Off the Wire

Off The Wire Archive

News items for November 2008

Information security awareness in financial organizations
The The European Network and Information Security Agency (ENISA) released a new report on how to counter information security risks with a change in the financial sector staff awareness. [more]
Thursday, 27 November 2008, 3:27 PM CET

Gmail security and recent phishing activity
Google has seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners' domains by unauthorized third parties. [more]
Wednesday, 26 November 2008, 8:50 AM CET

Safe computing during the holiday season
When consumers go online this time of year, they face the risk of running up against a range of cyber threats – threats that increase in number exponentially on a daily basis. This article includes a list of basic tips for safe computing. [more]
Tuesday, 25 November 2008, 9:15 PM CET

Another layer of security for PayPal accounts
PayPal announced a new way for members to add even more security to their PayPal accounts using their mobile phones. Customers can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts. [more]
Tuesday, 25 November 2008, 10:39 AM CET

Whitepaper - Simplifying network security with a single source provider
Learn the important questions to ask when evaluating a managed security service provider. [more]
Monday, 24 November 2008, 4:38 PM CET

Mobile eID security issues examined by ENISA
In the near future, we will pay our taxes, buy metro tickets or open bank accounts over our phone. Mobile devices, national ID-cards, smart phones and PDAs, will play an ever more important role in the digital environment. However, as is the case with many new technologies, the pervasive use of mobile devices also brings new security and privacy risks. ENISA looks at different use-cases for electronic authentication using mobile devices. They identify the security risks which need to be overcome, give an opinion about their relevance, and present mechanisms that help in mitigating these risks. [more]
Friday, 21 November 2008, 11:00 PM CET

Team Foundation Server and the OWASP top ten
The purpose of this document is to describe the level of compliance of Team System 2008 Team Foundation Server with Open Web Application Security Project (OWASP). [more]
Friday, 21 November 2008, 4:40 PM CET

Major spam botnets yet to recover after host shut-down
One week after the world's most significant breakthrough in the fight against spam, spam levels are yet to return to their previous levels. However, it is likely that spam levels will eventually return to their previous high levels in the future. [more]
Thursday, 20 November 2008, 11:51 PM CET

Security issues in group management
According to a study conducted by Osterman Research and sponsored by Imanami, 42 percent of organizations report unauthorized access of information through Active Directory. [more]
Wednesday, 19 November 2008, 11:19 PM CET

Organizations fail to educate employees about online shopping risks
Organizations allow employees to shop online but do not educate users about risks, exposing employees and employers alike to spam, malware, phishing and loss of productivity in the workplace. ISACA has carried out three simultaneous surveys to look at the latest trends in online shopping and workplace Internet safety. Only 32% of organizations that allow online shopping educate employees about the risks. Slightly over 31% of organizations prohibit using a work e-mail for online shopping or other online non-work related activities, even though allowing the use of work e-mails can expose the organization to greater volumes of spam. [more]
Tuesday, 18 November 2008, 9:33 PM CET

Whitepaper - Protection for Mac and Linux computers
Learn how protecting computers running Linux, UNIX, Mac and the like, can prevent Windows malware being stored and distributed across your IT network reducing the risks to business continuity and integrity. [more]
Tuesday, 18 November 2008, 3:33 PM CET

Attacks on banks
This article provides an overview of the methods currently used by cyber criminals to attack financial institutions and banks in particular. It reviews general trends and takes how malicious programs targeting financial institutions are designed to evade detection by antivirus solutions. The article also covers phishing, money mules, the technical steps which cyber criminals may take when launching an attack (such as redirecting traffic, man-in-the-middle and man-in-the-endpoint attacks). [more]
Monday, 17 November 2008, 6:09 PM CET

5 essential steps for improving virtualization security
With virtualization technologies becoming pervasive in the data center, here are five essential steps for addressing virtualization security challenges. The steps reflect the strategic belief that information security must be integral to the assessment, design and implementation phases of virtualized environments to protect data assets and meet compliance requirements. [more]
Monday, 17 November 2008, 9:00 AM CET

OpenLDAP security
The TLDR version of this post is that some of the defaults for OpenLDAP may not be secure, it is easy to make other configuration mistakes, and you should make sure to examine configurations, permissions, ACLs, and schemas with security in mind. Different distributions can have different defaults. [more]
Monday, 17 November 2008, 12:01 AM CET

Whitepaper - The latest advancements in SSL technology
Learn how to get SSL encryption and increase customer confidence with Extended Validation (EV) SSL Certificates, which trigger the green address bar in high security browsers, allowing your customers to feel safe online. [more]
Monday, 17 November 2008, 12:00 AM CET

Shoulder surfing a malicious PDF author
Ever since I read about the incremental updates feature of the PDF file format, I’ve been patiently waiting for a malicious PDF document with incremental updates to come my way. [more]
Friday, 14 November 2008, 12:15 AM CET

Top 5 industries most at risk of web-based malware
ScanSafe released its report ‘The Vertical Risk’ which reveals the top 5 industries at risk of Web-delivered malware as well as an analysis of the types and severity of the malware encountered. [more]
Thursday, 13 November 2008, 9:06 AM CET

Access remote network services with SSH tools
You probably rely on the services on your own private network -- wikis, mail servers, Web sites, and other applications you've installed. What happens when you have to leave the friendly confines of your network? [more]
Thursday, 13 November 2008, 4:51 AM CET

Users continue risky Internet behavior after a security breach
A new study by the Ponemon Institute examined behavioral aspects around corporate policy compliance with regards to Internet tools and applications. The most startling discovery was that when confronted with a security or privacy breach as a direct result of using an Internet application, 45 percent of employees did nothing and continued using the product. Furthermore, 19 percent simply decreased frequency or level of use. [more]
Wednesday, 12 November 2008, 9:15 AM CET

Whitepaper - How to attain PCI compliance
Learn how eEye Digital Security can help you audit for and comply with the PCI Standard Security Standard. [more]
Wednesday, 12 November 2008, 6:12 AM CET

Trust no one
It’s easy to say what we’re all securing our systems and data against. But isn’t easy to say exactly who we need to secure against, nor who presents the biggest threat to our business. Certainly, the largest ever data breach – 45 million credit card records stolen from retailer TJX – was committed by criminals. But the second largest, last year’s loss of over 25 million child benefit records from Her Majesty’s Revenue & Customs in the UK, was caused by an ordinary public-sector employee putting two unencrypted CDs in the post. [more]
Tuesday, 11 November 2008, 9:54 PM CET

Critical infrastructure is not prepared for cyber attacks
Secure Computing announced the results of a study which surveyed 199 international security experts and other "industry insiders" from utilities, oil and gas, financial services, government, telecommunications, transportation and other critical infrastructure industries. Despite a growing body of legislation and regulation, more than half of these experts believed that most critical infrastructure continues to be vulnerable to cyber attack. Further, a majority of respondents said that major attacks have already begun or are likely to occur in the next 12 months. [more]
Tuesday, 11 November 2008, 9:27 PM CET

Former inmate hacked prison computer to access prison management program
A former inmate of the Plymouth County Correctional Facility in Plymouth, Massachusetts was arrested late yesterday in North Carolina, on an Indictment charging him with damage to the prison’s computer network and identity theft. The inmate is alleged to have obtained the password to a prison management program and to have made available to other inmates a report listing the names, dates of birth, Social Security numbers, home addresses and telephone numbers of over 1,100 current and former prison personnel. [more]
Tuesday, 11 November 2008, 12:42 AM CET

Whitepaper - Is anti-virus dead?
Learn the five key strategies to reduce the attack surface and protect the network, systems and data from malware. [more]
Monday, 10 November 2008, 3:21 AM CET

Pakistan declares death penalty for 'cyber terror'
Pakistani president Asif Ali Zardari signed a law making cyber terror a crime "punishable with death." [more]
Monday, 10 November 2008, 2:20 AM CET

OpenID is here but many can’t figure out how it works
Imagine a much friendlier internet, one where you only have to remember one password. A place where it’s easy to keep a tight grip on your personal contact information, deciding which websites have access to it and how much they’re allowed to know about you. [more]
Monday, 10 November 2008, 12:01 AM CET

Virtualization: how to isolate application traffic
Many people are concerned with virtualization security (already coined VirtSec), and they're applying that concern from the virtual images all the way down the stack, to the network infrastructure through which virtualized application traffic is delivered. [more]
Friday, 7 November 2008, 5:14 PM CET

Video - Lavasoft and the antispyware industry
In this video, Lavasoft CEO Jason King offers a brief history of Lavasoft and its role in the antispyware industry, the growth of the company, the shift in the marketplace as well as details on the next generation of the Ad-aware product. [more]
Thursday, 6 November 2008, 11:54 PM CET

Automatically mount encrypted filesystems at login with pam_mount
The pam_mount project lets you unlock an encrypted filesystem automatically when you log in. The same password used to log in is used as the key to unlock the encrypted filesystem, so you only need to type it once. [more]
Thursday, 6 November 2008, 8:54 PM CET

The soft risks of social networking
Soft risks are always part of the equation of the return on investment for a product or piece of software. Soft risks are usually nebulous, incalculable costs that are not necessarily directly related to the function of the solution we are purchasing. [more]
Thursday, 6 November 2008, 1:17 PM CET

Barack Obama used for a malware spam attack
Malware authors haven’t been slow reacting to the latest US elections news and President Elect Barrack Obama is already being used as a lure for infecting unsuspecting internet users. [more]
Thursday, 6 November 2008, 11:24 AM CET

Install and configure an enterprise-level Web server
Learn how Web servers are used in modern enterprise environments and how to install and integrate IBM HTTP Server. [more]
Thursday, 6 November 2008, 11:16 AM CET

IPv6 in Linux
This article discusses the advantages of IPv6, which in addition to a larger address space promises to increase standby time in devices, and improve performance in routers. [more]
Wednesday, 5 November 2008, 5:49 PM CET

eBook - 7 things that IT security professionals must know
Gain key insight into security problem and find the safest means to protect your technological assets. [more]
Wednesday, 5 November 2008, 5:44 PM CET

Critical vulnerability in Adobe Reader
Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe’s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. [more]
Wednesday, 5 November 2008, 5:42 PM CET

Four winning ways to monitor machines through Web interfaces
System administrators need to keep an eye on their servers to make sure things are running smoothly. [more]
Tuesday, 4 November 2008, 10:36 AM CET

Whitepaper - Why security SaaS makes sense today
Learn the Top 7 reasons to adopt SaaS for security. [more]
Monday, 3 November 2008, 7:33 PM CET

Q&A: software piracy
Jan Samzelius is the CEO and one of the founders of ByteShield, a company whose mission is protecting PC software applications and games against illegal copying. In this interview he discusses software piracy. [more]
Monday, 3 November 2008, 7:32 PM CET

Reconsidering physical key secrecy: teleduplication via optical decoding
Researchers from the University of San Diego developed Sneakey, a system that correctly decoded keys from an image that was taken from the rooftop of a four floor building. [more]
Saturday, 1 November 2008, 12:54 PM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st