Off the Wire

Off The Wire Archive

News items for April 2009

Video: Infosecurity 2009 day two
Here's a look at the second day of Infosecurity 2009 from Earls Court - London, UK. [more]
Thursday, 30 April 2009, 11:58 PM CET


Business leaders overlook IT cost savings in favor of security
A survey commissioned by NetApp has revealed that UK business leaders are in the dark about how to reduce business costs through technology, focusing instead on managing security risks through IT. [more]
Thursday, 30 April 2009, 11:54 PM CET


Windows 7 RC is now available
Microsoft reached a significant milestone with the Release Candidate (RC) of Windows 7, now available for download to MSDN and TechNet subscribers. Broader public availability will begin May 5. [more]
Thursday, 30 April 2009, 11:45 PM CET


Companies increasing IT investments despite volatile economy
More than 25 percent of companies are increasing their investments in information technology (IT) this year, according to the Value of IT Investments survey of more than 500 IT professionals in the US. Conducted by ISACA, the survey also found that only 16 percent of companies are making across-the-board cuts in IT spending and 14 percent are freezing at current levels. [more]
Thursday, 30 April 2009, 11:25 PM CET


Beware of Facebook phishing attack
A rogue website located at fbaction.net is trying to look like the Facebook login page trying to steal your login information. [more]
Wednesday, 29 April 2009, 11:45 PM CET


Microsoft Office 2007 SP2 released
Microsoft Office 2007 Service Pack 2 (SP2) contains previously unreleased fixes that were made specifically for this service pack, in addition to general product fixes, these fixes include improvements in stability, in performance, and in security. It also contains all the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. [more]
Wednesday, 29 April 2009, 11:06 PM CET


Corporate security under threat from converged risks
Many security departments are so busy fighting day-to-day fires that they risk missing less obvious but equally important threats as well as failing to address the wider issue of ‘converged’ risk. As traditional risks converge with new ones, they can seriously jeopardize the organization's long term profitability, damage its brand or even threaten its very existence. [more]
Wednesday, 29 April 2009, 11:00 PM CET


Guide - Web application security: How to minimize prevalent risk of attacks
Vulnerabilities in web applications are now the largest vector of enterprise security attacks. [more]
Wednesday, 29 April 2009, 10:33 PM CET


62% of companies experienced security breaches in critical applications
Veracode announced the findings of an independent commissioned study conducted by Forrester Consulting titled, “Application Risk Management in Business Survey.” The survey revealed that enterprises are struggling to protect their organizations from the costly and growing threat of application security breaches. [more]
Wednesday, 29 April 2009, 10:03 PM CET


Security managers warned to address employees flouting rules
Too many companies leave themselves vulnerable to employees’ ignorance or purposeful flouting of the rules when it comes to information security, suggests a survey conducted by (ISC)2. [more]
Tuesday, 28 April 2009, 7:22 PM CET


One in four companies report attacks via social networking sites
A recent Sophos poll revealed that 63 per cent of system administrators worry that employees share too much personal information via their social networking profiles, putting their corporate infrastructure – and the sensitive data stored on it – at risk. [more]
Tuesday, 28 April 2009, 7:22 PM CET


Survey reveals a third of workers can be bribed
Would you sell your company’s secrets to a stranger for a million pounds? That’s the question put to 600 commuters last week at busy London railway stations and a third (37%) admitted that they would give over their company’s secrets for the right price. [more]
Tuesday, 28 April 2009, 7:21 PM CET


10 ways small business can improve security during a recession
Although many companies are understandably cutting back due to the current financial climate, IT security is one area companies cannot afford to. Protecting a company’s network and data assets is a key part of doing business today. Security is a cost of doing business and not an item on a checklist that can be added or removed as needed. [more]
Friday, 24 April 2009, 1:40 PM CET


Updated research of the largest base of real-world vulnerability data
Wolfgang Kandek, CTO of Qualys, today unveiled Laws of Vulnerabilities 2.0 derived from the industry’s largest vulnerability dataset. The Laws 2.0 reveals vulnerability half-life, prevalence, persistence and exploitation trends for five critical industry segments including Finance, Healthcare, Retail, Manufacturing and Services. [more]
Thursday, 23 April 2009, 6:22 PM CET


Corporations adjust to deal with IT security with reduced budgets
The worst downturn in a generation is forcing organizations to adapt to reduced budgets at the same time as facing increased threats and greater scrutiny through new regulations says the Information Security Forum in its latest briefing report: Managing Information Security in a Downturn. [more]
Thursday, 23 April 2009, 6:22 PM CET


Podcast: Modulo Risk Manager for the iPhone
Organizations have started doing extensive data collections worldwide. In this podcast, Alan Mattson, VP of Business Development at Modulo, discusses how their Risk Manager for the iPhone product is used in real-world situations. [more]
Thursday, 23 April 2009, 6:21 PM CET


Podcast: Cloud Security Alliance
Earlier today we covered the formal launch of CSA, but we also met up with Nils Puhlmann, one of the co-founders of the alliance and recorded a podcast with him. In this five minute audio, Mr. Puhlmann talks about the initial idea behind the Cloud Security Alliance, as well as their next steps. [more]
Wednesday, 22 April 2009, 9:49 PM CET


Survey: Majority of firms plan to maintain or increase IT security spending
According to CompTIA's 7th Annual Trends in Information Security survey, the majority of firms in the US and abroad plan to increase or maintain spending on IT security in 2009. [more]
Wednesday, 22 April 2009, 9:49 PM CET


RSA BSAFE EncryptionToolkits now free
In a move to help software developers innovate with confidence and further safeguard their applications from fraudsters, RSA launched the RSA Share Project, a new initiative designed to bring security tools within reach of corporate and independent software developers and project leaders. [more]
Tuesday, 21 April 2009, 1:09 PM CET


Photos: Innovation Sandbox at RSA Conference 2009
The Innovation Sandbox event is a new concept at the RSA Conference. It's a half-day interactive program devoted to highlighting technological breakthroughs and solutions that are designed to help security practitioners tackle emerging security issues facing the industry. Here are some photos from the event and after that a list of companies that participated. [more]
Tuesday, 21 April 2009, 6:09 AM CET


Qualys adds Web application scanning to QualysGuard
Qualys announced the addition of QualysGuard Web Application Scanning (WAS) 1.0 to the QualysGuard Security and Compliance Software-as-a-Service (SaaS) Suite, the company’s flagship solution for IT security risk and compliance management. [more]
Monday, 20 April 2009, 9:07 PM CET


Information security recruitment: How to move on in turbulent times
There are areas of the information security market where recruitment is less affected, most noticeably in the public sector. Many major consultancies and systems integrators continued to recruit during 2008 for security practitioners to work on long term government projects. This slowed somewhat from the final quarter of 2008, but we anticipate recruitment in this area will continue during 2009. Most commonly the skills required are security architecture and design, security risk assessment and security policy development. [more]
Friday, 17 April 2009, 11:42 PM CET


CERT releases Dranzer, a new tool to reduce ActiveX vulnerabilities
Dranzer offers developers the ability to conduct simple, fast testing of ActiveX controls during the quality assurance phase. This testing allows the developers to identify and reduce vulnerabilities, such as buffer overflows. [more]
Friday, 17 April 2009, 11:06 PM CET


The environmental impact of spam
McAfee announced new research findings that reveal spam e-mail is not only a nuisance, but is damaging to the environment and substantially contributes to green house gas (GHG) emissions. [more]
Thursday, 16 April 2009, 3:05 PM CET


Gartner: Phishing attacks on U.S. consumers increased 40 percent in 2008
More than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008, a 39.8 percent increase over the number of victims a year earlier, according to Gartner. [more]
Wednesday, 15 April 2009, 11:51 PM CET


Independent survey finds enterprises at-risk from insecure software
An independent study conducted by Forrester Consulting revealed that enterprises are struggling to protect their organizations from the costly and growing threat of application security breaches. The survey of nearly 200 businesses, found that more than 62% of organizations have experienced a security breach in the past 12 months due to exploitation of vulnerabilities in their critical software applications. [more]
Wednesday, 15 April 2009, 11:36 PM CET


Productivity and Internet abuse: How to improve one by eliminating the other
Productivity is a huge issue for many companies and the implications can be staggering, including wasted wages, lost business, and expensive efforts by IT departments to manually block unacceptable websites and clean up productivity-destroying malware acquired from downloads. In addition, an organization legal vulnerability increases when employees illegally download copyrighted or proprietary material or offensive text and images that can be disseminated throughout the enterprise. [more]
Wednesday, 15 April 2009, 11:15 PM CET


PIN crackers nab holy grail of bank card security
Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. [more]
Wednesday, 15 April 2009, 9:38 AM CET


Budget squeeze: How to maintain security during a recession
Learn how the Depository Trust and Clearing Corporation is keeping information security costs in check by automating processes with the Archer SmartSuite Framework. [more]
Wednesday, 15 April 2009, 9:37 AM CET


Review: Trend Smart Surfing for iPhone and iPod touch
Trend Micro recently launched "Trend Smart Surfing", a freeware iPhone application that provides URL reputation checks for iPhone users browsing the Web. [more]
Tuesday, 14 April 2009, 10:05 PM CET


Spending on information security to increase?
A survey by Infosecurity Europe has found that spending on Information security is likely to increase according to 55% of the 1010 respondents they asked and 34% expected their spending to remain the same as last year. Only 8% expect minor reductions of less than 5% of last years spending and 2% expect significant reductions of more than 5%. [more]
Tuesday, 14 April 2009, 10:04 PM CET


ICSA Labs on Twitter Worm
Andy Hayter, Anti-Malcode Program Manager at ICSA Labs, has put together some brief facts about the Twitter worm. [more]
Monday, 13 April 2009, 11:50 PM CET


