Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at Sûnnet Beskerming.

Username: | Password: Contact us to request an account

Commentary & Insight From Sûnnet Beskerming

Covering news on emerging threats, advice on good security practices, analysis, explanation of technical news items, and brief, accurate, non-biased synopsis of security-focussed technology trends, Sûnnet Beskerming commentary is many things.

Whether you call it a blog, online journalism, or commentary on events, this is where you can find and search all relevant articles published by Sûnnet Beskerming.

All articles will eventually be made available free of charge, however some content is initially only available to paying subscribers.

Available entries
Recent Advancement for Network Worms
Posted in: Information Security
After hinting at the possible future development of widespreading worms that exist only on the Internet, spreading from browser session to browser session when victims visit compromised sites, the researcher who was behind the technological development that led to Jikto (before Billy Hoffman picked ....
Posted: 31 May 2007 22:03

Bad Blood Over 'Sponsored' Speaking Positions
Posted in: Information Security
Less than a week after appearing at AusCERT 07, one of the invited speakers has published an interesting take on the rise of 'sponsored' speaking engagements and related Information Security conferences (although it does not appear that AusCERT partakes in this).

After being contacted to contribu....
Posted: 31 May 2007 21:34

New Attention on Old Exploits
Posted in: Information Security
A relatively well-crafted targeted phishing scam (some might call it spear phishing) has attracted significant recent attention after senior executives at an Information Security company were recently targeted.

Despite the scam being known about for a number of months, the audacity of the attacke....
Posted: 31 May 2007 01:42

Apple Busy in Otherwise Quiet Security Period
Posted in: Information Security
Although there has been no reporting over the last few days, Sûnnet Beskerming staff have continued to track and monitor information security sources while the United States observed Memorial Day, and the UK observed the Spring Bank Holiday.

Following the return to work for these major markets, ....
Posted: 31 May 2007 01:15

MOICE is Nice
Posted in: Information Security
Microsoft have released MOICE, the Microsoft Office Isolated Conversion Environment, a tool designed to migrate existing Office 2003 documents to the OpenXML format supported by recent versions of Microsoft Office. As the name suggests, this process takes place in an isolated environment, effective....
Posted: 26 May 2007 12:46

Breaking Big Numbers
Posted in: Information Security
One of the mathematical pursuits that will have long-lasting effects on future computing and data management is the factoring of large numbers - discovering what the most basic components are that combine to produce the large number.

This is important because each and every non-prime number can b....
Posted: 26 May 2007 12:33

When Hackers Attack WebHosts
Posted in: Information Security
It is being reported on a number of sources that Brinkster.com is requiring account holders to change their passwords as a result of a recent compromise of the web hosting provider.

While detailed information about the breach has not been made public, except to say that credit card details for th....
Posted: 26 May 2007 02:39

Full-court Press on WordPress
Posted in: Information Security
WordPress has come under some increased scrutiny in recent weeks after some elementary research by a concerned user discovered that the majority of Wordpress-driven sites assessed were running vulnerable versions of the blogging and publishing platform.

Coming at the same time is a report from on....
Posted: 26 May 2007 02:21

Your Mobile May Kill Your Car Key
Posted in: Information Security
Nissan have released a warning for car owners that placing a mobile telephone in close proximity to the electronic key that allows car owners to enter and start their car with the press of a button.

The device, known as an I-Key, can be left completely disabled, preventing owners from using them ....
Posted: 25 May 2007 23:14

Free Flight Deal Exposes Customer Data
Posted in: Information Security
The Sydney Morning Herald has reported on the problems caused by a poorly secured free flight deal being offered by Australian budget airline Virgin Blue. The offer provided a free flight on Virgin Blue for anyone who bought a mobile phone on a connection plan from Virgin Mobile.

Customers who d....
Posted: 25 May 2007 12:00

Gathering Information on Web Users
Posted in: Information Security
Behavioural analysis helps various professionals in their daily jobs, be they criminal profilers, detectives, teachers, marketing gurus, conmen, or some other professional role.

It has also been useful to online advertising providers, where they have used browsing history and other information to....
Posted: 23 May 2007 22:21

When Updates go Bad
Posted in: Information Security
In the space of less than a week, software updates caused two major system and network outages in Japan and China, and a less major outage over the weekend.

In Japan, a set of updates to Cisco routers led to a network-wide failure for the NTT East and West networks. Up to 4,000 routers were affe....
Posted: 21 May 2007 06:04

Being Secure is Not Easy
Posted in: Information Security
Building a system that is secure is a difficult prospect, but it is something that most people would assume about the Space Shuttle, modern fighter aircraft, and nuclear power plants - that they are secure systems.

Well, they aren't.

Even though it operates probably the most tested, reviewed, ....
Posted: 20 May 2007 01:09

The Threat That is the Internet
Posted in: Information Security
Jikto, the JavaScript web scanner, relied upon basic research conducted by an independent researcher who has now come out and released a conceptual description of how a major AJAX / JavaScript Internet worm would work and how it could be configured for greatest effect.

Using a set of common, well....
Posted: 20 May 2007 00:42

.bank Backers Fighting on
Posted in: Information Security
After initially raising the idea of a .bank top level domain (.tld) as a means to defeat phishing and a number of other online financial fraud opportunities, the team at F-Secure are still strongly in support of the idea, despite the critical responses that the idea received on its initial publicati....
Posted: 20 May 2007 00:14

Online Advertising Movements
Posted in: Information Security
Following the recent purchase of DoubleClick by Google, and the rumoured discussions between Yahoo! and Microsoft, comes more significant purchases from major Information Technology companies in the field of online advertising.

Yahoo! recently bought out its remaining $680 million USD stake in Ri....
Posted: 19 May 2007 23:24

Microsoft Modifies Monthly Patch Advance Notification
Posted in: Information Security
On the Thursday before the second Tuesday of each month, Microsoft provides a notification of the patches that they are expecting to release on the following Tuesday. Until now, the notification has broken down how many patches in total are expected, what platforms and product groups they are for, ....
Posted: 18 May 2007 18:15

Nationalistic Fervour and Online Attacks
Posted in: Information Security
Nationalistic fervour has long been a motivating factor for electronic attacks against companies, governments and websites in general. A significant proportion of the defaced sites listed in the Zone-h defacement archives have been defaced with a nationalistic statement or ultimatum of some sort fr....
Posted: 18 May 2007 10:51

Failure to Check Sources = Costly Market Loss
Posted in: Information Security
Apple Inc's market value recently lost $4 billion USD in a matter of minutes, following the posting of a fake email to a popular tech blog site. Claiming to originate from within Apple, the fake email indicated that Apple's iPhone and Leopard operating system will be significantly delayed in coming....
Posted: 18 May 2007 03:46

Scamming and Social Networks
Posted in: Information Security
Increasing numbers of Information Security commentators and companies are starting to pick up on the increasing use of professional networking sites, social networking sites, and other related sites by scammers in order to get past the trust barrier that would prevent a successful scam.

One such ....
Posted: 18 May 2007 03:23

Microsoft Snares Top Vulnerability Talent
Posted in: Information Security
News being reported over at ZDNet indicates that Microsoft has convinced the founder of Symantec's Vulnerability Research efforts to join the Microsoft Security Response Center.

While her stay at Symantec was relatively short, Katie Moussouris is a noted penetration tester who was a part of @Stak....
Posted: 17 May 2007 05:44

Entering the Pentagon
Posted in: Information Security
Following the drawn-out court case against UK-based hacker, Gary McKinnon, most people would assume that the US military and other government agencies would have taken the opportunity to review the security of their outward-facing systems.

Such an assumption doesn't account for the fact that ther....
Posted: 17 May 2007 05:27

The Joy of Variable-Width Encoding
Posted in: Information Security
One of the problems that web and application developers face is how to handle variable-width encoding, where each character represented on the screen can take more than one byte of memory to store and display (the standard ASCII set only uses one byte per character). Probably the most common troubl....
Posted: 17 May 2007 01:44

.ANI Vulnerability Still Causing Problems
Posted in: Information Security
As reported by eWeek, it appears that the .ANI vulnerability recently patched by Microsoft in an out-of-cycle patch is still causing problems for Internet users. In this particular case, it was a major website that was affected - Tom's Hardware.

When the .wmf vulnerability was a major concern a ....
Posted: 13 May 2007 12:10

PirateBay Attacked
Posted in: Information Security
According to a recent post on the PirateBay blog, an attacker was able to successfully attack and compromise the popular Torrent site, making off with the complete list of user accounts and hashed passwords.

Although it would be very difficult to recover the passwords (especially if they have bee....
Posted: 12 May 2007 15:31

Windows News
Posted in: Information Security
As being reported by the ISC, official support from Microsoft for the Windows 2003 operating system has been ended, but only for the SP0 version (i.e. straight out of the box, with no patches or Service Packs applied). While it is unlikely that there will be many systems that are still at SP0 (alth....
Posted: 11 May 2007 12:33

Using the System Against Itself
Posted in: Information Security
Amongst other news being reported by Symantec at the moment (they are on a big PR push to improve the market's attitude towards their acquisition of Veritas), is news that they have detected malware that is using the software update service built in to Windows in order to download and install essent....
Posted: 11 May 2007 12:24

Grand Claims Require Solid Evidence
Posted in: Information Security
Getting online identity systems correct is difficult. Getting them secure is even more so, and it appears to be a problem that has not been reliably solved up to this point in time (secure in a lab is not being considered at this time). A new service that is seeking to provide something analogous ....
Posted: 11 May 2007 12:21

Microsoft May Security Patch Release
Posted in: Information Security
Microsoft released seven patches for May as part of their routine Security Patch Release program. Amongst the patches provided are fixes for vulnerabilities under current, active attack, including attacks against Word, DNS Server, and some of the Internet Explorer threats.

Users and administrato....
Posted: 9 May 2007 05:19

Posts from September, 2017.