Off the Wire

Off The Wire Archive

News items for January 2009

iPhone security software review - Data Guardian
Data Guardian is a security utility that allows you to hold all your private information inside a locked database. [more]
Thursday, 29 January 2009, 10:27 PM CET

What the Heartland data breach tells us
The recent data breach at Heartland Payment Systems should make one thing clear: the standards for security around credit card numbers still aren't good enough. New technologies are needed to ensure that credit card numbers and other forms of sensitive information can be protected well enough. It's probably the case an entirely approach to information security is also needed. [more]
Thursday, 29 January 2009, 9:18 PM CET

Beware of Facebook 'friends' who may trash your laptop
The message that popped into Laurie Gale's Facebook inbox last month seemed harmless enough -- a friend had seen a video of Ms. Gale and had sent a link so Ms. Gale could view it. The link led to a video site that prompted her to update her video software, which she did. [more]
Thursday, 29 January 2009, 6:04 PM CET

Code Review or WAFs? PCI 6.6
Compliance with requirement 6.6 of the PCI DSS cites the use of either a web application firewall (WAF) or code review. It’s far more effective to combine both. [more]
Wednesday, 28 January 2009, 10:27 PM CET

Book review - Is It Safe? Protecting Your Computer, Your Business, and Yourself Online
With the evolving world of the Internet, malicious activities are elevating rapidly. Majority of the attacks are targeting novice users, those who are not educated about the basic online security principles. Miller's "Is It Safe?" comes to the rescue as a perfect reading material for any computer user who wants to take online safety in his own hands. [more]
Tuesday, 27 January 2009, 10:51 PM CET

Whitepaper - Solving the password management paradox
Discover how to solve the need for security without burdening the worker with oppressive requirements. [more]
Tuesday, 27 January 2009, 10:30 PM CET

Serious security alert for and users
Sophos is advising all users of careers website and, the official job site of the US Federal Government, to change their passwords following news that both sites have been the victim of a serious hacking attack which has compromised both and usernames and passwords. [more]
Monday, 26 January 2009, 9:26 PM CET

Fastflux makes for some cool graphs
Data visualization is incredibly useful in not only tracking down anomalous behavior on a network but also for displaying metrics and data to the non technical folks. [more]
Monday, 26 January 2009, 8:17 PM CET

Closed source conspiracy
Many people in the industry have an innate fear of closed source (AKA proprietary software), which especially applies to everything crypto-related. [more]
Monday, 26 January 2009, 8:02 PM CET

Bruce Schneier on privacy and property in the information state
Wired columnist and BT chief security technology officer, Bruce Schneier, who started out as a cryptologist and has since expanded his portfolio to all things security, is the TSA's worst nightmare. [more]
Monday, 26 January 2009, 11:27 AM CET

What PCI compliance really means
One of my big frustrations is when people say things that sound reasonable and yet are entirely wrong. [more]
Friday, 23 January 2009, 6:12 PM CET

Protecting SOA against internal attacks
It is critical to have a good understanding of the data flow in order to select the optimal protection approach at different points in the enterprise. By properly understanding the dataflow we can avoid quick fixes and point solutions and instead implement a protection strategy encompassing protection all the way from the data sources. [more]
Thursday, 22 January 2009, 11:30 PM CET

Almost 6% percent of computers infected with the Conficker worm
PandaLabs revealed that almost six percent (5.77 percent) of the two million computers they scanned showed an infection by the malicious Conficker worm. The worm, which originated in China, has now extended across 83 countries, and is particularly virulent in the United States, Spain, Taiwan, Brazil and Mexico. [more]
Thursday, 22 January 2009, 10:12 PM CET

ENISA survey on the resilience of communication networks
The European Network and Information Security Agency (ENISA) launches a report on resilience of communication networks. The survey reveals a better than expected network availability, with only 10 hours downtime a year. Availability is vital not only to business, but also to private consumers. Service providers show a higher level of service to both actors than expected. [more]
Thursday, 22 January 2009, 9:09 PM CET