Q&A: Malware and research
Roel Schouwenberg is the Senior Antivirus Researcher at Kaspersky Lab. Roel has nearly a decade of malware research and analysis experience. He monitors the state of malware in North America, providing advanced analysis of malware. [more]
Monday, 13 April 2009, 11:13 PM CET


Restricted budgets and information security
With the unraveling of the global financial system in 2008, analysts are confidently predicting that the real economy will experience a significant recession in 2009 and beyond. Most modern businesses rely on IT, which means that if they are to stay in business some aspects of their IT operations are non-negotiable. However, given inevitable budget scarcity, IT managers will be compelled to look much harder at how their ‘must-do’ operations, such as security, can be maintained with a higher degree of cost efficiency. [more]
Friday, 10 April 2009, 11:45 PM CET


Nessus 4 has been released
Tenable released version 4 of the Nessus vulnerability scanner. Nessus is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. [more]
Friday, 10 April 2009, 11:36 PM CET


McAfee offers guidance to improve critical infrastructure security
Recent reports that the US electrical grid has been penetrated by spies from China and Russia has prompted security experts from McAfee to issue a warning and advice to organizations tasked with protecting the nation’s critical infrastructures. Former national security officials have said that cyberspies penetrated the electrical grid and have left behind software programs that could disrupt the system. [more]
Friday, 10 April 2009, 11:30 PM CET


Adding a removable antenna to your WRTSL54GS
Over the past few months I've been contemplating a few projects for some WRTSL54GS routers with OpenWrt, however I really need these to have a high gain antenna on the WRTSL54GS. As you may recall, this model has a fixed antenna, with no option for adding one. I decided that I needed to fix that "design flaw". [more]
Friday, 10 April 2009, 1:34 PM CET


Creating custom reports with Nessus 4
A new feature in Nessus 4 is the ability to use XSLT stylesheets to create custom reports. [more]
Friday, 10 April 2009, 1:33 PM CET


Security policies should include Twitter?
Business should review their security policies to include Twitter, according to a guide by Network Box. [more]
Wednesday, 8 April 2009, 11:40 PM CET


Snort 2.8.4 is now available
Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. [more]
Wednesday, 8 April 2009, 11:24 PM CET


Whitepaper - Addressing Red Flag Requirements
Learn how to use SIEM to implement compliance monitoring. [more]
Wednesday, 8 April 2009, 11:20 PM CET


Survey shows configuration management is critical but organizations aren’t investing in it
Shavlik Technologies announced results of a survey the company recently conducted with responses from over 435 IT operations and security specialists. The survey illustrates that configuration management is considered a critical to perform IT task, but organizations aren’t necessarily investing in best practices to support it. [more]
Tuesday, 7 April 2009, 11:55 PM CET


Economic crisis increases Americans’ fears about fraud and ID theft
According to research conducted in late February by Unisys, the vast majority of Americans (nearly 75 percent) believe that the current world financial crisis has increased their risk for experiencing identity theft or related fraud crimes, and more than one-quarter believe the current crisis raises that risk substantially. [more]
Monday, 6 April 2009, 11:27 PM CET


Spyware rose 10% in Q1 2009
According to the PandaLabs malware report for the first quarter of 2009, Trojans have accounted for 73% of all new malware created during this period. Nevertheless, one of the main trends identified in the report is the growth of spyware, which rose from 2.5% in the previous quarter to 13.15% in the first three months of the year. [more]
Monday, 6 April 2009, 10:32 PM CET


Survey shows teens would spy on people online for money
A survey by Trend Micro suggests that British teens might be tempted by illegal online methods to make money. One in three teens (aged 12 – 18) admitted they would consider hacking or spying on people online if it meant they could make some fast cash. The survey exposes lack of "e-morals" at a time where kids are spending a significant amount of their time online. [more]
Friday, 3 April 2009, 9:53 PM CET


Whitepaper: 4 key steps to automate IT security compliance
Explore the internal and external regulatory challenges now faced by organizations, the scope of these challenges, and 4 key ways in which they can be addressed through better business processes and automation. [more]
Friday, 3 April 2009, 9:02 AM CET


The Hyper-V Security Guide
The Hyper-V Security Guide provides IT professionals with guidance, instructions, and recommendations to address key security concerns about server virtualization. [more]
Friday, 3 April 2009, 9:01 AM CET


Video: Dissecting the Conficker worm
Wolfgang Kandek, CTO of Qualys, talks about the Conficker worm. [more]
Wednesday, 1 April 2009, 11:59 PM CET


How to exploit the SIP Digest Leak vulnerability
The SIP Digest Leak is a vulnerability that affects a large number of SIP Phones, including both hardware and software IP Phones as well as phone adapters (VoIP to analogue). The vulnerability allows leakage of the Digest authentication response, which is computed from the password. An offline password attack is then possible and can recover most passwords based on the challenge response. [more]
Wednesday, 1 April 2009, 11:55 PM CET


World’s first fingerprint-enabled netbook
The new ASUS Eee PC 1004DN is the first netbook to integrate a fingerprint sensor, AuthenTec’s small form factor AES1610. [more]
Wednesday, 1 April 2009, 11:54 PM CET


Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //