Off the Wire

Off The Wire Archive

News items for March 2009

Video: Case Conficker
Mikko Hypponen and Patrik Runald from F-Secure talk about the Conficker (Downadup) worm. [more]
Tuesday, 31 March 2009, 11:51 PM CET

Commission acts to protect Europe from cyber-attacks and disruptions
Electronic communication services and networks provide the backbone of European economy. 93% of EU companies and 51% of Europeans actively used the internet in 2007. However natural disasters, terrorist attacks, malicious human action and hardware failure can pose serious risks to Europe's critical information infrastructures. [more]
Tuesday, 31 March 2009, 11:50 PM CET

Presentation: The real value in network and email security
Economy in flux, budgets getting cut. Too bad that hackers and spammers are not following the trend. In fact, the level and sophistication of network and email vulnerabilities continue to grow. [more]
Tuesday, 31 March 2009, 2:53 PM CET

Combating the rising cybercrime trend with SIEM
Judging from articles in the press, there appears to be a steady increase in the frequency of cybercrime. Whether it is one country attacking the infrastructure of another, or a payment processor losing credit card data, nearly a day does not pass without a new, scary story about cybercrime. To add some perspective to this issue, let’s examine the categories of cybercrime and how one might deal with each. [more]
Monday, 30 March 2009, 9:45 PM CET

Guide - Web application security: how to minimize prevalent risk of attacks
Vulnerabilities in web applications are now the largest vector of enterprise security attacks. [more]
Monday, 30 March 2009, 9:32 PM CET

Ranum's rants: The anatomy of security disasters
Our challenge, as security practitioners, has always been to balance risk – the tradeoff between the danger of doing something and the opportunity it presents. [more]
Friday, 27 March 2009, 8:44 AM CET

Technology report stresses importance of ICT as a catalyst for growth in global turmoil
Denmark and Sweden once again lead the rankings of The Global Information Technology Report 2008-2009, released by the World Economic Forum. They are followed by the United States which is up one position, thus confirming its pre-eminence in networked readiness in the current times of economic slowdown. [more]
Thursday, 26 March 2009, 11:51 PM CET

VeriSign unveils platform for national public key infrastructure
VeriSign announced a new platform designed to meet the needs of governments looking to implement and manage their own PKI. The new PKI Platform is an in-premise solution modeled after the same PKI architecture that VeriSign has deployed as a managed service for customers around the world. [more]
Thursday, 26 March 2009, 11:00 PM CET

Blinkered thoughts on 'smart grid' security
Many people underestimate the advances that have been made in overall system security as we progress towards a Smart Grid infrastructure. [more]
Thursday, 26 March 2009, 2:16 PM CET

Whitepaper - SaaS secures in uncertain times
Learn how you can save money and simplify management with Webroot Security SaaS. [more]
Thursday, 26 March 2009, 2:16 PM CET

Website security needs a strategy
The Web security industry supposedly advocates a strategy based upon risk reduction, but predominately practices defect reduction as the measuring stick. [more]
Thursday, 26 March 2009, 2:12 PM CET

IT embracing managed security to meet security challenges
Symantec released the findings of its 2009 Managed Security in the Enterprise Report. The study found that cyber risks and actual attacks have grown significantly in the past two years and are expected to continue to grow in the next two years. [more]
Wednesday, 25 March 2009, 11:34 PM CET

Trusting hardware
You feel satisfied and cannot understand all those stupid people running closed source systems like e.g. Windows. Right? [more]
Wednesday, 25 March 2009, 2:21 PM CET

Guide - Meeting vulnerability scanning requirements for PCI
Learn the scanning requirements for PCI-DSS to achieve compliance. [more]
Wednesday, 25 March 2009, 7:32 AM CET

Scanning vulnerable Linux distributions with Nessus
A challenge for many penetration testers is to find a vulnerable system they can use to test their penetration testing skills and tools before they use them against paying clients. [more]
Wednesday, 25 March 2009, 7:31 AM CET

Phishing, vishing and unscrupulous tax preparers pose a threat
Tax time will unfortunately bring more than a refund check to many taxpayers this year. Affinion Security Center recently conducted a survey of 1,000 adults to determine the level of awareness and concern that exists for tax- and employment-related identity theft. [more]
Tuesday, 24 March 2009, 11:58 PM CET

Critical vulnerabilities in HP OpenView
A trio of vulnerabilities in HP OpenView Network Node Manager (NNM) can be exploited remotely via buffer overflow to compromise mission-critical servers within an organization using the software. [more]
Tuesday, 24 March 2009, 11:45 PM CET

Modular open source platform for creating network security tools
Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. [more]
Monday, 23 March 2009, 11:42 PM CET

SEO techniques used to distribute rogue anti-virus software
Finjan's Malicious Code Research Center (MCRC) managed to research one of the rogueware affiliate networks, where members make $10,800 a day. In the first issue of its Cybercrime Intelligence Report for 2009, Finjan shows how the rogueware was distributed using SEO techniques. [more]
Monday, 23 March 2009, 10:00 PM CET

Quick wins and Web application security
Consider for a moment that Website Security equals Software Security, which it does plus much more. Then a maturing program will often require fundamental changes in business and code development processes. [more]
Friday, 20 March 2009, 2:47 PM CET

The most prominent types of Web application vulnerabilities
Findings from a report point out the continued growth of vulnerabilities and growth of attacks through Web applications. Most notably, the total number of reported vulnerabilities went up to 2,835, an increase of more than 10 percent from the first half, of which the percentage of vulnerabilities relating to Web applications hit a staggering 80 percent. [more]
Thursday, 19 March 2009, 11:57 PM CET

Whitepaper - Reducing the risk of unauthorized access to enterprise applications and resources
Learn how to maintain an appropriate security posture, prevent unauthorized access and minimize your organization's exposure to risk. [more]
Thursday, 19 March 2009, 11:28 PM CET

Attacking SMM memory via Intel CPU cache poisoning
Rafal Wojtczuk and Joanna Rutkowska today published a paper that discusses an architectural problem affecting Intel-based systems that allow for unauthorized access to SMRAM. [more]
Thursday, 19 March 2009, 11:09 PM CET

Man indicted for disabling offshore oil platform leak-detection system
A man who worked at a company that operated off-shore oil platforms was indicted on federal charges of damaging the company’s computer systems after it declined to offer him permanent employment. [more]
Thursday, 19 March 2009, 5:27 PM CET

Guidelines on unsafe cryptographic algorithms
Experts in the security community have indicted many commonly used cryptographic algorithms as insecure. Bases for these claims of insecurity often include advances in cryptographic research that have demonstrated previously unknown weakness in algorithms and advances in the computational power of readily available hardware. [more]
Wednesday, 18 March 2009, 10:12 PM CET

Free tool helps you avoid malicious exploits
F-Secure Exploit Shield is a free beta tool that recognizes attempts to exploit a known web-based vulnerability and shields the user against them. It also works against new, unknown vulnerability exploits by using generic detection techniques based on the behavior of exploits. [more]
Wednesday, 18 March 2009, 7:31 PM CET

Survey unmasks the risk of data leaks and losses
More than half of UK public and private sector organisations are still risking data breaches and leaks, because they do not have data encryption in place to secure information on laptops, handheld devices and removable storage media. [more]
Wednesday, 18 March 2009, 7:30 PM CET

Whitepaper - The next generation of Web security
Learn how Web Security SaaS can increase overall security effectiveness and identify critical elements that make for lower-cost and easier-to-manage Web security solutions. [more]
Wednesday, 18 March 2009, 7:30 PM CET

Worldwide survey: Security risks are higher than you think
Today’s Internet surfers are feeling lucky in love with nearly seven in 10 adults reporting that the Internet improves their relationships, according to the second annual Norton Online Living Report. But it’s not all happy connections and relationships. Unfortunately, when it comes to the eternal worry - do you know where your kids are? - the answer is: not always. Parents are in the dark, with kids reporting spending nearly twice as much time online as their parents think. [more]
Tuesday, 17 March 2009, 11:21 PM CET

