Off the Wire

Off The Wire Archive

News items for September 2008

Security software is a necessary nuisance
A survey by Trend Micro found that for most consumers, Internet security software is like tedious dental visits - compulsory, but needed. Memory consumption that slows down computers, high prices and lengthy scan times were top reasons why nearly half of the respondents surveyed report to be disgruntled with the security software choices offered on the market and believe that there has to be a better way to protect their computers than what's available. [more]
Tuesday, 30 September 2008, 12:56 PM CET

Whitepaper - NAC 2.0: A new model for a more secure future
As organizations turn to Network Access Control (NAC) technologies to protect their networks and data, the flaws of earlier versions of NAC are becoming apparent. [more]
Tuesday, 30 September 2008, 12:45 PM CET

Setting up your own certificate authority with gnoMint
gnoMint is a desktop application that lets you easily manage your own certificate authority (CA). [more]
Tuesday, 30 September 2008, 12:32 PM CET

Network and information security in Europe today
Greece was recently the host of 1st NIS Summer School. The purpose of this gathering was to discuss multi-dimensional issues related to network and information security (NIS), the advances made in the recent past, along with emerging threats, critical compliance and legal issues. The attendees enjoyed the presentations of numerous outstanding speakers from all over the world. [more]
Monday, 29 September 2008, 9:21 PM CET

Searching for presidential campaign videos can bring malware
Webroot has detected malicious software being propagated as campaign videos for John McCain and Barack Obama. Attackers are taking advantage of unsuspecting users during the U.S. Presidential election season by utilizing the Gnutella file sharing network and seeding it with malware disguised as material relevant to the campaigns. This file sharing network is commonly accessed by clients such as LimeWire and FrostWire. [more]
Monday, 29 September 2008, 3:47 PM CET

Lack of awareness of privacy and security software
A recent survey has found that many users are woefully unaware of the privacy and security software and settings on their computers. The results show that an alarmingly high proportion of users did not know what software was running on their computers to ensure they had adequate protection from hackers, malware, viruses, ‘dirty’ websites, and other online threats. [more]
Wednesday, 24 September 2008, 9:30 PM CET

(IN)SECURE Magazine issue 18 is here
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about browser security, passive network security analysis, UNIX system auditing, Windows driver vulnerabilities, removing software armoring from executables, data breaches, secure application development, and much more. Download your FREE copy today! [more]
Wednesday, 24 September 2008, 9:16 PM CET

Whitepaper - Blind SQL injection: are your web applications vulnerable?
Learn the techniques that can be used to take advantage of a Web application that is vulnerable to Blind SQL Injection, and to make clear the correct mechanisms that should be put in place to protect against Blind SQL Injection and similar input validation problems. [more]
Tuesday, 23 September 2008, 1:26 PM CET

Umit, the graphical network scanner
Umit is a user-friendly graphical interface to Nmap that lets you perform network port scanning. [more]
Tuesday, 23 September 2008, 1:25 PM CET

New Intel vPro technology enhances security
Intel Corporation today introduced its third-generation Intel vPro suite of business desktop PC technologies, which among other features enhances security and reduces the time and cost of maintenance by enabling PCs to literally think and act for themselves. [more]
Tuesday, 23 September 2008, 10:06 AM CET

US responsible for the majority of cyber attacks
SecureWorks published the locations of the computers, from which the greatest number of cyber attacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country and China ran second with 7.7 million attempted attacks emanating from computers within its borders. [more]
Tuesday, 23 September 2008, 10:05 AM CET

Q&A: Security visualization
As chief security strategist and director of application product management, Raffael Marty is customer advocate and guardian - expert on all things security and log analysis at Splunk. Currently he uses his skills in data visualization, log management, intrusion detection, and compliance. In this interview he discusses security visualization. [more]
Monday, 22 September 2008, 9:21 PM CET

85% of malware is now distributed through the Web
Webroot released primary research revealing the impact of Web 2.0 on the enterprise. An overwhelming 85 percent of malware is now distributed through the Web, but businesses are not adequately protecting themselves against Web-borne viruses, spyware and employee behavior that lead to security breaches, loss of intellectual property and release of confidential data. [more]
Monday, 22 September 2008, 9:15 PM CET

Hi-tech help for children at risk
Children suffering abuse will soon be able to contact the NSPCC's ChildLine via text messages and the internet. [more]
Monday, 22 September 2008, 12:06 PM CET

I got the breach letter blues, what do I do?
With all the data breaches being reported, you may be one of more than 30 million-plus people this year to receive a breach letter. Notification letters can be unnerving and frightening. It depends on what is said, how it is phrased and the risk factors involved in the breach. [more]
Friday, 19 September 2008, 2:35 PM CET

"Top Secret level" hardware encryption on 2.5-Inch SATA drives
Addonics Technologies built a hard drive kit with built-in eSATA and SATA connectors that allows any 2.5-inch SATA hard drive or SSD to be used as a removable drive cartridge or an external eSATA storage device with the highest level 256-bit AES hardware encryption. [more]
Thursday, 18 September 2008, 4:02 PM CET

ENISA investigating the use of Domain Name System Security Extensions
The EU Agency ENISA is investigating the use of Domain Name System Security Extensions (DNSSEC) and other advanced technologies for improving the resilience of public communication networks. Recently a vulnerability of Domain Name System (DNS) caught a lot of media attention. A flaw in the DNS threatened to bring chaos to the Internet by poisoning the servers that translate domain names into Internet protocol addresses. [more]
Thursday, 18 September 2008, 8:36 AM CET

Government must get a warrant before seizing cell phone location records
In an unprecedented victory for cell phone privacy, a federal court has affirmed that cell phone location information stored by a mobile phone provider is protected by the Fourth Amendment and that the government must obtain a warrant based on probable cause before seizing such records. [more]
Friday, 12 September 2008, 6:19 PM CET

Why it's so hard to secure JavaScript
In a compiled language there may be multiple ways to write a loop, but the underlying object code generated is the same. [more]
Friday, 12 September 2008, 3:29 PM CET

U2 security in motion
Examples for encrypting and decrypting information in U2. [more]
Thursday, 11 September 2008, 10:43 AM CET

Q&A: virtualization security
Jim Chou is the Executive VP of Technology for Apani where he is responsible for the strategic technical development of Apani technology and product portfolio development. In this interview he discusses virtualization security. [more]
Wednesday, 10 September 2008, 8:33 PM CET

Real world XSS vulnerabilities in ASP.NET code
From couple of weeks we have been seeing some XSS vulnerabilities in code. [more]
Wednesday, 10 September 2008, 4:09 PM CET

Whitepaper - Phishing, phaxing, vishing and other identity threats
Examine how online fraud of phishing looks at other methods it has spawned, and gives advice on how organizations can prevent the theft of their identity. [more]
Wednesday, 10 September 2008, 1:33 PM CET

Recovering (someone else’s) email password
What happens when you’ve forgotten the password (or never knew it to begin with)? If contacting the email provider and answering the “forgotten password” questions hasn’t worked, there are several ways to gain access to the password. [more]
Tuesday, 9 September 2008, 7:18 PM CET

Types of web-based client-side attacks
This article summarizes web-based client-side attacks, many of which are being researched, neglected and would provide for some cutting edge research opportunities. The attacks are categorized based on their impact on confidentiality, availability, and integrity. [more]
Tuesday, 9 September 2008, 6:12 PM CET

How to build a local IMAP server
The usual practice of configuring your email client to retrieve email from your ISP's servers works well, but not for all situations. [more]
Tuesday, 9 September 2008, 2:50 PM CET

SQL injection: are stored procedures really safe?
SQL injection attack is the way to manipulate the SQL statement (insert malicious code) from applications to query or execute commands against the database. [more]
Tuesday, 9 September 2008, 2:46 PM CET

Strike threat by prison officers after data is lost
Prison officers yesterday threatened strike action after it emerged that a computer disc containing the personal details of 5,000 justice staff had been lost by a government contractor. [more]
Tuesday, 9 September 2008, 9:59 AM CET

Whitepaper - Security and vulnerability protections for Google Apps
Find out how Google protects and secures your company's critical business information. [more]
Tuesday, 9 September 2008, 12:00 AM CET

SOX, lies and security matters
When it comes to compliance, it’s fairly easy to find out what companies need to do to achieve it. But it’s much harder for companies to find out how they should go about it. [more]
Monday, 8 September 2008, 8:06 PM CET

Ensure your security while travelling
If you're heading overseas, here are some financial security tips to pack with you. [more]
Monday, 8 September 2008, 11:05 AM CET

CIA, FBI push 'Facebook for spies'
When you see people at the office using such Internet sites as Facebook and MySpace, you might suspect those workers are slacking off. [more]
Saturday, 6 September 2008, 10:17 AM CET

Minimizing Directory Service audit event noise
I've written before on noise reduction in the Windows security event log. I've also written to describe how object access auditing works. But, I still get questions on how to reduce noise from object access events. [more]
Friday, 5 September 2008, 11:33 AM CET

Whitepaper - Best practices for securing Exchange email
Discover how to deliver enterprise-level security to small, medium and large businesses through email hosting. [more]
Thursday, 4 September 2008, 3:50 PM CET

Bruce Schneier: How to create the perfect fake identity
Let me start off by saying that I'm making this whole thing up. [more]
Thursday, 4 September 2008, 9:39 AM CET

Discovery and fuzzing for SQL injections with Web 2.0 applications
This paper describes some techniques and approaches to perform effective assessment on Web 2.0 applications on the basis of our recent experience and cases which were analyzed on the field. [more]
Wednesday, 3 September 2008, 7:29 PM CET

Rootkit evolution
Rootkit evolution is following the same path as spyware. First, rootkits were identified as a separate class of malware. Then there was a lot of media hype which led to a large number of anti-rootkit tools and products together with a noticeable reaction from the antivirus industry. Today both rootkits and spyware have merged into the general malware stream and no longer cause any particular excitement. However, the concept of evading system features to hide something is obviously still valid and we are very likely to see new threats implementing stealth. [more]
Monday, 1 September 2008, 11:59 PM CET

The TSA's useless photo ID rules
No-fly lists and photo IDs are supposed to help protect the flying public from terrorists. Except that they don't work. [more]
Monday, 1 September 2008, 4:44 PM CET

Whitepaper - Institutional identity theft
Learn how the identity theft of your customers leads to the erosion of your company's profits and good name. [more]
Monday, 1 September 2008, 12:06 AM CET

Judges consider whether FBI violated free speech
A panel of federal appeals court judges pushed a U.S. government lawyer on Wednesday to answer why FBI letters sent out to Internet service providers seeking information should remain secret. [more]
Monday, 1 September 2008, 12:03 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st