008, 3:09 PM CET

Software review - Lavasoft Digital Lock
Lavasoft is a company well known for their flagship product Ad-Aware, one of the early software programs that dealt with spyware and adware threats. In 2007 they switched focus from solely developing the anti malware product, into more mainstream tools such as a personal firewall, file shredder and an encryption utility. The fine folks from the company recently shipped us a couple of registration keys for their products, so here is a review of their crypto part of the portfolio - Lavasoft Digital Lock. [more]
Tuesday, 29 January 2008, 8:34 PM CET

Whitepaper - NAC: managing unauthorized computers
Learn how your enterprise can combat today's threats and still remain nimble enough for tomorrow's potential threats. [more]
Tuesday, 29 January 2008, 10:21 AM CET

Spies in the phishing underground
Well-known security researchers that have recently managed to infiltrate the phishing underground. In this interview, they expose the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and even how they phish each other. [more]
Monday, 28 January 2008, 10:48 AM CET

Security policy in the age of compliance
A properly drafted and implemented security policy serves to protect information, systems and even people; it sets guidelines for expected employee behavior, and authorizes security personnel to monitor, probe, investigate, define, and determine the consequences of violating the policy. [more]
Monday, 28 January 2008, 10:21 AM CET

Bush order expands network monitoring
President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. [more]
Monday, 28 January 2008, 12:10 AM CET

Troubleshooting RPC across firewalls
Applications that want to talk to other servers will often use the Remote Procedure Call (RPC) infrastructure to communicate instead of inventing their own protocol. [more]
Monday, 28 January 2008, 12:09 AM CET

Celebrity advice on keeping your Linux desktop secure
One of the main reasons people move from Windows to Linux is the promise of greater security from malware on the Internet. Everyone knows you need to add extra security to try to keep a Windows desktop safe, but what do you have to do to accomplish the same thing on Linux? [more]
Monday, 28 January 2008, 12:06 AM CET

Social engineering: threats and countermeasures
In a nutshell, social engineering is a method of gaining access privileges to an organisation and its assets by querying personnel over communications medium such as telephone, e-mail, chat, bulletin boards, face-to-face etc. from a fraudulent “privileged” position. The methodology employs a number of techniques to determine the level of 'security awareness' that exists in the organization under review. [more]
Friday, 25 January 2008, 6:34 PM CET

UNIX spam and virus filtering for e-mail
Look beyond tools like SpamAssassin and Amavis to see how you can extend them and provide additional filtering facilities to lower the amount of spam hitting the e-mail boxes of your users. [more]
Friday, 25 January 2008, 9:30 AM CET

Security and privacy aren't opposites
If there's a debate that sums up post-9/11 politics, it's security versus privacy. Which is more important? [more]
Friday, 25 January 2008, 12:03 AM CET

Potentially the biggest privacy breach at MySpace to date
"I think the greatest motivator was simply to prove that it could be done," file creator "DMaul" says in an e-mail interview. "I made it public that I was saving these images. However, I am certain there are mischievous individuals using these hacks for nefarious purposes." [more]
Thursday, 24 January 2008, 8:33 AM CET

RIAA sends MIT settlement letters alleging infringement
Nineteen members of the MIT community have been asked by the recording industry to preemptively settle lawsuits for allegedly downloading music illegally on peer-to-peer networks. [more]
Thursday, 24 January 2008, 8:24 AM CET

Prevent snooping on your Google search queries
There are chances that someone is secretly spying on your Google search tracks for various reasons. [more]
Thursday, 24 January 2008, 8:21 AM CET

Troubleshooting with Apache logging
The Apache Web server (Apache) comes with a powerful logging framework. [more]
Thursday, 24 January 2008, 8:18 AM CET

Visualizing audit logs with mkbar
The 2.6 Linux kernel comes with a very flexible and powerful auditing subsystem called auditd. [more]
Wednesday, 23 January 2008, 12:00 AM CET

Mac security under real threat?
The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there's a chance they could send a clear message to the attackers that it's not financially rewarding to target Macs. [more]
Tuesday, 22 January 2008, 7:05 PM CET

Book review - Cisco Networking Simplified (2nd Edition)
Although the vast majority of Cisco Press titles are geared towards intermediate and advanced readers that can solve complex network issues at 3 AM on a Sunday, this is one of those rare books that wants to help those getting into the vast subject of Cisco networking. [more]
Tuesday, 22 January 2008, 7:04 PM CET

Tide is turning for web application firewalls
There is a long-running tradition in the web application firewall space; every year we say: "This year is going to be the one when web application firewalls take off!" [more]
Tuesday, 22 January 2008, 3:16 PM CET

Analysis: Metcalfe's Law + Real ID = more crime, less safety
"We have a saying in this business: 'Privacy and security are a zero-sum game.'" Thus spake security consultant Ed Giorgio in a widely-quoted New Yorker article on the US intelligence community's plans to vacuum up and sift through everything that flies across the wires. But Giorgio is wrong—catastrophically wrong. [more]
Tuesday, 22 January 2008, 11:25 AM CET

EU official says IP address is personal
Google disagrees, insists IP address merely identifies computer location. [more]
Tuesday, 22 January 2008, 12:00 AM CET

Web 2.0 security
This document provides security aspects for Web 2.0 based services. It provides a list of threats that need to be considered for mitigation when deploying Web 2.0 services as well as ideas on how to deal with them. [more]
Monday, 21 January 2008, 7:49 PM CET

Can't remember your password? Don't panic
Companies are competing to introduce a single, secure login that would work for all bank accounts, shopping sites and other web activities. [more]
Monday, 21 January 2008, 1:34 PM CET

Wisconsin and New York unplug Matrix
Wisconsin and New York became the latest states to drop out of a controversial interstate law enforcement data-sharing program shortly after joining it. [more]
Monday, 21 January 2008, 12:03 AM CET

Yahoo OpenID plan spotlights privacy issues
Even more daunting is the possibility that an aggressive hacker could use the Yahoo data to pose as his or her victim on every site in the user's OpenID profile. With every new site, the potential consequences of a cracked file or misplaced laptop containing Yahoo's OpenID data grow that much more serious. [more]
Monday, 21 January 2008, 12:00 AM CET

Facebook faces privacy questions
Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office. [more]
Friday, 18 January 2008, 8:58 PM CET

Skype cross zone scripting vulnerability details and video
A vulnerability that allowed an attacker to execute arbitrary code on a Skype user’s Windows PC without their consent has been discovered. [more]
Friday, 18 January 2008, 4:28 PM CET

White House routinely overwrote e-mail tapes
E-mail messages sent and received by White House personnel during the first three years of the Bush administration were routinely recorded on tapes that were "recycled," the White House's chief information officer said in a court filing this week. [more]
Friday, 18 January 2008, 11:02 AM CET

Spy gear and police tech at homeland security conference
From throwable video cameras to shotgun-wielding robots, these are the gadgets that help you sleep at night, unless you have something to hide. [more]
Friday, 18 January 2008, 10:54 AM CET

5 VoIP threat predictions for 2008
Based on industry trends that include major IP telephony vendors offering SIP solutions, enterprises deploying VoIP and unified communications beyond the traditionally secure perimeter, and service providers aggressively embracing fixed mobile convergence here are the VoIP threat predictions for the year ahead. [more]
Friday, 18 January 2008, 2:36 AM CET

Will antitrust probes spread beyond Microsoft?
The EU is developing a very different approach to antitrust law. [more]
Friday, 18 January 2008, 1:45 AM CET

Whitepaper - Demystifying the PCI Data Security Standard
Stay on top of the PCI requirements for secure credit card transactions in your network. [more]
Friday, 18 January 2008, 1:42 AM CET

Security and obscurity
Many of us are familiar with a concept know as security by obscurity. The term has quite negative connotations within the security community - often for the wrong reasons. [more]
Friday, 18 January 2008, 12:00 AM CET

Are you suffering from password pressure?
Few things make you feel more helpless than sitting blank-faced at a screen, looking at a flashing cursor and a message saying "PASSWORD INCORRECT" in a disapproving tone. But that was the one for your bank, wasn't it? [more]
Thursday, 17 January 2008, 3:46 PM CET

Security breakdown
As the market for selling exclusive information on software vulnerabilities grows, Sean Hargrave reveals how the hackers' gain is your loss when it comes to PC security. [more]
Thursday, 17 January 2008, 1:01 AM CET

Crime suspect forced to reveal password to computer files
The federal government is asking a U.S. District Court in Vermont to order a man to type a password that would unlock files on his computer, despite his claim that doing so would constitute self-incrimination. [more]
Thursday, 17 January 2008, 12:57 AM CET

Tips and tricks: yum-security
The yum-security package is a new feature of the Red Hat Enterprise Linux 5.1 update. [more]
Wednesday, 16 January 2008, 8:13 PM CET

Annvix: A stable, secure, no-frills server distro
Annvix is a distribution aimed at providing a secure, stable, and fast base for servers. Be warned, however: Annvix is not for everyone. [more]
Wednesday, 16 January 2008, 7:23 PM CET

Setup and benchmark encrypted partitions in Ubuntu
We’ll benchmark the raw performance of an encrypted volume and compare the results to an unencrypted volume and see just what kind of real world compromises we see. [more]
Wednesday, 16 January 2008, 5:13 PM CET

Microsoft seeks patent for office 'spy' software
Microsoft is developing Big Brother-style software capable of remotely monitoring a worker’s productivity, physical wellbeing and competence. [more]
Wednesday, 16 January 2008, 4:15 PM CET

Swedish prosecutors dump 4,000 legal docs on The Pirate Bay
As the calendar pages turned from 2007 to 2008, one constant remained for the motion picture and music industries: The Pirate Bay's willingness to ignore their threats (and copyrights) to the point that the Swedish group's site has become the go-to destination for torrented content on the Internet. [more]
Wednesday, 16 January 2008, 8:34 AM CET

MediaDefender hacker speaks out
In September 2007, anti-piracy company MediaDefender’s emails went public after a hacker gained access to their systems. The attacks cost the company a huge amount of money, not to mention acute embarrassment. Now the person behind the attacks speaks. [more]
Wednesday, 16 January 2008, 1:14 AM CET

Student points out 2nd security flaw on TSA Web site
For those keeping score, it's Chris Soghoian 2, Transportation Security Administration 0. [more]
Wednesday, 16 January 2008, 1:12 AM CET

Most Oracle database pros ignore security patches
A survery by Sentrigo indicates that most Oracle database administrators do not apply the Critical Patch Updates that Oracle issues on a quarterly basis which leaves databases open to exploits. 67.5 percent of the respondents said they had never applied any Oracle CPU. [more]
Tuesday, 15 January 2008, 3:07 PM CET

Modeling urban panic
Professor’s computer predicts crowd behavior. [more]
Tuesday, 15 January 2008, 1:21 AM CET

US drafting plan to allow government access to any email or Web search
National Intelligence Director Mike McConnell is drawing up plans for cyberspace spying that would make the current debate on warrantless wiretaps look like a "walk in the park," according to an interview published in the New Yorker's print edition today. [more]
Tuesday, 15 January 2008, 1:18 AM CET

Trojan targets over 400 banks
Targeting over 400 banks and having the ability to circumvent two-factor authentication are just two of the features that push Trojan.Silentbanker into the limelight. [more]
Tuesday, 15 January 2008, 12:00 AM CET

Book review - Linux Administration Handbook (2nd Edition)
This 1000+ pages guide is concentrated on one sole thing - expanding and upgrading your knowledge on administration of different Linux operating systems. As with this kind of books, desktop usage is covered very lightly, while the focus is on doing more interesting stuff on your Linux box. [more]
Monday, 14 January 2008, 6:13 PM CET

TSA security flaws exposed users to risk of identity theft
The chairman of the House Oversight and Government Reform Committee published a report Friday with details about the committee's investigation into security flaws found in the Transportation Security Administration's (TSA) traveler redress website. [more]
Monday, 14 January 2008, 12:16 AM CET

DRM is dead, but watermarks rise from its ashes
With all of the Big Four record labels now jettisoning digital rights management, music fans have every reason to rejoice. [more]
Monday, 14 January 2008, 12:00 AM CET

AIX NFS Version 4 configuration over Kerberos inter-realm setup
Learn how to configure an inter-realm setup between IBM Network Authentication Service (IBM NAS) and Microsoft Active Directory for AIX Network File System (NFS) Version 4. [more]
Friday, 11 January 2008, 1:09 PM CET

Defensible network architecture 2.0
Four years ago when I wrote The Tao of Network Security Monitoring I introduced the term defensible network architecture. [more]
Friday, 11 January 2008, 10:51 AM CET

Security policies in the application development process
ISO 17799 defines a security policy as a document providing management direction and support for information security in accordance with business requirements and relevant laws and regulations. [more]
Friday, 11 January 2008, 12:21 AM CET

FBI wiretaps dropped due to unpaid bills
Telephone companies have cut off FBI wiretaps used to eavesdrop on suspected criminals because of the bureau's repeated failures to pay phone bills on time. [more]
Friday, 11 January 2008, 12:03 AM CET

Hacker breaches UGA system
University of Georgia suffers a breach. [more]
Thursday, 10 January 2008, 11:21 AM CET

Bruce Schneier: steal this Wi-Fi
Whenever I talk or write about my own security setup, the one thing that surprises people - and attracts the most criticism - is the fact that I run an open wireless network at home. There's no password [more]
Thursday, 10 January 2008, 11:14 AM CET

Cross Site Printing: printer spamming
By using only JavaScript, an Internet web site can remotely print to an internal network based printer by doing an HTTP Post. The web site initiating the print request can print full text, enter PostScript commands allowing the page to be formatted, and in some cases send faxes. [more]
Wednesday, 9 January 2008, 10:23 PM CET

Island hopping: the infectious allure of vendor swag
The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. [more]
Wednesday, 9 January 2008, 10:39 AM CET

Open source code contains security holes
Open source code, much like its commercial counterpart, tends to contain one security exposure for every 1,000 lines of code, according to a program launched by the Department of Homeland Security to review and tighten up open source code's security. [more]
Wednesday, 9 January 2008, 10:32 AM CET

Illegal immigrants turn to identity theft
Legal names and government-issued ID numbers used to thwart detection. [more]
Wednesday, 9 January 2008, 10:30 AM CET

Windows domain password policies
If you are an administrator of a Windows domain, you are all too aware of the constraints relating to password policies for domain user accounts. [more]
Wednesday, 9 January 2008, 1:11 AM CET

Enemies at the gate
Dateline investigation suggests that even now, six years after the 9/11 attacks, terrorists could easily get a passport to cross almost any border. [more]
Wednesday, 9 January 2008, 12:37 AM CET

Book review - Networking with Microsoft Windows Vista
Although Windows Vista is not being adopted as fast as Windows XP was back in the day, this operating system is undoubtedly gaining ground and being introduced into places that require it to work with other machines on a network. This book aims to take the pain out of networking with Windows Vista and show you how it's done. Read on to discover what it has to offer. [more]
Tuesday, 8 January 2008, 5:23 PM CET

Securing Linux laptops
While you can find dozens of products to secure Windows laptops, security products for Linux laptops are scarcer - but they do exist. [more]
Tuesday, 8 January 2008, 10:56 AM CET

Boeing's new 787 may be vulnerable to hacker attack
Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration. [more]
Tuesday, 8 January 2008, 12:18 AM CET

Keep Internet junk at bay with content filters
Here are some tools you can use to filter the content a Web site renders to you. [more]
Tuesday, 8 January 2008, 12:09 AM CET

Enable the (hidden) administrator account on Windows Vista
Many people familiar with prior versions of Windows are curious what happened to the built-in Administrator account that was always created by default. [more]
Tuesday, 8 January 2008, 12:06 AM CET

Introduction to the .nessus scan, policy and report format
The Nessus Client 3.0 introduced a new format for Nessus scan policies, targets and results. [more]
Tuesday, 8 January 2008, 12:00 AM CET

White hat hackers in demand
Gregston Chu knows all the tricks of being a hacker, from talking his way into secure buildings to exploiting holes in Internet security or gaps in internal company systems to grab control of computers. [more]
Monday, 7 January 2008, 6:16 PM CET

Platform features for validating input in .NET Framework
There are many platform features which should be leveraged wherever possible. Some of the key validation features supported by .NET framework are in this article. [more]
Monday, 7 January 2008, 3:52 PM CET

CA's website hacked by malware authors
Part of security software vendor CA's website was hacked last week and was redirecting visitors to a malicious website hosted in China. [more]
Monday, 7 January 2008, 12:12 AM CET

WiFi epidemiology: can your neighbors’ router make yours sick?
In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attack and affect entire urban areas WiFi networks. [more]
Monday, 7 January 2008, 12:06 AM CET

Malware 2.0 meets security 2.0
A three-pronged approach can prevent threats from damaging data networks. [more]
Monday, 7 January 2008, 12:03 AM CET

Government's record year of data loss
A record 37 million items of personal data went missing last year, new research reveals. [more]
Monday, 7 January 2008, 12:01 AM CET

Questions to consider in the coming privacy wars
It seems obvious that privacy is going to be a major point of contention in the near-term future. [more]
Friday, 4 January 2008, 12:15 AM CET

EU: one license, DRM scheme to rule them all
Companies that want to sell online content in the European Union know that the common market doesn't apply to everything; selling digital music or offering movie downloads in Europe means negotiating separate licensing agreements in different countries and launching multiple storefronts. [more]
Friday, 4 January 2008, 12:09 AM CET

Creating more secure SWF web applications
Adobe frequently updates the Flash Player software security model to improve the security of the Flash Player environment. However, that only addresses half of the overall solution to help securely deploy applications that run in Flash Player. [more]
Friday, 4 January 2008, 12:06 AM CET

IT security compliance success factors
In recent times there has been significant growth in the intensity and complexity of legislation and regulation that relates to corporate governance. [more]
Thursday, 3 January 2008, 5:00 PM CET

Phishing kits take advantage of novice fraudsters
A phishing kit targeting the Bank of America contains an interesting insight into the intellectual hierarchy involved in Internet fraud. [more]
Thursday, 3 January 2008, 12:39 PM CET

Cyber thieves target social sites
It is not just the average net user who is a fan of social network sites, so are hi-tech criminals. [more]
Thursday, 3 January 2008, 12:38 PM CET

Securing Joomla! installations
The first rule of security when it comes to Joomla! is "update frequently," because whenever a new version comes out, it usually comprises several user-reported bug and security fixes. [more]
Thursday, 3 January 2008, 12:38 PM CET

The botnet ecosystem: what's the point?
As we end our look at the botnet ecosystem, let us reflect on what we have learned. [more]
Thursday, 3 January 2008, 9:22 AM CET

The five coolest hacks of 2007
Nothing was sacred - not cars, not truckers, not even the stock exchange. [more]
Thursday, 3 January 2008, 9:18 AM CET

Australia lags on privacy front
Individual privacy is under threat around the world as governments continue introducing surveillance and information-gathering measures, according to an international rights group. [more]
Thursday, 3 January 2008, 9:16 AM CET

Computer forensics faces private eye competition
Who has the right to probe digital crime? That very question may be the next battleground between the flatfooted private detective of old and the new-age computer sleuth. [more]
Thursday, 3 January 2008, 12:06 AM CET

Government sites aid identity thieves
Online investigations in Maryland and other states found troves of Americans' private information vulnerable to identity thieves. [more]
Wednesday, 2 January 2008, 5:14 PM CET

Maltego mines the Internet without violating TOS
Maltego uses numerous methods to search for public information about a variety of entities, such as individuals, phrases, email addresses, URLs, and domain names. [more]
Wednesday, 2 January 2008, 3:21 PM CET

Wireless passport to broadcast your identity
No one likes waiting in line to cross border checkpoints, but will new wireless passports keep your identity safe? [more]
Wednesday, 2 January 2008, 3:20 PM CET

Boom times for hi-tech criminals
Starting a career as a cyber criminal got much easier in 2007. [more]
Wednesday, 2 January 2008, 3:19 PM CET

Researcher says Sears downloads spyware
Sears and Kmart customers who sign up for a new marketing program may be giving up more private information than they'd bargained for, a prominent anti-spyware researcher claims. [more]
Wednesday, 2 January 2008, 12:03 AM CET

Detecting credit card numbers in network traffic
The Payment Card Industry Data Security Standard (PCI-DSS for short), requires that credit card numbers are not transmitted in clear and are not presented to users unmasked. [more]
Wednesday, 2 January 2008, 12:00 AM CET

Phone activity a hazard for firms
Smart phones are poised to become the next major security challenge for businesses. [more]
Tuesday, 1 January 2008, 4:28 PM CET

Leading surveillance societies in the EU and the World 2007
Each year since 1997, the US-based Electronic Privacy Information Center and the UK-based Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of surveillance and privacy protection. [more]
Tuesday, 1 January 2008, 4:25 PM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st