Off the Wire

Off The Wire Archive

News items for January 2004

Wi-Fi Week: Mobility at the cost of security
The ability to log on to the Internet in a cafe or on a train has obvious benefits for workers on the road - but just how secure is it? [more]
Friday, 30 January 2004, 2:19 PM CET

Anti-virus companies: tenacious spammers
No one can argue that the spam problem is getting better. Despite advances in anti-spam technology and legislation against spam, unwanted junk mail is flowing into our inboxes at an increased rate. [more]
Friday, 30 January 2004, 2:17 PM CET

Securing Linux systems with host-based firewalls implemented with Linux iptables
This article aims to provide readers with a template for constructing a host-based firewall that provides a useful layer of protection against the risks of exposing a system to internal and/or external users. [more]
Friday, 30 January 2004, 2:15 PM CET

Opportunities for Wi-Fi hackers on increase
IT managers are catching up to the dangers of Wi-Fi, but opportunities for drive-by hackers in London may actually be increasing. New wireless LANs are popping up very fast and many of them are insecure "rogue" access points. [more]
Friday, 30 January 2004, 2:06 PM CET

HP staff told not to open Fiorina-A virus
A nasty virus has found its way onto HP's corporate servers, and employees have been warned that the payload is far too damaging for their fragile eyes. The virus, you see, is really a document chock full of criticisms for HP's CEO Carly Fiorina. [more]
Friday, 30 January 2004, 2:04 PM CET

A how-to guide for hackers
Already bored with all the presents you got for the holidays? Hack them into new-and-improved presents. [more]
Friday, 30 January 2004, 2:02 PM CET

The hacker ethic
Anyone who is even vaguely familiar with free software/open source is likely to be familiar with the hacker. [more]
Friday, 30 January 2004, 10:39 AM CET

Microsoft: new one-stop security shop?
The Redmond software company is wrapping up trials of its hosted security technologies. What, if anything, can consumers expect next? [more]
Friday, 30 January 2004, 10:37 AM CET

'Warspying' San Francisco
Hobbyists explore the City by the Bay, as seen though its wireless cameras. [more]
Thursday, 29 January 2004, 5:51 PM CET

Spam travels into gray area
No sooner did the U.S. Can-Spam antispam law go into effect than spammers got to work exploiting its loopholes and gray areas, an e-mail-filtering company said Tuesday. [more]
Thursday, 29 January 2004, 5:41 PM CET

MyDoom spawns more potent variant
A new variant of the worm adds Microsoft to its target list, and tries to block access to antivirus websites. [more]
Thursday, 29 January 2004, 12:34 AM CET

Identity based encryption
New systems are offering alternatives to certificate based message security. In this article we concentrate on Identity Based Encryption systems. [more]
Thursday, 29 January 2004, 12:33 AM CET

A patch in time
Paul Butler, principal consultant at Altiris, explains that by using software that centralises and automates the task of patch distribution, firms can make it part of the day-to-day business continuity strategy. [more]
Thursday, 29 January 2004, 12:20 AM CET

Crypto booster tech for mobile phones
Discretix, the Israeli embedded-security specialist, yesterday launched an upgraded version of Cryptocell, its encryption technology for mobile phones. [more]
Thursday, 29 January 2004, 12:14 AM CET

Can the feds fight viruses?
New system will warn public about virus outbreaks, scams, and software flaws. [more]
Thursday, 29 January 2004, 12:12 AM CET

Review - Moving to Linux: Kiss the Blue Screen of Death Goodbye!
What's interesting in this new book by Marcel Gagne is the constant comparison of Windows and Linux. This enables the reader to slide from one system to another without any fear that he is leaving something familiar and going into the unknown. [more]
Wednesday, 28 January 2004, 1:44 PM CET

Diffie optimistic about secure computing future
Even as the MyDoom worm continued its spread around the Internet, noted cryptographer Whitfield Diffie was waxing optimistic about the future of secure computing, saying that technological advancements and better networking infrastructures would solve many security problems in the near future. [more]
Wednesday, 28 January 2004, 12:59 PM CET

Web services security spec moves toward approval
WS-Security, a widely supported proposal for securing Web services, could become an official OASIS standard by March. [more]
Wednesday, 28 January 2004, 12:54 PM CET

Better security means lower TCO for Win 2003
Windows NT and 2000 customers should move to Win 2003 as soon as possible to take advantage of lower support costs, according to Microsoft. [more]
Wednesday, 28 January 2004, 12:51 PM CET

Anti-virus software compounding the worm problem
Anti-virus software on mail servers is producing as much traffic as the latest Windows worm, by sending notifications for each and every message which is blocked, sysadmins say. [more]
Wednesday, 28 January 2004, 12:50 PM CET

Viruses and hackers make Windows more secure - Gates
Speaking at at the Developing Software for the future Microsoft Platform in London yesterday, just hours before the MyDoom virus began spreading like wildfire across the Net, Gates reiterated that security remains key priority for the software giant. [more]
Wednesday, 28 January 2004, 12:46 PM CET

The soft uderbelly: atacking the client
This article discusses the lack of security inside many corporate networks once hackers have breached the border perimeter and firewall. Client-based attack vectors, malicious payloads and their potential impact to an organization are also discussed. [more]
Wednesday, 28 January 2004, 12:34 PM CET

