Off The Wire Archive

News items for December 2008

Tales from the support crypt
Talking viruses, infected physical devices, lights that go out are some of the “problems” Panda Security’s tech support service has had to face. Many of them were not a result of computer viruses, but of confused users. This proves once again, that antivirus manufacturers must make a special effort to increase user knowledge regarding computer security and malware effects. [more]
Tuesday, 30 December 2008, 9:04 PM CET

Security trends of 2008 and predictions for 2009
As a new year approaches we must prepare for new Internet security threats. Every year, new and innovative ways of attacking computer users emerge and continue to increase in volume and severity. To know where we are going it is helpful to look at where we have been. Finding trends in Internet security has become a valuable, if not necessary, action for companies developing software to protect computer users. [more]
Wednesday, 24 December 2008, 6:06 PM CET

Zero-day Web malware blocks surpass yearly average
In its latest report, ScanSafe noted that backdoors and data theft Trojans increased from 13% of all Web malware blocks in October, to 30% of all blocks in November. Backdoors and data theft Trojans allow attackers to target exactly what type of information is stolen. [more]
Wednesday, 24 December 2008, 10:14 AM CET

The rise and rise of rogue security software
Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. [more]
Monday, 22 December 2008, 11:32 PM CET

5 Best Linux/BSD firewall tools
Here's an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance. [more]
Monday, 22 December 2008, 10:40 PM CET

Learning course - Information Security Management
Your information assets have never been more crucial, more valuable, or more at risk. This is why information security is becoming a crucial business priority in many organisations. [more]
Monday, 22 December 2008, 10:38 PM CET

Whitepaper - Security: the wireless revolution is here
Learn to address security risks in wireless handheld computing systems with a solution that provides end-to-end security. [more]
Monday, 22 December 2008, 4:38 PM CET

Practical tips for card fraud prevention
This post contains practical things, some a bit over the top, that cardholders can do to decrease the risk of falling victim to card fraud. [more]
Monday, 22 December 2008, 4:35 PM CET

Software security top 10 surprises
Gary McGraw, Brian Chess, and Sammy Migues interviewed nine executives running top software security programs in order to gather real data from real programs. In the course of analyzing the data to create a maturity model, they unearthed some surprises. [more]
Friday, 19 December 2008, 3:04 PM CET

Review: iPhone security software - SplashKey
SplashKey is a password generator for the iPhone. This freeware comes from SplashData, a company well known in the world of mobile applications. Their software products have been successful on various mobile platforms including Windows Mobile, Series 60 and Symbian UIQ. [more]
Friday, 19 December 2008, 1:25 AM CET

Findings of the latest website security statistics report
The sixth installment of the WhiteHat Website Security Statistics Report, provides a unique high-level perspective on the leading Web application security issues across industries such as retail, financial services, technology and healthcare, based on real-world websites. [more]
Thursday, 18 December 2008, 11:59 PM CET

Whitepaper - Is virtualization a black hole in your security?
Learn how incorporating virtualization into your overall security strategy, you can protect your network from its dangers while profiting from its benefits. [more]
Thursday, 18 December 2008, 10:09 PM CET

Spam volumes beyond 95% in 2009?
Marking the five-year anniversary since the CAN-SPAM act was signed into law in the United States, Barracuda Networks predicts that spam volumes will rise slightly higher than 95 percent in the year ahead as growing use of botnets continues to proliferate. [more]
Wednesday, 17 December 2008, 11:57 PM CET

Europe's elite banks collaborate to combat cybercrime
Global banks and financial institutions are bracing for the increase in cybercrime and online fraud that accompanies an economic downturn and merger activity. Noted by leading analysts during a recent customer event, the spike in attacks has already begun and will climb significantly in 2009. [more]
Tuesday, 16 December 2008, 11:55 PM CET

Whitepaper - Maximizing site visitor trust using extended validation SSL
Explore the benefits of Extended Validation SSL, so you can show your customers that they can trust your site. [more]
Tuesday, 16 December 2008, 1:58 PM CET

Japanese billboards are watching back
In Japan, NTT is testing a digital billboard system that watches back. [more]
Tuesday, 16 December 2008, 1:57 PM CET

Cisco report spotlights worldwide cyber security threats
Cisco released a security report that warns that Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers. [more]
Monday, 15 December 2008, 11:54 PM CET

Budgeting for Web application security
The challenge that many security professionals face is justifying the line item expense for upper management. Upper management often asks, “How much do we need to spend?” well before “What do we need to spend it on?” [more]
Friday, 12 December 2008, 6:11 AM CET

Wire transfer services are at high risk of cybercrime
Panda Security announced the findings from its multi-year security assessment of business services for U.S. immigrants. These multiservice businesses, primarily used by U.S. immigrants to send money back to their home countries, also known as remittances, were analyzed and were found to be severely lacking in security measures and at extremely high risk for cybercriminal activity such as illegal interception of money wire transfers, as well as credit card and identity fraud. [more]
Thursday, 11 December 2008, 11:21 PM CET

What to do about social networking in your company
The growing popularity of social networking sites such as Facebook, Bebo and MySpace is slowly developing into a massive headache for IT administrators as employees spend time updating their profiles and adding new friends during office hours. [more]
Wednesday, 10 December 2008, 11:54 PM CET

Scientists store and retrieve data inside an atom
Another step towards quantum computing – the Holy Grail of data processing and storage – was achieved when an international team of scientists that included researchers with the U.S. Department of Energy’s Lawrence Berkeley National Laboratory (Berkeley Lab) were able to successfully store and retrieve information using the nucleus of an atom. [more]
Wednesday, 10 December 2008, 12:03 AM CET

MySpace outlines open strategy with "MySpace Open Platform" framework
MySpace introduced the "MySpace Open Platform", a suite of products including the MySpace Application Platform, "MySpaceID" and Post-To MySpace. Ushering in the new structure, MySpace announced an additional roster of global partners for MySpaceID - Vodafone and Netvibes, all of which are currently developing MySpaceID implementations. [more]
Tuesday, 9 December 2008, 11:11 PM CET

The rapid increase of crimeware
The crimeware scourge is menacing the Web at levels never before detected by the APWG, with crimeware-spreading websites nearly tripling in number in the 12 months before the end of Q2/2008 - and the number of recorded crimeware variants shattering all previous records. [more]
Tuesday, 9 December 2008, 9:21 PM CET

VoIP fact sheet
Learn about a VoIP service in order to create a simplified communications structure that combines voice, data and messaging over a single IP connection. [more]
Tuesday, 9 December 2008, 9:12 PM CET

The finer details of SSH
Encryption is playing a larger role as people finally understand that data is not secure by design. [more]
Tuesday, 9 December 2008, 9:53 AM CET

Mega-D botnet returns after McColo shutdown
One of three major botnets shut down as a result of the closure of major spam hosting provider, McColo, has been re-established and is back spamming in large volumes. [more]
Monday, 8 December 2008, 11:58 PM CET

Protecting corporate brands
A company’s brand identity is one, if not the, most valuable asset that all organizations - from health care providers to financial institutions - seek to protect, but the ease of accessing information on the Web has created a false sense of security that can be exploited by business competitors using new and powerful tools at their disposal. [more]
Monday, 8 December 2008, 11:45 PM CET

Laptop searches at border might get restricted
An engineer for Cisco, travels overseas several times a year for work, so he is accustomed to opening his bags for border inspections upon returning to the U.S. But in recent years, these inspections have gone much deeper than his luggage. [more]
Monday, 8 December 2008, 4:37 PM CET

The NSA’s new data-mining facility
Surrounded by barbwire fencing, the anonymous yet massive building on West Military Drive near San Antonio’s Loop 410 freeway looms mysteriously with no identifying signs of any kind. [more]
Monday, 8 December 2008, 1:48 PM CET

Whitepaper - How to attain PCI compliance
IT security is on everyone's mind nowadays. In addition to such worries the finance and banking industry has to comply also with the Payment Card Industry Data Security Standards. [more]
Thursday, 4 December 2008, 11:21 PM CET

Advanced malware techniques boost the underground economy
According to a Symantec report, 2008 was a pivotal year for the cyber security landscape as revolutionary advances in malware and spam techniques made their mark on the underground "shadow" economy. [more]
Thursday, 4 December 2008, 10:15 PM CET

Real Web 2.0: battling Web spam
This article explains how to assess whether a visitor is a spammer and how to organize site workflow to discourage spam. [more]
Wednesday, 3 December 2008, 11:45 PM CET

A woman sent Nigerian scam artists $400,000
This may well be the mother of all internet scam cases. [more]
Wednesday, 3 December 2008, 11:41 PM CET

Growth in Internet crime calls for growth in punishment
Internet crime is now more prevalent and more professional than ever before. F-Secure believes that against a background of steeply increasing Internet crime, the obvious inefficiency of the international and national authorities in catching, prosecuting and sentencing Internet criminals is a problem that needs to be solved. A call for the establishment of “Internetpol” to tackle online crime – made by Mikko Hyppönen, F-Secure’s Chief Research Officer – has been received with great interest internationally. [more]
Wednesday, 3 December 2008, 11:03 PM CET

Whitepaper - Worst practices in SOA implementation
Learn the top-four worst practices for SOA integration. [more]
Wednesday, 3 December 2008, 11:00 PM CET

Whitepaper - Hacking your PBX: 15 ways to make the most of a modern phone system
Discover the tips and tricks to help PBX users optimize their business phone setup. [more]
Tuesday, 2 December 2008, 6:36 PM CET

Expand your user-authentication options with mouse dynamics
Learn how to apply the open source tools cnee and Perl in mouse-click dynamics to measure the more subtle characteristics of human-computer interaction. Then use the number and hold time of mouse-click events to help authenticate users. [more]
Tuesday, 2 December 2008, 6:35 PM CET

A new issue of (IN)SECURE Magazine has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about the future of AV, holes in Windows login controls, extended validation and online security, Web filtering in a Web 2.0 world, and a lot more. Download your FREE copy today! [more]
Monday, 1 December 2008, 11:45 PM CET

Study reveals corporate failure to safeguard core IT assets
Results of a global study carried out amongst CFOs, CIOs, and HR Directors highlight how the vital skill-sets to manage and maintain core IT assets are being marginalized by the world’s leading companies. Many of these organizations are focusing on IT skills for newer Web 2.0 technologies at the expense of the crucial skill-sets required to future-proof the core systems that are most business-critical to the successful execution of operations. [more]
Monday, 1 December 2008, 9:27 PM CET

Set up a SSH-based point to point connection
This article explains how to use SSH to set up SSH-based point to point connections with OpenSuse 11.0 which can then be used to create routes that create virtual private networks. [more]
Monday, 1 December 2008, 3:52 PM CET

EU to search out cyber criminals
Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime. [more]
Monday, 1 December 2008, 3:50 PM CET

Guide - The need for vulnerability management
This guide describes the need for vulnerability management. [more]
Monday, 1 December 2008, 3:47 PM CET

Spotlight

The security of WordPress plugins

Posted on 18 June 2013.  |  Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.

Information security executives need to be strategic thinkers

Posted on 17 June 2013.  |  George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.

Large orgs in denial about own security breaches?

Posted on 14 June 2013.  |  Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.

Vulnerability scanning with PureCloud

Posted on 12 June 2013.  |  nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.

Reactions from the security community to the NSA spying scandal

Posted on 11 June 2013.  |  Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.