Remote access using NX and OpenSuse 11.1
NoMachine NX is a solution for secure remote access, desktop virtualization, and hosted desktop deployment using compression, session resilience and resource management. [more]
Thursday, 22 January 2009, 5:05 PM CET

Whitepaper - Block evolving spam, secure your network
New spamming techniques are upon us - 419 spam, botnets, CAPTCHA cracking - what's next from the "bad guys"? [more]
Thursday, 22 January 2009, 5:05 PM CET

How to use Twitter for information mining
Twitter is fun. It's also a powerful research tool. People increasingly use Twitter to share advice, opinions, news, moods, concerns, facts, rumors, and everything else imaginable. Much of that data is public and available for mining. [more]
Thursday, 22 January 2009, 10:58 AM CET

Alternatives for fixing unchecked redirect vulnerabilities
Unchecked redirect vulnerabilities are annoying to fix for our customers. Sometimes the developers need to link to a constantly changing selection of partners and they always have to support different redirect URLs for testing, integration, and production. [more]
Wednesday, 21 January 2009, 10:50 AM CET

Heartland Payment Systems uncovers malicious software in its processing system
After being alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland's network. [more]
Wednesday, 21 January 2009, 3:42 AM CET

Book review - Making Things Happen: Mastering Project Management
It doesn't matter if you just got that promotion and you're supposed to oversee a project or if you're a one man band working on something, "Making Things Happen" is essentially for anyone. Why is this review on a website dedicated to computer security? Well, project management is essential in every aspect of an organization and the security team is no exception. [more]
Tuesday, 20 January 2009, 11:54 PM CET

Slumping economy will drive malware threats
McAfee announced its 2009 threat predictions. The top trend to emerge for 2009 is the continued exploitation of the financial crisis to scam users with fake financial transactions services, fake investment firms, and fake legal services. The report examines the accuracy of last year’s predictions and provides new insight as to where computer security threats are headed this year. [more]
Tuesday, 20 January 2009, 8:47 PM CET

Whitepaper - Protecting virtual machines
By enabling IT managers to move virtual machines (and the applications they host) between physical servers, server virtualization gives them a powerful method for reducing planned downtime and speeding recovery. [more]
Tuesday, 20 January 2009, 8:43 PM CET

Q&A: current security threats
Simon Heron is an Internet Security Analyst at Network Box, a managed security company, where he is responsible for developing the overall business strategy and growth. In this interview he discusses the current online security threats, the full disclosure of vulnerabilities as well as Network Box. [more]
Tuesday, 20 January 2009, 6:21 PM CET

Free guide: Vulnerability management buyer's checklist
Choosing a solution for Vulnerability Management (VM) is a critical step toward protecting your organization's network and data. [more]
Tuesday, 20 January 2009, 12:21 AM CET

Biometric technology for entering the United States gets an update
The U.S. Department of Homeland Security announced that upgraded biometric technology is in place at major U.S. ports of entry, and most international visitors should expect to use the new technology when they enter the United States. [more]
Monday, 19 January 2009, 11:10 PM CET

AntiXSS Library 3.0 - test harness
Test Harness application is created to help the users to quickly get started and validate the successful blocking of XSS issues by the Library and also to measure the enhanced performance claims of the AntiXSS V 3.0 against Microsoft .NET encoding library. [more]
Monday, 19 January 2009, 8:39 PM CET

SANS top 25 epic fail: CWE-319
If you've taken the time to read over the "Top 25 Most Dangerous Programming Errors" published by SANS recently, you may (or may not) have noticed that CWE-319 is an anomaly. [more]
Monday, 19 January 2009, 5:05 PM CET

Course: How to arm your organization against increasing e-security risks
If you manage an e-business, or the IT infrastructure resources that support one, this is the course for you. [more]
Monday, 19 January 2009, 5:04 PM CET

Targeted social engineering
There are many variants on each, but in general, mass attacks do not distinguish by target either through the exploit, vector and social engineering used. [more]
Monday, 19 January 2009, 12:44 PM CET

Web Application Firewalls and PCI DSS
We all know that time is a critical factor in selecting solutions to prevent breaches. Web Application Firewalls (WAF) are the most effective mechanisms to immediately address security issues since the security rule set can be adjusted to stop new attack types without requiring system downtime while you’re changing the application code. [more]
Monday, 19 January 2009, 10:00 AM CET

