Off The Wire Archive

News items for April 2008

Declassified NSA document reveals the secret history of TEMPEST
It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government's most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. [more]
Wednesday, 30 April 2008, 8:37 PM CET

Whitepaper - Your 10 biggest network security worries
Learn what threats and vulnerabilities today's small business IT professionals need to defend against, along with tips on how to fight them. [more]
Wednesday, 30 April 2008, 4:34 PM CET

Storm Worm Q&A with the Principal Security Strategist for IBM ISS
With more than ten years of experience in security and networking software development, Corman is currently leading an industry charge to evolve defenses against the latest generations and innovations of malicious code. In this Q&A session he discusses the Storm Worm. [more]
Tuesday, 29 April 2008, 11:43 PM CET

How to avoid getting phished
Millions of people have gotten "urgent" emails asking them to take immediate action to prevent some impending disaster. [more]
Tuesday, 29 April 2008, 11:41 PM CET

Beating the codebreakers with quantum cryptography
Quantum cryptography may be essentially solved, but getting the funky physics to work on disciplined computer networks is a whole new headache. [more]
Tuesday, 29 April 2008, 3:49 PM CET

Firefox 3 improves handling of invalid SSL certificates
I have downloaded the beta of Firefox 3 to check out the improvements related to SSL. [more]
Tuesday, 29 April 2008, 2:35 PM CET

A case of network identity theft?
Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as one of the world's most notorious spammers. [more]
Tuesday, 29 April 2008, 2:33 PM CET

Lawyers fear monitoring in cases on terrorism
Thomas Nelson, an Oregon lawyer, has lived in a state of perpetual jet lag for the last two years. Every few weeks, he boards a plane in Portland and flies to the Middle East to meet with a high-profile Saudi client who cannot enter the United States because he faces charges here of financing terrorism. [more]
Tuesday, 29 April 2008, 2:31 PM CET

Automatic patch-based exploit generation is possible
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update. [more]
Monday, 28 April 2008, 5:10 PM CET

The new e-spionage threat
A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps. [more]
Monday, 28 April 2008, 3:11 PM CET

Security gaps open when ISPs hire third parties
When Internet providers hire third-party companies to serve up advertisements on unused Web pages, that creative attempt to make money can open major security vulnerabilities they can't control, a researcher has found. [more]
Friday, 25 April 2008, 12:06 AM CET

Video: the fundamentals of physical security
Deviant Ollam works as a network engineer and security consultant but his strongest love has always been teaching. He has given lockpick demonstrations at ShmooCon, DefCon, HOPE, HackCon, HackInTheBox, and the West Point Military Academy. In this video, made at Black Hat Europe, he discusses the importance of physical security and illustrates that with a real-world example. [more]
Thursday, 24 April 2008, 8:42 PM CET

Protecting directory trees with gpgdir
gpgdir uses GNU Privacy Guard (GnuPG) to encrypt and decrypt files or a directory tree. [more]
Thursday, 24 April 2008, 6:31 PM CET

Thieves set up data supermarkets
Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price. [more]
Thursday, 24 April 2008, 12:00 AM CET

Bacula: backups that don't suck
Good systems administrators know that implementing a robust backup procedure is one of their most important duties. [more]
Wednesday, 23 April 2008, 12:03 PM CET

(IN)SECURE Magazine issue 16 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about Windows log forensics, using packet analysis for network troubleshooting, the effectiveness of industry certifications, US political elections and cybercrime, reports from RSA Conference 2008 and Black Hat 2008 Europe, and much more. Download your FREE copy today! [more]
Tuesday, 22 April 2008, 9:09 PM CET

Create encrypted volumes with Cryptmount and Linux
Cryptmount is a friendly front-end to a batch of Linux utilities used to create encrypted volumes, such as device mapper, dm-crypt, and the kernel's loopback device. [more]
Tuesday, 22 April 2008, 12:21 PM CET

Protect your identity
Personal data safety is big business lately. There are a variety of ways to protect your identity or keep your personal information from the prying eyes of dishonest people, but Eric Wolbrom has what he believes is a unique service. [more]
Tuesday, 22 April 2008, 1:06 AM CET

Use SSH to create secure tunnels for SFTP, VNC, SVN and Firefox traffic
This guide will show you how to access a computer located on your home network from outside of your local area network. [more]
Monday, 21 April 2008, 4:36 PM CET

How to make something from nothing
Application-Specific Attacks: Leveraging the ActionScript Virtual Machine" may not vie with "Fear and Loathing in Las Vegas" for greatest title in publishing history, but its impact on the way malicious hackers and criminals find their way into our computers may well be as great as Hunter S Thompson's on the practice of journalism. [more]
Monday, 21 April 2008, 3:56 PM CET

GSM researcher stopped at Heathrow by UK government officials
I was searched by the UK government while waiting at the Gate and reading a newspaper. A UK Government employee flipped his badge and said "Let's talk. Come over here". [more]
Saturday, 19 April 2008, 4:59 PM CET

CNN Web site targeted
CNN was targeted Thursday by attempts to interrupt its news Web site, resulting in countermeasures that caused the service to be slow or unavailable to some users in limited areas of Asia. [more]
Saturday, 19 April 2008, 4:48 PM CET

Freedom of the cyber seas
How lessons from the U.S. government's response to pirates in the early 1800s can help the next president of the United States improve information security. [more]
Friday, 18 April 2008, 11:15 PM CET

Setting up firmware password protection in Mac OS X
You can use the Open Firmware Password application to set up low-level password protection with Mac OS X 10.1 and later. [more]
Friday, 18 April 2008, 3:50 PM CET

sSMTP - a simple alternative to Sendmail
Linux distributions have relied on the venerable Sendmail package since the early days of Slackware. But Sendmail's rich mail server features aren't an ideal solution for the typical desktop user whose primary mail support is delivered through a remote ISP. That's the perfect place for a simpler solution: sSMTP. [more]
Friday, 18 April 2008, 11:46 AM CET

Keeping your Mac locked down
In this article we'll take a look at some basic ways you can improve your Mac's security right out of the box. [more]
Friday, 18 April 2008, 3:54 AM CET

Windows Vista SP1: Not for the Impatient
Microsoft has released a bundle of security and stability updates for Windows Vista users. What follows is a long-overdue primer on this package of goodies from Redmond known as Service Pack 1. [more]
Friday, 18 April 2008, 3:51 AM CET

China defends anti-piracy efforts
Officials defended China's efforts to stop rampant copying of movies and other goods, saying Thursday that 4,322 people were convicted of product piracy last year and promising special efforts to protect Olympics-related trademarks. [more]
Friday, 18 April 2008, 12:06 AM CET

Insecurity over security software
It's time for a confession: I can't remember the last time a security program stopped me from accidentally opening a virus on any Windows machine--even though my public, widely published e-mail address has to be on half the spam databases in the world. [more]
Friday, 18 April 2008, 12:03 AM CET

A history of viruses and antivirus
In any field of human activity, the latest generation stands squarely on the shoulders of those who went before, learning from what has been done before, re-applying what has proved successful and also trying to break new ground. This is no less true of those who develop malicious code. Successive waves of malicious code have re-defined the threat landscape. [more]
Thursday, 17 April 2008, 9:54 PM CET

Be secure, and you'll be compliant
There’s been some recent chatter and speculation on the upcoming enhancement to the PCI standard. [more]
Thursday, 17 April 2008, 9:50 AM CET

Consumer groups urge "do not track" registry
Two consumer groups asked the Federal Trade Commission on Tuesday to create a "do not track list" that would allow computer users to bar advertisers from collecting information about them. [more]
Thursday, 17 April 2008, 12:29 AM CET

HNS Podcast: Penetration testing considerations
In this HNS podcast, Anothony Alves from CORE Security Technologies talks about penetration testing. He dicusses the things you should look for when considering doing a penetration test. [more]
Wednesday, 16 April 2008, 8:39 PM CET

The Payment Application Data Security Standard
The PCI Security Standards Council announced the release of version 1.1 of the Payment Application Data Security Standard (PA-DSS). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, other sensitive authentication data or PIN data, and ensure their payment applications support compliance with the PCI DSS. [more]
Wednesday, 16 April 2008, 10:33 AM CET

FBI caused delay in terror case ahead of senate testimony
Counterterrorism officials in FBI headquarters slowed an investigation into a possible conspirator in the 2005 London bombings by forcing a field agent to return documents acquired from a U.S. university. [more]
Wednesday, 16 April 2008, 1:52 AM CET

Fears over advert system privacy
Online advert system Phorm could make the net less secure and breaches human rights, the service's creators have been told. [more]
Wednesday, 16 April 2008, 1:51 AM CET

Online security: a closer look at a negative example
It may be easier than you think for someone to steal your wireless phone records. At least, that's the case if you're a Sprint wireless phone user. [more]
Wednesday, 16 April 2008, 12:58 AM CET

Three ways to test Web form input with a CAPTCHA
Many Web forms these days feature a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) as an effort to stop people from setting up computers to automatically fill in Web forms. [more]
Monday, 14 April 2008, 8:53 PM CET

Port forwarding via single packet authorization
Most port knocking or Single Packet Authorization implementations offer the ability to passively authenticate clients for access only to a locally running server (such as SSHD). [more]
Friday, 11 April 2008, 4:59 PM CET

The new e-spionage threat
A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps. [more]
Friday, 11 April 2008, 4:52 PM CET

Inside the black market 'bug trade'
Better code the only ammunition against black market software vulnerabilities. [more]
Friday, 11 April 2008, 4:44 PM CET

Extensive coverage of RSA Conference 2008
If you're looking for fresh news from the conference check out our Security World section. We've taken a variety of photos at the event, and four galleries are available: 1 - 2 - 3 - 4. [more]
Thursday, 10 April 2008, 6:32 PM CET

Hackers give Linux an easy ride
Operating system ignored in hacking contest says sponsor. [more]
Friday, 4 April 2008, 12:21 AM CET

Planning skills make engineers good field operatives
Engineers' personality traits make them excellent "field operatives" according to an international security expert. [more]
Friday, 4 April 2008, 12:00 AM CET

Video: hacking Second Life
Beyond being an online game Second Life is a growing marketplace for big companies where lot of money is made. Living and acting in a virtual world gives the people the opportunity to do things they would never do in real life. Therefore it is not surprising that Second Life has increasingly attracted real world hackers. [more]
Thursday, 3 April 2008, 4:02 PM CET

The difference between feeling and reality in security
Security is both a feeling and a reality, and they're different. You can feel secure even though you're not, and you can be secure even though you don't feel it. [more]
Thursday, 3 April 2008, 10:55 AM CET

Whitepaper - Next generation solutions for spam
Learn about the rapid evolution of spam and techniques to fight back. [more]
Wednesday, 2 April 2008, 5:23 PM CET

Outsourced passports risk national security
The United States has outsourced the manufacturing of its electronic passports to overseas companies raising concerns that cost savings are being put ahead of national security. [more]
Wednesday, 2 April 2008, 2:45 PM CET

Interview with Chris Sanders, author of "Practical Packet Analysis"
Chris Sanders is a Senior Support Engineer for KeeFORCE, a technology consulting firm. Chris writes and speaks on various topics including packet analysis, network security, Microsoft technologies, and general network administration. [more]
Wednesday, 2 April 2008, 12:06 PM CET

NXP RFID encryption cracked
The Chaos Computer Club (Hamburg, Germany) has cracked the encryption scheme of NXPs popular Mifare Classic RFID chip. [more]
Wednesday, 2 April 2008, 10:31 AM CET

A second-order of XSS
Several people have approached me for more information about the spate of search engine iFrame injection attacks that have been occurring for the last few weeks. [more]
Wednesday, 2 April 2008, 10:21 AM CET

Smartphones: pocketable endpoints or network backdoor?
In today's corporate environment, very few people are without some kind of cell phone. [more]
Wednesday, 2 April 2008, 12:03 AM CET

Spotlight

Information security executives need to be strategic thinkers

Posted on 17 June 2013.  |  George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.

Large orgs in denial about own security breaches?

Posted on 14 June 2013.  |  Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.

Vulnerability scanning with PureCloud

Posted on 12 June 2013.  |  nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.

To hack back or not to hack back?

Posted on 12 June 2013.  |  If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?

Reactions from the security community to the NSA spying scandal

Posted on 11 June 2013.  |  Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.