Off the Wire

Off The Wire Archive

News items for January 2003

Interview with the author of "Halting the Hacker"
In this interview, Donald L. Pipkin, the Information Security Architect for the Internet Security Division of Hewlett-Packard, talks about general security issues. [more]
Friday, 31 January 2003, 1:50 PM CET


Compass Security Finjan SurfinGate Analysis
This article is focused in Finjan SurfinGate HTTP content filter protection - and gives you a better understanding of threats and risks. [more]
Friday, 31 January 2003, 1:48 PM CET


Key to Wi-Fi Security
The arrival of WPA and eventually 802.11i will reduce the administrative burden of WLANs, integrating them with existing authentication mechanisms and making the security issue disappear. [more]
Friday, 31 January 2003, 1:47 PM CET


BIOS Maker Builds a Bunker for PCs
Phoenix Technologies, the maker of BIOS software for most of the world's PCs, will unveil a software environment for PCs and other devices that creates a "bunker" in which critical utilities can be stored. [more]
Friday, 31 January 2003, 12:29 PM CET


E-Voting security debate comes home
Why are some high-power technologists trying to keep fully-electronic ballots out of Silicon Valley voting booths? They're worried that hackers might decide the next election. [more]
Friday, 31 January 2003, 12:27 PM CET


Certify This!
It's all about money for most companies offering these certifications, and it's a get-rich-over-time scheme for the person getting the letters appended to his or her title. [more]
Friday, 31 January 2003, 12:22 PM CET


Anticipating the Unknown
It's been one of the dirty little secrets of the security industry for years: Software patches don't work. [more]
Friday, 31 January 2003, 12:21 PM CET


Microsoft bows to EU privacy concerns
Microsoft has agreed to make substantial changes to its Passport online identity system to make it comply with European privacy laws. [more]
Friday, 31 January 2003, 12:17 PM CET


Consortium pushes for cybersecurity R&D
A consortium of 23 security research institutions is calling on the government and private companies to put more research and development muscle into a host of cybersecurity problems. [more]
Friday, 31 January 2003, 12:14 PM CET


Book Review: Firewalls and Internet Security Second Edition
Written by an impressive trio of Information Security experts, this book is a long awaited sequel to the original "classic". [more]
Thursday, 30 January 2003, 5:30 PM CET


Sneaky Toolbar Hijacks Browsers
Internet users are mystified by a tricky browser add-on that installs itself without permission and defies attempts to remove it. Some are calling the program the most insidious thing on the Web. [more]
Thursday, 30 January 2003, 4:05 PM CET


Linux boost expected for Trusted Computing scheme
Linux-based APIs are on the roadmap of various vendors in support of the Trusted Computing Platform Alliance's security initiative. [more]
Thursday, 30 January 2003, 2:20 PM CET


Developing a security policy
Analyst IDC recently reported that fewer than 10 per cent of European companies have a security policy in place. [more]
Thursday, 30 January 2003, 2:16 PM CET


Exposed server proves to be a magnet for attacks
PSINet Europe set up an anonymous 'dummy test' server and found it was maliciously attacked 467 times within 24 hours of being installed. [more]
Thursday, 30 January 2003, 1:38 PM CET


Microsoft preps Firewall upgrade
Microsoft is preparing a second version of its enterprise firewall Internet Security and Acceleration (ISA) Server, focusing on application-level security and XML web services. [more]
Thursday, 30 January 2003, 12:12 PM CET


Symantec's 'Submit a Deal' Flawed
Software giant Symantec's failure to secure a portion of its corporate site leaves an online database of acquisitions proposals exposed, including one from longtime industry critic Vmyths. [more]
Thursday, 30 January 2003, 12:00 PM CET


The Case of Slammer and the Broken Patching Process
Many companies wait to install security patches until they have been fully tested, or they install them in the wrong order, which could undo earlier fixes. [more]
Thursday, 30 January 2003, 11:58 AM CET


Combating the aerial threat
Kevin Hogan, security response programme manager at Symantec, looks at the security headaches caused by wireless Lans, and suggests ways that businesses and individuals can deal with them. [more]
Thursday, 30 January 2003, 11:53 AM CET


Project Crenum: Real Remote Sniffer Detection Research Report
This is a project targeted towards Remote Sniffer Detection using commonly available network tools. [more]
Thursday, 30 January 2003, 10:53 AM CET


Locking Linux
Learn how to secure local file systems, restrict insecure root access, and how to configure user authentication. [more]
Wednesday, 29 January 2003, 5:34 PM CET


Forensics on the Windows Platform, Part 1
This article will examine some basic, non-technical concepts that are applicable to all forensic investigations. [more]
Wednesday, 29 January 2003, 5:32 PM CET


Litchfield's NGSSoftware cuts ties with CERT
NGSSoftware will no longer work with CERT/CC, after CERT personnel gave advance notice of several new vulnerabilities to a software vendor and some government officials. [more]
Wednesday, 29 January 2003, 12:28 PM CET


Firewall Geeks Meet the Night Watchmen
The once-distinct realms of computer security and physical security are merging as they realize how interdependent they are. [more]
Wednesday, 29 January 2003, 11:55 AM CET


Computer sleuth - the inside job
Forensic IT expert Daniel Ayers flushes out hidden computer secrets. [more]
Wednesday, 29 January 2003, 11:43 AM CET


What to look for when buying a VPN
VPN drivers range from securing corporate communications to reducing costs by replacing leased lines. Let's take a look at the various solutions and how they apply to different environments. [more]
Wednesday, 29 January 2003, 11:37 AM CET


Microsoft's Uphill Security Battle
If Uncle Bill is correct in his vision of a Digital Decade, in which billions of intelligent devices are interconnected, we may be in for an onslaught of new threats. [more]
Wednesday, 29 January 2003, 11:34 AM CET


Book Review: Cisco Secure PIX Firewalls
The authors state that the goal of this book is help users refresh their knowledge of basic PIX operation as well as to dwell into more advanced configurations. Do they succeed in accomplishing this? [more]
Tuesday, 28 January 2003, 5:10 PM CET


HNS Book Giveaway
We are giving away 3 copies of "Network Intrusion Detection Third Edition" and 3 copies of the "Apache Administrator's Handbook". Want some knowledge? [more]
Tuesday, 28 January 2003, 5:03 PM CET


More on the SQL worm from Kaspersky Lab
Kaspersky Labs analyzes the consequences of the latest epidemic - the Slammer worm. [more]
Tuesday, 28 January 2003, 4:58 PM CET


Are we nearly secure yet?
David Coursey: One year ago, Bill Gates challenged his Microsoft troops to make the company's products more trustworthy. What's been accomplished? A bit. What still needs to be done? A lot. [more]
Tuesday, 28 January 2003, 4:34 PM CET


Security breaches still being covered up
According to a survey by security consultant Defcom, firms are deciding to protect their reputations rather than report attacks to the police. [more]
Tuesday, 28 January 2003, 4:33 PM CET


HNS Book Giveaway Winners
Three lucky winners have been chosen, each one gets a copy of "Halting the Hacker: A Practical Guide to Computer Security, 2/e". Are you one of them? [more]
Tuesday, 28 January 2003, 3:23 PM CET


A crime wave festers in cyberspace
Cybercrime, long a painful side effect of the innovations of Internet technology, is reaching new dimensions, security specialists say. [more]
Tuesday, 28 January 2003, 12:09 PM CET


Network risk insurance market to flourish
Network risk insurance has been on the market for about three years, but is expected to explode from a $100 million sideshow into a $2.5 billion behemoth by 2005, according to insurance industry projections. [more]
Tuesday, 28 January 2003, 12:01 PM CET


Microsoft admits failing to patch own software against the SQL worm
A Microsoft spokesman declined to say which areas at Microsoft were affected. He acknowledged that some servers were left unfixed because administrators "didn't get around to it when they should have." [more]
Tuesday, 28 January 2003, 11:54 AM CET


Mobile virus threat looms large
By 2005 anti-virus experts expect that customers of one or more mobile networks will have been struck by a malicious program designed to exploit security failings on portable devices. [more]
Tuesday, 28 January 2003, 11:52 AM CET


HNS Newsletter Issue 146 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by ScannerX. [more]
Monday, 27 January 2003, 4:42 PM CET


Darrell D. Simms from TROY Wireless on Wireless Security
Darrell D. Simms is an acknowledged leader in the wireless industry as a technologist. He is a noted evangelist for short distance wireless technologies such as Bluetooth and 802.11. [more]
Monday, 27 January 2003, 4:40 PM CET


Spam Filtering with gzip
While many people see gzip as a compression tool, it also makes a credible spam filter. Here's how. [more]
Monday, 27 January 2003, 2:51 PM CET


What will it take?
What will it take for the computing industry and the population of computer users to look at Microsoft's security record and declare that it must go no further? [more]
Monday, 27 January 2003, 2:47 PM CET


PKWARE and RSA Security Enter a Strategic Alliance
Under the strategic alliance agreement, PKWARE is licensing RSA BSAFE encryption software for use across all platforms and RSA Security is licensing PKZIP compression technology. [more]
Monday, 27 January 2003, 2:06 PM CET


Attacks Fell an Online Community
A barrage of denial-of-service attacks have forced DALnet, an online community whose existence predates the World Wide Web, to cease operations. The community's future remains in doubt. [more]
Monday, 27 January 2003, 1:09 PM CET


An Overview of the Sun Microsystem Firewall
This article is the first of a two-part series that will offer a brief overview of the implementation and administration of SunScreen. [more]
Monday, 27 January 2003, 11:19 AM CET


MS SQL Worm Roundup
There is a new worm that attempts to exploit vulnerabilities in Microsoft SQL 2000 servers and is causing increased traffic on UDP port 1434. This roundup contains the analysis, latest news updates, solutions, security advisories and AV vendor releases on this worm. [more]
Saturday, 25 January 2003, 11:49 PM CET


SQL worm hits
A fast-moving computer worm slowed down Internet access today for about 22,000 servers, according to Symantec. [more]
Saturday, 25 January 2003, 9:13 PM CET


Book Review: Network Intrusion Detection 3rd Edition
What gives this book great value is a variety of examples we get from intrusion detection mechanisms. This is much more helpful in understanding how things work than just theory. [more]
Friday, 24 January 2003, 2:42 PM CET


CTO of DataPower Technology on XML Security
Eugene Kuznetsov, CTO of DataPower Technology, talks about the company and XML Security issues. [more]
Friday, 24 January 2003, 2:42 PM CET


Australian hackers launch security conference
A self-proclaimed "security conference for the Australian hacker community, organised by the Australian hacker community" has been set down for Sydney in April. [more]
Friday, 24 January 2003, 2:34 PM CET


Gates pledges renewed security drive
Bill Gates said that the Microsoft has taken great strides to secure its products, but acknowledged that the company still has far to go to achieve "Trustworthy Computing." [more]
Friday, 24 January 2003, 2:31 PM CET


Book Review: Understanding PKI
If you are planning to deploy PKI inside your company, "Understanding PKI" will provide an extensive amount of information you need to understand, to see how the things work. [more]
Thursday, 23 January 2003, 10:55 PM CET


Interview with the Vice President of Sales and Marketing at Authentify
In this interview Mr. John Zurawski talks about Authentify and various security issues. [more]
Thursday, 23 January 2003, 10:21 PM CET


Bugwatch: The Attack of the Sequels
Most computer virus creators are not original. As with Hollywood film executives they go with what works and then make a sequel. [more]
Thursday, 23 January 2003, 5:31 PM CET


.Net demystifies encryption
.Net makes cryptography a little simpler by putting everything into one SDK. Find out how to encrypt and decrypt a text file with the System.Security.Cryptography namespace. [more]
Thursday, 23 January 2003, 5:30 PM CET


Updates and double dates
If last year's seemingly endless rounds of security updates didn't seriously undermine the credibility of Microsoft's "Trusted Computing" initiative, 2003 continues to bring problems. [more]
Thursday, 23 January 2003, 4:04 PM CET


Security Flaw Exposes AOL Accounts
The accounts of millions of AOL subscribers were jeopardized this week due to a serious flaw in the company's Web-based mail system. [more]
Thursday, 23 January 2003, 4:01 PM CET


Top 10 tips for setting a secure communications policy
Here are the top 10 things IT policy-makers should consider when developing corporate e-mail policies. [more]
Thursday, 23 January 2003, 3:58 PM CET


Faces and eyes rival passwords
Biometric technology which identifies people by the shape of the face, pattern of the iris or fingerprint is soon going to play a greater part in our lives. [more]
Thursday, 23 January 2003, 3:57 PM CET


Identity-theft complaints almost double in 2002
Complaints about identity theft nearly doubled in 2002 as the fast-growing crime topped the government's list of consumer frauds for a third consecutive year. [more]
Thursday, 23 January 2003, 3:55 PM CET


Scott C. Nevins, CEO of Protegrity on Database Security
We talked with Scott C. Nevins, President and CEO of Protegrity, about the company and database security issues. [more]
Wednesday, 22 January 2003, 4:41 PM CET


Detecting Wireless LAN MAC Address Spoofing
This paper describes some of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic. [more]
Wednesday, 22 January 2003, 4:40 PM CET


Astaro Security Linux V4 Announced at LinuxWorld Expo
New features contain VLAN and WLAN support, extended virus protection for POP3 email accounts, comprehensive heuristic spam blocking and more. [more]
Wednesday, 22 January 2003, 4:39 PM CET


ABIT brings low cost security to the server motherboard
As a result of a partnership between ABIT and Cavium Networks, ABIT's SI-1Ns server motherboard is shipping with Cavium's NITROX Security Macro Processor. [more]
Wednesday, 22 January 2003, 4:38 PM CET


SANs In Need Of A Security Plan
With attacks on the rise and security spending down, the last thing guardians of the network can afford is another exposed flank. [more]
Wednesday, 22 January 2003, 4:37 PM CET


Businesses Get Tools To Manage Access Rights
Vendors enhance identity-management applications to provide better control. [more]
Wednesday, 22 January 2003, 4:35 PM CET


Port80 Software Surveys Top 1000 Corps' Web Servers
Port80 Software conducted a survey of the 1000 leading corporations' Web sites and discovered Microsoft IIS commands a strong 54% market share. [more]
Wednesday, 22 January 2003, 3:02 PM CET


The Turkey that Bites
With last week's RIAA worm hoax, the scallywags at Gobbles raised security advisories to subversive performance art. [more]
Wednesday, 22 January 2003, 12:15 PM CET


How safe is WiFi? Better take some precautions
Although the safety of WiFi networks is improving, sensitive information crossing most existing systems can be stolen. The odds of it happening to you are greatly reduced if you take certain precautions. [more]
Wednesday, 22 January 2003, 12:14 PM CET


Securing Linux 101
The last thing you want to do is run a professional webhosting service with outdated software that is exploitable. [more]
Wednesday, 22 January 2003, 12:10 PM CET


Interview with Adi Ruppin, Managing Director of SofaWare
SofaWare Technologies, a Check Point company, makes secure Internet access simple and affordable for small businesses, consumers, and service providers seeking to deliver security services. [more]
Tuesday, 21 January 2003, 7:45 PM CET


Wireless Product Marketing Manager at SMC on Wireless Security
Betty Chan has over ten years of experience in the high-tech industry and has been involved in the Wireless Networking area for the past three years. Here's her take on wireless security issues. [more]
Tuesday, 21 January 2003, 4:54 PM CET


Aruba Wireless Networks Announces Major Wi-Fi Breakthroughs
Aruba's new Wi-Fi switching system is the first to combine wireless network access and air monitoring with high-speed Gigabit Ethernet switching and higher-layer packet processing technologies. [more]
Tuesday, 21 January 2003, 3:53 PM CET


HNS Book Giveaway: Halting the Hacker
We are giving away 3 copies of "Halting the Hacker: A Practical Guide to Computer Security, 2/e" by Donald Pipkin. Want some knowledge? [more]
Tuesday, 21 January 2003, 3:29 PM CET


New Wireless LAN Security Service
AirDefense and NCS DataCom announced a partnership whereby NCS DataCom has launched the AirPatrol managed service. [more]
Tuesday, 21 January 2003, 1:43 PM CET


Open Source Honeypots: Learning with Honeyd
In this article Lance Spitzner teaches us how to use Honeyd, an open source honeypot that is designed to be used on Unix-based operating systems. [more]
Tuesday, 21 January 2003, 12:38 PM CET


Don't broadcast info about Windows servers to hackers
Here are some tips to help you safeguard your Windows server information. [more]
Tuesday, 21 January 2003, 12:26 PM CET


Virus author faces five years in jail
A virus author who admitted infecting thousands of computers across the world with fast-spreading viruses is facing five years in jail. [more]
Tuesday, 21 January 2003, 12:25 PM CET


Network software aimed at recognizing hackers' habits
Researchers are developing software that can generate highly personalized profiles of network users by analyzing the sequences of commands entered at each computer terminal. [more]
Tuesday, 21 January 2003, 12:22 PM CET


Female Virus Writer Attacks Her Fellow Coders
Sophos experts have advised customers about a new email-aware worm that has an unusual payload. It contains a message disparaging another virus writer. [more]
Monday, 20 January 2003, 4:41 PM CET


3Com Marketing Manager on Wireless Security
Here are the opinions on wireless security issues by Gabor Szabo, 3Com EMEA Marketing Manager. [more]
Monday, 20 January 2003, 4:39 PM CET


New Flash Memory Device with Advanced Security Features
AMD introduced a 64 Mbit page-mode Flash memory device with security features with multiple security modes including 64-bit password protection. [more]
Monday, 20 January 2003, 4:37 PM CET


HNS Newsletter Issue 145 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by ScannerX. [more]
Monday, 20 January 2003, 4:35 PM CET


Kevin Mitnick soon to be back online
Kevin Mitnick gets off probation tomorrow and plans to dive back into the Internet. [more]
Monday, 20 January 2003, 4:32 PM CET


Keeping security a secret
Whitfield Diffie: If you depend on a secret for your security, what do you do when the secret is discovered? You could be vulnerable until you design another system. [more]
Monday, 20 January 2003, 4:25 PM CET


Homemade GPS jammers raise concerns
Communications experts are assessing the public safety and security implications of an article in Phrack that provides directions for making cheap devices that can jam GPS signals. [more]
Monday, 20 January 2003, 1:05 PM CET


Tactical Security 101
You know information security is integral to IT operations and to business success. Building a strong defense isn't cheap, so wise management of funding and resources is crucial. [more]
Monday, 20 January 2003, 12:49 PM CET


Keeping Users in Check
Zonker covers two tools — the first is scponly, a tool that allows you to restrict users to using scp to copy files, and the other is the KNOPPIX live-on-CD Linux distribution. [more]
Monday, 20 January 2003, 12:47 PM CET


The Canary in the Data Mine
The government's "Total Information Awareness" project aims at protecting us from harm by burrowing deep into our lives. One lawmaker is rightfully suspicious. [more]
Monday, 20 January 2003, 12:46 PM CET


Secure to the Core
A holistic approach that balances policy, process and technology is paramount to a successful security program. [more]
Monday, 20 January 2003, 12:41 PM CET


Software Review: Adhaero Doc 1.1.8
What makes this product stand out from other security applications is it's ease of use. This is the way to protect your valuable information - easy, efficient and secure. [more]
Friday, 17 January 2003, 1:35 PM CET


Avoid Wireless LAN Security Pitfalls
WLAN security is generally breached the same way as any other system - an attacker discovers a weakness and devise a mode of attack that is then shared and used by the hacker community at large. [more]
Friday, 17 January 2003, 1:34 PM CET


New Security Assessment and Risk Management Service
This service by Dimension Data assesses a company's entire IT environment and delivers a remediation roadmap to ensure that everything is in place to provide adequate asset protection. [more]
Friday, 17 January 2003, 1:31 PM CET


Security Predictions for 2003
As we ring in the new year, it's in with the new and out with the old. Or is it? Our fearless forecaster thinks not. [more]
Friday, 17 January 2003, 1:29 PM CET


Rumsfeld orders .mil Web lockdown
The defense secretary cites an al Qaeda training manual in ordering the armed services to strip official Web sites of information that could aid the enemy. [more]
Friday, 17 January 2003, 1:26 PM CET


N.M. preps ID management system
New Mexico soon will implement a centralized, enterprise identity management platform so that citizens and employees can access Web applications more securely. [more]
Friday, 17 January 2003, 1:22 PM CET


Iraqi Computer Attacks Feared
Intelligence officials are concerned that a recent rise in electronic attacks against government and military computer networks in the United States may be the work of pro-Iraqi hackers. [more]
Friday, 17 January 2003, 1:08 PM CET


Pentagon database plan hits snag
A Pentagon antiterrorism plan that would link credit card, health insurance and other databases is encountering growing opposition. [more]
Friday, 17 January 2003, 12:57 PM CET


Decrypting the secret to strong security
Whitfield Diffie writes: "Is open-source software better for security than proprietary software?" [more]
Friday, 17 January 2003, 12:55 PM CET


Book Review - Apache Administrator's Handbook
Written by Apache experts, this is a valuable book for Apache administrators and for people that want to go in-depth with knowledge about this powerful web server. [more]
Thursday, 16 January 2003, 4:40 PM CET


Case Study on Linux Firewall and Stanford University
An all-purpose security appliance, based on Astaro Security Linux, keeps intruders from invading the remote workstations of hundreds of researchers at Stanford University. [more]
Thursday, 16 January 2003, 12:45 PM CET


NetScreen Enhances Solution for Mobile Network Operators
NetScreen Technologies Inc. announced enhancements to the NetScreen-500 GPRS security system, enabling mobile network operators to strengthen security of their networks. [more]
Thursday, 16 January 2003, 12:30 PM CET


Reformed hackers want to lend a hand with your IT security strategy
Does it take a thief to stop a thief? That's the question many businesses are weighing as they consider hiring reformed hackers to lock down their IT systems. [more]
Thursday, 16 January 2003, 12:29 PM CET


Security flaw may threaten cell phones
Microsoft and U.K. carrier Orange are investigating whether hackers are sending rogue software to cell phones using Microsoft's Smartphone 2002 operating system. [more]
Thursday, 16 January 2003, 12:26 PM CET


Spammer Exposes Customer Data
A notorious spammer who pitches pirated software from Symantec's Norton product line over the Internet has left vast amounts of customer data exposed for the world to see. [more]
Thursday, 16 January 2003, 12:24 PM CET


Password problems swamp help desks
Internal help desks are being prevented from delivering their full potential because up to 80 per cent of calls come from users who have forgotten their passwords. [more]
Thursday, 16 January 2003, 12:17 PM CET


Discarded computer hard drives prove a trove of personal info
So, you think you cleaned all your personal files from that old computer you got rid of? [more]
Thursday, 16 January 2003, 12:17 PM CET


Feds spent more than $2.9B on security-related IT in 2002
Despite warnings of loose management of IT investments, the U.S. government spent at least $2.9 billion on IT related to domestic security in fiscal 2002 and will spend at least that much in fiscal 2003. [more]
Thursday, 16 January 2003, 12:14 PM CET


BBC in ironic virus infection
The BBC fell victim to the latest variant of the ExploreZip worm, and a certain amount of hubris, last week. [more]
Thursday, 16 January 2003, 12:12 PM CET


Erik Kangas, President of Lux Scientiae on secure messaging
In the interview, Mr. Kangas talks about his company, email security services and the state of secure messaging. [more]
Wednesday, 15 January 2003, 2:20 PM CET


The World’s Fastest XML Web Services Security Gateway
DataPower Technology announced the availability of the DataPower XS40 XML Security Gateway, a first-of-its-kind network device purpose-built to secure XML-based applications at wirespeed with ease. [more]
Wednesday, 15 January 2003, 2:02 PM CET


Trend Micro Expands Enterprise Protection Strategy
Trend Micro announced the expansion of their Enterprise Protection Strategy with the delivery of a range of new products, services and architectural enhancements. [more]
Wednesday, 15 January 2003, 2:01 PM CET


Microsoft Announces Government Security Program
Microsoft announced a global initiative that provides national governments with controlled access to Windows source code and other technical information. [more]
Wednesday, 15 January 2003, 1:59 PM CET


BSDI MTAs are Protected by RAV AntiVirus
RAV AntiVirus for Mail Servers makes a preview of the soon to come 8.4.1 version, by presenting the new product designed for BSDI mail transfer agents. [more]
Wednesday, 15 January 2003, 1:58 PM CET


More computer viruses this year
Computer users should brace for a new onslaught of viruses this year, especially worms deployed into instant messaging systems that allow users to chat quickly and cheaply across the Web. [more]
Wednesday, 15 January 2003, 1:09 PM CET


Spam Confab: Hackers to Rescue?
They built the Internet, they invented e-mail -- and now it may be up to them to save both from crumbling under the weight of spam. Hackers head to MIT on Friday for the first conference on junk e-mail filtering. [more]
Wednesday, 15 January 2003, 1:08 PM CET


RIAA calls hacking claim a hoax
A warning about a widespread vulnerability in music playing software has turned out to be a joke - at least partly. [more]
Wednesday, 15 January 2003, 10:54 AM CET


Child porn: Even surfing can mean jail
Even so much as clicking on a Web site featuring child pornography could result in a jail sentence of up to five years in the United Kingdom. [more]
Wednesday, 15 January 2003, 10:25 AM CET


E-Government: First fight the hackers
The government should make doubly sure of the security of its e-government and e-procurement networks from hackers before promoting them heavily. [more]
Wednesday, 15 January 2003, 10:15 AM CET


HNS Book Giveaway: Wireless Security and Privacy
We are giving away 3 copies of "Wireless Security and Privacy: Best Practices and Design Techniques" by Tara M. Swaminatha and Charles R. Elden. Want some knowledge? [more]
Tuesday, 14 January 2003, 4:56 PM CET


Software Review: LIUtilities WinBackup
WinBackup developers bundled all the needed back up functions in this small and easy to use product. If you want to secure your backups with 128 or 256 bit AES encrpytion, you'll find this product very useful. [more]
Tuesday, 14 January 2003, 4:26 PM CET


Viruses in 2003: The Shape of Things to Come
Predicting what the future will bring is risky business, but one thing you can bet on is that virus creators won't be taking vacations in 2003. [more]
Tuesday, 14 January 2003, 4:25 PM CET


Open-Source Group Names 10 Most Dangerous Web Vulnerabilities
This list was created to focus government and industry on the most serious of these vulnerabilities. [more]
Tuesday, 14 January 2003, 11:50 AM CET


McAfee Security Receives 'Best Buy' Award from SC Magazine
McAfee Active Virus Defense Small Business Edition, a product of McAfee Security, won a five-star ranking and is the only vendor to receive the "Best Buy" award from SC Magazine. [more]
Tuesday, 14 January 2003, 11:50 AM CET


New Sharp Data Security Kits Achieve Common Criteria Certification
The newest version of Sharp's Data Security Kit specifically addresses security concerns relative to networked office products. [more]
Tuesday, 14 January 2003, 11:48 AM CET


The Enterprise Authentication Game
Yankee Group analyst Eric Ogren estimated that the majority of large enterprises now use a token-password combination, representing a quantum leap forward for network security. [more]
Tuesday, 14 January 2003, 11:46 AM CET


Digital Rights Reach Beyond Tech
Thirty years ago, electronics geeks figured out a way to make free phone calls. Today's battle between entertainment moguls and consumers over digital content shows that not much has changed. [more]
Tuesday, 14 January 2003, 11:45 AM CET


Microsoft adds category to security rating system
After customers complained that they couldn't identify the most serious security vulnerabilities, Microsoft has added a fourth category to its vulnerability rating system. [more]
Tuesday, 14 January 2003, 11:13 AM CET


Transmeta to Embed Security Features in Processor
Transmeta will offer a processor with embedded security features as the semiconductor design company races against its much-larger rival Intel in the market for chips custom-made for mobile computing. [more]
Tuesday, 14 January 2003, 11:04 AM CET


InfoExpress CEO on Enterprise Security
We talked with Stacey Lum, president and CEO of InfoExpress, about the company and his take on security of enterprise systems. [more]
Monday, 13 January 2003, 5:36 PM CET


Book Review - Halting the Hacker
Aside it's pure technical value as a practical guide to computer security, there's a great sociological part about hacking... [more]
Monday, 13 January 2003, 4:24 PM CET


New Version of Norman Internet Control Released
The latest release introduces many improvements to simplify the installation and continued ease of use to make the program a solution that is available to users at all levels. [more]
Monday, 13 January 2003, 4:23 PM CET


HNS Newsletter Issue 144 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by ScannerX. [more]
Monday, 13 January 2003, 4:21 PM CET


Identix Performs Strong in Biometric Group Comparative Study
Identix Incorporated demonstrated strong performance in Round Four of International Biometric Group's Comparative Biometric Testing. [more]
Monday, 13 January 2003, 3:00 PM CET


Introduction to Ngrep
Here's an introduction to ngrep, a packet sniffing tool that can use regular expressions to search for specific patterns inside packets. [more]
Monday, 13 January 2003, 1:05 PM CET


Review: CanIt Spam Trap
CanIt is a product that tries to identify spam, and claims to "never discard a valid email message". [more]
Monday, 13 January 2003, 12:58 PM CET


Strikeback, Part Deux
Why I should have the right to kill a malicious process on your machine. [more]
Monday, 13 January 2003, 12:55 PM CET


The two faces of Linux
While Linux continues to make inroads among corporate accounts, it is also is taking on one of the burdens typically assumed by archrival Microsoft, as it becomes a more attractive target for hackers. [more]
Monday, 13 January 2003, 12:46 PM CET


Intelligence Gathering: Watching a Honeypot at Work
The purpose of this article is share with the security community the data the author collected from his honeypot. [more]
Monday, 13 January 2003, 11:23 AM CET


Feds seek public input on hacker sentencing
Should computer intruders and virus writers spend more time in prison, or less? Should a hacker's motives be considered? The U.S. commission that decides federal sentences wants your opinion. [more]
Monday, 13 January 2003, 11:21 AM CET


Three new variants of the Lirva Worm make it spread faster
Panda Software’s Virus Laboratory has detected two new variants –B and C- of Lirva. These are very similar to the original worm, although there are certain differences such as the size of the infected file. [more]
Friday, 10 January 2003, 2:28 PM CET


How Warchalking Died
The purpose of this article is to explain how Warchalking has become obsolete. It is being replaced by Wi-Fi Zones that are being fueled by home networks, corporate networks, and even payphones. [more]
Friday, 10 January 2003, 2:19 PM CET


How Secure Is Secure Shell?
Despite its vulnerabilities, SSH is far better than its unsecure cousins, including Telnet, the "r" commands and FTP, which transmit everything as plain text. [more]
Friday, 10 January 2003, 1:59 PM CET


Linux security strong as ever
Linux security is as strong as ever, despite recent statistics that say otherwise. [more]
Friday, 10 January 2003, 12:57 PM CET


The View From Symantec's Security Central
An ordinary office building on Route 1 in Alexandria offers a rare window into the Internet hacker wars and a few clues to why Uncle Sam wants more monitoring capabilities in cyberspace. [more]
Friday, 10 January 2003, 12:47 PM CET


SSH Advanced Techniques
In his regular security column, Bill introduces some advanced techniques for ssh: tunneling through an ssh gateway, running a command on multiple systems at once, and the easy way to install ssh keys. [more]
Friday, 10 January 2003, 12:46 PM CET


Hotmail: A Spammer's Paradise?
Anti-spam advocates say spammers have found an effective way to mine new addresses from Hotmail. [more]
Friday, 10 January 2003, 12:46 PM CET


Feds enlist hacker to foil piracy rings
Federal prosecutors will tell a U.S. District Court in Tampa today of a plea deal with a man they call one of the most skillful pirates of DirecTV and EchoStar signals. [more]
Friday, 10 January 2003, 12:44 PM CET


Check Point on prowl for deal
Flush with cash but facing a decline in revenue, Check Point Software Technologies Ltd. is prowling for acquisitions, say analysts who follow the computer security company. [more]
Friday, 10 January 2003, 12:34 PM CET


Shorter version of snooping rules a relief to employers
Small businesses will get a greatly simplified version of the code of practice on monitoring staff, the new privacy watchdog said yesterday, in an attempt to defuse bitter industry opposition. [more]
Friday, 10 January 2003, 12:31 PM CET


Network Engineer Joshua Wright on Wireless Security
Joshua Wright is a Network Engineer for Johnson & Wales University. He's been investigating wireless security so here's what he thinks on the subject. [more]
Thursday, 9 January 2003, 11:57 AM CET


New Lirva Worm Can Spread by E-mail, KaZaA, IRC and ICQ
When Lirva is sent via e-mail, it exploits a known vulnerability in Microsoft Internet Explorer to run automatically when the message carrying the malicious code is viewed in the Preview Pane. [more]
Thursday, 9 January 2003, 11:54 AM CET


New Security Industry Market Research Firm Launched
Quarterback Consulting's goal is to become the most comprehensive body of global security market information to help businesses and governments implement the best possible global security strategy. [more]
Thursday, 9 January 2003, 11:51 AM CET


Make 2003 more secure
The challenges to info-tech security will surely be daunting, and companies' efforts to stay safe will have to keep increasing. [more]
Thursday, 9 January 2003, 1:52 AM CET


California disclosure law has national reach
This year a new California law will require businesses to notify their customers after being hacked. It could change intrusion response practices throughout the U.S. [more]
Thursday, 9 January 2003, 1:36 AM CET


Concerns Mount over Symantec
Will Symantec be able to stand up to specialized competitors in the sector, such as Check Point, ISS and Cisco. [more]
Thursday, 9 January 2003, 1:31 AM CET


CSOs Prioritize Security Spending for 2003
Companies expect to spend roughly 10% of their total IT budget on security in 2003, an 8% increase over 2002 levels, with employee education, business continuity and disaster recovery taking priority. [more]
Thursday, 9 January 2003, 1:25 AM CET


Deception Lessons from a Pro
Kevin Mitnick's book is an eye-opening, sometimes frightening, and always educational trip through a seamy underworld. [more]
Thursday, 9 January 2003, 1:04 AM CET


IT Resists Mandatory Cyber-Security
As the Bush Administration prepares to release the National Strategy to Secure Cyberspace, the IT industry continues to resist efforts to include technology mandates or regulations. [more]
Thursday, 9 January 2003, 12:56 AM CET


Americans give thumbs up to biometrics
Most Americans are willing to accept increased use of biometric technologies by private sector firms, providing proper privacy safeguards are applied. [more]
Thursday, 9 January 2003, 12:52 AM CET


Ian Curry From Entrust on Wireless Security
Ian Curry is the Vice President and Chief Marketing Officer of Entrust. Here's his take on wireless security. [more]
Wednesday, 8 January 2003, 4:32 PM CET


Etherleak: Ethernet frame padding information leakage
Multiple platform Ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. [more]
Wednesday, 8 January 2003, 4:29 PM CET


New Type of Data Security by TenFold
TenFold Corporation made public a significant and unique feature of its Universal Application platform called SecurityByValue that introduces a simple way to manage a new type of data security. [more]
Wednesday, 8 January 2003, 4:25 PM CET


Kerio releases MailServer 5.5 for Mac OS X
Kerio Technologies Inc. introduced its secure corporate messaging server Kerio MailServer 5.5 for Mac OS X, that integrates the McAfee Anti-Virus engine, at the Macworld expo in San Francisco. [more]
Wednesday, 8 January 2003, 4:00 PM CET


New user a security nightmare
A breach in internal security is less likely than an external breach, yet many admins don't devote enough attention to internal security practices. [more]
Wednesday, 8 January 2003, 11:04 AM CET


Fed sites hacker could spend a decade in jail
William Douglas Word faces up to 10 years in prison after entering guilty pleas to 17 counts of defacing government Web pages and one count of possessing counterfeit or unauthorized credit cards. [more]
Wednesday, 8 January 2003, 11:03 AM CET


OASIS ponders PKI security for Web services
OASIS (Organization for the Advancement of Structured Information Standards) announced that it has formed a technical committee to advance PKI adoption for Web services and other applications. [more]
Wednesday, 8 January 2003, 12:30 AM CET


Liberty Alliance: 2003 brings products, services
A poll of Liberty Alliance Project members indicates that 2003 will see the emergence of new technology that applies identity management and user authentication standards developed by the industry consortium. [more]
Wednesday, 8 January 2003, 12:16 AM CET


Closing the Floodgates: DDoS Mitigation Techniques
This article explores some techniques that systems administrators and security professionals can employ should they ever find themselves under DDoS attack. [more]
Wednesday, 8 January 2003, 12:15 AM CET


Lirva worm attaches to Avril Lavigne
Lirva, also known as Naith, is a mass-mailing worm that arrives via e-mail either announcing a new Microsoft patch or offering fan access to Avril Lavigne. [more]
Wednesday, 8 January 2003, 12:15 AM CET


Jon Johansen Found Not Guilty of DVD Piracy
Jon Johansen was cleared of DVD piracy charges in a landmark trial brought on behalf of major Hollywood studios. [more]
Wednesday, 8 January 2003, 12:14 AM CET


Linux Security: Reflections on 2002
Here are the reflections on Linux security in 2002 and predictions for 2003 by Bob Toxen, one of the 162 recognized developers of Berkeley UNIX and author of the acclaimed book "Real World Linux Security". [more]
Tuesday, 7 January 2003, 5:23 AM CET


AirDefense CEO on Wireless Security
Jay Chaudhry, CEO of AirDefense - a company exclusively focused on WLAN security, talks about wireless security. [more]
Tuesday, 7 January 2003, 5:23 AM CET


NAI Acquires Deersoft Anti-Spam Technology
Network Associates acquired Deersoft, a provider of anti-spam applications. This acquisition is the first in a series of investments NAI is making in spam and content filtering technologies. [more]
Tuesday, 7 January 2003, 5:06 AM CET


PC army tackles Xbox security code
A growing army of PC owners is hoping to use the power of the masses to crack the main security code of Microsoft's Xbox and claim $100,000 in the process. [more]
Tuesday, 7 January 2003, 4:06 AM CET


NTL in alleged hack probe
NTL has launched an internal investigation following allegations that a Web site critical of the company was hacked by someone from within the cableco. [more]
Tuesday, 7 January 2003, 4:05 AM CET


Strangled by security?
One prediction for 2003 we know will pan out in the coming months is that the specter of security vulnerabilities will continue to plague us. [more]
Tuesday, 7 January 2003, 4:04 AM CET


Admin Digest: The Basics of Linux Network Security
You've heard Linux is supposed to be secure, but how do you make sure? [more]
Tuesday, 7 January 2003, 4:02 AM CET


Microsoft Offers Security Guide
Microsoft has published a 20-page white paper that details how the company secured its portion of eWeek's OpenHack 4 test. [more]
Tuesday, 7 January 2003, 3:59 AM CET


Storage Security - Under Lock and Key
With more and more storage devices and networks becoming interconnected-not to mention the rise of IP-based storage-security is becoming a topic of increasing concern. [more]
Tuesday, 7 January 2003, 3:58 AM CET


Leo Pluswick and Al Potter on Wireless Security
What do people in the security industry think of wireless security? Here's the opinion of two experts, both from ICSA Labs, a division of TruSecure Corporation. [more]
Monday, 6 January 2003, 3:10 PM CET


Web Services Security: Moving up the stack
Six new specifications add to the Web Services Security roadmap. [more]
Monday, 6 January 2003, 3:09 PM CET


Lessons from the Laboratory
Medical science's eradication of smallpox was easy compared to the Internet's efforts against nasty computer viruses. Here's why. [more]
Monday, 6 January 2003, 3:02 PM CET


Outsourced software brings fears for security
As U.S. companies move software development tasks out of their own offices to computer programming companies in the U.S. and abroad, new concerns are being raised about the security risks involved. [more]
Monday, 6 January 2003, 2:36 PM CET


Help Wanted: Steal This Database
A public relations firm accidentally posts server login information in an online job ad, exposing scads of clients' customer data and underscoring the need for companies to take Web security seriously. [more]
Monday, 6 January 2003, 2:33 PM CET


HNS Newsletter Issue 143 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by ScannerX. [more]
Monday, 6 January 2003, 4:09 AM CET


Computer Associates targets security management
Computer Associates is readying what could be among the most comprehensive product suites in the emerging security information management market. [more]
Monday, 6 January 2003, 4:02 AM CET


What it means: Viruses of 2002
Though there was no single big-name destroyer like the Anna Kournikova virus of 2001 or the Iloveyou from 2000, there were plenty of little guys last year, like one called Bugbear, or variations of the Klez worm. [more]
Monday, 6 January 2003, 1:53 AM CET


Encryption injunction dropped
US Supreme Court Justice Sandra Day O'Connor has thrown out an emergency stay that barred a former webmaster from putting DVD decryption programs on the Internet. [more]
Monday, 6 January 2003, 12:32 AM CET


Study: Spam costs businesses $13 billion
All those junk e-mail messages may promise instant wealth, but they can be quite painful to the bottom line. [more]
Monday, 6 January 2003, 12:30 AM CET


Exchange 2000 in the Enterprise: Tips and Tricks Part One
This two-part article discusses an alternate configuration which is flexible enough to be used in smaller installations that do not use a DMZ, or as part of the DMZ configuration itself. [more]
Friday, 3 January 2003, 11:09 AM CET


What's Up for the Internet in 2003?
Faster, more-mobile services and gadgets, hot spots everywhere, and maybe an end to spam, say predictions. [more]
Friday, 3 January 2003, 11:06 AM CET


Why Kevin Mitnick Worries Me
The solution to the ever-growing army of intruders is to beef up our cybercrime-fighting forces - exponentially. The FBI created a new cybercrime unit in late 2001, but it doesn't appear to be enough [more]
Friday, 3 January 2003, 11:04 AM CET


Student arrested for security secrets
The FBI has arrested a Russian college student who was accused of stealing and distributing hundreds of secret documents about new anti-piracy technology from DirecTV. [more]
Friday, 3 January 2003, 10:56 AM CET


Trustworthy Computing in 2002
In 2002 Microsoft was spreading Fear, Uncertainty and Doubt in an effort to turn people away from Linux and Open Source. Their focus on increased security didn't get them anywhere. [more]
Friday, 3 January 2003, 1:45 AM CET


Four accused in ID thefts at H&R Block
More than two dozen customers who went to H&R Block for tax-preparation help had their personal information stolen as part of an identity theft scam, according to a federal complaint. [more]
Friday, 3 January 2003, 1:39 AM CET


10 tips for mobile security
As the number of mobile workers increases, security challenges become more important. [more]
Friday, 3 January 2003, 1:34 AM CET


Malware Predictions for Early 2003
TruSecure’s technical director of malicious code research, Roger Thompson sent out his malware related predictions for early 2003. [more]
Thursday, 2 January 2003, 3:51 PM CET


Aladdin Knowledge Systems get Microsoft Certification
The drivers for Aladdin Knowledge Systems' eToken family of USB authentication tokens were awarded Windows Hardware Quality Labs (WHQL) certification. [more]
Thursday, 2 January 2003, 3:50 PM CET


The Ten Most Dangerous Viruses of 2002
Panda Software has published a list of the ten most prevalent viruses in 2002 based on the data compiled from Panda ActiveScan, the free, online antivirus. [more]
Thursday, 2 January 2003, 3:49 PM CET


New Year's Resolutions to Secure Corporate Email
Secure email service provider 800onemail, recommends businesses toughen their email security in 2003 by making these resolutions... [more]
Thursday, 2 January 2003, 3:48 PM CET


Bush's Year of U.S. Surveillance
The Bush administration's efforts in 2002 to poke into the private lives of American citizens prompt one privacy advocate to draw comparisons to Sauron, the all-seeing dark wizard in The Lord of the Rings. [more]
Thursday, 2 January 2003, 3:47 PM CET


Configuring Jaguar's Firewall
Jaguar, Mac OS X 10.2, comes with a built-in firewall. Here's an article that will help you with the configuration. [more]
Thursday, 2 January 2003, 3:40 PM CET


Security 2002: For better or worse?
Driven by terrorist attacks as well as by persistent computer viruses, security became a top priority for companies and the U.S. government in 2002. [more]
Thursday, 2 January 2003, 3:36 PM CET


Identity scanners raise privacy concerns
The frenzy for anything security-related has created markets for purveyors of all sorts of technology. Take Imaging Automation, for example. [more]
Thursday, 2 January 2003, 2:15 PM CET


Secure Programming for Linux and Unix HOWTO - Updated
This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. [more]
Thursday, 2 January 2003, 1:59 PM CET


Online Privacy Is Dead - What Now?
Time after time, consumers have told researchers they worry about what happens to personal data provided to online merchants. But shoppers are not worried enough to close their wallets. [more]
Thursday, 2 January 2003, 1:58 PM CET


The Briscoe Syndrome
Fear of terrorism and a desire to cooperate with law enforcement has lead many corporate insiders to pony up sensitive information on their customers to anyone with a badge... with no court order required. [more]
Wednesday, 1 January 2003, 4:52 PM CET


Windows Forensics: A Case Study, Part 1
This article offers a brief overview of the detection and analysis of attack an attack incident. [more]
Wednesday, 1 January 2003, 4:44 PM CET


The year the criminals took over
This year brought real criminals who have discovered how user-friendly the Internet is. Millions of dollars are being stolen now from innocent and naive Net users by con artists of every flavor. [more]
Wednesday, 1 January 2003, 4:40 PM CET


Security scare
Gartner’s security experts say if your organisation doesn’t use a multi-layered security strategy, it does not have a commercial future. [more]
Wednesday, 1 January 2003, 4:37 PM CET


Fighting Spam: Legislation Won't Work
Passing anti-spam legislation, while perhaps well intended, is like passing a law against rain. Words on paper won't stop it. [more]
Wednesday, 1 January 2003, 4:35 PM CET


Wi-Fi: The National Security Threat
Some in the Department of Defense say Wi-Fi can interfere with military radar. [more]
Wednesday, 1 January 2003, 4:30 PM CET


Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //