Off the Wire

Off The Wire Archive

News items for August 2007

Speed up your Ajax applications while dodging Web services vulnerabilities
Judith Myerson gives a brief Ajax recap, shows what Web services vulnerabilities are and why Service Level Agreements (SLA) are important, and suggests some solutions for speeding up Ajax applications. [more]
Friday, 31 August 2007, 11:33 PM CET

Hands on: securing Apple's Open Directory
Apple's Open Directory is a powerful directory services platform that supports a variety of clients, most notably Mac OS X and Windows. [more]
Friday, 31 August 2007, 9:38 PM CET

Reducing shoulder-surfing by using gaze-based password entry
Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been difficult to overcome. EyePassword is a system that mitigates the issues of shoulder surfing via a novel approach to user input. [more]
Friday, 31 August 2007, 6:23 PM CET

Introducing Windows Vista Service Pack 1
The goal of Windows Vista SP1 is to address key feedback Microsoft has received from its customers without regressing application compatibility. [more]
Friday, 31 August 2007, 10:34 AM CET

AT&T laptop theft exposes employee data
AT&T and Maryland's Department of the Environment have become the latest organizations to find out first hand why security analysts for some time now have advocated the use of encryption to protect sensitive data on laptops and other mobile devices. [more]
Friday, 31 August 2007, 12:00 AM CET

Reasons for making backups
Every company makes backups. However, I have seen several occasions where backups were not working as expected. [more]
Thursday, 30 August 2007, 4:21 PM CET

German left slam email spy plan
Left-wing members of the ruling coalition have objected strongly to plans by the German interior ministry to enlist email spy software to monitor terror suspects. [more]
Thursday, 30 August 2007, 2:30 AM CET

Legal or not, iPhone hacks might spur revolution
The iPhone's fantastic user interface is inspiring another consumer-electronics revolution: making people care about cell-phone unlocking. [more]
Thursday, 30 August 2007, 1:10 AM CET

Microsoft: Vista SP1 coming in early 2008
Putting to rest months of rampant rumors and speculation, Microsoft on Wednesday said it plans to launch the first service pack for Windows Vista during the first quarter of 2008. [more]
Thursday, 30 August 2007, 1:08 AM CET

Analyzing a suspect WMF file
Randy Armknecht detected a malformed WMF file... [more]
Thursday, 30 August 2007, 12:54 AM CET

Linux Corporation scam targets the unwary
Be on guard against alleged representatives of Linux Corporation offering to buy your photos -- it's a scam. [more]
Thursday, 30 August 2007, 12:00 AM CET

Satellite photo sparks imagery debate
Throughout the Cold War, satellite and spy plane imagery of military sites was the sort of valuable, close-hold information that could start or stop a war or spawn a new arms race. Only those with top clearances saw them. [more]
Wednesday, 29 August 2007, 5:24 PM CET

Finding sensitive data as a consultant with Nessus
There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. [more]
Wednesday, 29 August 2007, 4:02 PM CET

ID fraud costing 'billions'
Identity fraud is costing Australia billions of dollars a year and nearly everyone is concerned about the theft and illegal use of their identity, federal Attorney-General Philip Ruddock says. [more]
Wednesday, 29 August 2007, 4:01 PM CET

Layers in IT security
A layered security strategy is a good practice to enhance the overall IT security in companies. [more]
Wednesday, 29 August 2007, 12:37 PM CET

Security economics
Information security has finally become mainstream. It is almost a recognized profession, with its own areas of specialization: network security, audit, incident response, forensics, and security management. Salaries for IS practitioners have been rising constantly, the market for security products and services is large. The "security frontier" has moved from firewalls and anti-virus to IM and VoIP security. However, convincing people and organizations to implement effective security measures has not become easier, so we must ask ourselves — is security worth it? [more]
Wednesday, 29 August 2007, 12:28 PM CET

Virtual patching during incident response: United Nations defacement
Virtual Patching is a policy for a web application firewall (in this case ModSecurity) that is able to identify attempts to exploit a specific Website vulnerability. [more]
Wednesday, 29 August 2007, 11:42 AM CET

Inside DCSNet, the FBI's nationwide eavesdropping network
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act. [more]
Wednesday, 29 August 2007, 11:03 AM CET

ICANN's Whois privacy reforms stalled again
Efforts to forge a compromise ended last week. [more]
Wednesday, 29 August 2007, 10:26 AM CET

Why IT security must combat organized cybercrime
Ditch the Hollywood stereotypes. These guys don’t wear wide ties or spats, have flattened noses, or speak with strange accents. Nor do they have a fictional HBO series. [more]
Wednesday, 29 August 2007, 1:32 AM CET

Introduction to network-based intrusion detection systems
Bill Stallings covers the subject of network-based intrusion detection systems. [more]
Wednesday, 29 August 2007, 1:00 AM CET

Judge: TorrentSpy must preserve data in RAM
A federal judge has upheld a magistrate's decision forcing TorrentSpy to enable server logging so the Motion Picture Association of America can obtain the IP addresses of those connecting to BitTorrent files via the service. [more]
Wednesday, 29 August 2007, 12:15 AM CET

Why Apple can't stop iPhone hackers
Will Apple and AT&T's legal action deter hackers? Hardly. [more]
Wednesday, 29 August 2007, 12:00 AM CET

Points of attack: PHP and Ajax
It’s easy to get caught up in the dynamic potential of Ajax. But with innumerable possibilities also comes increased risk. If security isn’t a major concern, it should be. [more]
Tuesday, 28 August 2007, 4:18 PM CET

Japan military homes, destroyer raided over data leak
The homes of several serving members of Japan's Maritime Self Defense Force (JMSDF) and a destroyer were raided as part of an investigation into a leak of sensitive military data from a computer. [more]
Tuesday, 28 August 2007, 4:18 PM CET

5 security widgets for the Opera browser
Widgets are Web programs you can run right on your desktop using Opera 9. This article introduces security-related widgets that will enhance your Opera experience. [more]
Tuesday, 28 August 2007, 4:13 PM CET

I am my own password
How identity issues get tied up in strings of letters and numbers. [more]
Tuesday, 28 August 2007, 2:39 PM CET

Apple iPhone issue highlights security debate
What counts as private has to change if we're to get the most out of the network, argues Bill Thompson. [more]
Tuesday, 28 August 2007, 2:37 PM CET

Video games that aid national security
Scientists working on national security are developing a new generation of video games, ones they believe will train emergency personnel faster than existing methods. [more]
Tuesday, 28 August 2007, 11:10 AM CET

Securing SSH using denyhosts
SSH is a great way to remotely administer a server. However, it still has a number of issues when you open it up to the world. [more]
Tuesday, 28 August 2007, 11:08 AM CET

Facing up to security in 3D
Researchers want to partner with businesses, particularly in the finance sector, to develop commercial real-time, high-speed facial recognition technology for security applications. [more]
Tuesday, 28 August 2007, 2:09 AM CET

Two open source email virus scanners for Linux
If Linux is hardly affected by viruses, why do system administrators use anti-virus software on their Linux email servers? [more]
Tuesday, 28 August 2007, 1:15 AM CET

You don't want to hear it: 10 pieces of lousy security advice
The customer strikes back: 10 things your security "experts" shouldn't be saying. [more]
Monday, 27 August 2007, 4:47 PM CET

Designing a PCI-compliant log monitoring system
Log monitoring activities are an integral part of Requirement 10 of the PCI Data Security Standard and it can be difficult to understand how the different logging portions of Requirement 10 interrelate. Despite this fact, some organizations are seeking to redesign their PCI logging environment in order to best accommodate the PCI requirements. In this article we will examine a few key design points for architecting a log monitoring and management system that would be compliant with PCI Requirement 10. [more]
Monday, 27 August 2007, 11:19 AM CET

Security crashes into productivity
Our manager didn't tell users that they could have laptops, but she's the one who has to tell them that they can't. [more]
Monday, 27 August 2007, 11:11 AM CET

China 'gravely concerned' by Germany hacking reports
China's Premier Wen Jiabao on Monday expressed "grave concern" over reports that Chinese army hackers had penetrated German government computers systems and he vowed to crack down on such activity. [more]
Monday, 27 August 2007, 10:59 AM CET

Windows Genuine Advantage suffers worldwide outage
Microsoft is aware of a major WGA server outage affecting users across the globe. [more]
Monday, 27 August 2007, 12:36 AM CET

How-to: encrypt and hide a disk partition
Separate hard disk partitions can be used for any number of reasons. [more]
Monday, 27 August 2007, 12:09 AM CET

Spam fighters hit criminals' weak spot
Anti-spam groups want to target sources instead of relying on filters to decrease stream of junk e-mail. [more]
Monday, 27 August 2007, 12:00 AM CET data may have been looted weeks ago
Ransomware in early July indicates attack has been long running. [more]
Friday, 24 August 2007, 8:54 PM CET

How to watch a movie while being hacked
Media Player Classic might become a real threat for your computer due to a simple vulnerability discovered in its engine. [more]
Friday, 24 August 2007, 8:44 PM CET

Incurable viruses: how real is the threat?
The only type of virus that is truly incurable is a physically destructive virus. [more]
Friday, 24 August 2007, 8:42 PM CET

Honeypots as sticky as ever
New developments make honeypots even more valuable. [more]
Friday, 24 August 2007, 8:41 PM CET

Crypto boffins break car cypher
Cryptographic researchers have identified a practical attack against the KeeLoq car anti-theft cypher. [more]
Friday, 24 August 2007, 8:38 PM CET

Guide to online antivirus solutions part 5: BitDefender Online Scanner
After Panda Security NanoScan and TotalScan, Trend Micro's HouseCall, Kaspersky Online Scanner and Norman SandBox Malware Analyzer this week we are taking a look at Bitdefender's online AV solution. [more]
Friday, 24 August 2007, 2:33 PM CET

Google changes Street View privacy policy
Google has changed its privacy policy on its Street View feature to obscure faces and car number plates on request. [more]
Friday, 24 August 2007, 1:21 PM CET

America's hackable backbone
The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. [more]
Friday, 24 August 2007, 9:32 AM CET

Comprehensive integrity verification with md5deep
Most of the ISO images and other software you grab off the Internet come with a message digest -- a cryptographic hash value that you can use to verify their integrity. [more]
Thursday, 23 August 2007, 7:57 PM CET

Secure your email with encryption
Corporate espionage is big business these days. So it makes sense to deploy some kind of encryption system to ensure that prying eyes can’t decipher anything garnered from intercepted messages or from stolen computers. [more]
Thursday, 23 August 2007, 4:02 PM CET

Spy chief reveals classified surveillance details
McConnell confirms AT&T, Verizon, others help government with wiretaps. [more]
Thursday, 23 August 2007, 4:01 PM CET

When bots attack
If you want to bring down a country's information infrastructure and you don't want anyone to know who did it, the weapon of choice is a distributed denial of service attack. [more]
Thursday, 23 August 2007, 12:28 PM CET

iPhone tantalizes, frustrates forensics experts
Technophiles may love the iPhone, but you criminals? Watch out. The iPhone may reveal more about your misdeeds than you realize. [more]
Thursday, 23 August 2007, 12:23 PM CET

Super ninja privacy techniques for Web app developers
Many new applications do a great job of making it easy and free for you to post your information online. In a lot of cases, your data is combined with other people's data, to pull helpful or interesting relationships out of aggregate data. A security breach on one of the most popular hosted web applications could easily reveal private information about thousands or even millions of the site's users. How should a user of these applications think about these risks? [more]
Wednesday, 22 August 2007, 9:00 PM CET

A step-by-step guide to building a new SELinux policy module
Who’s afraid of SELinux? Well, if you are, you shouldn’t be! Thanks to the introduction of new GUI tools, customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process. [more]
Wednesday, 22 August 2007, 12:18 PM CET

Suspect of massive ID theft held in Turkey
Ukrainian man could have ties to data hack of 45 million TJX cards. [more]
Wednesday, 22 August 2007, 12:00 AM CET

MacNikto: working with the Nikto web server security scanner on the Mac
What enables you to use Nikto on Mac OS X is MacNikto, an AppleScript GUI shell script wrapper built in Apple's Xcode and Interface Builder. It provides a subset of the features available in Nikto, bundled into this installer package. [more]
Tuesday, 21 August 2007, 10:15 PM CET

First exploit appears for Patch Tuesday vulnerability
Brussels security engineer exploits critical bug in XML Core Services. [more]
Tuesday, 21 August 2007, 12:03 AM CET

A chronology of data breaches
The data breaches noted in this article have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. [more]
Monday, 20 August 2007, 6:37 PM CET

Know your enemy: malicious web servers
This paper examines client-side attacks and evaluates methods to defend against client-side attacks on web browsers. First, it provides an overview of client-side attacks and introduces the honeypot technology that allows security researchers to detect and examine these attacks. Then it proceeds to examine a number of cases in which malicious web servers on the Internet were identified with honeypot technology and evaluates different defense methods. It concludes with a set of recommendations that one can implement to make web browsing safer. [more]
Monday, 20 August 2007, 4:15 PM CET

Skype outage caused by Windows updates
The disruption was triggered by a massive restart of our users’ computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update.
Monday, 20 August 2007, 4:14 PM CET

The difficulty of validating systems and users
One of the issues plaguing Identity management and online authentication systems is how to accurately validate the identity of the system or user connecting to a service. [more]
Monday, 20 August 2007, 4:08 PM CET

The magical “human security layer”
As anyone who has spoken to a security professional probably knows, “Layered Security” is a must, since no single safeguard can be expected to cover all potential types of threats. [more]
Monday, 20 August 2007, 1:20 PM CET

Coupon hacker faces DMCA lawsuit
John Stottlemire is the DVD Jon of coupon-clipping, and it's getting him in trouble. [more]
Monday, 20 August 2007, 11:37 AM CET

Federal ID plan raises privacy concerns
Americans may need passports to board domestic flights or to picnic in a national park next year if they live in one of the states defying the federal Real ID Act. [more]
Monday, 20 August 2007, 12:27 AM CET

Windows Vista smart card infrastructure explained
Windows Vista Smart Card Infrastructure provides details about the Microsoft Windows smart card infrastructure and how smart card-related components work in Windows. [more]
Friday, 17 August 2007, 9:55 PM CET

How to make a website harder to hack
We know websites will never be 100% secure just like software never be 100% bug free. We also know web application hacks are targeted. [more]
Friday, 17 August 2007, 9:53 PM CET

US curriculum to include online safety?
The US National Cyber Security Alliance (NCSA) has called on state leaders to work with schools and colleges to ensure that cyber-security, online safety and ethics lessons are integrated into every classroom. [more]
Friday, 17 August 2007, 6:41 PM CET

Distributed administration using SSH
Use SSH to run commands on remote UNIX systems and, with some simple scripts, put together a system that enables you to manage many systems simultaneously from one machine without having to log in directly to the machines themselves. [more]
Friday, 17 August 2007, 6:38 PM CET

Information sharing at the NSA (video)
The topic of information sharing among US intelligence agencies, the FBI, and other federal agencies has attracted attention since 9/11. [more]
Friday, 17 August 2007, 10:22 AM CET

Details of the TJX breach
TJX will be glad when this year is over. The $17 billion-a-year parent company of T.J. Maxx, Marshall's, and several other discount retail chains has spent the past eight months dealing with the largest breach of customer data in U.S. history, the details of which are starting to come to light. [more]
Friday, 17 August 2007, 10:21 AM CET

Army reports brass, not bloggers, breach security
For years, the military has been warning that soldiers' blogs could pose a security threat by leaking sensitive wartime information. [more]
Friday, 17 August 2007, 10:11 AM CET

Guide to online antivirus solutions part 4: Norman SandBox Malware Analyzer
After Panda Security NanoScan and TotalScan, Trend Micro's HouseCall and Kaspersky Online Scanner, this time we have something a bit different - a sandbox. [more]
Thursday, 16 August 2007, 5:42 PM CET

Iraq's biometric database could become "hit list"
The U.S. is building on Saddam's databases to assemble biometric files and national ID cards for hundreds of thousands of Iraqis. [more]
Thursday, 16 August 2007, 10:54 AM CET

Application security guidance: user and password management
Let us dig into how system designers can take advantage of simple technology agnostic and common security best practices to design a sound user and password management subsystem for their critical IT applications. [more]
Thursday, 16 August 2007, 9:52 AM CET

U.S. to expand domestic use of spy satellites
The U.S.'s top intelligence official has greatly expanded the range of federal and local authorities who can get access to information from the nation's vast network of spy satellites in the U.S. [more]
Thursday, 16 August 2007, 2:00 AM CET

New URI browser flaws worse than first thought
Security researchers have found that a feature in the Windows OS can allow intruders to steal data from a victim's computer. [more]
Thursday, 16 August 2007, 1:21 AM CET

Russia throws out net piracy case
A former owner of Russia's music website who sold cut-price downloads of Western music has been acquitted of copyright offences. [more]
Thursday, 16 August 2007, 12:18 AM CET

Hardening your systems with Bastille Linux
System administrators need to secure their systems while avoiding locking them down so strictly that they become useless. [more]
Thursday, 16 August 2007, 12:12 AM CET

How to set up Apache virtual hosting
Managing one site on a Web server can be tough enough, and the job is even harder if you have to host multiple client sites on a badly configured setup. [more]
Wednesday, 15 August 2007, 2:46 PM CET

Microsoft reacts to kernel hacks, updates Vista's defenses
Patches PatchGuard to keep 64-bit Vista safer from unsigned code. [more]
Wednesday, 15 August 2007, 2:45 PM CET

Security theater
There's little downside to being alarmist about terror, so we spend too much on measures that evoke feelings of security without actually improving it. [more]
Wednesday, 15 August 2007, 2:40 PM CET

Malware evolution: April - June 2007
The events that took place during the first six months of 2007 have shown us that the direction in which threats are evolving is from social engineering to the increased usage of a variety of vulnerabilities to penetrate the system. [more]
Wednesday, 15 August 2007, 10:25 AM CET

Nation's soul is at stake in NSA surveillance case
Today the U.S. 9th Circuit Court of Appeals in San Francisco is hearing arguments on two of the most important cases in decades dealing with the rule of law and personal privacy. [more]
Wednesday, 15 August 2007, 10:12 AM CET

VoIP hacker gets prison, his boss gets away
The first culprit in a duo of VoIP Hackers that defrauded more than a million dollars worth of call minutes form some of America's largest IP telephony providers has been fined US$150,000 and will spend two years in prison for his effort. [more]
Wednesday, 15 August 2007, 10:11 AM CET

Government-industry security group expands
Transglobal Secure Collaboration Program seeks to add systems integrators and software developers to roster of major government bodies and contractors. [more]
Wednesday, 15 August 2007, 1:15 AM CET

Designs for taking on criminals
The government has unveiled its latest weapon in the fight against crime - designers. [more]
Wednesday, 15 August 2007, 12:03 AM CET

Online crooks fine-tune selling of malware
Less like the casbah these days, more like the mall. [more]
Tuesday, 14 August 2007, 1:17 PM CET

Working with the iStumbler wireless discovery tool
iStumbler is the leading wireless discovery tool for Mac OS X. It provides plugins for finding AirPort networks, Bluetooth devices and Bonjour services. [more]
Tuesday, 14 August 2007, 10:56 AM CET

What your hard drive can tell ID thieves
Many people believe that when they dispose of their old computer, the files they've erased from the hard drive are gone forever. Wrong. [more]
Tuesday, 14 August 2007, 10:32 AM CET

Unusual 'pump-and-dump' spam run continues
Prime Time denies involvement, goes after 'naked shorts'. [more]
Tuesday, 14 August 2007, 2:15 AM CET

NSA pushes elliptic-curve cryptography to secure small devices
The cryptographic security standards used in public-key infrastructures, RSA and Diffie-Hellman, were introduced in the 1970s. And although they haven’t been cracked, their time could be running out. [more]
Tuesday, 14 August 2007, 2:09 AM CET

San Francisco judges to hear wiretap arguments
U.S. seeks to have challenges dismissed. [more]
Tuesday, 14 August 2007, 1:12 AM CET

10 claims that scare security pros
Things the folk checking your infosecurity really don't want to hear out of you. [more]
Tuesday, 14 August 2007, 1:00 AM CET

Firefox leak could divulge sensitive info
A security researcher has discovered a vulnerability in Firefox that could allow criminals to remotely siphon private information stored in plugins and call sensitive functions. [more]
Monday, 13 August 2007, 10:42 PM CET

Forensic data stolen in burglary
A company that provides police with telephone evidence in connection with their investigations has had computer equipment stolen in a burglary. [more]
Monday, 13 August 2007, 3:08 PM CET

NAC pros and cons
Before I recommend a NAC implementation at my company, I'd like to know more about what NAC can and can't do. [more]
Monday, 13 August 2007, 1:19 PM CET

Interview with Christen Krogh, Opera Software's VP of Engineering
Christen Krogh is responsible for all software development at Opera. In this interview he discusses Opera's strengths when it comes to security, their technology in general, their take on the full disclosure of vulnerabilities, and more. [more]
Monday, 13 August 2007, 7:41 AM CET

Upkeep of security devices a burden
In 2003, the FBI used a $25 million grant to give bomb squads across the nation state-of-the-art computer kits, enabling them to instantly share information about suspected explosives, including weapons of mass destruction. [more]
Monday, 13 August 2007, 7:33 AM CET

German security professionals in the mist
German Information Security professionals were hopeful after proposed changes to the UK Computer Misuse Act Police and Justice Act amendments were suspended due to the fact that if certain clauses were enacted, it would effectively make the entire Information Security industry in the UK criminals. [more]
Monday, 13 August 2007, 1:15 AM CET

Prison time for Windows authenticity label pusher
New legislation governing the trafficking and unauthorized sale of authenticity labels has found its first victim: Justin E. Harrison, age 26, of Oxford, Georgia. [more]
Monday, 13 August 2007, 1:00 AM CET

Spy agency OKs bloggers as journalists
Are bloggers part of the news media? The U.S. government - led by two of its most secretive agencies - is increasingly saying, "Yes, they are." [more]
Monday, 13 August 2007, 12:15 AM CET

Vista SP1 analysed in-depth
It's no secret that there's a leaked beta of Vista SP1 floating around, but no-one yet has really taken the time to analyse it in detail to find out what it really does. [more]
Monday, 13 August 2007, 12:03 AM CET

UN's website breached by hackers
Hackers have attacked the United Nations official website, forcing some sections to be taken offline. [more]
Monday, 13 August 2007, 12:00 AM CET

PKI enhancements in Windows
Windows has included strong, platform-wide support for PKI since the release of Windows 2000. [more]
Friday, 10 August 2007, 11:36 AM CET

Enterprise security remains a balancing act
Minimizing risk by improving process, prioritizing threats, and accepting limitations is the only way for large enterprises to effectively defend their operations. [more]
Friday, 10 August 2007, 11:35 AM CET

Windows Vista: why can't I bypass the UAC prompt?
This article answers the frequently asked question, "Why can't I bypass the UAC prompt?" [more]
Friday, 10 August 2007, 11:34 AM CET

RFID: time to get really paranoid
That it's time for manufacturers and implementers of RFID to get paranoid. But in a good way.
Friday, 10 August 2007, 11:31 AM CET

Useful Netcat tricks
Despite being able to do all that netcat still conforms to the Unix philosophy of doing one thing, and doing it well. [more]
Friday, 10 August 2007, 11:28 AM CET

'Virtual sandboxing' provides safe security testing
Faced with volumes of browser vulnerabilities and Web-based exploits designed to take advantage of the flaws, security researchers at the ongoing Usenix Security Symposium in Boston on Wednesday presented a new process for protecting users with execution-based malware detection. [more]
Friday, 10 August 2007, 11:27 AM CET

Stolen Yale computers contained 10,000 SSNs
According to the Yale Daily News, Yale University alerted 10,000 current and past students, as well as 200 staff, that two computers stolen from the College Dean's Office July 17 contained their social security numbers. [more]
Friday, 10 August 2007, 11:26 AM CET

Why you should encrypt *all* of your Google activities
Everyone loves Google. They want to be everything to everyone, and they’re getting pretty damn good at it. Once you start using their services it gets easier and easier to migrate more of your life to them. But there’s a slight problem. [more]
Friday, 10 August 2007, 11:25 AM CET

Windows Server guide for password and account lockout policy configuration
This step-by-step guide provides instructions for configuring and applying fine-grained password and account lockout policies for different sets of users in Windows Server Code Name "Longhorn" domains. [more]
Thursday, 9 August 2007, 11:18 PM CET

Guide to online antivirus solutions part 3: Kaspersky online scanner
After Panda Security NanoScan and TotalScan and Trend Micro's HouseCall, this week we are taking a look at Kaspersky's online AV solution. [more]
Thursday, 9 August 2007, 9:58 PM CET

Microsoft makes Vista fix packs public
In a move that will likely only further confuse the situation surrounding Windows Vista Service Pack 1, Microsoft has posted for public download two updates that were released to beta testers last month. [more]
Thursday, 9 August 2007, 9:55 PM CET

Hacker strips DRM from streaming Netflix movies
Hackers escalate the war against Microsoft's copy protection technology by posting instructions for how to save streamed movies. [more]
Thursday, 9 August 2007, 9:54 PM CET

Using darknets to see the light
Firewalls, intrusion detection and prevention systems, antivirus – they’re all old tricks of the trade that IT has traditionally deployed to maintain the security of large and complex networks. [more]
Thursday, 9 August 2007, 2:56 PM CET

Mozilla pushes security in Firefox 3.0
More secure code, not flashy features, is what's really important, it says. [more]
Thursday, 9 August 2007, 1:37 AM CET

Attacks prompt update of 'Tor' anonymity network
One of the best-known and free services for helping Internet users maintain their anonymity online - a network known simply as "Tor" - suffered an attack this past week that may have exposed the identities of thousands of users. [more]
Wednesday, 8 August 2007, 8:51 PM CET

Compliance, IT security and a clear conscience
Organizations today must prove beyond a shadow of a doubt that not only do they have a security program in place, but that it is enforced and is consistent across your organization. Information technology departments play a key role in this endeavor. Shortcomings in IT policies can have potentially serious consequences. [more]
Wednesday, 8 August 2007, 8:48 PM CET

Getting the NAC of security
Oh for the good old days when security meant sturdy locks, adequate fencing, window grills and a bad-tempered German Shepard. But computers are a different story and require all manner of virus and malware protections – along with firewalls, intrusion prevention systems (IPS) and encryption. [more]
Wednesday, 8 August 2007, 3:57 PM CET

Watch out for fake tax 'rebate' sites
It's not exactly tax-filing time in the United States, but that doesn't mean online scammers aren't out to capture the money owed to you by Uncle Sam. [more]
Wednesday, 8 August 2007, 3:11 PM CET

Middle America, meet the hackers
DefCon's more than 6,000 attendees hack everything: their cars, to increase horsepower and remove pesky safety and emissions controls; their brains, using biofeedback receptors attached to videogames to relieve anxiety disorders; even the war in Iraq. [more]
Wednesday, 8 August 2007, 10:49 AM CET

Laptop of VeriSign employee stolen
Company investigates theft of notebook PC containing files with employees' personal information, undertakes security measures to guard data. [more]
Wednesday, 8 August 2007, 12:12 AM CET

First Response issues ID theft alert after burglary
First Response Finance has warned thousands of UK customers to be wary of suspicious transactions on their accounts following the theft of storage discs from the finance firm's offices. [more]
Wednesday, 8 August 2007, 12:00 AM CET

Step-by-step guide to online Amazon S3 backups with Jungle Disk
Jungle Disk is an application that lets you store files and backup data securely to's S3 Storage Service. Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. In order to use this service you need a tool like Jungle Disk because Amazon doesn't provide any direct way to upload or download data from S3. Jungle Disk integrates into your local file system like any other drive. [more]
Tuesday, 7 August 2007, 1:30 PM CET

Computer security problems found at IRS
Employees provided computer data without questioning identity. [more]
Tuesday, 7 August 2007, 12:48 PM CET

Looking for a leaker
he controversy over President Bush's warrantless surveillance program took another surprise turn last week when a team of FBI agents, armed with a classified search warrant, raided the suburban Washington home of a former Justice Department lawyer. [more]
Tuesday, 7 August 2007, 10:58 AM CET

Mozilla: 10-day patch guarantee 'not our policy'
Browser maker rescinds executive's pledge made during late-night festivities at Black Hat conference. [more]
Tuesday, 7 August 2007, 10:56 AM CET

Protecting browsers from DNS rebinding attacks
DNS rebinding attacks subvert the same-origin policy of browsers and convert them into open network proxies. [more]
Tuesday, 7 August 2007, 10:53 AM CET

Wi-Fi hotspots still an e-mail security risk
Following news that security experts at the Black Hat conference demonstrated another method to compromise e-mail accounts when accessed over Wi-Fi, Symantec's Javier Santoyo said the issue continues to remain a problem. "And I would expect most, if not all, of the e-mail vendors will soon start offering secure logins," Santoyo said. [more]
Tuesday, 7 August 2007, 12:12 AM CET

Make mashups secure
Mashups offer unprecedented agility in developing lightweight Web applications for the enterprise. Here’s how to keep them from becoming a security risk. [more]
Tuesday, 7 August 2007, 12:00 AM CET

PDF spam: a step ahead of image spam
This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. The latest tactic is to use the common PDF file format to send image spam. By using PDF attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. [more]
Monday, 6 August 2007, 6:24 PM CET

Security brings technology to Africa
The U.S. will install new computer networks to help the underdeveloped continent fight terrorism, creating opportunities for U.S. firms. [more]
Monday, 6 August 2007, 11:02 AM CET

House approves foreign wiretap bill
The 227-183 vote, which followed the Senate's approval Friday, sends the bill to Bush for his signature. [more]
Monday, 6 August 2007, 12:09 AM CET

Video: undercover NBC Dateline reporter bolts from DEFCON 2007
NBC Reporter with hidden camera in purse refuses official press credentials hoping to catch conference attendees committing to crimes (according to Defcon staff). She ends up fleeing Defcon 15 after being outed on stage. [more]
Sunday, 5 August 2007, 11:40 AM CET

IRS security vulnerable to social engineering
Sixty percent of IRS employees fell for a 'social hack' in which a caller pretends to be a help desk worker and asks the employee to change their password. [more]
Friday, 3 August 2007, 11:26 PM CET

Malignant JavaScript mutates to evade detection
ISC says hackers are creaing script code that is effectively undetectable by common types of malware scanners. [more]
Friday, 3 August 2007, 8:09 PM CET

Researcher finds Media Player flaws
Media players in personal computers have serious vulnerabilities that could allow online criminals to attach malicious code and infect computers without the user's knowledge, a researcher said Thursday. [more]
Friday, 3 August 2007, 8:09 PM CET

Researcher's analysis of al Qaeda images reveals surprises
Neal Krawetz, a researcher and computer security consultant, gave an interesting presentation today at the BlackHat security conference in Las Vegas about analyzing digital photographs and video images for alterations and enhancements. [more]
Friday, 3 August 2007, 5:10 PM CET

Security researchers exercise AJAX attacks at Black Hat
The presence of AJAX code in Web applications continues to grow at a rapid pace, but many of the programs built using the language remain extremely vulnerable to various forms of attack, according to researchers with applications testing specialists SPI Dynamics. [more]
Friday, 3 August 2007, 11:13 AM CET

VCs see tight market for security start-ups
According to Black Hat Conference attendees, security had been a hot market, but overcrowding and less-than-anticipated return on investment have cooled investors. [more]
Friday, 3 August 2007, 11:11 AM CET

Secret ruling limited spying efforts
Move to amend FISA sparked by judge's decision. [more]
Friday, 3 August 2007, 11:03 AM CET

New tool automates webmail account hijacks
Logging into your MySpace, Facebook, Yahoo!, Gmail or Hotmail account over a wireless connection just got a lot more dicey, as researchers here at the Black Hat hacker conference today demonstrated a new set of tools that help automate the hijacking of those accounts. [more]
Friday, 3 August 2007, 2:05 AM CET

Web's 'drug kingpin' gets 30 years
Prosecutors got their wish: A long sentence for Christopher Smith, who illegally sold $24 million worth of prescription drugs. [more]
Friday, 3 August 2007, 12:30 AM CET

Forget your PIN? Use your face
Face recognition as a unique biometric is growing slowly in certain corporate and consumer applications. [more]
Friday, 3 August 2007, 12:09 AM CET

Dane arrested for hacking Rasmussen's email
A 30-year-old Danish man was arrested for hacking into embattled cyclist Michael Rasmussen's email and trying to sell the information he obtained to a tabloid, Danish police said on Thursday. [more]
Friday, 3 August 2007, 12:06 AM CET

CA sues Rocket Software for source code theft
CA demands $200M for alleged copyright infringment, theft of trade secrets. [more]
Friday, 3 August 2007, 12:00 AM CET

Guide to online antivirus solutions part 2: Trend Micro HouseCall
After Panda Software (now Panda Security) NanoScan and TotalScan, this week we take a look at Trend Micro's HouseCall. [more]
Thursday, 2 August 2007, 6:39 PM CET

The admissibility vs. weight of digital evidence
There is always a lot of conversation about when digital evidence is and is not admissible. [more]
Thursday, 2 August 2007, 10:41 AM CET

Web 2.0 applications raise security issues
Just how safe are Web 2.0-style apps? [more]
Thursday, 2 August 2007, 7:09 AM CET

Let's meet a Romanian eBay scammer
The past few years have seen an increase in eBay and phishing scams out of Romania. [more]
Thursday, 2 August 2007, 5:18 AM CET

Targeting systems threaten privacy
Behavioral targeting is where a user is profiled according to their purchase habits and served relevant ads that can follow them from site to site. [more]
Thursday, 2 August 2007, 4:12 AM CET

E-voting vendors: any machine can be hacked in a lab
All that has been proved by the California study of e-voting machines, said Steven Bennett, a sales executive for Sequoia Voting Systems, "is that any computerized system, removed from its environment and placed, in this case, literally, out in the street or into a laboratory for anyone to tamper with, can be successfully attacked." [more]
Thursday, 2 August 2007, 4:00 AM CET

NSA guru lauds security intelligence sharing
Efforts to share security data are helping to foster community approach necessary to improve IT practices, said an NSA expert presenting at Black Hat. [more]
Thursday, 2 August 2007, 3:12 AM CET

Feds raid game-console hackers nationwide
Federal customs agents Wednesday raided more than 30 businesses and homes in 16 states, looking for devices that allow pirated video games to play on Wiis, PlayStation 2s and Xboxes. [more]
Thursday, 2 August 2007, 2:36 AM CET

The losing war on junk e-mail
In the spring of 1978, an energetic marketing man named Gary Thuerk wanted to let people in the technology world know that his company, the Digital Equipment Corporation, was about to introduce a powerful new computer system. [more]
Thursday, 2 August 2007, 1:09 AM CET

Scan this guy's e-passport and watch your system crash
A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them. [more]
Thursday, 2 August 2007, 12:45 AM CET

Instant backups with smbmount and grsync
Need a simple yet effective way to back up your laptop or desktop machine to a network-attached storage device or a network hard disk running Samba? [more]
Thursday, 2 August 2007, 12:15 AM CET

What we know (now) about the FBI's CIPAV spyware
G-men pull spyware, not pistols, to make arrest in bomb threat case. [more]
Thursday, 2 August 2007, 12:03 AM CET

Security update seeks out, erases modifications to iPhone
A security update for Apple Inc.'s iPhone does more than just fix critical flaws in the handset. [more]
Thursday, 2 August 2007, 12:00 AM CET

Quantitative look at penetration testing
All consultants and vendors are not equal. Some of the less competent vendors are nevertheless good at selling their services to clients who may not be aware how to judge the difference. More often nowadays we see companies choosing their Penetration Testing vendors based on incorrect metrics, such as accreditations of varying value, and of course on price. [more]
Wednesday, 1 August 2007, 7:31 PM CET

Sizing up cybercrime
With just a few simple clicks of a mouse, today’s ruthless cybercriminals can turn anything from stolen bank account information to e-mail cookies into monstrous profits. [more]
Wednesday, 1 August 2007, 11:10 AM CET

How to beat comment spam
We have worked out something that has seen comment spam reduced to nil - zip - zero - nada. Well to be truthful, technically the comment spam is still coming in but we are simply hiding it from view. [more]
Wednesday, 1 August 2007, 11:09 AM CET

Card security - banks to merchants: are you there yet?
The PCI Digital Security Standard is here, but many retailers are struggling with compliance-and even awareness. [more]
Wednesday, 1 August 2007, 12:06 AM CET

LinkedIn spurns bug bounty hunter
Will debug for food - but who will bite? [more]
Wednesday, 1 August 2007, 12:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st