Off the Wire

Off The Wire Archive

News items for March 2008

Google has lots to do with intelligence
When the nation's intelligence agencies wanted a computer network to better share information about everything from al Qaeda to North Korea, they turned to a big name in the technology industry to supply some of the equipment: Google. [more]
Monday, 31 March 2008, 6:27 PM CET

Data Loss Prevention: where do we go from here?
The debate continues over where Data Loss Prevention (DLP) should be deployed: on the network or the endpoint? What about stored data? And does it matter whether DLP is deployed as a standalone solution or as a feature in a broader product portfolio? To address those questions, organizations must first understand what DLP is, why it is important, and how it works. [more]
Monday, 31 March 2008, 4:15 PM CET

Adding a removable antenna to your WRTSL54GS
Over the past few months I've been contemplating a few projects for some WRTSL54GS routers with OpenWrt, however I really need these to have a high gain antenna on the WRTSL54GS. [more]
Monday, 31 March 2008, 4:13 PM CET

Web application monitoring data model
A data model is the foundation of web application monitoring and, thus, key to successful utilization of web application firewalls. [more]
Monday, 31 March 2008, 3:52 PM CET

The curious case of Dmitry Golubov
Dmitry Ivanovich Golubov is a Ukrainian politician once considered by U.S. law enforcement to be a top cybercrime boss. [more]
Monday, 31 March 2008, 3:46 PM CET

TRUSTe "Verified by haxors"
A vulnerability in the TRUSTe seal verification service was demonstrated last week, showing how the service could have been exploited to make it look as though an unauthorised site had a valid TRUSTe seal. [more]
Monday, 31 March 2008, 3:42 PM CET

MacBook Air hacked in security contest
A team of security researchers has won $10,000 for hacking a MacBook Air in two minutes using an undisclosed Safari vulnerability. [more]
Friday, 28 March 2008, 11:43 PM CET

HNS podcast: vulnerability management considerations
In this HNS podcast, Anthony Alves from CORE Security Technologies discusses briefly vulnerability management. He covers some of the things you should consider while performing vulnerability management. [more]
Tuesday, 25 March 2008, 11:09 PM CET

Security lapse exposes Facebook photos
A security lapse made it possible for unwelcome strangers to peruse personal photos posted on Facebook Inc.'s popular online hangout, circumventing a recent upgrade to the Web site's privacy controls. [more]
Tuesday, 25 March 2008, 11:53 AM CET

Manage MySQL remotely with phpMyAdmin
phpMyAdmin is open source software tool, written (obviously) in PHP. It allows you to perform all kinds of MySQL administrative tasks over the Web by means of an easy graphical interface. [more]
Tuesday, 25 March 2008, 11:52 AM CET

Empirical exploitation of live virtual machine migration
As virtualization continues to become increasingly popular in enterprise and organizational networks, operators and administrators are turning to live migration of virtual machines for the purpose of workload balancing and management. However, the security of live virtual machine migration has yet to be analyzed. [more]
Monday, 24 March 2008, 6:51 PM CET

Beijing investigates spam attack
China is investigating a spam attack after almost half of China's mobile phone users received unwanted text messages from advertisers. [more]
Monday, 24 March 2008, 6:39 PM CET

Monitor mainframe sessions remotely
Build a simple shell script and view everything a mainframe user is doing, in real-time. [more]
Monday, 24 March 2008, 6:39 PM CET

Deploying Windows Server 2008 with System Center
With the release of System Center Configuration Manager 2007, server administrators can now take advantage of the same operating system deployment tools that client administrators have been able to use for several years. [more]
Monday, 24 March 2008, 6:36 PM CET

Security ergonomics
The security industry tends to develop and implement new protection strategies in a very linear way (e.g. if the attacker beats two-factor authentication, introduce another element and make it three-factor authentication, etc.). [more]
Monday, 24 March 2008, 6:34 PM CET

Latest Blu-ray copy protection cracked
The latest effort at blocking unofficial copying of Blu-ray movies has been undone, the developers of a cracking utility claim. [more]
Friday, 21 March 2008, 11:48 PM CET

Book review - Mac OS X Leopard Phrasebook
Mac OS X Leopard is the latest operating system from Apple that very quickly proved itself to be a great solution for a number of working environments. This book is aimed for those who want to check out what is under the hood and learn how to use the full potential of the command line. [more]
Wednesday, 19 March 2008, 5:52 PM CET

Man admits creating Web virus, spreading via copyright footage
A 24-year-old man on trial in the Kyoto District Court charged with violating the Copyright Law admitted Tuesday he created a computer virus and used copyrighted animation footage to spread it on the Internet. [more]
Wednesday, 19 March 2008, 4:52 AM CET

MacBook Air Remote Disc security overview
ISFYM: "As promised, we’ve spent some time reviewing the new MacBook Air’s Remote Disc feature from a network security point of view. It’s confusing and a bit worrisome." [more]
Wednesday, 19 March 2008, 2:49 AM CET

Credit card data stolen from supermarket chain
A computer hacker stole thousands of credit card numbers after breaching security at two U.S. grocery store chains owned by Belgium-based Delhaize Group SA, the companies said on Monday. [more]
Tuesday, 18 March 2008, 10:54 AM CET

Xensploit: A recipe for attention
Take the hottest datacenter technology, add a generous pinch of security scrutiny, and a dash of clever name recognition... and ‘Wha-La!’, you have ingredients for our latest topic of vulnerability du jour: Xensploit. [more]
Monday, 17 March 2008, 12:00 AM CET

Encrypt volumes through a cross-platform GUI with TrueCrypt
Last month the TrueCrypt Foundation released TrueCrypt 5.0, which finally introduces a Linux GUI for the cross-platform encryption application. [more]
Friday, 14 March 2008, 12:39 PM CET

Security myopia and brushes with c-level insanity
Over the past few years, I've read many articles bemoaning huge losses due to corporate security incidents. I would often ask myself, "How could this have happened?" [more]
Friday, 14 March 2008, 12:45 AM CET

Some viruses come pre-installed
From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory — pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam. [more]
Friday, 14 March 2008, 12:03 AM CET

Back to basics with Unix permissions
The most basic, yet important part of mastering Unix is to fully understand the nuances of file permissions. [more]
Thursday, 13 March 2008, 11:50 AM CET

Importance of web application firewall technology for protecting web-based resources
This paper reviews the fundamental functionality of several traditional security technologies from a high-level perspective, including network firewalls, intrusion prevention systems, outbound content filtering, and anti-malware gateways. It discusses why dedicated web application firewall technology is necessary to protect web-facing resources. It also provides a suggested deployment model that illustrates the relative locations of the discussed technologies within a simplified enterprise network. [more]
Wednesday, 12 March 2008, 11:59 PM CET

Book review - The Book of Wireless (2nd Edition)
In the last couple of years Wi-Fi has become a household name and wireless networks are now practically everywhere. Despite the proliferation of wireless Internet access, there's still a large user base not knowledgeable about the technology and how it works. To clear things up comes the second edition of "The Book of Wireless" by No Starch Press, offering a wealth of information on the subject. [more]
Tuesday, 11 March 2008, 7:41 PM CET

Publishers phase out piracy protection on audio books
Some of the largest book publishers in the world are stripping away the anticopying software on digital downloads of audio books. [more]
Tuesday, 11 March 2008, 2:08 PM CET

Trustworthy computing: examining trust
When Richard Kemmerer first joined the board of Microsoft's Trustworthy Computing Academic Advisory initiative as one of its inaugural members, he had a caveat for the software giant. [more]
Tuesday, 11 March 2008, 2:07 PM CET

DHS stages cyberwar exercise
Officials from 18 federal agencies, nine states, four foreign governments and more than three dozen private companies will take part in a cyberwar exercise staged by the U.S. Department of Homeland Security this week. [more]
Monday, 10 March 2008, 8:58 PM CET

To aim ads, web is keeping closer eye on you
A new analysis of online consumer data shows that large Web companies are learning more about people than ever from what they search for and do on the Internet, gathering clues about the tastes and preferences of a typical user several hundred times a month. [more]
Monday, 10 March 2008, 6:00 PM CET

Security products: suites vs. best-of-breed
We know what we don't like about buying consolidated product suites: one great product and a bunch of mediocre ones. [more]
Monday, 10 March 2008, 3:41 PM CET

Change and configuration solutions aid PCI auditors
Due to the never-ending amount of network device change and configurations, it is nearly impossible to determine exactly when a device actually becomes non-complaint. PCI auditors are not only on the lookout for non-compliant devices, but also for a well thought-out security process that is currently implemented, tracked and well documented. This is where an automated change and configuration management system can really assist. [more]
Monday, 10 March 2008, 2:39 PM CET

Fed networks increasingly under siege
Richard Westfield acknowledges his small agency, the National Labor Relations Board, doesn’t possess the most sought-after data in government. But that doesn’t mean his agency is not a target for hackers. [more]
Monday, 10 March 2008, 9:49 AM CET

Website security strategies that work
Inside an enterprise lives an IT security professional responsible for website security. He takes his job seriously because if his employer’s websites get hacked, he gets the late night call from the boss. [more]
Monday, 10 March 2008, 12:19 AM CET

Jeremiah Grossman on 100% secure websites
I think we all can agree that 100% security is impossible, even when adding layer upon layer of defenses, systems will fail eventually. [more]
Friday, 7 March 2008, 9:20 PM CET

TSA launches search for the perfect laptop bag
Relief may be on the way for the one-quarter of the flying public who routinely carry laptop computers through airport security checkpoints and currently are required to remove their laptops from their protective carrying bags. [more]
Friday, 7 March 2008, 9:18 PM CET

More FBI privacy violations confirmed
The FBI acknowledged Wednesday it improperly accessed Americans' telephone records, credit reports and Internet traffic in 2006, the fourth straight year of privacy abuses resulting from investigations aimed at tracking terrorists and spies. [more]
Friday, 7 March 2008, 2:15 PM CET

Protecting filesystems and swap space with Cryptmount
Cryptmount allows you to encrypt both your filesystems and swap space. [more]
Friday, 7 March 2008, 12:00 AM CET

Web security: rein in dangerous Web apps
Without the applications that run on a Web server, be they horribly insecure or not, there would not be much point to hosting Web sites. [more]
Thursday, 6 March 2008, 10:27 AM CET

The myth of the 'transparent society'
You cannot evaluate the value of privacy and disclosure unless you account for the relative power levels of the discloser and the disclosee. [more]
Thursday, 6 March 2008, 10:24 AM CET

phpMyBackupPro: simple backup for MySQL
Backing up data stored in a MySQL database is an important issue for anyone running a blog, wiki, or any Web-based application that relies on the popular database engine. [more]
Thursday, 6 March 2008, 1:03 AM CET

Webcast: Top 5 IT security tips for 2008
In this webcast, Mike Rothman, president and principal analyst of Security Incite, discusses his take on the top initiatives IT managers should consider for the coming year. [more]
Wednesday, 5 March 2008, 4:46 PM CET

Attack of the plagiarising hacker
A mystery hacker has been trying to discredit the company behind an Australian web-based technology news service by posting unauthorised reports, changing dates, bylines and editing stories, it is claimed. [more]
Wednesday, 5 March 2008, 8:54 AM CET

Configuring SSL under Apache
With a secure web server, clients can connect to your server secure in the knowledge both that it is who it claims to be and that the transaction is well-encrypted so their data is safe. [more]
Wednesday, 5 March 2008, 12:03 AM CET

Book review - Mac OS X Leopard: The Missing Manual
Immediately after its release, Mac OS X Leopard became a big hit. Apple sold 2 million copies of the innovative operating system in the first weekend alone. With more than 300 new features and a polished UI, there's a lot to explore. Without missing a beat, O'Reilly soon released this book that aims to help users of all levels of knowledge get the best out of Leopard. Read on to find out what it offers. [more]
Tuesday, 4 March 2008, 9:59 PM CET

Tips for securing your Amazon EC2 instance
Hosts on the Internet are vulnerable to attack, including your EC2 instances. This article outlines a number of best practices for helping you secure your instances. [more]
Tuesday, 4 March 2008, 3:24 PM CET

Inside the Eye-Fi: secrets of the first wireless SD card
The Eye-Fi is an engineering marvel that combines a client-side web server, Web 2.0 technology, SD memory, and a wireless card into a solution that lets you upload pictures from anywhere in the world directly to your PC and/or online photo sharing sites. [more]
Monday, 3 March 2008, 8:07 PM CET

Network Access Control: bridging the network security gap
Modern technologies have opened a Pandora's box of issues for companies trying to keep control of their networks. Not only might members of staff log on to the network from their desks, they might also log on from home, or from their laptop at a WiFi hotspot in a coffee shop or at the airport. [more]
Monday, 3 March 2008, 8:05 PM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st