MyDoom targets Linux antagonist
The latest computer virus, which is threatening to become the most pervasive yet, is coded to launch a denial-of-service attack against SCO Group, the company that claims its intellectual property has been violated by Linux. [more]
Wednesday, 28 January 2004, 12:33 PM CET

Linux security HOWTO - updated
This document is a general overview of security issues that face the administrator of Linux systems. [more]
Wednesday, 28 January 2004, 12:29 PM CET

2003's most popular viruses, and "hacking" tools
Viruses, Trojan horses, Worms, Adware, Spyware, and Remote Control programs have overrun computers in 2003 and the forecast for these digital parasites is worse for 2004. [more]
Wednesday, 28 January 2004, 12:26 PM CET

Making false positives go away
New network IDS products are appearing that help to tackle the false-positive problem with a smarter detection engine that uses three key technologies: operating system fingerprinting, alert-flood suppression and meta-alert correlation. [more]
Wednesday, 28 January 2004, 12:25 PM CET

Malicious hackers in it for the money
The past two years have seen a key shift in malicious hacking threats, according to Barry Greene, a senior consultant at networking gear-maker Cisco Systems Inc. [more]
Tuesday, 27 January 2004, 1:56 PM CET

Installing Slackware Linux
You heard that Slackware was too damned hard, didn't you? If you are expecting cute graphical wizards and penguins automating every configuration step for you, that may be true. [more]
Tuesday, 27 January 2004, 1:44 PM CET

The virus hunter
As you might guess, Vincent Gullotto, who runs Network Associates' McAfee Anti-Virus Emergency Response Team, gets a lot of early-morning emergencies. [more]
Tuesday, 27 January 2004, 1:05 PM CET

Secure Web based mail services
What approaches are there for deploying web mail systems in a secure manner? What are the options for web mail deployment? Understanding how web mail system work can help in deciding if web mail systems can be securely deployed. [more]
Tuesday, 27 January 2004, 12:51 PM CET

How to protect employees against online fraud
The Internet is seeing a boom in "phishing," where con artists use e-mail to trap users into revealing logon, credit-card, and other information. Companies should establish procedures to let workers know when the requests are legitimate. [more]
Tuesday, 27 January 2004, 11:59 AM CET

Corporations facing spam headache
As spam continues to clog up servers, reduce bandwidth and suck up man-hours, corporations are realizing a more proactive approach is needed to tackle this growing problem. [more]
Tuesday, 27 January 2004, 11:48 AM CET

Help! I've been Web-jacked
Spyware is becoming more common, and getting harder to fight. [more]
Tuesday, 27 January 2004, 11:42 AM CET

Broadband boon for viruses
The Bagle worm outbreak last week could mark the beginning of a long, hard year swatting at computer viruses as the growing popularity of broadband boosts infection rates. [more]
Tuesday, 27 January 2004, 11:37 AM CET

SP2 presents XP security dilemma
Users will have to balance their IT security requirements with potential Java and .net performance problems if they are to take advantage of the features being introduced in Windows XP Service Pack 2. [more]
Tuesday, 27 January 2004, 11:33 AM CET

Fast-spreading worm spells Doom
Mydoom, Novarg, and Mimail.R--it's all the same pest, and it's probably in your inbox. [more]
Tuesday, 27 January 2004, 10:50 AM CET

We'll kill spam in two years - Gates
Bill Gates yesterday outlined a three-stage plan to eradicate spam within two years. [more]
Monday, 26 January 2004, 4:59 PM CET

Zip file encryption compromise thrashed out
Compression software companies PKWare and WinZip have agreed to make their rival approaches to encrypting zip files more compatible. [more]
Monday, 26 January 2004, 3:53 PM CET

Introduction to OpenVPN
For many systems administrators, choosing and managing a VPN system is often quite a headache. Learn more about OpenVPN, a solution you might like. [more]
Monday, 26 January 2004, 2:56 PM CET

The voodoo that Dumaru doesn’t do too well…
This weekend saw another iteration of email worm Dumaru. Unlike other email worm variants, Dumaru.J spreads itself by way of a zip attachment (rather than the typical executable). [more]
Monday, 26 January 2004, 2:46 PM CET

HNS Newsletter issue 197 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 26 January 2004, 2:37 PM CET

DVD encryption lawsuit dropped
In a rare retreat, a film industry coalition has dropped its trade secret court battle against a San Francisco computer programmer who in 1999 posted on the Internet code that cracks movie copy-protection technology. [more]
Monday, 26 January 2004, 1:24 PM CET

AOL testing new antispam technology
Deluged by unsolicited commercial, or spam, e-mail messages, AOL is trying a new technology for cracking down on one common spammer tool: forged sender addresses, which spammers and virus writers use to bypass blacklists and trick unsuspecting recipients. [more]
Monday, 26 January 2004, 1:06 PM CET

Mutating software could predict hacker attacks
Novel computer viruses and worms can sweep the world within hours, leaving a trail of devastation, because firewalls and antiviral software work by identifying the telltale signatures of known attacks. [more]
Monday, 26 January 2004, 12:54 PM CET

Wireless network security basics
The default setup for wireless networks is setup to get the network up and running but does nothing to protect your network. [more]
Monday, 26 January 2004, 12:53 PM CET

Security breach on Capitol Hill: it's criminal
The latest hacking incident has a political twist: Republicans monitoring communications on Democrats' computers. How should the guilty be punished? [more]
Monday, 26 January 2004, 12:45 PM CET

Kazaa owner gets OK to sue record labels
A U.S. federal court has cleared the way for Kazaa file-sharing software owner Sharman Networks to sue the entertainment industry for copyright infringement, Sharman said on Friday. [more]
Monday, 26 January 2004, 12:42 PM CET

An introduction to SQL injection attacks for Oracle developers
This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable. [more]
Friday, 23 January 2004, 4:19 PM CET

Remembering Slammer on its anniversary
Security is tighter, but experts say fast-moving worms will crawl again. [more]
Friday, 23 January 2004, 2:17 PM CET

SSL to be one of 2004’s bright spots
Adoption of virtual private networks (VPNs) based on the browser-based SSL technology is shaping up to be one of the key trends of 2004, especially as enterprises mobilize their workforces. [more]
Friday, 23 January 2004, 2:04 PM CET

Linux threatens US security, SCO tells Congress
The SCO Group has confirmed that it sent a letter to all 535 members of the US Congress which claimed that Linux and open-source software is a threat to the security and economy of the US. [more]
Friday, 23 January 2004, 2:03 PM CET

EU anti-spam laws are OK
It's just over a month since new anti-spam legislation was introduced into the UK with almost universal condemnation that the new laws would have a limited effect in the fight against junk email. [more]
Friday, 23 January 2004, 2:01 PM CET

California 'disempowered' by federal spam law
Californians will have less protection against spammers under a new federal antispam law that recently superceded a stricter state law, state Attorney General Bill Lockyer said Thursday. [more]
Friday, 23 January 2004, 9:09 AM CET

FBI joins hunt for Half-Life code
The FBI has joined efforts to track down those who took part of the computer code of one of the year's most highly anticipated games, Half-Life 2. [more]
Friday, 23 January 2004, 9:06 AM CET

Network Associates fights spyware
Network Associates, the maker of McAfee antivirus software, is joining the fight against spyware, programs that track people's Internet habits, gather personal information and deliver it to advertisers. [more]
Friday, 23 January 2004, 9:03 AM CET

Security pros question flaw find
Two Internet software developers who said they have uncovered a way to cause entire networks of computers to freeze or shut down may have simply rediscovered an old network issue. [more]
Friday, 23 January 2004, 9:00 AM CET

Senate security hole enables partisan spying
According to the Boston Globe, Republican staff members of the U.S. Senate Judiciary Committee exploited a security hole in the committee's servers for at least a year to access and share secret Democratic memos. [more]
Friday, 23 January 2004, 8:58 AM CET

FTC: ID theft on the rise
Identity theft and fraud cost Americans at least $437 million last year, as scam artists made themselves at home on the Internet, according to federal statistics released on Thursday. [more]
Friday, 23 January 2004, 8:53 AM CET

Spam might be your biggest headache, not your biggest threat
Spam is now the number one issue for the majority of IT managers, but by focusing solely on this issue are they in danger of missing the wider issues of email security? [more]
Thursday, 22 January 2004, 5:43 PM CET

A visit from the FBI
Scott Granneman had a little visit from the FBI recently, in response to one of his SecurityFocus columns. [more]
Thursday, 22 January 2004, 1:50 PM CET

Review of Windows Services for UNIX 3.5
I did a review of Windows Services for UNIX 3.0 (SFU) a few months ago. I remember being frustrated with that release because it seemed to me that all Microsoft did was throw something together just to be able to say "Hey look, we have this". [more]
Thursday, 22 January 2004, 1:46 PM CET

Deregulation, security ideologies clash
The Federal Communications Commission's efforts to reduce regulations of some Internet services have come under intense criticism from officials at law enforcement agencies who say that their ability to electronically monitor terrorists and other criminal suspects is threatened, according to government officials, industry lawyers and documents on file at the FCC. [more]
Thursday, 22 January 2004, 1:38 PM CET

RIAA strikes again at traders
The recording industry group files its largest round of lawsuits to date, identifying 532 computer users it believes are distributing copyright music online. [more]
Thursday, 22 January 2004, 11:09 AM CET

What can you learn from a hacker site?
Finding up what the other side is up to can help keep your network secure - but make sure you don't get rumbled. [more]
Thursday, 22 January 2004, 11:06 AM CET

IBM, SuSE Linux announce security certifications
IBM and Novell Inc.'s SuSE Linux used the annual LinuxWorld conference and expo here to make several announcements on Linux security assessment and assurance. [more]
Thursday, 22 January 2004, 11:05 AM CET

Security experts give e-voting thumbs down
Four computer security experts have warned proponents of Internet voting that such systems cannot be secured against fraud. [more]
Thursday, 22 January 2004, 11:04 AM CET

Hackers head for home
With corporate systems becoming increasingly tough to crack, hackers will focus on collecting the personal information of vulnerable home users in 2004, internet experts have warned. [more]
Thursday, 22 January 2004, 11:02 AM CET

