Off the Wire

Off The Wire Archive

News items for August 2008

BBC does a profile on Gary McKinnon
Gary McKinnon has lost his appeal in the UK's House of Lords against extradition to the US on hacking charges. The BBC News website profiles his history and his motives. [more]
Friday, 29 August 2008, 11:19 AM CET

Automatic backup for sporadically connected clients with Box Backup
If you're a frequent business traveler who keeps important company files on your laptop, using a centralized management solution to back up files automatically during a fixed time interval won't work. Instead, consider Box Backup, which backs up files from a laptop directly to a backup server over an encrypted link. [more]
Friday, 29 August 2008, 11:13 AM CET

Use and manipulate tcsh shell variables for fun and profit
Tcsh is one of the most popular UNIX shells. Learn how you can use tcsh shell variables to make your work easier and how to take advantage of tcsh's advanced security features. [more]
Thursday, 28 August 2008, 12:26 AM CET

Deploying enterprise software securely
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk. [more]
Wednesday, 27 August 2008, 11:57 PM CET

Whitepaper - Open source security myths dispelled
Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization. [more]
Wednesday, 27 August 2008, 2:48 PM CET

Most organizations fail to stop interior network threats
A survey by Opine Consulting revealed nearly half of the IT professionals who responded had endpoints connecting to their corporate networks without their knowledge. Yet compared to other security issues, 86 percent of respondents said controlling network access ranked as a high priority. [more]
Tuesday, 26 August 2008, 9:25 PM CET

Road tolls hacked
A researcher claims that toll transponders can be cloned, allowing drivers to pass for free. [more]
Tuesday, 26 August 2008, 5:43 PM CET

Security risks for mobile computing on public WLANs
This article illuminates the effectiveness of VPN security mechanisms, data encryption, strong authentication and personal firewalls and shows how optimal protection can be achieved by dynamically integrating each of these technologies. [more]
Monday, 25 August 2008, 11:54 PM CET

Install and configure the Nessus vulnerability scanner in openSUSE
The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. [more]
Monday, 25 August 2008, 3:36 PM CET

Use apachectl and httpd like a power user
After you have installed Apache2, if you want to use apachectl and httpd to it’s maximum potential, you should go beyond using start, stop and restart. The 9 practical examples provided in this article will help you to use apachectl and httpd very effectively. [more]
Friday, 22 August 2008, 1:32 PM CET

MI5 report challenges views on terrorism in Britain
Sophisticated analysis says there is no single pathway to violent extremism. [more]
Friday, 22 August 2008, 8:39 AM CET

Jail the 'greedy' scam victims, says Nigerian diplomat
The Nigerian high commissioner says people who are ripped off by so-called Nigerian scams are just as guilty as the fraudsters and should be jailed. [more]
Friday, 22 August 2008, 3:42 AM CET

Reverse engineering: Smashing the signature
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a database which is constantly updated. This tutorial guides you through a number of steps to encrypt the executable file code section in order to render antivirus signature checking techniques ineffective against identifying the malicious code. [more]
Wednesday, 20 August 2008, 3:35 PM CET

Guide - The need for vulnerability management
This guide describes the need for vulnerability management. It introduces the sources of vulnerabilities and their related fallout, then relates why the nature of modern threats to the network requires automated technology to counter sophisticated exploits. [more]
Wednesday, 20 August 2008, 3:34 PM CET

Internet terrorist: Does such a thing really exist?
In this article, a former CISO discusses the notion of worrying about the potential risk of terrorism against his organization and how it seems to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, he began to research this trend to determine its drivers and potential implications to information security as we know it today. [more]
Tuesday, 19 August 2008, 5:25 PM CET

Control your identity
One of the sessions I enjoyed at DefCon was Nathan Hamiel and Shawn Moyer’s, “Satan is on My Friends List”. [more]
Tuesday, 19 August 2008, 3:05 PM CET

Reputation attacks: A little known Internet threat
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss. Attackers can use several methods to ruin a company’s reputation. [more]
Monday, 18 August 2008, 8:06 PM CET

Reverse-engineering cheat sheet
This cheat sheet of shortcuts and tips for reverse-engineering malware. [more]
Monday, 18 August 2008, 12:58 PM CET

New magazine-sharing site may violate copyrights
The magazine industry, already facing a decline in newsstand sales and falling ad revenue, is being besieged by a new foe: digital piracy. [more]
Monday, 18 August 2008, 11:19 AM CET

Video - DTrace: The reverse engineer's unexpected swiss army knife
David Weston is a security engineer at Science Applications International Corporation. In this video, made at Black Hat Europe, David illustrates his research related to DTrace. Created by SUN and originally intended for performance monitoring, DTrace is one of the most exciting additions to OS X Leopard and is being ported to Linux and BSD. It offers an unprecedented view of both user and kernel space, which has many interesting implications for security researchers. [more]
Thursday, 14 August 2008, 11:45 PM CET

Privacy worry over location data
Privacy advocates are warning of the dangers of rushing headlong into using location based services. [more]
Thursday, 14 August 2008, 10:15 AM CET

Report reveals which piracy groups pose significant threat
V.i. Labs issued a report revealing that piracy groups are fully exploiting security gaps in the common licensing mechanisms used in electronic design automation (EDA), computer-aided design (CAD), and product lifecycle management (PLM) software to produce counterfeit versions of these high-priced applications. [more]
Wednesday, 13 August 2008, 11:11 PM CET

How B2B gateways affect corporate information security
B2B gateways were introduced in 2003, marking the first time IT professionals could deploy best-of-breed managed file transfer tools without sacrificing their larger investment in enterprise business applications. Today, that value proposition has an added advantage: gateways have become building blocks for a secure information strategy. [more]
Wednesday, 13 August 2008, 9:09 PM CET

Air Force suspends Cyber Command program
The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. [more]
Wednesday, 13 August 2008, 7:03 PM CET

Web firms acknowledge tracking behavior without consent
In response to a bipartisan House inquiry, Google says it uses technology to more precisely follow Web surfing across affiliated sites. [more]
Wednesday, 13 August 2008, 5:33 PM CET

Mozilla: security a significant focus
Mozilla is moving forward on a number of initiatives to ensure that Internet security improves. Among the efforts is a new approach for determining and measuring security metrics. [more]
Wednesday, 13 August 2008, 12:03 AM CET

Using free software for HTTP load testing
A good way to see how your Web applications and server will behave under high load is by testing them with a simulated load. We tested several free software tools that do such testing to see which work best for what kinds of sites. [more]
Tuesday, 12 August 2008, 5:40 PM CET

Q&A: Views on privacy and identity theft
Jonathan Moneymaker is VP of Operations at Anonymizer. In this interview he tackles headaches related to privacy and identity theft. [more]
Tuesday, 12 August 2008, 4:57 PM CET

Blended threats increase as malicious content grows more enterprising
Secure Computing published the company’s Q2 Internet Threat Report containing data and analysis from the Secure Computing research team. Among other findings, the report shows that while spam volume and new zombies have decreased in the past quarter, enterprises and home users are increasingly being attacked through malicious Web content and blended security attacks. [more]
Tuesday, 12 August 2008, 4:57 PM CET

Let your theme song be your password
Cliche demands that every romantic couple has its own song. A new proposal from security researchers could see that same song be the couple's password too. [more]
Tuesday, 12 August 2008, 2:01 PM CET

Whitepaper - Backup and recovery best practices for Microsoft SQL Server 2005
To help you choose from among the available configuration options and backup and recovery procedures, HP has conducted extensive laboratory tests to determine best practices. [more]
Monday, 11 August 2008, 8:03 PM CET

Surf Jacking: HTTPS will not save you
In this paper we will describe a security issue that affects major web sites and their customers. Attackers exploiting this vulnerability are able to hijack an HTTP session even when the victim and the attacker’s connection is encrypted using SSL or TLS. [more]
Monday, 11 August 2008, 12:42 PM CET

The DefCon 16 mystery challenge
Hackers like nothing more than solving complex problems. One of the most difficult contests at DefCon, is known as the Mystery Challenge. [more]
Monday, 11 August 2008, 12:27 PM CET

A look inside the Defcon Network Operations Center
Over 9,000 hackers, freaks, feds and geeks are gathered in Las Vegas for Defcon, the world's largest computer security convention. The temporary wireless network that serves the Defcon attendees is the most hostile on the planet. [more]
Monday, 11 August 2008, 2:26 AM CET

Fingerprint test tells what a person has touched
With a new analytical technique, a fingerprint can now reveal much more than the identity of a person. It can now also identify what the person has been touching: drugs, explosives or poisons, for example. [more]
Friday, 8 August 2008, 10:21 PM CET

U.S. warns of Chinese cyber-spies
U.S. intelligence officials issued a strong warning Thursday that Americans traveling overseas, particularly visitors to the Olympics in China, face a serious risk of having sensitive information stolen. [more]
Friday, 8 August 2008, 10:20 PM CET

Companies have a false sense of confidence in their backup solutions
The latest results from the Databarracks annual Backup and Recovery survey indicate that overall, 91% of companies claim to be confident in their backup solution. Upon further investigation, 74% of those who do not use encryption or replication and do not take backups offsite are confident despite skipping these steps. [more]
Friday, 8 August 2008, 3:30 PM CET

Reporters booted from Black Hat for hacking
Three French reporters attending the Black Hat computer security conference have been banned for life for sniffing the press room network. [more]
Friday, 8 August 2008, 9:21 AM CET

How does the CIA keep its IT staff honest?
Be prepared to go through a lot of scrutiny if you want to work in the Central Intelligence Agency's IT department, says CIO Al Tarasiuk. And it doesn't stop after you get your top secret clearance. [more]
Friday, 8 August 2008, 9:12 AM CET

‘Fakeproof’ e-passport is cloned in minutes
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports. [more]
Thursday, 7 August 2008, 6:56 PM CET

SPF/DKIM use on the decline among Fortune 500s
For those not familiar with Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM), these are two forgery countermeasures that can be used by anyone looking to protect the integrity of their outgoing electronic correspondence (email). SPF and DKIM provide a response to recipient email servers interested in knowing whether a particular sender was authorized to send email representing the company’s domain. [more]
Thursday, 7 August 2008, 12:43 PM CET

Q&A: E-mail spam and Software as a Service (SaaS) solutions
David Vella is the Director of Product Management at GFI with experience in quality assurance, network administration and software development. In this Q&A he provides insight into e-mail spam and Software as a Service (SaaS) solutions. [more]
Tuesday, 5 August 2008, 11:30 PM CET

Social engineering on Twitter
This week it’s Twitter’s turn to host an attack - one that is targeting both Twitter users and the Internet community at large. In this case it's a malicious Twitter profile[skip]/ with a name that is Portuguese for ‘pretty rabbit’ which has a photo advertising a video with girls posted. [more]
Tuesday, 5 August 2008, 12:03 AM CET

Cybercrime and politics
As citizens of the United States prepare to cast their votes in the upcoming presidential election, the time is right to consider what implications, if any, Internet-borne threats may have on this process. With political candidates increasingly relying on the web to communicate their positions, assemble supporters and respond to critics – Internet-based risks are a serious concern as they can be used to disseminate misinformation, defraud candidates and the public and invade privacy. [more]
Monday, 4 August 2008, 6:14 PM CET

Mozilla SSL policy bad for the Web
Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those who are willing to pay money to one of their approved digital certificate vendors. [more]
Monday, 4 August 2008, 3:19 PM CET

Virtual servers not always safe
Some IT administrators are placing systems with multiple connections in the DMZ. [more]
Monday, 4 August 2008, 4:55 AM CET

Dutch police arrest 19-year-old accused of bot herding
Dutch Police have arrested two brothers suspected of running a botnet containing up to 100,000 computers. [more]
Monday, 4 August 2008, 4:55 AM CET

89% of security incidents went unreported in 2007
RSA Conference released the results of its recent survey of security professionals regarding the critical industry and infrastructure issues they currently face. The survey identified four specific types of security threats as major pain-points for the industry in the coming year. [more]
Friday, 1 August 2008, 11:30 PM CET

Travelers' laptops may be detained at border
Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. [more]
Friday, 1 August 2008, 3:41 PM CET

Google accused on privacy views
Google has been accused of "hypocrisy" over its stance on personal privacy. [more]
Friday, 1 August 2008, 3:40 PM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Sep 3rd