Off the Wire

Off The Wire Archive

News items for February 2009

Whitepaper - The next generation of Web security
Learn how Web Security SaaS can increase overall security effectiveness and identify critical elements that make for lower-cost and easier-to-manage Web security solutions. [more]
Saturday, 28 February 2009, 5:51 PM CET

Rogue application takes advantage of Facebook terms of service saga
Sophos is advising Facebook users to exercise extra caution following the discovery of a malicious third-party application that exploits the widespread interest over changes to the site’s terms of use. [more]
Friday, 27 February 2009, 12:36 PM CET

Setting up UNIX file systems
Designing a file system layout to improve system performance and safety. [more]
Thursday, 26 February 2009, 4:34 AM CET

Whitepaper - The new encryption generation
Full disk encryption no longer makes sense. Learn about next-generation encryption and why your organization needs it. [more]
Thursday, 26 February 2009, 4:33 AM CET

Gmail users hit by phishing chat attack
Gmail users should be on their guard against phishing attacks following news that the email system has been the target of a campaign that spread via the Google Talk instant messaging chat system. [more]
Wednesday, 25 February 2009, 6:07 PM CET

Book review - Programming Amazon Web Services
Amazon Web Services (AWS) is a suite of web services provided by the e-commerce giant, that offers third party developers a way to build on its technology platform. Soon after deploying this concept, Amazon has seen a dramatic rise in users and this O'Reilly book is here to provide details on all the major aspects and benefits of using AWS. [more]
Wednesday, 25 February 2009, 6:06 PM CET

(IN)SECURE Magazine issue 20 is here
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about improving network discovery mechanisms, BackTrack 4, Web 2.0 case studies, ISP level malware filtering, and a lot more. Download your FREE copy today! [more]
Tuesday, 24 February 2009, 2:34 PM CET

New type of SQL injection attack compromised 500,000+ Web sites
Breach Security announced that web attackers unleashed a new type of SQL injection attack in 2008 that successfully compromised more than 500,000 web sites, according to its Web Hacking Incidents Database (WHID) 2008 Annual Report. [more]
Tuesday, 24 February 2009, 1:48 PM CET

Q&A: Malware trends
Marc Fossi manages research and development for Symantec Security Response where his primary role is executive editor of the Symantec Internet Security Threat Report. The Internet Security Threat Report offers analysis and discussion of Internet threat activity over a six-month period and covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks, as well as future trends. [more]
Monday, 23 February 2009, 12:36 PM CET

SQL Injection, eye of the storm
In 2008 SQL Injection became the leading method of malware distribution, infecting millions of Web pages and foisting browser-based exploits upon unsuspecting visitors. [more]
Monday, 23 February 2009, 4:36 AM CET

Webcast - Top 7 backup mistakes to avoid in Windows environment
Did you know there are several common backup/restore mistakes that could be costing you money and even putting your business data at risk? [more]
Monday, 23 February 2009, 4:31 AM CET

SHA-3 round 1: buffer overflows
NIST is currently holding a competition to choose a design for the SHA-3 algorithm (Bruce Schneier has a good description of secure hashing algorithms and why this is important). [more]
Monday, 23 February 2009, 4:30 AM CET

Secure start-up for POS
Secure start-up of encryption services in a typical retail POS configuration can be provided by implementing the following (very general) best practices. [more]
Wednesday, 18 February 2009, 6:15 PM CET

Book review: CCNA Wireless Official Exam Certification Guide
When it comes to getting a confirmation regarding your IT knowledge, the Cisco certification program is certainly among the first ones that come to mind. If you want to learn how to install, configure and troubleshoot WLANs, one road you can take is CCNA Wireless certification, also the topic of this book. [more]
Wednesday, 18 February 2009, 4:23 PM CET

Whitepaper - Institutional identity theft
Learn how the identity theft of your customers leads to the erosion of your company's profits and good name. [more]
Wednesday, 18 February 2009, 3:06 PM CET

New phishing attacks combine wildcard DNS and XSS
A new wave of phishing attacks against eBay is exploiting a clever combination of wildcard DNS records and cross-site scripting (XSS) vulnerabilities to use other people's websites to help steal credentials from victims. [more]
Wednesday, 18 February 2009, 3:05 PM CET

