Off the Wire

Off The Wire Archive

News items for July 2007

Manage your passwords with 1Passwd
Nowadays everyone has too many passwords to remember. People either use easy to remember passwords or even worse, the same password for multiple accounts. 1Passwd makes things easier when it comes to password management but it also goes beyond that with features like form filling and strong password generation. [more]
Tuesday, 31 July 2007, 9:30 PM CET

Firefox update comes with a mea culpa
Mozilla is pushing out an update to its Firefox Web browser (version that plugs a pair of security holes in the software. [more]
Tuesday, 31 July 2007, 6:21 PM CET

China's golden cyber-shield
The Chinese government is an infamous enforcer of digital apartheid. [more]
Tuesday, 31 July 2007, 6:14 PM CET

Lords to hear 'hacker' appeal
Gary McKinnon, the man accused of hacking into Pentagon and Nasa computers from a flat in north London, heard yesterday that he had won the right to have his case against extradition to the US heard by the House of Lords. [more]
Tuesday, 31 July 2007, 11:36 AM CET

300-day attacks
Some file formats are more vulnerable to exploits than others. [more]
Tuesday, 31 July 2007, 3:30 AM CET

Utility evades Vista kernel defenses
Aussie software can get around 64-bit Vista's signed-code requirement. [more]
Tuesday, 31 July 2007, 3:12 AM CET

The Yin and Yang of Internet security research
A law that makes it a crime to host online or otherwise provide software that could be used in cyber attacks went into effect in Germany this month. [more]
Tuesday, 31 July 2007, 1:42 AM CET

A quick intro to sniffers: Wireshark/Ethereal, ARPSpoof, Ettercap, ARP poisoning
When I tell some of my coworkers that I�m sniffing the network, they have a tendency to look at me funny. [more]
Tuesday, 31 July 2007, 1:27 AM CET

Beware your metadata trail
The British Times Online reports that the EXIF metadata embedded in digital camera images could be used to track down whoever photographed each page of the final Harry Potter novel uploaded it prior to the book's release. [more]
Tuesday, 31 July 2007, 1:12 AM CET

The story of DEFCON
Jeff Moss, the founder of DEFCON and Black Hat, tells the history of the largest hacker conference and how it all got started. Find out more about the early days of the hacking scene when dial-up was considered fast, how the security space changed around the conference as years went by, and discover some bizarre things that take place at the event. [more]
Monday, 30 July 2007, 10:20 PM CET

So many passwords, so little memory
On an average day I need to remember umpteen different chunks of otherwise useless information. I turn on my mobile phone - it needs a password... [more]
Monday, 30 July 2007, 2:45 AM CET

On your marks, get set, go: vulnerabilty mitigation race
In many ways, the public release of new web-based vulnerabilities is like a Track and Field race. [more]
Monday, 30 July 2007, 1:18 AM CET

Q&A: Security top concern for new IETF chair
Leading standards body gets serious about bolstering Internet security. [more]
Monday, 30 July 2007, 12:15 AM CET

Secure file deletion: fact or fiction?
This paper will deal with how and where some of these files are created and how to securely remove them from a system. [more]
Monday, 30 July 2007, 12:09 AM CET

Most vote machines lose test to hackers
State-sanctioned teams of computer hackers were able to break through the security of virtually every model of California's voting machines and change results or take control of some of the systems' electronic functions, according to a University of California study released Friday. [more]
Monday, 30 July 2007, 12:06 AM CET

Google plans YouTube antipiracy tool for September
Tool to be "very much compliant" with controversial DCMA takedown clauses. [more]
Monday, 30 July 2007, 12:03 AM CET

Inside threats: what’s walking out your front door?
Data has become fluid and collaboration, interoperability and mass dispersal of information is the name of the game. [more]
Friday, 27 July 2007, 10:31 PM CET

UK phone records to be kept for a year
UK telecoms companies will have to keep phone call logs for a year under a new law, which comes into force in October. [more]
Friday, 27 July 2007, 3:10 PM CET

Recovering from identity theft
Victims should take these steps to minimize the damage from identity scams. [more]
Friday, 27 July 2007, 1:39 PM CET

Spam to exploit?
it pays to be vigilant when dealing with unsolicited emails, no matter the source, subject or content. [more]
Friday, 27 July 2007, 12:17 PM CET

Interview with Richard Bejtlich, GE Director of Incident Response
In this interview Richard discusses how he got started in security, how to be a good analyst, and concerns for the future. [more]
Friday, 27 July 2007, 11:42 AM CET

GPCode evolution
This report contains a description of the more obscure, previously undocumented traits belonging to the GPCode/Glamour trojan. [more]
Friday, 27 July 2007, 11:39 AM CET

World Stock Exchange hit by theft
The World Stock Exchange said a former employee used inside knowledge to steal money from the virtual stock exchange’s ATM network. [more]
Friday, 27 July 2007, 2:09 AM CET

Can privacy be a premium service?
Time and privacy are two aspects of our modern lives that are in short supply. [more]
Friday, 27 July 2007, 1:30 AM CET

Retailers gang up against bands of thieves
Merchants pool resources and information in LERPnet, a national retail crime database, to foil thieves and protect goods. [more]
Friday, 27 July 2007, 1:30 AM CET

The Black Hat challenge
You'll need some basic skills, follow some rules but it sure looks like fun. [more]
Friday, 27 July 2007, 1:03 AM CET

Microsoft should welcome piracy in India and China?
By prosecuting copyright infringers in Asia, it drives consumers into the Linux camp. Better to ease up and build market share—for now. [more]
Friday, 27 July 2007, 12:28 AM CET

Deep packet inspection meets Net neutrality
Imagine a device that sits inline in a major ISP's network and can throttle P2P traffic at differing levels depending on the time of day. [more]
Friday, 27 July 2007, 12:26 AM CET

Setting up an encrypted Debian system
Ever since I heard that the new Debian “etch” installer supports encrypted LVM, I wanted to try having an encrypted disk... [more]
Friday, 27 July 2007, 12:04 AM CET

More malware crypters for sale
There's an ongoing trend among malware authors to either code malware crypters and packers from scratch and sell then at a later stage, or even more interesting, obtain publicly available crypters source code, modify, add extra featured and new encryption routines and make them available for sale. [more]
Thursday, 26 July 2007, 10:07 PM CET

Database admin at Fidelity National stole more data than thought
Information on as many as 8.5M consumers may have been exposed. [more]
Thursday, 26 July 2007, 10:04 PM CET

Guide to online antivirus solutions: NanoScan and TotalScan
Internet connections are getting faster every day, so online antivirus solutions have transformed from proof-of-concept into actual quality security services. Here you can read more about two online antivirus services created by Panda Software. [more]
Thursday, 26 July 2007, 8:38 PM CET

McAfee SiteAdvisor phishing quiz
Can you tell a fake Web site from a real one? [more]
Thursday, 26 July 2007, 8:35 PM CET

Fuzz testing with zzuf
Fuzz testing, which uses random input to test software for bugs, has been the biggest thing to happen in IT security in quite a while. [more]
Thursday, 26 July 2007, 2:23 PM CET

Identity framework moves into next phase
The Liberty Alliance Project has completed its initial research phase and has started developing technical specs for how companies can protect sensitive ID info. [more]
Thursday, 26 July 2007, 9:04 AM CET

Zero-day security flaw leaves Firefox wide open
Security researchers have disclosed a zero-day vulnerability in the latest version of Firefox that gives miscreants complete control of Windows-based computers when the Mozilla browser visits a booby-trapped website. [more]
Thursday, 26 July 2007, 1:31 AM CET

I'll be hacked for Christmas
To help others who'd like to make the gift of technology a little more personal, these hackers are publishing their findings online alongside step-by-step instructions for duplicating their modifications. [more]
Wednesday, 25 July 2007, 8:04 PM CET

Yahoo yodels new privacy tune
Not one to be left out, Yahoo has joined the chorus of search engines boasting new privacy policies. [more]
Wednesday, 25 July 2007, 8:03 PM CET

Forensics software can be hacked
Bugs in EnCase and The Sleuth Kit can be used to crash the programs or install unauthorized software on investigators' machines. [more]
Wednesday, 25 July 2007, 2:47 PM CET

Facebook site faces fraud claim
Networking website Facebook is to face legal action on Wednesday in a suit brought by a rival site's founders. [more]
Wednesday, 25 July 2007, 12:48 PM CET

Congress: P2P networks are security threat
Politicians charged on Tuesday that peer-to-peer networks can pose a "national-security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers. [more]
Wednesday, 25 July 2007, 9:25 AM CET

Nine hacks that will make you the master of your iPhone
ost of the hacks that have been publicized so far are aimed at controlling or enhancing your own iPhone, but a darker side has emerged too. A security firm announced a possible Wi-Fi-based browser exploit, which could give hackers access to an iPhone's microphone, surfing history and contact information -- and possibly website and e-mail passwords stored on the phone, too. Make no mistake: The iPhone is a magnet for hackers, both good and bad.

The hacks below run the gamut from easy hacks almost anyone can do to advanced mods that require serious hardware and software skills. Proceed at your own risk: With any hack, there is a chance you could permanently damage your iPhone or render it unusable, and you're almost certainly voiding your warranty if you try most of these hacks. You have been warned. [more]
Wednesday, 25 July 2007, 9:12 AM CET

More online shopping security with virtual credit cards
Millions of Americans are the victims of credit card fraud every year. A fifth of these people blame the internet. In fact, the top reason people shy away from internet shopping is the fear of theft of personal information. [more]
Wednesday, 25 July 2007, 12:58 AM CET

Dumpster-diving for e-data
Discarded flash drives, laptops, and PCs could be leaking critical information to a competitor. [more]
Wednesday, 25 July 2007, 12:00 AM CET

(IN)SECURE Magazine issue 12 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about enterprise grade remote access, keyloggers, Windows security, compliance, and much more. [more]
Tuesday, 24 July 2007, 9:24 PM CET

Top 5 security and networking widgets for Mac OS X
This article presents 5 widgets that that enable you to perform various tasks quickly, straight off the Dashboard. [more]
Tuesday, 24 July 2007, 7:12 PM CET

Back up your Google Apps data
Face it: If you use Google services like Gmail, Calendar, Docs and Spreadsheets, Reader, or Blogger, you've got a life's worth of data on Google's servers. [more]
Tuesday, 24 July 2007, 7:10 PM CET

Are security pros worrying about the right stuff?
Worms are scary, but experts say personnel issues should get more attention. [more]
Tuesday, 24 July 2007, 1:05 PM CET

Secure programming best practices for Windows Vista Sidebar Gadgets
Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls, and because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. [more]
Tuesday, 24 July 2007, 9:14 AM CET

Organized crime infiltrates financial IT
IT workers handling and protecting sensitive information are being trained and recruited by organized criminals to steal it, report finds. [more]
Tuesday, 24 July 2007, 6:52 AM CET

Chips: high tech aids or tracking tools?, a provider of surveillance equipment, attracted little notice itself - until a year ago, when two of its employees had glass-encapsulated microchips with miniature antennas embedded in their forearms. [more]
Monday, 23 July 2007, 6:25 PM CET

Economics of Tor performance
Currently the performance of the Tor anonymity network is quite poor. This problem is frequently stated as a reason for people not using anonymizing proxies, so improving performance is a high priority of their developers. [more]
Monday, 23 July 2007, 6:20 PM CET

Lock the door and make sure your data is protected
There was a day when everything was committed to paper and locked in a secure vault or safe in the office. Nowadays everything is digital but it still needs to be locked away in a digital vault. After all somebody is bound to forget to lock the door sooner or later. [more]
Monday, 23 July 2007, 3:03 PM CET

Piecing together IBM's security puzzle
Despite having some of the best security talent, products, and services around, IBM has no plans to become a full-on security vendor. [more]
Monday, 23 July 2007, 3:02 PM CET

SSH tricks
SSH (secure shell) is a program enabling secure access to remote filesystems. [more]
Monday, 23 July 2007, 10:33 AM CET

Microsoft shifts on web search privacy
Microsoft is moving to protect consumer privacy in web search and advertising and has called on the internet industry to support it. [more]
Monday, 23 July 2007, 10:32 AM CET

School conducts anti-phishing research
The e-mail appeared to be a routine correspondence between two friends. "Check this out!" it read, then listed a Web address. [more]
Monday, 23 July 2007, 12:51 AM CET

AT&T: spying on the home front
Mark Klein worked for more than 20 years as a technician at AT&T. Here he tells the story of how he inadvertently discovered that the whole flow of Internet traffic in several AT&T operations centers was being regularly diverted to the National Security Agency (NSA). [more]
Monday, 23 July 2007, 12:50 AM CET

The rules for computer forensics
The recovery of evidence from electronic devices is fast becoming another component of many the IT Manager’s remit. Electronic evidence gathered is often valuable evidence and as such should be treated in the same manner as traditional forensic evidence - with respect and care. [more]
Friday, 20 July 2007, 11:50 PM CET

A quarter century of computer viruses
The Apple II computer was a pioneer in many ways - some of which its inventors intended and some they most certainly did not. [more]
Friday, 20 July 2007, 5:50 PM CET

Japanese P2P leak cop fired
A Japanese policeman has been fired after he was held responsible for accidentally leaking confidential information via P2P file sharing software installed on his work PC. [more]
Friday, 20 July 2007, 5:49 PM CET

Net criminals shun virus attacks
Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts. [more]
Friday, 20 July 2007, 2:20 PM CET

Saving a packet trace in Mac OS X
If you need to get a packet trace and you don't already have a favorite utility for doing so, you can use the tcpdump command line tool. [more]
Friday, 20 July 2007, 1:07 PM CET

Modern Security Suite solutions: methods for protecting confidential data
The article takes the example of a well-known Trojan program, and examines the methods used by Norton360 and Kaspersky Internet Security 7.0 to protect confidential data from theft by the Trojan. [more]
Friday, 20 July 2007, 11:22 AM CET

Hackers hit Virgin America website as ticket sales start
Virgin America began selling airline tickets Thursday but found sales slowed by an apparent hacker attack on its website, the company said. [more]
Friday, 20 July 2007, 11:13 AM CET

How many FBI agents does it take to make a secret break-in crew?
How many FBI agents does it take to get to the center of a radical terrorist group's hideout by disabling the biometric door lock in order to plant bugs in the den's clock radio? [more]
Friday, 20 July 2007, 2:27 AM CET

How to recover forgotten Microsoft Word passwords
Microsoft Office applications have an option for setting up different levels of passwords. They can be used for specific actions such as preventing reading, writing or adding a master password to a file. In my case I needed to recover a passworded Microsoft Word file I snatched from my old PC backup. While setting the password to a Word file, it will explicitly tell you that it cannot be recovered if you forget it. But, where there is a will there is a way. [more]
Friday, 20 July 2007, 2:03 AM CET

On trust and regulation
Trust is part of our daily lives. [more]
Friday, 20 July 2007, 12:13 AM CET

Secret buildings you may not photograph
When Keith McCammon unwittingly took a picture of that building, he was launched on an odyssey that has so far involved an Arlington police officer, the chief of police and the defense of the United States of America. [more]
Friday, 20 July 2007, 12:00 AM CET

Unix security: treat compromises like disasters
Because they can often require a complete reinstallation, security compromises are best treated as disasters. [more]
Thursday, 19 July 2007, 3:39 AM CET

What's up with Snort licensing?
There have been a lot of questions and speculation about the things we (Sourcefire) have been changing in Snort's licensing recently and it needs to be addressed so that we can clear the air. [more]
Thursday, 19 July 2007, 12:42 AM CET

Will new Google cookie policy enhance privacy?
Data-tracking files will now expire automatically after two years. [more]
Thursday, 19 July 2007, 12:39 AM CET

Back up like an expert with rsync
What's so great about rsync? [more]
Thursday, 19 July 2007, 12:03 AM CET

Web vulnerabilities in the age of the iPhone
This article explores how the iPhone changes the balance of power when it comes to security. There are a few minor application issues that make a phisher's job easier and much more interesting is the way the iPhone connects the Web browser and the phone. [more]
Wednesday, 18 July 2007, 5:59 PM CET

FBI's secret spyware tracks down teen who made bomb threats
FBI agents trying to track the source of e-mailed bomb threats against a Washington high school last month sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server, according to an FBI affidavit obtained by Wired News. [more]
Wednesday, 18 July 2007, 11:35 AM CET

Certifying Information Security Management Systems
An Information Security Management System (ISMS) is focused on managing information security within an organization, a topic that is of growing concern to many organizations as they deal with the challenges presented in the information society including evolving information security and privacy legislation, published guidelines (OECD, cyber security), and threats natural (fire, flood, earthquake, tornados) or human introduced (viruses, spam, privacy, hacking, industrial espionage). [more]
Wednesday, 18 July 2007, 9:18 AM CET

Microsoft patents the mother of all adware systems
It's such a tremendously bad idea that it's almost bound to succeed. Microsoft has filed another patent, this one for an "advertising framework" that uses "context data" from your hard drive to show you advertisements and "apportion and credit advertising revenue" to ad suppliers in real time. [more]
Wednesday, 18 July 2007, 1:15 AM CET

Government-security firms hacked
Hackers steal information from several companies known for providing security services to government agencies. [more]
Wednesday, 18 July 2007, 1:03 AM CET

Closing security holes with application scanners
Before unleashing sites and software, these products will spotlight code that can leave you vulnerable. [more]
Wednesday, 18 July 2007, 12:15 AM CET

MIT Project aims human buffer overflow at Secret Service
We've known for years that color laser printers can embed a series of tiny yellow dots on pages they print. [more]
Wednesday, 18 July 2007, 12:06 AM CET

Hackers 3, Microsoft DRM 0
Hackers have made available the third version of the FairUse4M program, which provides PC users with tools to crack Microsoft's digital rights management system. [more]
Wednesday, 18 July 2007, 12:00 AM CET

Secure encryption and backup with Knox
Mac geeks usually have the Disk Utility placed somewhere within easy reach ready to be fired up to make encrypted disk images whenever needed. However, there's a more elegant, not to mention easier, method of making encrypted vaults that comes with several handy features - Knox. [more]
Tuesday, 17 July 2007, 9:53 PM CET

Hundreds weigh in on net neutrality
On the final day for submitting an opinion about net neutrality to the FCC, hundreds of individuals and groups argued for their side. [more]
Tuesday, 17 July 2007, 11:36 AM CET

Automating web application security testing
Cross-site scripting (aka XSS) is the term used to describe a class of security vulnerabilities in web applications. [more]
Tuesday, 17 July 2007, 12:18 AM CET

European task force lists RFID privacy threats
Predicts that increased use of technology will boost opposition. [more]
Tuesday, 17 July 2007, 12:09 AM CET

Google cookies: expiring sooner to improve privacy
Google is announcing a new cookie policy. [more]
Tuesday, 17 July 2007, 12:00 AM CET

DIY anti-satellite system
Satellite tracking software freely available on the Internet and some textbook physics could be used by any organization that can get hold of an intermediate range rocket to mount an unsophisticated attack on military or civilian satellites. [more]
Monday, 16 July 2007, 3:47 PM CET

Open source filtering solutions and the spam problem
Let us face it, modern e-mail communication relying on SMTP is fundamentally broken - there is no sender authentication. There are lot of countermeasures in form of filtering and add-on authentication, but neither of them are proved to be 100% successful. Spammers always find new ways of confusing filters with random noise, bad grammar, hidden HTML code, padding, bitmap-rendered messages etc. This article will nevertheless try to cover some of the spam problems and possible solutions, but bare in mind that all of these are just no more than a temporary fix. [more]
Monday, 16 July 2007, 2:37 PM CET

Log management in the age of compliance
Logs of different types are generated from different sources at an astounding rate, allowing for a detailed picture of IT activity. [more]
Monday, 16 July 2007, 12:52 PM CET

Sleek and sturdy steel wallet keeps RFID hackers at bay
Ever felt the need to replace your tattered, bulging, leather wallet with something closer to a solid metal case? Now you can. [more]
Monday, 16 July 2007, 12:51 PM CET

OpenBSD encrypted NAS HOWTO
This document will try to explain what it takes to get an encrypted NAS on OpenBSD. [more]
Monday, 16 July 2007, 8:07 AM CET

The line between hacking and reverse engineering is thin
The US Digital Millennium Copyright Act is too severe. [more]
Monday, 16 July 2007, 5:04 AM CET

Destroying sandboxes
One of the mechanisms used by anti-malware applications is to institute a virtual 'sandbox' to isolate suspicious files from the rest of the system while they are quickly analysed for malicious content or behavior. [more]
Monday, 16 July 2007, 4:45 AM CET

The bad guys will use BitLocker, too
Steve Riley from Microsoft got an email from a customer asking about how BitLocker will affect the ability of law enforcement to conduct forensic analysis of a protected hard drive. [more]
Monday, 16 July 2007, 12:18 AM CET

Do-it-yourself forensics
All over America, vendors stand ready to solve the e-discovery problems of big, rich companies. [more]
Monday, 16 July 2007, 12:12 AM CET

Spam filter costs lawyers their day in court
The trouble at Franklin D. Azar & Associates PC began with pornographic spam. [more]
Monday, 16 July 2007, 12:09 AM CET

Privacy isn't dead, or at least it shouldn't be
In a post-9/11 world, where security demands are high, personal privacy does not have to be sacrificed, says computer scientist Latanya Sweeney, who discusses a few ways to save it. [more]
Monday, 16 July 2007, 12:03 AM CET

Lock in productivity with Lockout utility
Lockout's methods are simple: after configuring your system to prevent slacking, Lockout prevents you from becoming the administrative superuser, root, for a set amount of time. [more]
Monday, 16 July 2007, 12:00 AM CET

The computer virus turns 25
It's been a rocky quarter-century, but according to Richard Ford and Eugene Spafford, two computer scientists writing in this week's issue of the journal Science, viruses can look forward to a long, fruitful life. [more]
Friday, 13 July 2007, 8:18 AM CET

Mounting scrutiny for Google security
As Google moves into the business environment, it is starting to face the same security questions other business app vendors face. [more]
Friday, 13 July 2007, 2:45 AM CET

Greek spying case uncovers first phone switch rootkit
Someone tapped into the phones of top government officials. [more]
Friday, 13 July 2007, 12:03 AM CET

The rise of antiforensics
New, easy to use antiforensic tools make all data suspect, threatening to render computer investigations cost-prohibitive and legally irrelevant. [more]
Friday, 13 July 2007, 12:00 AM CET

Online secure backups with the Allmydata Web 2.0 application
Backups are an important part of anyone's computer life. As a result of Murphy's Laws, you will lose your precious data in the most inappropriate situation, so backing up should be one of your regular habits. The problem with burning CDs or DVDs is that often they get often misplaced, so using an online backup is good way to go. As I am following the rise (and fall) of Web 2.0 applications I came across a nice online solution called Allmydata. [more]
Thursday, 12 July 2007, 11:57 PM CET

FBI: Expect more spam prosecutions
Partnership between law enforcement agencies and industry reaps results, identifying more than 100 'significant spammers'. [more]
Thursday, 12 July 2007, 8:01 PM CET

Military files left unprotected online
Online military data is not always secure. [more]
Thursday, 12 July 2007, 7:46 PM CET

A nuclear ruse uncovers holes in U.S. security
Undercover Congressional investigators set up a bogus company and obtained a license from the Nuclear Regulatory Commission in March that would have allowed them to buy the radioactive materials needed for a so-called dirty bomb. [more]
Thursday, 12 July 2007, 4:08 PM CET

Ohio: Stolen device contains 859,800 IDs
Including info on those who had not cashed state income refund checks. [more]
Thursday, 12 July 2007, 1:46 PM CET

Data on Americans mined for terror risk
The FBI is gathering and sorting information about Americans to help search for potential terrorists, insurance cheats and crooked pharmacists, according to a government report obtained Tuesday. [more]
Thursday, 12 July 2007, 12:05 PM CET

Exploiting reflected XSS vulnerabilities
This is a look at exploiting reflected XSS vulnerabilities where user input must come through HTTP Request Headers. [more]
Thursday, 12 July 2007, 1:34 AM CET

How the integrity mechanism is implemented in Windows Vista
Shows how the Windows integrity mechanism was modified in Windows Vista to include support for User Account Control (UAC), Microsoft Internet Explorer Protected Mode, and the Windows Component Object Model (COM). [more]
Thursday, 12 July 2007, 1:31 AM CET

Tunnelling HTTP traffic through XSS channels
An XSS Channel is an interactive communication channel between two systems which is opened by an XSS attack. At a technical level, it is a type of AJAX application which can obtain commands, send responses back and is able to talk cross-domain. [more]
Wednesday, 11 July 2007, 9:43 PM CET

Firms breaching data protection
A "horrifying" number of companies, government departments and other public bodies have breached data protection rules in the past year, a report says. [more]
Wednesday, 11 July 2007, 1:10 PM CET

Mark Russinovich: From Winternals to Microsoft, on Windows security, Windows CoreArch
If you write code on Windows or like to know what goes on under the hood in Windows, then you've no doubt heard of Mark Russinovich. He's an OS kernel expert, a Technical Fellow in Windows and is a member of the Windows Core Architecture team. [more]
Wednesday, 11 July 2007, 7:56 AM CET

Introducing Haute Secure, the malware filter
Haute Secure is a malware filter, much like a phishing or spam filter in existing applications. [more]
Wednesday, 11 July 2007, 6:14 AM CET

Scan hostnames efficiently with Nmap
Your DNS team sends you the company’s entire domain name inventory in a CSV (comma-separated values) file. [more]
Wednesday, 11 July 2007, 1:36 AM CET

The five phases of recovering digital evidence
This is the second post in a series about the five phases of recovering data structures from a stream of bytes (a form of digital evidence recovery). [more]
Wednesday, 11 July 2007, 1:21 AM CET

Researchers: Enterprises should patch Microsoft server bug
Put the critical Active Directory vulnerability at 'top of the list,' say experts. [more]
Wednesday, 11 July 2007, 12:30 AM CET

Storage requirements for the Windows Vista security log
Here are a few examples of how Vista security logs tend to grow much more quickly than their predecessors. [more]
Wednesday, 11 July 2007, 12:24 AM CET

Safe crackers Google for instructions
Two burglars had door keys, pass codes and combinations to help them break the safes at an indoor amusement center, but they had to turn to Google for help to steal their loot. [more]
Wednesday, 11 July 2007, 12:15 AM CET

Practical password policies - they can never reduce risk to zero
Having weak passwords certainly can make life difficult for everyone. Nobody likes having to recover or change all their identity cards and information when their password gets compromised. [more]
Wednesday, 11 July 2007, 12:12 AM CET

Embedded security
Security is arguably the single most important issue for business and the public sector in the 21st century. [more]
Wednesday, 11 July 2007, 12:03 AM CET

Phishing tool constructs new sites in two seconds
Easy-peasy-sleazy 0wnage in 120 seconds. [more]
Wednesday, 11 July 2007, 12:00 AM CET

Man who stole data on 110,000 people gets five-year sentence
He later attempted to sell the info. [more]
Tuesday, 10 July 2007, 7:33 PM CET

Running the PuTTY SSH client on a Nokia E61
PuTTY allows you to use your Symbian-powered mobile device to connect securely to a remote computer no matter where you are located. With this tool you can perform various tasks and I bet many of you would like to be able to control their server from the road, we all know problems occur at the least opportune time. [more]
Tuesday, 10 July 2007, 7:28 PM CET

Debugging SSL communications
This article will discuss two utilities (ssldump and openssl) that can help debug applications utilizing SSL. [more]
Tuesday, 10 July 2007, 10:56 AM CET

Detecting "off port" services with Nessus
If you are attempting to perform network security monitoring in a large, unmanaged environment that has "poor" security, you are most likely dealing with botnets, phishing attempts, worms and Trojans. [more]
Tuesday, 10 July 2007, 2:12 AM CET

Secret Service nabs gang blamed for $75M in credit card fraud losses
They also recovered some 200,000 credit card account numbers. [more]
Tuesday, 10 July 2007, 2:03 AM CET

A hacker's Nasdaq
In the summer of 2005, Charlie Miller was working in his living room when he discovered a hackable vulnerability in a common species of server software. [more]
Tuesday, 10 July 2007, 1:00 AM CET

iPhone: security predators salivating
"The biggest threat to the iPhone right now is its popularity," says Neel Mehta, team lead of the advanced research group at IBM's Internet Security Systems. [more]
Tuesday, 10 July 2007, 12:00 AM CET

Average zero-day bug has 348-day lifespan
Thriving bug market only squashed by publicizing or patching. [more]
Monday, 9 July 2007, 8:37 PM CET

Gartner: Oracle 'no longer a bastion of security'
Analyst warning follows 82-patch update. [more]
Monday, 9 July 2007, 11:58 AM CET

Free tool from Lenovo for safe hard drive wiping
Secure Data Disposal is available for download free on Lenovo notebooks and desktop PCs. [more]
Monday, 9 July 2007, 11:39 AM CET

eBay art fakes revealed
Shoppers buying art online should be just as careful as if they were buying from a dealer, the popular online auction site eBay says. [more]
Monday, 9 July 2007, 11:34 AM CET

Installing Metasploit on Mac OS X
The goal of the Metasploit Project is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. [more]
Monday, 9 July 2007, 1:17 AM CET

Know the enemy within
An in depth study of threats in the workplace has highlighted exactly what they are as well as users’ attitudes to those threats, and what's behind them. The fact is that we all know the kind of activities that users get up to if they are not closely monitored and controlled, but the scale of it and the threat that it represents may be seriously underestimated. [more]
Monday, 9 July 2007, 12:21 AM CET

Time to blacklist blacklists
Blacklists have their place for detecting and identifying malicious content and activity, with the whole signature-based malware detection industry effectively being built around the concept that blacklists are reliable mechanisms. [more]
Monday, 9 July 2007, 12:12 AM CET

Top secret: we're wiretapping you
It could be a scene from Kafka or Brazil. Imagine a government agency, in a bureaucratic foul-up, accidentally gives you a copy of a document marked "top secret." And it contains a log of some of your private phone calls. [more]
Monday, 9 July 2007, 12:03 AM CET

Beware of data dumpster divers
Trashing an old PC with sensitive data on the hard drive can be almost as bad as leaving it out on the sidewalk in terms of data security. [more]
Monday, 9 July 2007, 12:00 AM CET

FUSE on the Mac
Using FUSE modules, you can mount all sorts of innovative resources -- Gmail, your Flickr photos, a remote SSH server -- directly into your local machine's filesystem and use their contents exactly as if they were normal files. [more]
Friday, 6 July 2007, 11:36 PM CET

Arrest under new NY piracy laws
A man has been arrested under tightened anti-piracy laws in New York after allegedly recording the sci-fi blockbuster Transformers. [more]
Friday, 6 July 2007, 11:27 PM CET

A word of caution about Google Calendar
Far too many people are using Google Calendar without fully understanding how to protect their personal information. [more]
Friday, 6 July 2007, 3:41 PM CET

Six ways to fight back against botnets
Botnets are a growing threat, but there are six steps that security professionals can take to fight back. [more]
Friday, 6 July 2007, 3:39 PM CET

Secure applications in a secure ecosystem: the next challenge
Reinventing a more secure Internet means adding authentication and building in access rights. [more]
Friday, 6 July 2007, 3:38 PM CET

7 deadly sins of website vulnerability disclosure
Someone you don’t know, never met, and didn’t give permission to informs you of a vulnerability in your website. What should you do? [more]
Friday, 6 July 2007, 11:21 AM CET

Mozilla security guru backs industry confab
Mozilla's Window Snyder says it may be helpful for the open-source community to gather at an industry-focused security conference. [more]
Friday, 6 July 2007, 11:07 AM CET

Network security: when should you announce a breach?
Once you've confirmed that a site has been compromised in some manner, after the incident is contained, the next question is a tricky one. [more]
Friday, 6 July 2007, 11:06 AM CET

Preventing spam with unique disposable e-mail services
Disposable e-mail addressing refers to an alternative way of sharing and managing e-mail addressing. It aims to set up a new, unique e-mail address for every contact or entity, making a point-to-point connection between the sender and the recipient. [more]
Thursday, 5 July 2007, 9:22 PM CET

iPhone hack bypasses AT&T
Famed reverse engineer Jon Lech Johansen claims to have discovered a way to "activate" an iPhone without signing up for a contract with AT&T. [more]
Wednesday, 4 July 2007, 3:41 PM CET

After attacks, U.S. government sends team to Estonia
The U.S government sends cyberinvestigators to help the Baltic state better understand what happened. [more]
Wednesday, 4 July 2007, 12:26 PM CET

Woman pleads guilty to cyberstalking Linkin Park singer
The former Sandia labs worker used government computers to access private data. [more]
Wednesday, 4 July 2007, 12:25 PM CET

Is securing your network worth the money?
Security researchers detail P2P threats, vulnerability disclosures and hacker profiling at recent Carnegie Mellon confab. [more]
Wednesday, 4 July 2007, 12:20 PM CET

Hackers descend on the iPhone
The race to hack the iPhone is on. [more]
Wednesday, 4 July 2007, 12:19 PM CET

Easy packet sniffing on Mac OS X
If you have more than one workstation, you administer several machines connected to a network, or just frequently connect to various networks, sooner or later you'll find a packet sniffer to be quite useful. [more]
Tuesday, 3 July 2007, 11:57 PM CET

Beijing scores number one spot for malware
China is proving to be a mighty force not only economically, but also as the launching point for malicious software and spam. [more]
Tuesday, 3 July 2007, 6:09 AM CET

DNS Pinning explained
DNS Pinning aka. circumventing the same origin policy with Anti DNS Pinning. [more]
Tuesday, 3 July 2007, 4:00 AM CET

Is your iPhone more secure than your laptop?
If my BlackBerry gets stolen, it can be wiped of all information remotely. [more]
Tuesday, 3 July 2007, 12:15 AM CET

Are we willing to pay the price of catastrophe to keep our privacy?
Here's looking at you. [more]
Tuesday, 3 July 2007, 12:09 AM CET

Windows Vista features and services harvest user data
Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. [more]
Tuesday, 3 July 2007, 12:06 AM CET

BSA raises reward to $1 million for reports of piracy
Kickoff begins for "blow the whistle" program. [more]
Tuesday, 3 July 2007, 12:00 AM CET

The evolution of self-defense technologies in malware
This article explores how malware has developed self-defense techniques and how these techniques have evolved as it has become more difficult for viruses to survive. It also provides an overview of the current situation. [more]
Monday, 2 July 2007, 1:01 PM CET

Scripting elevation on Vista
Although the RunAs.exe console utility still exists on Windows Vista and will let you run a program as another user, it will not run that program with elevated privileges. [more]
Monday, 2 July 2007, 9:40 AM CET

Net growth prompts privacy update
The world's leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net. [more]
Monday, 2 July 2007, 5:21 AM CET

Apache Prefork MPM vulnerabilities
This case study is a result of source code analysis of Apache httpd server MPM modules. The main goal of this document is to show what may be done by an attacker who has the possibility of running arbitrary code in the context of the worker process (WP). [more]
Monday, 2 July 2007, 3:00 AM CET

'Contactless payments' about to explode, but are they secure?
As contactless payment systems begin to gain traction across the country, questions are mounting over whether or not the security backing the RF-based technology is sufficiently advanced to prevent account fraud and the theft of personal information. [more]
Monday, 2 July 2007, 1:21 AM CET

Private-eye hackers are convicted
Two police officers who moonlighted as private detectives have been convicted of bugging phones and hacking into computers on behalf of wealthy clients. [more]
Monday, 2 July 2007, 1:03 AM CET

Keys to protecting data with BitLocker drive encryption
This article introduces you to the basics of BitLocker so that you can evaluate its potential and include it in your upgrade planning. [more]
Monday, 2 July 2007, 1:00 AM CET

Requirements for effective fuzzing
Fuzzing has evolved into one of today's most effective approaches to test software security. [more]
Monday, 2 July 2007, 12:36 AM CET

Spammers attack one another for control over virtual real estate
Just as thugs and drug dealers jealously guard their street corners with destructive turf wars, online spammers and other shadowy characters have been known to attack one another for control over virtual real estate. [more]
Monday, 2 July 2007, 12:12 AM CET

With iPhone launch, a hacker's to-do list
After iDay comes... 0day? [more]
Monday, 2 July 2007, 12:09 AM CET succumbs to SQL injection attack
A hacker has successfully attacked a Web page within Microsoft's U.K. domain. [more]
Monday, 2 July 2007, 12:06 AM CET

US gives in to EU demands over data
The US has capitulated to EU demands that its use of European data in counter-terrorism operations should be subject to foreign scrutiny. [more]
Monday, 2 July 2007, 12:03 AM CET

Report criticizes VA data security
An Alabama VA hospital that lost sensitive data on more than 1.5 million people in January repeatedly failed to follow privacy regulations leading up to the incident, according to an internal report. [more]
Monday, 2 July 2007, 12:00 AM CET


Why IT security is broken and how math can save it

Posted on article.php?id=2107  |  Stuart McClure, CEO at Cylance, talks about how the information security industry has evolved when it comes to detecting bad guys, but it's being mostly reactive and not proactive.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Aug 27th