Commentary & Insight From S?nnet Beskerming
Covering news on emerging threats, advice on good security practices, analysis, explanation of technical news items, and brief, accurate, non-biased synopsis of security-focussed technology trends, S?nnet Beskerming commentary is many things.
Whether you call it a blog, online journalism, or commentary on events, this is where you can find and search all relevant articles published by S?nnet Beskerming.
All articles will eventually be made available free of charge, however some content is initially only available to paying subscribers.
Available entries
Forcing users to Update Software
Posted in: Information Security
News is rapidly spreading of a plan by Microsoft to force Internet Explorer 6 users to update to Internet Explorer 7 on February 12, through the use of an automatic update offered through WSUS (Windows Server Update System). This move has been cautiously welcomed for moving more Internet users to a....
Posted: 25 January 2008 13:26
What's Your Website Hiding?
Posted in: Information Security
As more companies are finding their way onto the Internet there has been an increase in the number of websites that have been compromised for theft of sensitive data and those that have been compromised for the purpose of spreading malicious software to unwary visitors.
Groups such as Zone-h have....
Posted: 25 January 2008 13:25
SCADA Concerns
Posted in: Information Security
At a recent SCADA Summit arranged by SANS some interesting information was put forward by a CIA spokesman that there was evidence of attacks against utility SCADA networks, with reported evidence that a power blackout across multiple US cities was caused by an Internet-based attack on a power suppli....
Posted: 24 January 2008 14:53
Overreacting to Security Theatre is Harmful
Posted in: Information Security
Security Theatre is a term that has been gaining acceptance as part of the Information Security lexicon for some time and it has also found acceptance in other security fields, being used to describe actions or proposals that deliver more show than substance with respect to a real or imagined threat....
Posted: 24 January 2008 14:51
Government Contracting gone Wrong
Posted in: Information Security
One part of the efforts being implemented by the United States to make air travel safer (and in many people's minds more frustrating) is a watchlist that identifies travellers who might not have the US's best interests at heart. As with any list of names there are quite a number of false positives,....
Posted: 21 January 2008 14:40
Problems with Universal Plug and Play (UPnP) Demonstrate Blended Threat risk
Posted in: Information Security
Universal Plug and Play (UPnP) is a technology designed to make it easy for different network devices to communicate with each other, but as many people have found in the past, making things easy often leads to security problems, something that has been the case with UPnP plenty of times in the pa....
Posted: 21 January 2008 14:37
Scareware makes it to the Mac
Posted in: Information Security
Scareware is a form of malicious software that attempts to scare users into purchasing unnecessary or useless software by running 'security checks' on a user's system, often coming up with a laundry list of 'problems' that can only be resolved by purchasing software from the vendor who is providing ....
Posted: 21 January 2008 14:34
Microsoft warn of Excel Problems
Posted in: Information Security
Last week Microsoft provided guidance about a targeted Excel exploit that has been discovered targeting a new vulnerability in Excel 2000, 2002, 2003, and 2004 (OS X). Excel 2003 Service Pack 3, 2007, and 2008 (OS X) are not vulnerable.
Microsoft have not yet identified whether an out-of-cycle ....
Posted: 21 January 2008 14:23
Understanding the Enemy by Inviting them in
Posted in: Information Security
One of our recent articles about the ethics of Information Security research mentioned a diminutive XSS worm replication contest being operated by noted researcher RSnake. On initial impression, the idea of running a contest to build a better worm sounds ludicrous and liable to result in greater pr....
Posted: 18 January 2008 16:20
Does the new QuickTime 0-day mean Apple has Problems with Patching?
Posted in: Information Security
In the past Microsoft has been criticised for poor vulnerability patching (by not patching the underlying vulnerability that is causing a problem and then having to reissue patches as attackers adjust and attack), and it is a criticism that has also been levied against Apple with the handling of dif....
Posted: 12 January 2008 00:26
Geeks.com Suffers Compromise
Posted in: Information Security
Continuing with the theme of personal data theft, Geeks.com, a major online retailer, suffered the embarrassment of having their customer potentially compromised by unidentified sources. It has been confirmed that a breach (or series of breaches) took place at the online retailer, but it is not kno....
Posted: 11 January 2008 22:37
Ignorance is no Excuse
Posted in: Information Security
After noted British television presenter Jeremy Clarkson took umbrage at the massive outcry regarding the loss of personal records for 25 million UK residents he decided to prove that it was an over-reaction (in his mind) by publishing his bank details in a newspaper column that he writes. Accordin....
Posted: 11 January 2008 22:19
Ethical Boundaries in Information Security Research
Posted in: Information Security
With Information Security being such a broad field, without any formalised coordinating or licensing body, appropriate boundaries for ethical and professional behaviour and activity can be difficult to determine. What is ethical to one researcher may be completely inappropriate to another. What ma....
Posted: 9 January 2008 15:22
Microsoft Security Patch Advance Notification January 2008
Posted in: Information Security
Microsoft have provided notification of the patches that they expect to issue with the January Security Patch release. Only two patches are scheduled for release, with one rated as Critical and the other as Important. Microsoft have not identified the system component affected by the Critical vuln....
Posted: 7 January 2008 15:09
Information Security Ups and Downs Down Under
Posted in: Information Security
Australia's change of government at the recent federal election has seen a number of interesting changes from an Information Security point of view, particularly from the aspects of data protection and personal privacy.
Probably the biggest immediate change, which has the net effect of being no c....
Posted: 3 January 2008 21:59
Tragedy Strikes Chinese Search Engine Giant
Posted in: Information Security
The tragic and sudden death of Baidu's CFO, Shawn Wang, saw two-and-a-quarter percent of the company's value lost on NASDAQ earlier this week.
Despite only having been with the company for three years (joining in September 2004), Wang aided Baidu with listing on NASDAQ in August 2005, and he had ....
Posted: 2 January 2008 23:46
Posts from November, 2024.