Top 10 vulnerability discoverers of all time
Who discovers the most security vulnerabilities? That’s one of the more frequent questions I’ve encountered over the past few years. [more]
Wednesday, 18 February 2009, 4:31 AM CET

Secure Linux containers cookbook
Lightweight containers, otherwise known as Virtual Private Servers (VPS) or Jails, are often thought of as a security tools designed to confine untrusted applications or users; but as presently constructed, these containers do not provide adequate security guarantees. [more]
Tuesday, 17 February 2009, 7:17 AM CET

Research reveals impact of security issues on mobile device manufacturers
McAfee announced findings from new research that reveals that mobile device manufacturers are not only experiencing more mobile security issues than ever before but are also spending more time and money on recovering from security incidents. [more]
Monday, 16 February 2009, 6:36 PM CET

Keeping virtual security real
Remember the first time you drove a car on your own, and you’d get a kick from the sensation of sheer speed? Unfortunately, you also have to learn the mundane stuff like how to turn, stop and reverse safely. The same is true in organizations that deploy virtualization. [more]
Monday, 16 February 2009, 4:42 PM CET

Italy police warn of Skype threat
Criminals in Italy are increasingly making phone calls over the internet in order to avoid getting caught through mobile phone intercepts, police say. [more]
Monday, 16 February 2009, 1:00 AM CET

Q&A: Government security and mobile devices
Joseph Hagin is the Former Deputy White House Chief of Staff. In that role he had a high-level of concern about hacking and other security concerns related to Blackberry’s and other devices. He put in place specific restrictions on the use of mobile data devices limiting their functionality and their use overseas. In this interview he discusses the security of mobile devices at the government level. [more]
Thursday, 12 February 2009, 11:09 PM CET

Video: Electronic Driver's Licence Cloning for $250
This talk outlines a number of security weaknesses in the RFID system used in the Western Hemisphere Travel Initiative, as implemented in identity documents such as the Passport Card, the Enhanced Drivers License, and various other programs. [more]
Thursday, 12 February 2009, 6:30 PM CET

Congressman twitters secret trip to Iraq
Sophos is warning computer users of the far reaching consequences associated with the irresponsible use of social networking sites like Twitter, following news that a high ranking member of the US House Intelligence Committee tweeted details of a secret congressional visit to Iraq. [more]
Thursday, 12 February 2009, 12:48 PM CET

Book review - Hacking VoIP
VoIP has given us an affordable alternative to telecommunications providers that were charging us a small fortune for telephone calls, especially those made to international destinations. The average user will point out call quality as an the only possible problem in an VoIP environment, but there are numerous security issues affecting this technology and author Himanshu Dwivedi is here to dissect them for you. [more]
Wednesday, 11 February 2009, 11:54 PM CET

Research shows identity fraud affecting nearly ten million Americans
Spammers are gearing up for Valentine’s Day with an influx of unsolicited advertising, but are also getting in early with a wave of sinister e-mail messages designed to infect hopeful Valentine’s recipients with malware instead of warm feelings. [more]
Wednesday, 11 February 2009, 11:51 PM CET

“Name and Shame”, or socially responsible use of your log data
Your logs contain an ever-growing mass of data on spammers. How about making an effort to make that data useful to others? [more]
Wednesday, 11 February 2009, 5:02 PM CET

January 2009 threatscape: keylogging and spam problems, surge in exploit activity
Fortinet announced its January 2009 Threatscape report revealed a surge in exploit activity. The headline-making buffer overflow exploit to Microsoft Security Bulletin MS08-067, which was originally detected in October '08, continued to wreak havoc on un-patched machines during the end of December '08 and throughout January '09, landing in ninth position in this period's Top 10 Exploitations list. The highest recorded activity for this exploit occurred on January 14 and overall new vulnerabilities rose four percent since last period. [more]
Tuesday, 10 February 2009, 5:53 PM CET

Towards kerberizing web identity and services
This papers outlines the evolution of Web Identity and Services and describe the issues surrounding this complex landscape. These issues are captured within a set of more specific requirements which are then framed within the context of some general use cases. We then propose and describe a number of activities that leverage Kerberos to realize these improvements, and present an overall strategy and architectural model for working towards a more cohesive and widely deployed Kerberos-based Web authentication infrastructure. [more]
Friday, 6 February 2009, 3:28 PM CET

Web security - Who's who and what's what
When it comes to standards (de-facto or otherwise), guidance, terminology, and nomenclature, Web security is an exceptionally confusing and daunting environment. [more]
Friday, 6 February 2009, 10:26 AM CET

Economic crisis heightens security risks at the world's largest financial institutions
Tighter budgets, a greater concern over internal security breaches due to lower employee morale and complacency after a decrease in overall attacks over the past year may expose global financial institutions to an increased risk of data breaches, according to Deloitte Touche Tohmatsu's sixth annual survey of global financial institutions' information security efforts. [more]
Thursday, 5 February 2009, 11:06 PM CET

A bounds check on the Microsoft exploitability index
Launched in October 2008 by the Microsoft Security Response Center (MSRC), the Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. [more]
Thursday, 5 February 2009, 1:00 PM CET

Applied binary code obfuscation
An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse engineering or confuse antivirus engines from identifying malicious behaviors. This paper explores the theory and practice of binary code obfuscation as well as a number of various techniques that can be used. [more]
Thursday, 5 February 2009, 12:51 PM CET

IPv6 neighbor spoofing
IPv4 over Ethernet, by far the most widely deployed LAN technology, has long been plagued by its vulnerability to a simple layer two attack known as ARP spoofing. [more]
Wednesday, 4 February 2009, 11:35 AM CET

Nato's cyber defence warriors
Nato officials have told the BBC their computers are under constant attack from organisations and individuals bent on trying to hack into their secrets. [more]
Wednesday, 4 February 2009, 11:25 AM CET

Book review - IPv6 Security
With the online world rapidly expanding, we are moving towards the IPv6 protocol. With this migration it becomes essential for networking professionals to gain insight into the security challenges involved. Who better than Cisco Press to present a title like "IPv6 Security"? Read on to discover what it offers. [more]
Tuesday, 3 February 2009, 11:21 PM CET

Citizen data protection in focus: Europe needs a strategy
The European Network and Information Security Agency launched its Position Paper on security features in European eID schemes. The paper gives the first overview of the vast disparity between privacy features in eID cards across Europe. [more]
Tuesday, 3 February 2009, 6:36 PM CET

Web applications are the Achilles’ heel for corporate IT security
IBM's annual 2008 X-Force Trend and Risk report found that corporations are unwittingly putting their own customers at risk for cyber-criminal activity. With an alarming increase in attacks using legitimate business sites as launching pads for attacks against consumers, cyber-criminals are literally turning businesses against their own customers in the ongoing effort to steal consumers’ personal data. [more]
Tuesday, 3 February 2009, 12:38 PM CET

Google's global privacy counsel facing criminal charges
Google's global privacy counsel will appear in Italian court this week on criminal charges of defamation and failure to exercise control over personal data. [more]
Tuesday, 3 February 2009, 11:53 AM CET

Preventing the exploitation of Structured Exception Handler (SEH) overwrites with SEHOP
One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. [more]
Tuesday, 3 February 2009, 1:06 AM CET

Q&A: RSA Conference 2009
Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conferences, and in this Q&A she talks about what you can expect at RSA 2009 in San Francisco. [more]
Monday, 2 February 2009, 8:50 PM CET

Recovering from a hard drive failure
Have you ever woken up in the morning and said to yourself, “today is the day that I'm finally going to backup my workstation!” only to find out that you're a day late and about 320Gb short? [more]
Monday, 2 February 2009, 8:13 PM CET

UAC security flaw in Windows 7 beta (with proof of concept code)
This is dedicated to every ignorant “tech journalist” who cried wolf about UAC in Windows Vista. [more]
Monday, 2 February 2009, 1:30 PM CET

Embassy of India in Spain found serving remote malware through iFrame attack
Hacking an embassy’s website to use it as malware distribution point is not something new, neither is the use of the iframe injection attack, but it’s still surprising the number of infected sites out there. [more]
Monday, 2 February 2009, 1:20 PM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd