Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at Sûnnet Beskerming.

Username: | Password: Contact us to request an account

Commentary & Insight From Sûnnet Beskerming

Covering news on emerging threats, advice on good security practices, analysis, explanation of technical news items, and brief, accurate, non-biased synopsis of security-focussed technology trends, Sûnnet Beskerming commentary is many things.

Whether you call it a blog, online journalism, or commentary on events, this is where you can find and search all relevant articles published by Sûnnet Beskerming.

All articles will eventually be made available free of charge, however some content is initially only available to paying subscribers.

Available entries
Hunting Safari
Posted in: Information Security
When Apple's Safari browser was released for beta testing on Windows at this year's WWDC, it was expected that many researchers would turn their attention to this little piece of Apple in a Microsoft world.

These expectations were met when vulnerabilities were rapidly discovered and disclosed wit....
Posted: 30 June 2007 10:07

Acknowledging the Importance of Web Security
Posted in: Information Security
Two recent articles in the mainstream technical media are helping to bring increased awareness to the importance of web security as a key component in the overall security picture.

With acknowledgement of the increasing difficulty of spreading malware through traditional channels (email), Paul He....
Posted: 29 June 2007 18:47

A BlackHat Showdown
Posted in: Information Security
An old-fashioned Wild West show down appears to be on the cards at the 2007 Black Hat USA Briefings & Training, due to kick off in Las Vegas on July 28.

Lining up on one side is a team of luminaries who have gathered under the Matasano Chargen banner, seeking to demonstrate that they can arbitrar....
Posted: 29 June 2007 17:19

Vista Security Claims Not All They Appear
Posted in: Information Security
Microsoft employee Jeff R Jones (Security Strategy Director) recently released a report claiming that Windows Vista is significantly more secure than competing operating system platforms.

After being released to CSO Online, the news was picked up and repeated by many sites, but not many stopped t....
Posted: 29 June 2007 15:44

Microsoft.co.uk Loses Face
Posted in: Information Security
It has been some time since a high profile site was defaced publicly, but it has happened again - this time with Microsoft's UK-based website (http://www.microsoft.co.uk).

As reported by online defacement archivists, Zone-h, the events booking component of the website was defaced by a Saudi-affil....
Posted: 28 June 2007 11:55

Harry Potter Real-World PSYOPS
Posted in: Information Security
Information was recently leaked to a number of security mailing lists claiming that the unpublished manuscript for the upcoming Harry Potter and the Deathly Hallows (due for release in July) had been stolen via the compromise of a system at the publishing company that will be responsible for the eve....
Posted: 25 June 2007 23:45

Quicken Recovery Password Discovered?
Posted in: Information Security
Quicken is one of the most popular personal finance software applications, useful for personal and small business finance, created by US financial software firm, Intuit.

One of the protection methods used by the software to protect user's sensitive financial information is to encrypt the data fil....
Posted: 25 June 2007 20:07

Data Theft Incident Worsens
Posted in: Information Security
Theft of a backup tape from an intern's car in early June was originally thought to only affect around 60,000 Ohio state workers and around 80,000 state welfare recipients. It has now been disclosed that the backup tape contained records on more than 200,000 Ohio residents, making it one of the lar....
Posted: 25 June 2007 19:00

Hey, What are Those Ads Doing?
Posted in: Information Security
Online advertising is a necessary evil for many company owners seeking to increase the awareness about their services, and a valuable asset to popular website owners, who are able to make extra money from the inclusion of advertising on their site.

Unfortunately, it appears that some Internet Ser....
Posted: 25 June 2007 17:58

Symantec's Challenge to SiteAdvisor
Posted in: Information Security
In an unsurprising move, Symantec have announced that they are developing a number of 'reputation systems' that are going to be designed to aid users in identifying the relative safety of a website or file that they are visiting or downloading. Seen as a challenge to McAfee's SiteAdvisor program, S....
Posted: 24 June 2007 22:24

French Government BlackBerry use Curtailed
Posted in: Information Security
News first surfaced earlier this week that sections of the French government were enacting guidelines that limits (bans) the use of the BlackBerry handheld email device by Government employees. The chief reason being given for the bans is that with the network traffic associated with the device pas....
Posted: 23 June 2007 13:19

Vista's Changes Not Enough, Says Google
Posted in: Information Security
After recently gaining a favourable ruling that was going to force Microsoft to make it easier for third party software developers to add their own desktop search equivalent to Windows Vista, Google have issued a statement that the changes haven't gone far enough.

It seems that even though Micros....
Posted: 23 June 2007 10:55

The Tribulations of Government IT
Posted in: Information Security
In less than a week, two embarrassing reports about major incidents affecting US government agencies associated with national security have been reported on in the media.

Hitting various media sources in the last 24 hours was coverage of comments from senior US Defence officials regarding a succe....
Posted: 22 June 2007 22:23

Consolidation in the Security Industry
Posted in: Information Security
The pace of consolidation in the Information Security industry doesn't appear to have slowed very much, with two significant acquisitions by major IT companies drawing some recent attention.

In the first case IBM acquired Watchfire, a US-based web security company that offers a range of services ....
Posted: 22 June 2007 21:36

New Web Attack Platform Draws Attention
Posted in: Information Security
When attackers single out websites for attack, whether it is to deface, infect, or extract sensitive data from, there are a number of tools that are readily available to automate the process. One such tool which has recently been created is being linked to a number of very significant website attac....
Posted: 22 June 2007 21:24

What is the Value of Your Credit Card Details?
Posted in: Information Security
In an effort to increase the perceived security of online credit card transactions, the major credit card providers have been working for a number of years on the PCI Data Security Standard - a set of guidelines that provide a minimum baseline considered secure enough for storing and processing cred....
Posted: 21 June 2007 22:34

Apple Release New Point Release
Posted in: Information Security
Many people expected Apple to stop releasing point releases for OS X 10.4 (Tiger) after they released OS X 10.4.9 earlier this year, especially with OS X 10.5 (Leopard) due for release later this year.

Apple's recent release of OS X 10.4.10 has come as a pleasant surprise, providing new security ....
Posted: 21 June 2007 09:03

Microsoft Movements With Widespread Effects
Posted in: Information Security
A couple of recent actions from Microsoft are likely to have far-reaching effects that will affect almost everybody. The first, and probably most benign, action from Microsoft is their announcement that OEM system builders will no longer be able to bundle Office 2003 with their new systems, it will....
Posted: 21 June 2007 00:29

Hiding What is in use on Vista
Posted in: Information Security
In the ongoing battle between system developers and those who are out to break the system, advancements from one side are generally met by a corresponding change by the other.

Microsoft's most recent operating system, Windows Vista, has gone a long way to fixing the major security problems that ....
Posted: 20 June 2007 23:58

Yahoo! Founder Steps Back in as CEO
Posted in: Information Security
After six years at the top of Yahoo!, CEO Terry Semel has resigned in the face of stiff criticism from shareholders and other concerned observers over a number of items, not least of which was his $71 million USD compensation for the last 12 months. Replacing Semel is Jerry Yang, one of the origina....
Posted: 20 June 2007 22:19

Problems in Custom Search Engines
Posted in: Information Security
Custom search engines are offered by the major online search providers to give site maintainers an easy-to-use search engine that site visitors can use to search their site and the Internet at large.

The ongoing Month of Search Engine Bugs has uncovered vulnerabilities that are affecting the cust....
Posted: 16 June 2007 16:55

The Art of Seeing What's Not There
Posted in: Information Security
On days when it appears that there is very little new Information Security news and other data available our researchers are still busy watching and searching, using the opportunity to hone one of the stranger skills in Information Security (and Intelligence gathering) - the art of seeing what's not....
Posted: 16 June 2007 16:31

Gaming the System = $1,000,000 USD?
Posted in: Information Security
Business news channel CNBC has recently been running a competition where the holder of the best virtual investment portfolio over a certain period would win $1 million USD.

It appears that the lure of so much cash was too much for some people. Claims have been made that the winners of the compet....
Posted: 13 June 2007 23:58

An Apple a Day
Posted in: Information Security
Apple Inc's WorldWide Developer's Conference (WWDC) is currently running in California and one of the highlights that many look forward to, even amongst the wider technical community that otherwise has little interest in an Apple event, is the opening Keynote address delivered by Steve Jobs on Monda....
Posted: 13 June 2007 23:45

Microsoft's June Security Patch Release
Posted in: Information Security
As expected, Microsoft released six patches yesterday as part of the June 2007 Security Update release. What was not expected was the re-release of two earlier patches, MS07-012 (Microsoft MFC) and MS07-018 (Microsoft CMS). The re-release of these patches was to address some relatively minor issue....
Posted: 13 June 2007 23:32

From Release to Attack in a Few Hours
Posted in: Information Security
Within a matter of hours of the announcement at Apple's WWDC that the Beta version of Safari 3 was available for download on Windows and OS X came news that several security researchers had already found serious vulnerabilities affecting the software.

Even though the software is in Beta, the semi....
Posted: 13 June 2007 22:47

More Results From the Month of Search Engine Bugs
Posted in: Information Security
The Month of Search Engine Bugs (MOSEB) is continuing to deliver various vulnerabilities with major and minor search engines, as it has since the start of June. Although most of the vulnerabilities delivered so far are for minor search engines, there are some that have the potential for moderate im....
Posted: 11 June 2007 20:13

Information Security Expert Moves
Posted in: Information Security
Noted Information Security expert and founder of TaoSecurity, Richard Bejtlich will soon be shutting down his consultancy after taking on a new role at GE, as Director of Incident Response.

Unfortunately for the industry, this means that his TCP/IP weapons school training seminars will also come ....
Posted: 11 June 2007 16:38

I Know What You Did Last Visit
Posted in: Information Security
In the ruling of a court case fought by the Motion Picture Association of America (MPAA) against a number of filesharing sites and products, the popular BitTorrent hosting site TorrentSpy was ordered to start keeping logs of site visitors and then turn those records over to the MPAA.

The practice....
Posted: 10 June 2007 18:03

Recent Yahoo! Messenger Vulnerabilities Attract Attacks
Posted in: Information Security
The recently disclosed vulnerabilities with Yahoo! Messenger's support for webcams, allowing attackers to run software of their choice on a victim's system, have already attracted the attention of malware developers.

The Chinese Incident Security Response Team (CISRT) is reporting that a Chinese ....
Posted: 10 June 2007 13:14

This is not a Real Security Update
Posted in: Information Security
Following extremely closely after the notification of the expected patches for June 2007 comes news that malware is already spreading via spam that claims to be a valid Microsoft security update.

Even though this is not the first time that spam has been used to push malware on unsuspecting victim....
Posted: 10 June 2007 00:52

June 2007 Microsoft Security Patch Advance Notification
Posted in: Information Security
Microsoft have provided basic details of the patches that they expect to release with the June 2007 security patch release, due for release next Tuesday.

At this stage Microsoft are expecting to release six patches for a variety of their products, including Windows, Office, Internet Explorer, and....
Posted: 8 June 2007 19:05

Risks of Persistent Storage
Posted in: Information Security
How to interact with online content when a user is offline has been a problem that many minds have struggled with over the years. In recent months one of the most popular theories of how users potentially would be able to interact with online content while offline has really taken off - that of cac....
Posted: 8 June 2007 17:55

Tech Community Pressure Helps get Case Turned Over
Posted in: Information Security
A common problem that can plague Windows-based systems are uncontrolled popups whenever the system is connected to the Internet. Although all browsers can be at risk of advertising popups (or interstitials, as some companies like to call them), Windows systems are also prone to advertising popups v....
Posted: 8 June 2007 16:45

Web Servers as Viewed by Google
Posted in: Information Security
For a long time, one of the most reputable sources for the breakdown of the numbers of installed web servers across the Internet has been the Netcraft survey of web servers. Now, Google has released information about how the Googlebot webcrawler has been viewing the Internet.

Based off almost 80....
Posted: 6 June 2007 19:34

MOSEB Underway
Posted in: Information Security
The latest in a string of 'Month of X Bugs' projects is underway, with the 'Month of Search Engine Bugs' (MOSEB) commencing at the start of June. Five vulnerabilities have already been disclosed, starting with a number of XSS and redirector issues affecting a Ukranian search engine, Yahoo!, and Hot....
Posted: 4 June 2007 14:12

Developing Safe Sites is Hard
Posted in: Information Security
Developing safe websites is a difficult task for any developer, so when the experts are caught developing and operating sites that are vulnerable to attack, it is a timely reminder that keeping systems safe against potential attack takes a lot of work.

It was recently disclosed that the Internet ....
Posted: 4 June 2007 13:52

Misidentification Hurts
Posted in: Information Security
After a poor update to the Symantec Antivirus suite caused havoc for Chinese Windows XP 2 users earlier this year, another poor update to the Antivirus definitions file has led to an antimalware product being misidentified as malware.

This time, the popular SpyBot Search & Destroy product had one....
Posted: 4 June 2007 11:57

City Loses Funds After Systems Infected
Posted in: Information Security
The Californian city of Carson was left almost $450,000 USD out of pocket after a spyware-infected system in use by the city's Treasurer provided attackers with the details necessary to gain access to the city's online bank accounts.

Over two transactions (of $90,000 and $358,000) in late May, th....
Posted: 2 June 2007 02:22

Antivirus Vendors and Filtering Vulnerabilities
Posted in: Information Security
Finland-based antivirus and security software vendor, F-Secure, recently released a set of updates for almost their entire product line, with the most serious vulnerability allowing an attacker to take control of a vulnerable system. While the denial of service and privilege escalation vulnerabilit....
Posted: 1 June 2007 03:48

When Good Intentions go Bad
Posted in: Information Security
Two incidents from the last several days have provided excellent studies in how difficult it is to ensure that the data sets that you are working with are accurate, and also how much a website can be considered a mini-dictatorship - where whatever the site owner says, goes.

Popular blogging site,....
Posted: 1 June 2007 01:41

Posts from September, 2017.