Off the Wire

Off The Wire Archive

News items for May 2008

Wiping your disk drive clean
Everybody who owns a computer will someday need to dispose of a disk drive. Before you do, it is a good idea to cleanse the drive, so no one can read your sensitive information. [more]
Friday, 30 May 2008, 11:14 AM CET

Web application security landscape and trends
In the latest issue of the HNS Podcast, Mandeep Khera from Cenzic shares web application security trends observed by his company in the first quarter of 2008. Mr. Khera also discusses the overall web applications security landscape. [more]
Friday, 30 May 2008, 9:08 AM CET

Task force to review UCSF data security
UCSF's chancellor has formed a top-level task force to review and improve security practices following two recent security breaches involving patient medical information. [more]
Thursday, 29 May 2008, 9:14 AM CET

The botnet business
This article discusses zombie networks or botnets: how they are created, who uses them to make money on them and how this is done. Readers who are already familiar with the subject will find the information on the latest trends in botnet development of interest. [more]
Wednesday, 28 May 2008, 9:42 PM CET

Cisco IOS rootkit demonstrated
Last Thursday at the EUSecwest conference, security researcher Sebastian Muniz of Core Security Technologies demonstrated a proof-of-concept rootkit for Cisco's IOS router operating system. [more]
Wednesday, 28 May 2008, 9:19 AM CET

Telekom promises investigation into spying scandal
Revelations in SPIEGEL that German phone company Deutsche Telekom spied on top executives and journalists provoked a storm of criticism from politicians and privacy watchdogs this week, and the supervisory board is piling pressure on management to pinpoint the culprits in the next few weeks. [more]
Tuesday, 27 May 2008, 5:59 PM CET

Safeguarding your data with TrueCrypt
There are countless reasons why you'd like to make sure your data stays private. Maybe you travel a lot and you're worried your laptop may be stolen, perhaps you work or live in an environment where other people have access to your computer. In any case, the procedure of encrypting data can be simple and very well integrated into your daily workflow. [more]
Monday, 26 May 2008, 5:35 PM CET

How to sell security
It's a truism in sales that it's easier to sell someone something he wants than something he wants to avoid. People are reluctant to buy insurance, or home security devices, or computer security anything. [more]
Monday, 26 May 2008, 4:39 PM CET

MIT helps develop new image-recognition software
It takes surprisingly few pixels of information to be able to identify the subject of an image, a team led by an MIT researcher has found. [more]
Monday, 26 May 2008, 12:00 AM CET

Easiest way into a company
One web page and one email is all you need to gain access to a major corporation’s internal network. [more]
Thursday, 22 May 2008, 8:08 PM CET

Spoofing SSL in Firefox 3
As with Firefox 3 release candidate 1 the yellow address bar is gone - the address bar remains white as with regular pages, there is no padlock to see nor any other visual indicator. [more]
Thursday, 22 May 2008, 12:33 AM CET

Video: portable security showcase
At the RSA Conference 2008 in San Francisco we caught up with MXI Security. In this video you can see a showcase of their offerings related to portable security. [more]
Wednesday, 21 May 2008, 12:26 AM CET

Securing data - first level of defense
This article focuses upon testing the reliability user input at the lowest level. [more]
Wednesday, 21 May 2008, 12:21 AM CET

Whitepaper: protecting enterprise data on the endpoint
There is no doubt that laptops, removable media, handheld organizers, smartphones, memory sticks and cell phones are now essential to business productivity. [more]
Wednesday, 21 May 2008, 12:00 AM CET

Google Health beta launches with security issues looming
Google Health opened up to the public today after several months of private beta testing. [more]
Tuesday, 20 May 2008, 11:37 AM CET

Fwknop and single packet authorization
Protecting servers by placing them behind a firewall is a best-practice methodology for systems administrators, but it's not a panacea: those systems are still visible to network scanners such as nmap and nessus. [more]
Tuesday, 20 May 2008, 11:36 AM CET

Secure file-sharing with PHP, MySQL, and JavaScript
Use PHP to create a secure Internet file-sharing application that employs a database abstraction layer and separates HTML design from PHP programming. [more]
Tuesday, 20 May 2008, 11:06 AM CET

Backing a managed card with alternate credentials
When a Managed Card is used, the user must authenticate to the identity provider (IP), in order to get a token. [more]
Tuesday, 20 May 2008, 7:03 AM CET

Secret data in FBI wiretapping audit revealed with ctrl+c
Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys - and that information turns out to be not very sensitive after all. [more]
Tuesday, 20 May 2008, 12:03 AM CET

Information assurance: national security’s new front line
The ease of accessing information on the Web and attacking the networks of where such data resides has created a false sense of security that can be exploited by insurgent organizations and criminals using new and powerful tools at their disposal. The only way for government agencies to circumvent this threat is to completely protect user identities through anonymous Web surfing systems, making this a new requirement while online. [more]
Monday, 19 May 2008, 7:02 PM CET

Identity theft hits the root name servers
There have been a number of attacks on the root name servers over the years, and much written on the topic. Even if you don't know exactly what these servers do, you can't help but figure they're important when the US government says it is prepared to launch a military counterattack in response to cyber-attacks on them. [more]
Monday, 19 May 2008, 3:42 PM CET

Japanese P2P virus writer convicted, escapes jail
Experts are questioning whether courts worldwide are giving consistent sentences to hackers following news that a Japanese man has escaped jail, despite admitting writing a virus that wiped music and movie files on innocent users' computers. [more]
Monday, 19 May 2008, 12:00 AM CET

Book review - Big Book of Windows Hacks
When it comes to "how to" articles there's a wealth of free material available online. With the growing popularity of blogs, a myriad of people are eager to share their hacks with the world. The problem with all this wealth of information is finding the good stuff, tailored to your needs, and being sure it actually works as you expect it to. Enter the "Big Book of Windows Hacks" which aims to provide quality tips related to the Windows OS. [more]
Friday, 16 May 2008, 9:02 PM CET

Anonymous Web surfing with TorK
Everyone who surfs the Net is eminently trackable. Internet data packets include not only the actual data being sent, but also headers with routing information that is used to guide the packages to their destinations. [more]
Friday, 16 May 2008, 9:01 PM CET

US 'cyber-bully' mother indicted
A Missouri woman who allegedly used a fake MySpace profile to bully a girl who later committed suicide has been indicted by a federal Grand Jury. [more]
Friday, 16 May 2008, 9:37 AM CET

Air Force aims for 'full control' of 'any and all' computers
The Air Force wants a suite of hacker tools, to give it "access" to -- and "full control" of -- any kind of computer there is. [more]
Thursday, 15 May 2008, 9:42 AM CET

Does secure software really matter?
If you ask the average expert what organizations should do about Web security you’d almost universally hear what’s become like a religious commandment, “Thou shall add security as part of the application from the beginning. Blessed are those who develop secure code.” Amen. [more]
Thursday, 15 May 2008, 9:36 AM CET

Five IRS employees charged with snooping on tax returns
Five workers at the Internal Revenue Service's Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers' files for their own purposes. [more]
Wednesday, 14 May 2008, 6:08 AM CET

The rising trend of Internet counter-intelligence
A growing and dangerous threat, called Internet counter-intelligence, is the use of sophisticated Web analytics to uncover corporate-user identities to analyze and track enterprise surfing habits. Doing so affords the perpetrator the ability to capture IP addresses and network identities. [more]
Tuesday, 13 May 2008, 9:57 PM CET

International hackers indicted for sniffing credit cards
Three international hackers have been indicted for allegedly using "college-level knowledge of computer programming skills" to steal and sell credit card numbers from customers of Dave & Buster's restaurant chain [more]
Tuesday, 13 May 2008, 5:45 PM CET

A guide to cryptography in PHP
In an ideal world, words like cryptography and security wouldn't even exist, but the real world is far from perfect, so software developers have to spend a good deal of time building security into applications. [more]
Tuesday, 13 May 2008, 2:34 PM CET

How to protect your laptop with a privacy filter
This article will show you how to make your Asus Eee PC secure from prying eyes by using a privacy filter. 3M Privacy Filters help block the screen view from anyone viewing the computer from a side view. Their unique microlouver privacy technology allows just persons directly in front of the computer to see on screen data clearly. [more]
Tuesday, 13 May 2008, 2:31 PM CET

Ksplice: kernel patches without reboots
With ksplice, system administrators can have the best of both worlds: security fixes without unsightly reboots. [more]
Monday, 12 May 2008, 1:59 PM CET

Security flaw turns Gmail into open-relay server
A recently-discovered flaw in Gmail is capable of turning Google's e-mail service into a highly effective spam machine. [more]
Monday, 12 May 2008, 1:58 PM CET

Cyberwar game: NSA attacks West Point
Five hours into their assault on West Point, the hackers got serious. [more]
Monday, 12 May 2008, 1:57 PM CET

Security through obscurity is plain dumb
If there is one security technique that has proven to be as effective and realistic as keeping diamonds safe in a paper bag it is security through obscurity. [more]
Monday, 12 May 2008, 1:53 PM CET

FBI says the military had bogus computer gear
Counterfeit products are a routine threat for the electronics industry. However, the more sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the FBI and the Pentagon. [more]
Friday, 9 May 2008, 10:29 AM CET

5 ways insiders exploit your network
Policing insiders can prove challenging given the privileged access they require to do their jobs. [more]
Thursday, 8 May 2008, 10:17 AM CET

Microsoft may build a copyright cop into every Zune
If you like to download the latest episodes of “Heroes” or other NBC shows from BitTorrent, maybe you shouldn’t buy a Microsoft Zune to watch them on. [more]
Thursday, 8 May 2008, 12:08 AM CET

Book review: Backup & Recovery
The undeniable importance of backup is the reason why system administrators invest time and effort into creating and maintaining a backup system fit for their infrastructure. While for a home user it may be enough to burn their files to a DVD from time to time, professionals and organizations must tackle the problem of possible data loss with a strong understanding of their needs. [more]
Wednesday, 7 May 2008, 11:59 PM CET

Hacker kept on NDS payroll after accused of piracy
A high-ranking News Corp official testified on Tuesday that he kept two hackers on the payroll for years after one of them was accused of infiltrating the security system of rival satellite television company DISH Network Corp. [more]
Wednesday, 7 May 2008, 10:45 PM CET

Isohunt founder at center of U.S. torrent-tracking legal battle
The Motion Picture Association of America claims in a lawsuit that Gary Fung is a copyright scofflaw of the highest order - facilitating the theft of millions of its copyrighted works hosted in tiny pieces resting on servers and individuals' computers worldwide. [more]
Wednesday, 7 May 2008, 9:58 AM CET

Hundreds of laptops missing at State Department
Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found. [more]
Tuesday, 6 May 2008, 8:29 PM CET

Government wiretaps up 20% for 2007
The US last week released its 2007 wiretapping stats, and they show that such surveillance is up a full 20 percent over the year before. [more]
Tuesday, 6 May 2008, 11:25 AM CET

Video: The Enigma Machine
The National Security Agency (NSA) had an Enigma machine in their booth at the RSA Conference 2008 in San Francisco. Here's a video that shows the machine and provides some history about it. [more]
Monday, 5 May 2008, 11:26 PM CET

HNS Podcast: Jeremiah Grossman's top security conferences
Jeremiah Grossman, the founder and Chief Technology Officer of WhiteHat Security attends quite a number of security conferences around the globe. A couple of weeks ago we had a chat with him and in this short podcast he discusses four of his favorite events. [more]
Monday, 5 May 2008, 8:25 PM CET

China mounts cyber attacks on Indian sites
China’s cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability. [more]
Monday, 5 May 2008, 5:05 PM CET

In Pellicano case, lessons in wiretapping skills
The wiretapping trial of Anthony Pellicano, the accused sleuth to the stars and irrepressible eavesdropper, has offered much fodder for celebrity watchers over its two-month run. [more]
Monday, 5 May 2008, 5:03 PM CET

What's up with the secret cybersecurity plans
The government's new cyber-security "Manhattan Project" is so secretive that a key Senate oversight panel has been reduced to writing a letter to beg for answers to the most basic questions, such as what's going on, what's the point and what about privacy laws. [more]
Monday, 5 May 2008, 4:09 PM CET

100 e-mail bouncebacks? You've been backscattered
The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting, apparently from you. [more]
Monday, 5 May 2008, 12:09 AM CET

Protecting yourself from suspicionless searches while traveling
The Ninth Circuit's recent ruling in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. [more]
Friday, 2 May 2008, 7:01 PM CET

Cyberwarfare: Darpa's new 'space race'
Under a directive signed by the President - and OK'd by Congress - nearly every arm of the government's security apparatus is starting work on a massive national cybersecurity initiative, designed to protect the United States from electronic attack (and strike at adversaries online, as well). [more]
Friday, 2 May 2008, 10:20 AM CET

A visit with inmate No. BFPS63 aka Hans Reiser
Inside the Cellblock 9 visiting room here at Santa Rita Jail, inmate number BFPS63 looked like a man with a big hangover. [more]
Thursday, 1 May 2008, 9:20 AM CET

The ABCs of securing your wireless network
In this practical introduction to the basics of securing your home wireless network, we'll cover the important, high-level points that ordinary users need to know in order to secure a network of game consoles, phones, and PCs. [more]
Thursday, 1 May 2008, 3:21 AM CET

Anatomy of Security-Enhanced Linux
Linux has been described as one of the most secure operating systems available, but the National Security Agency has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). [more]
Thursday, 1 May 2008, 3:15 AM CET


Successful strategies to avoid frequent password changes

Posted on 19 August 2014.  |  After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But, there’s a better way.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Aug 20th