Podcast: Tackling the authentication nightmare
In the new edition of the HNS podcast, Jonathan Craymer, chairman of GrIDsure talks about tackling the authentication nightmare by getting the right balance between security and ease of use. [more]
Thursday, 15 January 2009, 9:44 PM CET

Builders, breakers, and malicious hackers
There is a new meme in Web security that states we should focus the bulk of our attention on building secure software instead of breaking it. [more]
Thursday, 15 January 2009, 9:12 AM CET

Anonymous proxies a major security concern for IT managers
Anonymous proxies can cause a variety of issues for organisations, yet concerns seem to vary depending on the sector. The private sector is primarily concerned with Acceptable Use Policy violation and lost productivity, as well as threats to network security and data leakage. In the education sector, issues such as child protection, avoiding the exposure of students to inappropriate online material, and the prevention of bullying are of high importance. [more]
Wednesday, 14 January 2009, 11:58 PM CET

Burglar arrested as police post CCTV images on Facebook
Police in New Zealand have used popular social networking website Facebook to aid their criminal investigations, following the arrest of a 21-year-old apprentice from Queenstown who attempted to break into a safe containing approximately NZD 20,000. [more]
Wednesday, 14 January 2009, 11:45 PM CET

Book review - Web Security Testing Cookbook
Buying furniture on eBay, selling childhood ZX Spectrum cassette tapes, doing online banking - every service we use is powered by a robust web application. With all the interaction with users, there are a number of ways that these apps can go wrong. "Web Security Testing Cookbook" is one of the latest books that will help developers spark some ideas on breaking and therefore fixing their web applications. [more]
Tuesday, 13 January 2009, 11:54 PM CET

Future of Privacy Forum issues recommendations for the new presidential administration
The Future of Privacy Forum (FPF) today proposed seven privacy recommendations to the upcoming administration. FPF urges the President-elect to also appoint a Chief Privacy Officer in order to recognize that responsible use of data by businesses and government is critical to the economy, to protecting civil liberties and to ensuring public safety. [more]
Tuesday, 13 January 2009, 10:51 PM CET

IT security spending will increase to match cybercrime threat in 2009
A Finjan survey focused on determining the trends for allocating IT budgets in 2009 compared to 2008. The results reveal that the total IT budgets for 2009 tend to be reduced compared to 2008. However, the IT security budget outlook was more optimistic since organizations intend to dedicate a larger part of their total IT budgets to IT security. [more]
Monday, 12 January 2009, 11:54 PM CET

Whitepaper - Laws, regulations and compliance
Learn how with the right combination of policies, technologies, and strategies, you can achieve a fully secure network and enforce compliance. [more]
Monday, 12 January 2009, 10:48 PM CET

CWE/SANS top 25 most dangerous programming errors
Experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. [more]
Monday, 12 January 2009, 8:49 PM CET

Adding Windows 7 to Linux multiboot
Installing Windows 7 will wipe your custom GRUB configuration. [more]
Monday, 12 January 2009, 8:44 PM CET

Applicable lessons from the embedded world (aka Forth rules)
The core of Forth is a simple loop that does parsing, and executes Forth words that are responsible for control structures, and this is the ‘compiler’ for Forth programs. [more]
Saturday, 10 January 2009, 12:06 PM CET

Closer look on the spam URL TLD distribution
ICANN stipulates that all domains must be connected to a registrar, and all applications for domain names must be submitted through a registrar. Today there are hundreds of thousands of Web sites registered. The process is simple and not very costly. However, spammers can easily register domains, and it is often hard for registrars to distinguish between spammers and legitimate organizations and Web site developers. [more]
Friday, 9 January 2009, 11:21 PM CET

Oracle critical patch update to contain 41 security fixes
Next Tuesday, January 13 2009, Oracle will release a Critical Patch Update, a collection of patches for multiple security vulnerabilities. This update will contains 41 security fixes across hundreds of Oracle products and some of the vulnerabilities affect multiple products. [more]
Friday, 9 January 2009, 9:09 PM CET

Information security assessment RFP cheat sheet
This cheat sheet offers tips for planning, issuing and reviewing Request for Proposal (RFP) documents for information security assessments. [more]
Friday, 9 January 2009, 12:03 AM CET

An Israeli patriot program or a Trojan?
Recently we have been witnessing a rise of politically motivated hacking attacks by supporters both sides involved in military actions in Gaza. [more]
Thursday, 8 January 2009, 10:43 PM CET

Cybercriminal jailed for 30 years in Turkey
According to reports, Maksym Yastremskiy, also known as "Maksik", sold hundreds of thousands of credit card numbers and other personal information, and was one of the gang charged in August 2008 with stealing customer information. [more]
Thursday, 8 January 2009, 8:04 PM CET

Round Cube webmail probes spreading rapidly
The MSI HoneyPoint Security Server deployment has identified a set of 0-day scans and probes against the Round Cube Webmail system. [more]
Thursday, 8 January 2009, 8:03 PM CET

SIEM: the answer to awkward security questions
How security information and event management solutions help to ensure your organization doesn’t get caught off-guard. [more]
Thursday, 8 January 2009, 8:02 PM CET

The Identity Theft Resource Center’s 2008 breach report
Reports of data breaches increased dramatically in 2008. The Identity Theft Resource Center’s 2008 breach report reached 656 reported breaches at the end of 2008, reflecting an increase of 47% over last year’s total of 446. In terms of sub-divisions by type of entity, the rankings have not changed between 2007 and 2008 within the five groups that ITRC monitors. [more]
Wednesday, 7 January 2009, 8:53 PM CET

Best practices for certificate expiration
I was asked by a client to look at best practices for digital certificates, such as X.509 and the like. I extended that research to include all types of encryption certificates, SSL/code signing, etc. [more]
Wednesday, 7 January 2009, 8:24 PM CET

Majority of companies spend ‘no time’ managing their security systems
Nearly two-thirds of UK businesses do not look after their Internet security effectively, according to new research. A survey undertaken by Network Box, found that just over 65 per cent of companies spend ‘no time’ managing their security systems (anti-virus, anti-spam, content filtering, VPN, intrusion detection and web usage and bandwidth policies). [more]
Tuesday, 6 January 2009, 11:00 PM CET

Whitepaper - Good architecture and security
The Good wireless handheld computing system provides end-to-end security across three critical links. [more]
Tuesday, 6 January 2009, 10:45 PM CET

Whitepaper - 4 key steps to automate IT security compliance
A unified approach for IT, audit and operation teams. [more]
Monday, 5 January 2009, 5:05 AM CET

14% of SSL certificates signed using vulnerable MD5 algorithm
Netcraft's SSL Survey shows that 14% of valid third party SSL certificates have been issued using MD5 signatures — an algorithm that has recently been demonstrated to be vulnerable to attack by producing a fake certificate authority certificate signed by a widely-trusted third party certificate authority. [more]
Monday, 5 January 2009, 12:09 AM CET

Addressing the challenges of identification and authentication in American society
How individuals identify themselves in our country grows more complex by the year. [more]
Monday, 5 January 2009, 12:03 AM CET

On the ‘09 infrastructure security radar
In considering the past year and what’s in store for 2009 and beyond, there’s a broad spectrum of Internet infrastructure security related issues that are sure to make for absorbing times in the coming years. [more]
Saturday, 3 January 2009, 3:19 PM CET

Private firm may track all email and calls
The private sector will be asked to manage and run a communications database that will keep track of everyone's calls, emails, texts and internet use under a key option contained in a consultation paper to be published next month by Jacqui Smith, the home secretary. [more]
Friday, 2 January 2009, 2:34 PM CET

Futuristic security checkpoint predicts your actions
New security check points in 2020 will look just like something out of the futuristic movie, The Minority Report. [more]
Friday, 2 January 2009, 9:27 AM CET

Information gathering with GPG/PGP keytrusts
Some times you just need to know more about a person... [more]
Thursday, 1 January 2009, 1:38 PM CET


The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 1st