Prison time for unlucky phisher
An Ohio woman who used forged e-mails from "AOL security" to swindle America Online subscribers out of their credit card numbers was sentenced to 46 months in prison Tuesday, after a federal judge in Virginia rejected her plea for a reduced sentence. [more]
Thursday, 22 January 2004, 11:00 AM CET

Instant message spam is getting more disruptive
Marketers have never seen a medium they didn't want to exploit. So it is that spam has come to instant messaging--yielding IM spam, or spim. It's been around a few years, but only in the past few months has it reached the threshold of disruption. [more]
Thursday, 22 January 2004, 10:57 AM CET

An IT manager’s insight into mobile security
No company are without laptops, PDAs or smart phones these days, so if you want to make sure your company does not become another statistic or victim of data theft here are a few golden rules you should follow. [more]
Wednesday, 21 January 2004, 1:41 AM CET

More damaging viruses to come
The email worm that popped up to say "hi" in Australia's inboxes would almost certainly be followed by a nastier mutation, security experts have warned. [more]
Wednesday, 21 January 2004, 1:24 AM CET

Spam becomes art as junk mail inspires poets
Branded almost universally an irritation or even an evil of the modern age, spam is finding support from an unusual quarter: poets. [more]
Wednesday, 21 January 2004, 1:20 AM CET

Apache basics
In the first installment of his new Apache series, Russell discusses the basics of Apache — what role it plays and how to configure the essentials. [more]
Wednesday, 21 January 2004, 1:19 AM CET

Code that can't be cracked
What's just a plot in movies is vital to a lot of companies. This firm stakes its existence on making encryption work. [more]
Wednesday, 21 January 2004, 1:14 AM CET

Microsoft Baseline Security Analyzer 1.2 is here
Version 1.2 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. [more]
Wednesday, 21 January 2004, 1:11 AM CET

Secure coding principles 101
Writing secure code is the first step in producing applications that are secure and robust. [more]
Wednesday, 21 January 2004, 12:51 AM CET

How do computer viruses work?
In this article, we will discuss viruses -- both "traditional" viruses and the newer e-mail viruses -- so that you can learn how they work and also understand how to protect yourself. [more]
Wednesday, 21 January 2004, 12:49 AM CET

New worm draws Sobig comparisons
Computer security experts fear a new worm that began spreading rapidly across Australian e-mail networks on Sunday could be a rehearsal for a more concerted attack in coming weeks. [more]
Wednesday, 21 January 2004, 12:48 AM CET

Biometrics: get ready to destroy all passwords
Street research carried out at Victoria Station earlier this year revealed that 90 per cent of people were willing to give their passwords to Infosecurity Europe researchers as part of a survey on identity theft - the researchers did not give any verification of their identity and their only tool was a clipboard. [more]
Wednesday, 21 January 2004, 12:47 AM CET

Wi-Fi remains a work in progress
Regardless of the amount of Wi-Fi security infrastructure, end-users often are the weakest link, because they can be fooled or coerced into giving up user IDs, passwords and WEP keys. Consequently, organizations need to create and, more importantly, enforce security policies. [more]
Wednesday, 21 January 2004, 12:41 AM CET

Oracle Database Listener security guide
This paper outlines the vulnerabilities in the Oracle TNS Listener and provides recommendations for properly securing it. Providing minimal security for the Listener is simple and should be done for all Oracle installations – development, test and production. [more]
Tuesday, 20 January 2004, 5:43 AM CET

How your mobile could be spying on you
In fact, the technology has arrived that allows anyone to track someone down without them having a clue they are under surveillance. [more]
Tuesday, 20 January 2004, 4:37 AM CET

Crack Sandia team hacks - but only if asked
What does a hacker look like? It's not an easy question for Sandia National Laboratories scientists to answer - even when they're the ones doing the hacking. [more]
Tuesday, 20 January 2004, 4:34 AM CET

Security in motion
In his quest to discover why a company "embracing standards" left out a more secure standard, Senior Editor Scott Berinato gets angry. [more]
Tuesday, 20 January 2004, 4:22 AM CET

2000-2003: the age of (in)security
A series of increasingly virulent worms -- Code Red, Nimbda, Klez, Blaster, Slammer, SoBig -- infected millions of machines. Slammer also disabled ATMs, 911 call centers and other systems that weren't supposed to be connected to the Net. [more]
Tuesday, 20 January 2004, 4:04 AM CET

Flaw found in anti-virus software
Products from three popular anti-virus software companies have been found to contain a programming flaw that allows a hacker to crash a user's desktop PC. [more]
Tuesday, 20 January 2004, 4:01 AM CET

Sentencing date set in nuclear lab hack case
A sentencing date has been set for a UK teenager who admits breaking into the network of a US high-energy physics research lab. [more]
Tuesday, 20 January 2004, 4:00 AM CET

How police crack open criminal minds
An officer who pioneered a database linking violent offences wonders why more forces don't use it. [more]
Tuesday, 20 January 2004, 3:57 AM CET

The giant wooden horse did it!
Introducing a new legal defense to computer crime charges -- one that's all the more frightening because it could be true. [more]
Tuesday, 20 January 2004, 3:50 AM CET