Whitepaper - Data privacy best practices: time to take action!
In the midst of unprecedented security breaches, the best way to ensure that confidential information remains protected is to develop and implement a comprehensive privacy and security strategy. [more]
Tuesday, 17 March 2009, 4:12 PM CET

Tips for safe online tax preparation and e-filing
To ensure a secure online tax preparation and e-filing experience, BitDefender urges users to follow the security tips before preparing or filing taxes online. [more]
Tuesday, 17 March 2009, 4:11 PM CET

Army database compromised
The Army recently discovered a potential penetration of soldier information that occurred on a password-protected, secure web-based database of almost 1600 soldiers. As a cautionary measure, the Army is notifying those affected soldiers via email or letter. [more]
Friday, 13 March 2009, 11:54 PM CET

Credit crunch fuels surge in Web attacks
ScanSafe issued its Annual Global Threat Report based on an analysis of more than 240 billion Web requests processed in 2008 by the ScanSafe Threat Center from corporate customers in more than 80 countries. It represents the world’s largest security analysis of real-time traffic. [more]
Wednesday, 11 March 2009, 11:56 PM CET

The effectiveness of IT investments
Whilst economic pressures have put the spotlight on short-term IT cost savings, according to a new report by Butler Group, of even greater significance is the longer-term emphasis on the strategic management of IT costs, as well as getting value from existing and new IT investments. [more]
Wednesday, 11 March 2009, 11:54 PM CET

4 reasons we must redefine Web application security
Whether it’s XSS (Cross Site Scripting) or SQL Injection, the root of the problem is that malicious data or code is submitted to an application and not properly ferreted out by sanitization routines written by developers, for whatever reason. [more]
Wednesday, 11 March 2009, 8:09 AM CET

Whitepaper - The hidden dangers of spam
Learn how to combat spam, mitigate security risks, and restore productivity to companies grappling with an influx of illicit email. [more]
Wednesday, 11 March 2009, 8:08 AM CET

Networking analytics example
I just setup a new Sun Storage 7410, and found a performance issue using Analytics. People have been asking for examples of Analytics in use, so I need to blog these as I find them. This one is regarding network throughput, and while simple - it demonstrates the value of high level data and some features of Analytics. [more]
Wednesday, 11 March 2009, 8:07 AM CET

10 million actively exposed to identity theft in 2008
PandaLabs announced the findings from a comprehensive identity theft study. Based on the analysis of 67 million computers during 2008, PandaLabs revealed that 1.1 percent of the worldwide population of Internet users have been actively exposed to identity theft malware. [more]
Tuesday, 10 March 2009, 8:21 PM CET

Photos from InfoSec World 2009
InfoSec World 2009 Conference & Expo features over 100 sessions, 11 content tracks, dozens of case studies and live demos, 15 in-depth workshops, 3 co-located summits and over 140 exhibitors. [more]
Tuesday, 10 March 2009, 8:21 PM CET

Member of the botnet underground sentenced to prison
Concluding the first prosecution of its kind in the nation, a man associated with the “botnet underground” was sentenced to 48 months in federal prison for using his “botnets” – armies of compromised computers – to steal the identities of victims throughout the country by extracting information from their personal computers and wiretapping their communications. [more]
Monday, 9 March 2009, 9:09 PM CET

Twitter users hit by Chatwebcamfree attack
Twitter users should to be vigilant as approximately 750 accounts on the popular micro-blogging site have been hit by yet another hack attack. Experts at SophosLabs found that inappropriate messages were being sent from compromised accounts in an effort to drive traffic to a pornographic website, Chatwebcamfree. [more]
Monday, 9 March 2009, 11:16 AM CET

The economy and cyber crime
In this uncertain global economy, you can count on one thing: crime – both in the real world and the online one – has the opportunity to thrive. According to a recent study by the fraud-tracking firm, Javelin Research, identity theft is becoming more prevalent with the number of victims rising 22 percent from 2007 to 2008. One reason sited for the increase is the worsening economy. [more]
Monday, 9 March 2009, 11:15 AM CET

Cyber-security czar quits amid fears of NSA takeover
Rod Beckström, the Department of Homeland Security's controversial cyber-security chief, has suddenly resigned amid allegations of power grabs and bureaucratic infighting. [more]
Monday, 9 March 2009, 12:03 AM CET

Whitepaper - Data privacy best practices: Time to take action!
In the midst of unprecedented security breaches, the best way to ensure that confidential information remains protected is to develop and implement a comprehensive privacy and security strategy. [more]
Monday, 9 March 2009, 12:00 AM CET

Whitepaper - Virtualization 101: A guide to using virtualization in any environment
Server virtualization promises a new way of doing things, by dissolving old IT barriers and constraints. [more]
Friday, 6 March 2009, 6:12 AM CET

Monitor enterprise clusters with Ganglia
This is the first article in a two-part series that looks at a hands-on approach to monitoring a data center using the open source tools Ganglia and Nagios. [more]
Friday, 6 March 2009, 6:10 AM CET

Benchmarks for developing and growing an enterprise-wide software security program
Fortify Software released the "Building Security In Maturity Model (BSIMM)," the industry's first-ever set of benchmarks for developing and growing an enterprise-wide software security program. [more]
Thursday, 5 March 2009, 5:19 PM CET

F-Secure survey finds people still insecure online
F-Secure’s annual Online Wellbeing uncovered Internet users’ feelings of personal online security with regards to online banking, children’s safety while surfing the web, and credit card information when shopping online. Overall, 50% of respondents were confident about their security when banking online. However, only 6% of respondents felt secure in making credit card purchases online. [more]
Thursday, 5 March 2009, 5:19 PM CET

Fast, easy things to do with the Trusted Platform Module
Most enterprises today can easily determine exactly who is on their networks, prevent data loss and manage passwords using widely available tools and at little initial cost or ongoing maintenance, note security experts at the Trusted Computing Group. [more]
Wednesday, 4 March 2009, 6:32 PM CET

What is security transparency?
While many security professionals speak about transparency when it comes to information security, very few definitions fit the overarching idea of transparency. [more]
Wednesday, 4 March 2009, 8:52 AM CET

Book review - Networking (2nd Edition)
Computer networking is one of those subjects that is essential to computer professionals working in various fields. While there's a great deal of titles covering networking available on the market, there's always place for a polished piece of work that expands on new technologies and offers a solid overview of the basics. Networking (2nd Edition) is such a book. [more]
Tuesday, 3 March 2009, 11:15 PM CET

Top 5 information security challenges for US government agencies
Cloakware identified the top five challenges facing federal agencies that expose them to critical security breaches. The list, compiled from in-depth conversations with industry experts and government agencies, outlines the most significant challenges facing federal organizations concerned with protecting the systems that support critical infrastructure (cyber CIP) while providing an operationally efficient environment. [more]
Tuesday, 3 March 2009, 2:49 PM CET

Video: Hiding Meterpreter with IExpress
This video by Rob Fuller demonstrates how to make running an executable less suspicious for the victim. Driving home the point that one should not run programs that you can't verify the source of. [more]
Tuesday, 3 March 2009, 2:48 PM CET

Top identity theft trends to watch out for
Consumers need to use all the tools available to proactively fight today's creative, technologically-savvy identity thieves. Without the appropriate tools for protecting personal information and keeping it out of criminals' hands, more consumers will likely join the list of millions of identity theft victims in the United States. [more]
Monday, 2 March 2009, 9:39 AM CET

Sleuthing software can reassemble deleted photos
Retrieving those images can be tricky, particularly when the files have been fragmented and bits of them are scattered throughout the hard drive or camera card. [more]
Monday, 2 March 2009, 8:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st