Off the Wire

Off The Wire Archive

News items for October 2008

PCI sample encryption key management documentation
Here is a sample set of encryption key management procedures for a fictitious application. These can be used as a guide to create encryption key management documentation for other applications that would be compliant with PCI DSS requirement 3.6. [more]
Friday, 31 October 2008, 11:10 AM CET

Parallel SSH execution and a single shell to control them all
Parallel ssh, Cluster SSH, and ClusterIt let you specify commands in a single terminal window and send them to a collection of remote machines where they can be executed. [more]
Thursday, 30 October 2008, 3:45 PM CET

Lab tests prove that personal records are leaking out of companies
Patient health records, social security numbers, bank account numbers and internal auditing procedures are examples of the kinds of information that is unknowingly "leaking" out of data centers. This disturbing trend is the result of companies improperly disposing of used data storage products at end-of-life, including a growing practice of selling used computer tape cartridges to so-called "recertifiers." Imation announced it has uncovered these and other serious data security and financial risks facing Corporate America due to improper destruction of used data storage products. [more]
Thursday, 30 October 2008, 11:04 AM CET

Survey finds Americans more wary of cyber crime
More and more Americans are conducting online banking, stock trading and health management, but nearly 60 percent of Americans say that the risks of identity theft have changed their online behaviors, according to a recent survey conducted by the National Cyber Security Alliance (NCSA). [more]
Wednesday, 29 October 2008, 10:45 PM CET

Whitepaper - In-depth look at deduplication technologies
Explore the options and get a clear, unbiased view of the deduplication market. [more]
Wednesday, 29 October 2008, 12:27 PM CET

Test your security IQ
Would you know a security bug if you saw one? Find out by taking this quiz. [more]
Wednesday, 29 October 2008, 12:26 PM CET

With encrypted Wi-Fi vulnerable everyone is risking their assets
The seventh annual Wireless Security Survey from RSA reveals the continued, dramatic growth of wireless networks in the world's major financial centres. The survey of London, New York City and Paris examines the proliferation and inherent security of corporate wireless access points, public hotspots and in-home networks. [more]
Monday, 27 October 2008, 11:59 PM CET

Cybersecurity programs expected to remain strong under next administration
U.S. federal government identity and smart card programs have grown significantly under the Bush administration. But with the election less than two weeks away, one important question on people’s minds is, what will happen under the next administration? [more]
Monday, 27 October 2008, 11:15 PM CET

Guide - Meeting vulnerability scanning requirements for PCI
Learn the scanning requirements for PCI-DSS to achieve compliance. [more]
Monday, 27 October 2008, 4:59 PM CET

Whitepaper - The latest advancements in SSL technology
Learn how to get SSL encryption and increase customer confidence with Extended Validation (EV) SSL Certificates, which trigger the green address bar in high security browsers, allowing your customers to feel safe online. [more]
Saturday, 25 October 2008, 4:41 PM CET

A robot network seeks to enlist your computer
In a windowless room on Microsoft’s campus here, T. J. Campana, a cybercrime investigator, connects an unprotected computer running an early version of Windows XP to the Internet. In about 30 seconds the computer is “owned.” [more]
Wednesday, 22 October 2008, 5:06 AM CET

Perspectives extension improves HTTPS security
Ah, cryptographic security: a boon to those who understand the algorithms, but all too often a lost cause to those who don't. The secure HTTPS protocol for Web surfing is widely accepted, but has one fatal flaw: users ignore certificate error warnings. A Firefox extension called Perspectives aims to close that security hole. [more]
Tuesday, 21 October 2008, 3:15 PM CET

Building c-level confidence with a security blueprint
IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organization’s broader strategic goals. [more]
Tuesday, 21 October 2008, 3:03 PM CET

Video: Compromising electromagnetic emanations of wired keyboards
Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory (LASEC) demonstrated a way of compromising electromagnetic emanations of wired keyboards. [more]
Monday, 20 October 2008, 10:12 PM CET

Is OpenID too open?
For years we've had it beat into our heads that using the same username and password for everything on the web leaves us open to compromise and identity theft. [more]
Monday, 20 October 2008, 3:24 PM CET

Whitepaper - Google vs the world: battle of the message security vendors
With such a powerful name behind it, Google Message Security stands out in a sea of products that do exactly the same thing - or so they say. So when it comes right down to it, how does the Google selection stack up against the rest of messaging security's big guns? [more]
Monday, 20 October 2008, 3:24 PM CET

Passports will be needed to buy mobile phones in the UK
Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance. [more]
Monday, 20 October 2008, 11:47 AM CET

Newark Airport screener accused of stealing electronics from luggage
As a screener at Newark Liberty International Airport, Pythias Brown was supposed to keep deadly objects off airplanes. [more]
Monday, 20 October 2008, 11:46 AM CET

Designing a malicious processor
Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses. [more]
Friday, 17 October 2008, 12:18 AM CET

Whitepaper - How to attain PCI compliance
IT security is on everyone's mind nowadays. In addition to such worries the finance and banking industry has to comply also with the Payment Card Industry Data Security Standards. [more]
Friday, 17 October 2008, 12:03 AM CET

Spammers cloak their reputation
A major trend throughout 2008 that intensified during the third quarter is spammers’ increased use of cloaking techniques to hide their poor reputation behind someone else's good reputation. [more]
Thursday, 16 October 2008, 7:57 PM CET

Quantum cryptography: as awesome as it is pointless
Quantum cryptography is back in the news, and the basic idea is still unbelievably cool, in theory, and nearly useless in real life. [more]
Thursday, 16 October 2008, 11:24 AM CET

Organized cybercrime replaces random individual attacks
Targeted and organized, profit-driven attacks are replacing random individual hacker attacks and presenting increased threats for businesses and government. This new breed of attack, designed to steal valuable and sensitive information or customer data for major financial gain is being orchestrated by criminal networks that bring together specialist skills and expertise. [more]
Wednesday, 15 October 2008, 11:30 PM CET

Q&A: Threats to the US critical communications infrastructure
Paul Parisi is the CTO of and has an extremely broad and deep technical background offering reality based solutions to everyday issues. In this interview he discusses the biggest threats to the communications infrastructure, the full disclosure of vulnerabilities as well as cyberterrorism. [more]
Wednesday, 15 October 2008, 9:35 PM CET

A comparison of virtualization features of HP-UX, Solaris, and AIX
Most IBM AIX administrators understand the virtualization features available to them on their System p platform through PowerVM, which is also available on the System p for Linux. But what about the other UNIX hardware platforms? [more]
Wednesday, 15 October 2008, 7:38 PM CET

The insider security threat in IT and financial services
RSA announced the findings of its latest insider threat survey. Almost half of the respondents' job functions were in information technology. During this era of well-publicized data breaches, the results indicate that even those who should know better are not exempt from the everyday behaviors that can trigger significant risk to sensitive business information. [more]
Monday, 13 October 2008, 9:45 PM CET

Book review - Voice over IP Security
With VoIP becoming practically a household name and present in organizations worldwide, we are witnessing a natural increase in attacks and other problems. With this title, Cisco Press aims to arm the reader with appropriate security knowledge to tackle many of the current challenges. Read on to find out what this book offers. [more]
Monday, 13 October 2008, 9:18 AM CET

ASP.NET data binding and AntiXss encoding
Let's exclusively look at various ASP.NET data binding techniques and how to use AntiXss to encode the output. [more]
Monday, 13 October 2008, 3:27 AM CET

Whitepaper - A new approach to secure file delivery
In this FactPoint study, discover why companies are increasingly adopting managed file transfer to send presentations, audio, video, and other large and important files. [more]
Monday, 13 October 2008, 1:15 AM CET

Man indicted for alleged hack of Sarah Palin’s e-mail account
David C. Kernell, 20, was indicted by a federal grand jury in Knoxville, Tenn., for intentionally accessing without authorization the e-mail account of Alaska governor Sarah Palin. According to the indictment, after answering a series of security questions that allowed him to reset the password and gain access to the e-mail account, Kernell allegedly read the contents of the account and made screenshots of the e-mail directory, e-mail content and other personal information. [more]
Friday, 10 October 2008, 2:49 PM CET

'Unbreakable' encryption unveiled
Perfect secrecy has come a step closer with the launch of the world's first computer network protected by unbreakable quantum encryption at a scientific conference in Vienna. [more]
Thursday, 9 October 2008, 9:40 PM CET

Whitepaper - Best practices for security remote and mobile devices
Discover the best practice approach to mobile and remote security designed to addresses a wide range of known and emerging security threats. [more]
Thursday, 9 October 2008, 9:38 PM CET

Extensive list of new security vulnerabilities in enterprise VoIP systems
VoIPshield Laboratories made its third announcement of security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel. Vulnerabilities were also discovered in Microsoft's VoIP products, and these will be announced next month. [more]
Thursday, 9 October 2008, 9:38 PM CET

Security scans with OpenVAS
As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. [more]
Thursday, 9 October 2008, 9:36 PM CET

Video: European Network and Information Security Agency
In this video, Andrea Pirotti, the Executive Director of ENISA, introduces the agency and its work. [more]
Wednesday, 8 October 2008, 9:26 PM CET

NSA shows the way to develop secure systems
The development of highly secure, low defect software will be dramatically helped by the release of the Tokeneer research project to the open source community by the NSA. The unprecedented release of the project into the open source community aims to demonstrate how highly secure software can be developed cost-effectively, improving industrial practice and providing a starting point for teaching and academic research. [more]
Tuesday, 7 October 2008, 9:17 AM CET

Biometric security for financial meltdown solutions
In today’s world, banks are required to comply with regulations and standards to protect the banks and financial institutions from fraud. To mitigate fraud, these banks and financial institutions need to supplement their internal controls compliance with biometric authentication. Biometrics will prevent data breaches of security. Fraudsters will not limit their fraudulent activities trying to perpetrate frauds using only an ERP system. Users of ERP systems must also secure email systems and any trading systems interfacing with an ERP system. This would tighten security and improve accountability. [more]
Monday, 6 October 2008, 6:50 PM CET

Clean up your filesystems with fslint
Maintaining filesystems can be a real administration burden. [more]
Monday, 6 October 2008, 6:48 PM CET

Free network security audit from Qualys
Find and fix network vulnerabilities with QualysGuard. Register for a 14-day free trial to access all features that make it the most accurate and comprehensive vulnerability management and compliance solution. [more]
Monday, 6 October 2008, 6:47 PM CET

Exploiting systems through ActiveSync
In this update we are going to take a look at the latest version of ActiveSync and demonstrate how one of the core pieces of its technology can be exploited by an authenticated user to inject attacks into a target PC via an attached Windows Mobile device. [more]
Monday, 6 October 2008, 9:18 AM CET

Whitepaper - The promise and pitfalls of 802.11n
802.11n sounds like a panacea - delivering wireless data networking rates that are four to six times faster than earlier 802.11a/g networks and also improving transmission range. But with any new technology, opportunity is accompanied by a few new challenges. [more]
Monday, 6 October 2008, 12:06 AM CET

Practical defense in depth
The purpose of this article is not to describe the SDL in detail, but to outline some of the practical defensive measurements in use at Microsoft required by the SDL. If Microsoft’s SDL is new to you, refer to the sidebar, “A Brief SDL Overview.” [more]
Monday, 6 October 2008, 12:00 AM CET

Protect your network with pfSense firewall/router
pfSense is a free, powerful firewall and routing application that allows you to expand your network without compromising its security. [more]
Friday, 3 October 2008, 1:57 PM CET

Securing a multitenant SaaS application
The multitenant nature of Software as a Service (SaaS) applications makes security an essential concern. This article introduces a viable and practical approach to securing a multitenant Java™ application with the open source Spring Security framework combined with Apache Directory Server. The authors present a multitenant example Web application to demonstrate this approach. [more]
Thursday, 2 October 2008, 7:00 PM CET

IT security fears stifling business innovation
Commissioned by RSA, an IDC survey of nearly 200 top business executives and security professionals showed that the majority of organizations believe creating an environment ideal for innovation is critical to staying ahead of the competition. However, survey respondents revealed that in spite of their best intentions, IT security risk is impeding business innovation. In fact, 80 percent of those surveyed, admitted that their organizations have backed away from new innovation opportunities because of information security concerns. [more]
Thursday, 2 October 2008, 6:15 PM CET

The seven habits of highly ineffective terrorists
Most counter terrorism policies fail, not because of tactical problems, but because of a fundamental misunderstanding of what motivates terrorists in the first place. If we're ever going to defeat terrorism, we need to understand what drives people to become terrorists in the first place. [more]
Thursday, 2 October 2008, 9:51 AM CET

Verify your email security with tcpdump
I confess, I'm an outlaw at heart. I like using packet sniffers like tcpdump because it satisfies my base snooping impulses. [more]
Wednesday, 1 October 2008, 9:54 PM CET

Top searches in Google Trends Labs used for malware
For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign. These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings. [more]
Wednesday, 1 October 2008, 9:33 PM CET

RFID moving into the data center
IT managers are increasingly finding value in using RFID within their own IT operations. This is spurring adoption of RFID in data centers and across corporate campuses, according to ABI Research. [more]
Wednesday, 1 October 2008, 6:03 AM CET

Webcast - Penetration testing ninjitsu with Ed Skoudis of SANS
Join Core Security and SANS instructor Ed Skoudis to learn about Windows command line penetration testing techniques. [more]
Wednesday, 1 October 2008, 12:07 AM CET


Breaking the security of physical devices

Posted on 18 August 2014.  |  In this podcast recorded at Black Hat USA 2014, Silvio Cesare, Director of Anti-Malware Engineering at Qualys, discusses the security measures of a number of household devices and things.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Aug 20th