Police in India to monitor cybercafes
Increasingly fearful that terrorists and other criminals are taking advantage of cybercafes, Bombay police want to require customers to show photo identification and give their home addresses. [more]
Tuesday, 20 January 2004, 3:46 AM CET

Top networking technologies for 2004
VoIP will fundamentally change the economics of providing voice services to the consumer, as well as alter the fundamental economics upon which telephone companies are based. It will "increase competition in the consumer voice-services market via third-party access to provide voice services in addition to cable and other entry media into the home." [more]
Tuesday, 20 January 2004, 3:42 AM CET

MSBlast virus writer faces 15 years behind bars
A virus writer accused of creating an MSBlast variant last year is to face a Romanian court this week and could be sentenced to 15 years in jail if convicted. [more]
Monday, 19 January 2004, 4:39 PM CET

The future of security is dark
There's no need to imagine a worst-case scenario for Internet security in the year 2010. The worst-case scenario is unfolding right now. [more]
Monday, 19 January 2004, 3:39 PM CET

The biometrics myth
There is a rather touching belief that biometrics – ranging from finger print recognition to iris scanning – are the perfect answer to user authentication in computer applications. Steve Bale, CEO ArmourSoft explains the underlying principles, weighs the very real disadvantages and reveals a much simpler approach that is available right now – at a fraction of the cost. [more]
Monday, 19 January 2004, 3:14 PM CET

HNS Newsletter issue 196 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 19 January 2004, 3:13 PM CET

Lie-detector glasses offer peek at future of security
It may not be long before you hear airport security screeners ask, "Do you plan on hijacking this plane?" [more]
Monday, 19 January 2004, 2:13 PM CET

Security as one of the layers for open source commoditization
Key open source advocates point to databases, security and storage as the next big categories ripe for commoditization. [more]
Monday, 19 January 2004, 2:07 PM CET

Viruses pack triple threat
Virus writers are merging spam, phishing and Trojan programs to develop more complex attacks on the unwary. [more]
Monday, 19 January 2004, 1:59 PM CET

Spam filters grab good with bad
The growing use of antispam filters that weed out messages containing words commonly used by junk e-mailers is forcing legitimate e-mail senders to choose their language carefully. [more]
Monday, 19 January 2004, 1:27 PM CET

Check Point beefs up network protection
Check Point Software Technologies takes its first step this week toward fulfilling its pledge to evolve beyond being firewall provider by introducing a family of security appliances designed to protect internal networks. [more]
Monday, 19 January 2004, 1:25 PM CET

Commentary: Addition of IPSec locks down 2.6 kernel
Enterprise administrators need not fear that 2.6 kernel developers have compromised security in exchange for enterprise benchmarks. [more]
Monday, 19 January 2004, 1:19 PM CET

Taking care of small business
Microsoft, Net Integration Technologies, Novell, and SUSE Linux are among the companies that produce operating systems geared for small businesses, and their products are reviewed in our roundup. All offer the same basic functions, which begin with e-mail services. [more]
Monday, 19 January 2004, 1:17 PM CET

U.S. government report shows I.T. sector on upswing
Good news and bad news: I.T. is on a recovery path, but there is little sign that the huge job losses experienced under President Bush -- the only Administration to experience greater hemorrhaging has been Hoover's -- will reverse themselves any time soon. [more]
Monday, 19 January 2004, 1:10 PM CET

Spam with Trojan horse attacks eBay users
Virus authors are using spam e-mails containing a Trojan horse program to help spread the latest version of the Mimail e-mail worm. [more]
Friday, 16 January 2004, 2:16 PM CET

Review - Implementing SSH
With a bunch of security features, SSH is being adopted by a great number of system administrators that are trying to implement some way of secure tunneling to their networks. Although the title of the book implies a very technical publication, the book should suite a variety of readers interested in how to use and optimize the secure shell. [more]
Friday, 16 January 2004, 11:59 AM CET

Remote working heightens security
The advance of SSL has boosted corporate adoption of VPNs. [more]
Friday, 16 January 2004, 11:47 AM CET

GAO faults 'inconsistent' online security programs
Spending amounting to $1 billion has resulted in decidedly mixed results for public key infrastructure projects. [more]
Friday, 16 January 2004, 11:41 AM CET

Tracking the seeds of destruction
In studying the effects of last summer's MSBlast worm, some security experts turned to an unlikely source in search of clues to the prevention of computer epidemics: plants. [more]
Friday, 16 January 2004, 12:18 AM CET

Who's patching open source?
In one of the great ironies of the software industry, Covalent's management software -- though known for open-source management -- is a proprietary product. Unlike most of the programs it manages, the CAM software code is not transparent or changeable by those who use it. [more]
Friday, 16 January 2004, 12:17 AM CET

PayPal scam tries to jumpstart Mimail worm
After releasing a version of the Mimail e-mail worm last week, virus authors are using a tool this week to help it spread: spam e-mail containing a Trojan horse program that, once installed, retrieves and installs the worm. [more]
Friday, 16 January 2004, 12:11 AM CET

Is SSL security over-hyped?
Vendors were fast to back SSL-based virtual private networks, but are they really better than IPSec alternatives? [more]
Thursday, 15 January 2004, 7:23 PM CET

User sees some result from Microsoft security focus
Users appear resigned to patching software ad nauseam, though one large user welcomes Microsoft Corp.'s latest attempts to ease the pain of implementing fixes. [more]
Thursday, 15 January 2004, 7:20 PM CET

The corporate identity crisis
Secure messaging has traditionally posed a problem in a corporate environment for two main reasons: firstly, the complexity of maintaining the infrastructure of "keys," which serve similar roles to unique identification credentials, and secondly, the complexity of explaining and using the solutions. [more]
Thursday, 15 January 2004, 3:33 PM CET

Security firms put up 'Personal Firewall Day'
Straddling the line between public service and marketing, Microsoft and a handful of security companies are sponsoring a campaign to heighten consumer security awareness and have declared Jan. 15 "Personal Firewall Day." [more]
Thursday, 15 January 2004, 11:49 AM CET

Standardizing on security
The Linux standards group publishes 565 pages of data describing a standards-compliant Linux package. So why aren't any of them about security? [more]
Thursday, 15 January 2004, 11:48 AM CET

Corporate data flies out the Windows
Steve Bale, chief executive officer of ArmourSoft, examines the disadvantages for the enterprise of the legacy of Microsoft's personal computing origins. [more]
Thursday, 15 January 2004, 1:16 AM CET

Problems and challenges with honeypots
For the past 18 months we have seen a tremendous growth in honeypot technologies. [more]
Thursday, 15 January 2004, 1:14 AM CET

Novell targets Web services security
Novell is integrating its identity management and Web services software in a way that it says will ease customers' ability to secure corporate networks. [more]
Thursday, 15 January 2004, 1:10 AM CET

New anti-spam laws fail to bite
E-mail users on both sides of the Atlantic hoping for a legislative reprieve from spam are feeling let down. [more]
Wednesday, 14 January 2004, 6:38 PM CET

Browser security takes off in VPNs
Corporations are embracing a simpler, cheaper way of connecting remote workers to their networks, opening up new opportunities--and competition--for network security vendors. [more]
Wednesday, 14 January 2004, 2:39 PM CET

3Com releases super-switch with built-in security
3Com has announced the immediate availability of a new super-switch that combines your normal switch with a firewall, anti-virus, content-filtering and intrusion detection - in short, a network's security all in one box. [more]
Wednesday, 14 January 2004, 12:31 PM CET

Use PKI to beat phishers
Digital certificates could ward against internet scams. [more]
Wednesday, 14 January 2004, 12:30 PM CET

Researcher for whom exploit code means freedom of speech
Georgi Guninski is a man who is respected on vulnerability mailing lists. The Bulgarian security expert - and this is one instance when the word can be safely used - has spread himself wide when it comes to security but all of his vulnerability posts merit attention. [more]
Wednesday, 14 January 2004, 12:03 PM CET

Telecoms, ISPs partner in spam fight
A group of international telecom providers, Internet service providers and software companies plan to form a "neighborhood watch" to oust junk e-mail from their collective networks, in what is the latest industry coalition bent on eradicating spam. [more]
Wednesday, 14 January 2004, 12:00 PM CET

No relief from Microsoft phishing bug
Redmond fails to patch a bug in Internet Explorer that makes consumers easy prey for online fraudsters. [more]
Wednesday, 14 January 2004, 3:12 AM CET

Wireless LAN security worries on horizon
This is supposed to be the year that the wireless industry addresses serious security shortcomings that are holding back enterprise wireless LAN rollouts. [more]
Wednesday, 14 January 2004, 3:10 AM CET

Flaws threaten VoIP networks
A technical review conducted by the British government has found several security flaws in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems. [more]
Wednesday, 14 January 2004, 3:08 AM CET

Kazaa delivers more than tunes
Forty-five percent of the executable files downloaded through Kazaa, the most popular file-sharing program, contain malicious code like viruses and Trojan horses, according to a new study. [more]
Wednesday, 14 January 2004, 3:01 AM CET

Review - Beginning Red Hat Linux 9
The many authors managed to squeeze into this title the most important facts for a novice user and point him into the right direction. Read on to discover what's inside this book. [more]
Tuesday, 13 January 2004, 5:24 PM CET

Alert admin gets bank scam site shut down
An alert systems integration manager in Melbourne got a fake banking site targeting Westpac last week shut down. The site was being hosted on an internet-connected computer without the knowledge of the owner. [more]
Tuesday, 13 January 2004, 12:40 PM CET

The eight rules of security
Security is a process, not a product… and should be treated as such. Through the security lifecycle, policy and procedure needs to take precedence over implementation. It’s a bigger part of the circle for a reason. [more]
Tuesday, 13 January 2004, 12:24 PM CET

IT in 2004: more power, lower costs and secure
Higher performance, lower costs and stronger security will be the key drivers for the IT industry during 2004. [more]
Tuesday, 13 January 2004, 12:18 PM CET

FreeBSD 5.2 is here
This release contains a number of significant stability and performance improvements over FreeBSD 5.1. Read on to find out what security issues have been fixed in this version. [more]
Tuesday, 13 January 2004, 1:13 AM CET

Hackers attack the OU Health Sciences Center
Federal and state law enforcement agencies are investigating a computer-hacking incident of 25 to 30 Microsoft Windows and Unix computers and servers at the OU Health Sciences Center. [more]
Tuesday, 13 January 2004, 12:49 AM CET

Radio hackers hurl drive by abuse at Burger King customers
Burger King customers visiting a drive-through restaurant had to run a gamut of abuse after pranksters succeeded in hacking into the outlet's wireless intercom system. [more]
Tuesday, 13 January 2004, 12:45 AM CET

Engaging in worm warfare
Last summer, it seemed the onslaught would never end. One after another, a progression of worms and other malware threatened to bring down systems as enterprises floundered in a morass of unpatched vulnerabilities and malicious e-mails opened by unwary employees. [more]
Tuesday, 13 January 2004, 12:43 AM CET

Microsoft focuses identity-management effort
Amid the growing buzz around identity management, Microsoft is trying to pull together a platform that would offer corporations entry into a new generation of end-user management, security and regulatory compliance. [more]
Tuesday, 13 January 2004, 12:42 AM CET

Is the tide turning in battle against hackers?
It's a quagmire. No, not Iraq. The Internet. The war against hackers has been going on for decades and we are no closer to pulling out than we were when Kevin Mitnick was breaking into Ma Bell's mainframes in the early '80s. [more]
Tuesday, 13 January 2004, 12:40 AM CET

Digital signatures and european laws
People who do business on the Internet require security and trust. In electronic commerce and communication you can't see the person you are speaking with, you can't see the documents that prove one's identity, and you can't even know if the web site you are connected to belongs to the society it says. [more]
Tuesday, 13 January 2004, 12:38 AM CET

'Serial ID thieves' banned from auction sites
A US Federal Court last week imposed an order prohibiting two alleged ID fraudsters from taking part in Internet auctions. [more]
Monday, 12 January 2004, 3:48 PM CET

HNS Newsletter issue 195 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 12 January 2004, 3:22 PM CET

Business continuity planning: will it save you?
Every year, security firm Pinkerton publishes a survey of the top threats that businesses believe that they have faced over that particular year writes Fran Howarth of Bloor Research. [more]
Monday, 12 January 2004, 2:43 PM CET

School district gives Linux security technology high grades
As any corporate IT administrator knows, network security is no longer a luxury, but a necessity. [more]
Monday, 12 January 2004, 2:30 PM CET

New Trojan masquerades as Windows XP update
Security companies are warning Internet users about a new Trojan horse program spreading via spam e-mail and masquerading as a Windows XP software update from Microsoft. [more]
Monday, 12 January 2004, 2:15 PM CET

When a security feature is no longer secure
Question: When is a security feature not a security feature? Answer: When it's the document protection system in Microsoft Word. [more]
Monday, 12 January 2004, 11:13 AM CET

Locking your door in 2004
Teach your users to think as you do... and other resolutions for the new year. [more]
Monday, 12 January 2004, 11:12 AM CET

Improving passive packet capture: beyond device polling
This paper proposes a new approach to passive packet capture that combined with device polling further improves it and allows, on fast machines, packets to be captured at (almost) wire speed. [more]
Friday, 9 January 2004, 3:49 PM CET

Spam and virus techniques overlap
A year on from the debut of SoBig.A, the first virus to converge spam and virus writing techniques, its legacy continues, warns a security company. [more]
Friday, 9 January 2004, 3:35 PM CET

IT security critical for SMEs
Possibly the most critical aspect of any small to medium enterprise's (SME's) information technology infrastructure is the security of that system. [more]
Friday, 9 January 2004, 3:33 PM CET

Chips to fight viruses
AMD and Intel are developing technology that will prevent processors being hijacked by attackers. [more]
Friday, 9 January 2004, 1:36 PM CET

From anti-spam to anti-spyware
EarthLink spokesman Jerry Grasso says consumers want two things from an Internet service provider: secure connections and tools to that cut through the clutter. [more]
Friday, 9 January 2004, 10:02 AM CET

Feds seek wiretap access via VoIP
The FBI and the Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. [more]
Friday, 9 January 2004, 10:00 AM CET

New net banking scam
Customers of the nation's five leading banks are unwittingly being siphoned of their savings online, after logging on to official internet banking websites. [more]
Friday, 9 January 2004, 9:55 AM CET

Electronic fraud burgeoning: report
Fraud and electronic crime was burgeoning, yet was too often swept under the carpet by people and companies who were too ashamed to admit they have been swindled, a report says. [more]
Friday, 9 January 2004, 9:53 AM CET

Secure passports to meet deadline
The Department of Foreign Affairs and Trade (DFAT) said that new passport security data requirements for entry to the United States would be accepted before the October deadline. [more]
Friday, 9 January 2004, 9:49 AM CET

Review - The Effective Incident Response Team
How do incident response teams function? Who are the people in the team? What steps do they take in order to increase the security of your network? The answer to these and numerous other questions lie within the pages of this book. [more]
Thursday, 8 January 2004, 2:53 PM CET

SQL security flaw persists in many web sites
Businesses are still failing to make basic security checks on their web sites and are leaving themselves wide open to digital attack, warn experts. [more]
Thursday, 8 January 2004, 2:52 PM CET

Interview with NetScreen Executive Officer David Flynn
"Historically, the two primary competitors we see are Cisco and Check Point Software, but as this new smarter firewall comes along, we're seeing some of the antivirus [companies], like Symantec and Network Associates, trying to move in this direction," NetScreen's David Flynn told the E-Commerce Times. [more]
Thursday, 8 January 2004, 2:49 PM CET

Netcraft crafts anti-phishing service
Netcraft has introduced an early warning service to alert banks to phishing scams. [more]
Thursday, 8 January 2004, 10:00 AM CET

Mississippi man denies Best Buy blackmail
A Mississippi man pleaded not guilty on Tuesday to charges that he threatened to reveal security weaknesses in the Web site of electronics seller Best Buy unless the company paid him $2.5 million. [more]
Thursday, 8 January 2004, 9:52 AM CET

Word's password feature 'not a security tool'
Microsoft admits that Word's password-protection feature can be easily bypassed, but argues it was never intended to ensure security. [more]
Thursday, 8 January 2004, 9:50 AM CET

Basics on protecting an organization against hackers
Includes an explanation of why security problems are escalating, along with 10-point and 90-day plans for improving network security. [more]
Thursday, 8 January 2004, 9:48 AM CET

MSN worm does rounds
A new worm that targets users of Microsoft's MSN Messenger network is one of several threats in the wild, but a local vendor says the holiday season has been quiet on the infections front. [more]
Wednesday, 7 January 2004, 1:13 PM CET

Don't take passwords to the grave
As an ambulance whisked Jon Hansen to the hospital last year, he held tightly to his wife's hand and told her things she needed to know if he were to die. [more]
Wednesday, 7 January 2004, 1:02 PM CET

Fear about reporting e-crime
Fraud and electronic crime was burgeoning yet was too often swept under the carpet by people and companies who were too ashamed to admit they have been swindled, a report said. [more]
Wednesday, 7 January 2004, 12:57 PM CET

Court ponders Web site-blocking law
A federal judge in Philadelphia on Tuesday heard a challenge to a controversial state law that has led to more than 1 million innocuous Web sites being accidentally blocked. [more]
Wednesday, 7 January 2004, 12:51 PM CET

Microsoft publishes program to blast MSBlast
Microsoft released a removal tool for the MSBlast worm on Monday after Internet service providers complained that home users' PCs infected with the malicious program are still causing network congestion. [more]
Wednesday, 7 January 2004, 12:49 PM CET

Internet security: the top 10 online blunders
Here are a few of the most common Internet security blunders. [more]
Tuesday, 6 January 2004, 5:01 PM CET

Managing Linux security effectively in 2004
This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process. [more]
Tuesday, 6 January 2004, 5:00 PM CET

Adrian Lamo says he'll accept plea bargain
Adrian Lamo, accused of breaking into The New York Times' computer network, is planning to appear in court Thursday to accept a plea bargain. [more]
Tuesday, 6 January 2004, 11:27 AM CET

Windows XP Service Pack 2 Beta first look
If there is one thing Microsoft is preoccupied with right now, it would have to be security. [more]
Tuesday, 6 January 2004, 1:36 AM CET

Review - Essential System Administration Pocket Reference
The information contained in this pocket reference will be of interest to administrators of any Linux, FreeBSD, Solaris, HP-UX or AIX machine. The whole idea behind this title is the ultra portability that should convince all of you paper-hating people to carry it around. Is it that good? Read on to find out. [more]
Monday, 5 January 2004, 7:33 PM CET

The real impact of viruses
It seems that hardly a week goes by when computer viruses aren't making headline news. The release of the SQL Slammer and Sobig worms last January, followed by the MSBlast.exe worm in August, graphically illustrate how the nature of these attacks is ever increasing. [more]
Monday, 5 January 2004, 6:57 PM CET

No more sequels in DVD hacking case
Norwegian police said Monday they would not appeal a landmark DVD piracy case for a second time, marking a final victory for a 20-year-old hacker and a defeat for Hollywood. [more]
Monday, 5 January 2004, 6:56 PM CET

Welcome to yet another year of viruses
It's sad, but true. Robert expects we'll see plenty of e-mail viruses in 2004, despite expectations that these pests would disappear in 2003. Here's why viruses won't go away--and how to protect yourself. [more]
Monday, 5 January 2004, 1:20 PM CET

Court slams HP Israel ID card bid
HP has lost a potentially lucrative bid to become the major supplier of smart identity cards in Israel after a court tossed out the company's proposal, saying it did no adhere to local laws. [more]
Monday, 5 January 2004, 1:17 PM CET

Music downloads decline after RIAA lawsuits
The music industry's controversial lawsuits against online song swappers appear to have forced U.S. computer users to severely curb their free music downloading habit, according to new research released Sunday. [more]
Monday, 5 January 2004, 1:14 PM CET

Defenses lacking at social network sites
Services like LiveJournal and Tribe are poised to be the next big thing on the Web in 2004, but their security and privacy practices are more like 1997. [more]
Friday, 2 January 2004, 7:19 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd