Off The Wire Archive

News items for January 2005

The 80/20 rule for web application security
After performing hundreds of web security assessments you're bound to encounter many frighteningly insecure websites. [more]
Monday, 31 January 2005, 7:37 PM CET

IBM study tests Linux security
To test open source security products, a study was conducted over a period of three months at the IBM Linux Test Integration Center. The goal for the security study was to deploy and compare various open source security tools that were available for free in the industry, and provide solution recommendations. [more]
Monday, 31 January 2005, 5:46 PM CET

Wireless security still in its infancy
Experts recommend caution using cell phones, PDAs for financial transactions. [more]
Monday, 31 January 2005, 5:43 PM CET

Interview with a link spammer
So how and why do "link spammers" - as they generically call themselves - do it? Are they the same as the email spammers? [more]
Monday, 31 January 2005, 5:37 PM CET

Home user security guide
Many of you have new computers in your homes, but how many of you realize that this computer is already vulnerable? How can this be? How can a brand new computer be vulnerable? Read this article and find out all about it. [more]
Monday, 31 January 2005, 12:02 PM CET

MySQL warning users, contemplating changes after worm
Forbot worm targeting open source database. [more]
Monday, 31 January 2005, 10:56 AM CET

Classified Dutch military documents found on Kazaa
At least 75 pages of highly classified information about human traffickers from the Dutch Royal Marechaussee - a service of the Dutch armed forces that is responsible for guarding the Dutch borders. [more]
Monday, 31 January 2005, 10:54 AM CET

Government computer blunders are common and expensive
The FBI's failure to roll out an expanded computer system that would help agents investigate criminals and terrorists is the latest in a series of costly technology blunders by government over more than a decade. [more]
Monday, 31 January 2005, 10:50 AM CET

Gates says security is priority
In the second part of a two-part interview, Stephen Cole of the BBC's technology show Click Online talks to Microsoft founder and chairman Bill Gates about the pros and cons of being at the forefront of the PC industry. [more]
Monday, 31 January 2005, 10:49 AM CET

Some RFID chips vulnerable to hacking
Tiny radio-transmitter chips that make possible high-security car keys and swipe-by petrol passes can be cracked using cheap technology. [more]
Monday, 31 January 2005, 10:48 AM CET

Trend retains entire stable of distributors
Vendor grants stays of execution after 'continued SME success'. [more]
Monday, 31 January 2005, 10:45 AM CET

The encryption factor
Quantum computing is set to revolutionise the way we work. Trouble is, it could crack any of today's security codes in a fraction of a second. [more]
Friday, 28 January 2005, 12:09 PM CET

Big net attack tipped in next 10 years
Don't say we didn't warn you: At some point in the next decade, there will be a "devastating attack" on the internet or power grid. [more]
Friday, 28 January 2005, 10:56 AM CET

Clear skies for Area 51 hacker
Federal prosecutors formally dropped charges this month against an amateur astronomer who exposed a buried surveillance network surrounding the Air Force's mysterious "Area 51" air base in Nevada. [more]
Friday, 28 January 2005, 10:52 AM CET

Malicious bot targets MySQL databases with weak passwords
A malicious bot program is breaking into poorly-secured MySQL databases running on Windows web servers. [more]
Friday, 28 January 2005, 8:38 AM CET

How to avoid phishing scams
In this article, I will explain exactly how this type of scam works and how to avoid being a victim. [more]
Friday, 28 January 2005, 8:37 AM CET

Blind buffer overflows in ISAPI extensions
This paper will outline the risks ISAPI Extensions pose and how they can be exploited by third parties without any binary exposure or knowledge using blind stack overflows. This method can enable remote code execution in proprietary and third party applications. [more]
Thursday, 27 January 2005, 2:03 PM CET

The role of email security in meeting regulatory requirements
Due to the nature of the potential content of email, ranging from a simple customer query to financial projections, the use of this application demands particular attention to ensure that its management helps to secure regulatory compliance. [more]
Thursday, 27 January 2005, 2:00 PM CET

Microsoft enhances SQL 2005 security
Forthcoming release more secure by default, claims Redmond. [more]
Thursday, 27 January 2005, 1:59 PM CET

MS mulls charging for anti-spyware app
Microsoft is leaving its options open on charging for full versions of anti-spyware and virus disinfection tools. [more]
Thursday, 27 January 2005, 1:58 PM CET

Latest Bagle mutant on the rampage
Worm contains backdoor for hacker to execute arbitrary programs. [more]
Thursday, 27 January 2005, 1:58 PM CET

Apple issues OS X security patch
Apple Computer has issued a security patch to correct seven vulnerabilities in the OS X operating system, including flaws in the Safari browser, the Mac Mail e-mail program, the ColorSync system, and other parts of the OS. [more]
Thursday, 27 January 2005, 10:21 AM CET

MyDoom one year later: more zombies, more spam
Virus now considered the beginning of sophisticated virus writers with illegal profit in mind. [more]
Thursday, 27 January 2005, 10:01 AM CET

Security firm says spammers ahead of the game
The threat of e-mail viruses, Internet scams and other attacks by spammers grew worse last year, despite stepped-up defense efforts by technology firms and government, an e-mail security firm reported Wednesday. [more]
Thursday, 27 January 2005, 9:32 AM CET

NIST report urges caution with VoIP security
A new report from the National Institute of Standards and Technology urges federal agencies and other organizations to take care in switching to voice-over-IP technology because of security concerns. [more]
Thursday, 27 January 2005, 9:22 AM CET

Length of hacker's prison term debated
Law enforcement recovered records of Jeffrey Lee Parson's online conversations with other hackers in which he said he was looking for a copy of the Blaster worm and that he was thinking about spreading a version of it. "Hehehe," he wrote, "and watch me get caught." [more]
Thursday, 27 January 2005, 9:22 AM CET

Web security group readies launch
A volunteer group is launching this month to provide a forum for free, open source documentation, tools and standards for Web application security. [more]
Thursday, 27 January 2005, 9:21 AM CET

Internet security suites face off
These products promise to protect you from more than just viruses. We see how they stack up. [more]
Wednesday, 26 January 2005, 10:36 AM CET

FBI backs transatlantic anti-spam summit
A delegation of British MPs heads over to Washington next month to discuss information security with US politicians. [more]
Wednesday, 26 January 2005, 10:35 AM CET

Clam AntiVirus: open source vs. the bad guys
Open source software, in the form of Clam AntiVirus, can help you detect rogue programs before they hit your inbox, whether you run Linux or Windows. [more]
Wednesday, 26 January 2005, 8:52 AM CET

SELinux: Playing with fire
One of the much-talked-about features in Fedora Core 3 is Security-Enhanced Linux, which some people believe will make Linux a truly military-grade secure operating system. But SELinux is available to secure many other distributions as well. [more]
Wednesday, 26 January 2005, 8:50 AM CET

Preparing yourself for intrusions
This article explains the basic concepts of intrusion detection and response. [more]
Wednesday, 26 January 2005, 8:02 AM CET

An overview of GPG
GPG stands for Gnu Privacy Guard. It is a program from the FSF which allows you to encrypt and verify signed files created by others all without a shared secret which would allow others to impersonate you or get access to your encrypted files. [more]
Wednesday, 26 January 2005, 7:58 AM CET

Introduction to troubleshooting Linux firewalls
The importance of a firewall to your security plan cannot be stressed enough, but what happens when your firewall fails? Find out in this introduction to firewall troubleshooting. [more]
Wednesday, 26 January 2005, 7:53 AM CET

Domain hijack: Dotster yet to comment
Dotster, the domain registrar that manages the panix.com domain which was hijacked over the weekend of January 15-16, is yet to make a public comment about the affair. [more]
Wednesday, 26 January 2005, 7:51 AM CET

Feds aim to tighten nuclear cyber security
Federal regulators are proposing to add computer security standards to their criteria for installing new computerized safety systems in nuclear power plants. [more]
Wednesday, 26 January 2005, 7:49 AM CET

Are we in a computer security renaissance?
The widespread adoption of the Internet and e-commerce helped change the focus of security research. [more]
Wednesday, 26 January 2005, 7:48 AM CET

Probe: poor info sharing harms security
Poor information-sharing both inside and outside government is threatening homeland security, congressional investigators said Tuesday. [more]
Wednesday, 26 January 2005, 7:47 AM CET

Vendors need to focus on mobile viruses
Viruses are becoming a more serious threat, but most hardware vendors and wireless operators have put the problem on a back burner, an industry analyst claims. [more]
Wednesday, 26 January 2005, 7:46 AM CET

Hackers use old-fashioned eavesdropping to steal data
Computer hackers have taken to stealing data the easy way — by eavesdropping on phone and e-mail conversations to find the keys to seemingly impregnable networks, security experts say. [more]
Tuesday, 25 January 2005, 6:53 PM CET

How to: mastering PortQry.exe (part 1)
In this article the author will cover the fundamentals of using the PortQry command line tool. [more]
Tuesday, 25 January 2005, 4:33 PM CET

SAP launches two security initiatives
Program certifies consultants' knowledge of security tools applicable to SAP technology. [more]
Tuesday, 25 January 2005, 4:26 PM CET

The open road: Samhain
This article describes a Host-Based Intrusion Detection System (HIDS) with Samhain. [more]
Tuesday, 25 January 2005, 12:53 PM CET

Banks and police set security standards
Solutions to online fraud 'already exist', claim experts. [more]
Tuesday, 25 January 2005, 12:34 PM CET

SSL VPNs made simple
You can always tell when a particular technology begins to gain momentum by the availability of lower-cost alternatives to the bleeding-edge, high-end devices. [more]
Tuesday, 25 January 2005, 12:32 PM CET

IRS needs better IT security plan
The process for identifying weaknesses and reporting progress is flawed and ineffective, according to the report. [more]
Tuesday, 25 January 2005, 5:40 AM CET

Top users' security manifesto aims to close gaps in supplier offerings
User group the Jericho Forum, whose members include more than 50 global companies, is set to publish criteria on information security for suppliers to follow when developing products. [more]
Tuesday, 25 January 2005, 5:40 AM CET

Trend Micro InterScan Web Security Suite (IWSS) reviewed
IWSS is a comprehensive solution tailored for large corporate deployment. It successfully addresses the main concerns of most corporate users: increased network latency associated with HTTP gateway scanning; and reluctance to modify the network configuration and topology. [more]
Monday, 24 January 2005, 7:54 PM CET

Phishing against banks hits all time high
Anti-Phishing Working Group warns of 'relentless increase'. [more]
Monday, 24 January 2005, 7:24 PM CET

Hackers eavesdrop on phone networks to steal data
Computer hackers have taken to stealing data the easy way - by eavesdropping on phone and e-mail conversations to find the keys to seemingly impregnable networks, security experts say. [more]
Monday, 24 January 2005, 7:21 PM CET

Hardware and software for secure online banking
A heavy hand with consumer education can go a long way toward keeping customers safe. If they receive e-mails sporting a bank logo that requires a response, they'll know it's not a legitimate communication. [more]
Monday, 24 January 2005, 7:20 PM CET

Viruses for Symbian OS - the truth
Don't be panicked by media hype about viruses targetting Symbian OS smartphones! [more]
Monday, 24 January 2005, 7:19 PM CET

Hotspot paranoia: try to stay calm
OK, the fact that Professor Brian Collins is prepared to talk about public Wi-Fi hotspots with evil twins does mean it's worth taking seriously. [more]
Monday, 24 January 2005, 7:17 PM CET

Security concerns prompt Internet Explorer defections
Worried about catching viruses, spyware, or other malicious software while surfing the Web? [more]
Monday, 24 January 2005, 7:16 PM CET

Symantec shows e-mail security appliance
New products use the acquired Brightmail anti-spam technology. [more]
Monday, 24 January 2005, 7:15 PM CET

Protect yourself against domain name theft
The domain name hijacking of panix.com last week highlights a weaknesses in the Internet's registrar system and should serve as a warning to all companies. It could happen to anyone. [more]
Monday, 24 January 2005, 12:38 AM CET

Harvard fixing data security breaches
Loophole allowed viewing student prescription orders. [more]
Monday, 24 January 2005, 12:31 AM CET

Virus disguised as BitDefender update
Anti-virus company BitDefender has warned computer users that a new virus falsely claims to offer security updates from its support team. [more]
Friday, 21 January 2005, 1:01 PM CET

A firewall for your mobile employees
If you have a business and you have a network, you probably also have a firewall in place to protect it. [more]
Friday, 21 January 2005, 11:38 AM CET

A cure for the common SSH login attack
A few months ago, I began seeing our 'secure' log files fill up with entries stating: "Failed password for illegal user [username]"... [more]
Friday, 21 January 2005, 11:22 AM CET

Accused spammer sues individual who reported it
Atriks claims it's innocent, but company shows up on independent spam monitor list. [more]
Friday, 21 January 2005, 11:15 AM CET

Spyware: an update
How big of a problem is spyware? It’s big enough that the U.S. House of Representatives voted unanimously to stiffen jail sentences for those who use secret surveillance programs to steal credit card numbers or commit other crimes. [more]
Friday, 21 January 2005, 12:16 AM CET

Is your computer part of a criminal network?
Programs called 'bots' increasingly turn PCs into zombies, often for illicit gains. [more]
Friday, 21 January 2005, 12:14 AM CET

Experts: 'Phishing' more sophisticated
Internet "phishing" scams are becoming more difficult to detect as criminals develop new ways to trick consumers into revealing passwords, bank account numbers and other sensitive information, security experts say. [more]
Friday, 21 January 2005, 12:13 AM CET

MSN Messenger invaded by new worm
Open IM windows on the desktop are vulnerable. [more]
Friday, 21 January 2005, 12:11 AM CET

The aftermath of a domain name hijack
The industry needs to find a way to establish stronger trust in registrars if it is to avoid a repeat of last weekend's hijacking of the Panix.com domain name, says Alexis Rosen, Panix president. [more]
Friday, 21 January 2005, 12:10 AM CET

CAcert certificates offer free security
Securing the transfer of information while traversing the Internet requires an X.509 security certificate to guarantee its integrity. [more]
Friday, 21 January 2005, 12:07 AM CET

CNN worm poses as news alert
News-hungry surfers are the target of a new worm that masquerades as a breaking news story but actually leave computers vulnerable to hackers. [more]
Friday, 21 January 2005, 12:06 AM CET

Fraud victims facing cold shoulder
Banks can no longer guarantee refunds after growth in phishing and identity theft. [more]
Friday, 21 January 2005, 12:05 AM CET

Viruses plague half of UK Windows users
Microsoft survey finds lackadaisical approach to security. [more]
Friday, 21 January 2005, 12:05 AM CET

Symantec continues growth path
Quarterly revenue grew more than 40%, as Symantec executives vowed to both partner with and compete against Microsoft. [more]
Friday, 21 January 2005, 12:04 AM CET

Security companies might be messing with IT managers' minds
If users believed the marketing bumf security vendors peddle, they'd be looking for viruses in their morning coffee. [more]
Thursday, 20 January 2005, 9:37 AM CET

Minimizing corporate instant messaging risks
Instant messaging is, for the most part, a less secure way to communicate than through corporate e-mail, especially if one is using a public instant messaging system offered by a commercial provider. [more]
Thursday, 20 January 2005, 9:34 AM CET

Intrusion detection with AIDE
Installing an intrusion detection system (IDS) can give you a heads up on whether or not filesystems have been modified. [more]
Thursday, 20 January 2005, 9:21 AM CET

Best-kept secrets - quantum cryptography
Quantum cryptography has marched from theory to laboratory to real products. [more]
Thursday, 20 January 2005, 9:17 AM CET

Chinese companies join Cisco-led security program
Chinese antivirus software vendors join Cisco's NAC security program. [more]
Thursday, 20 January 2005, 12:48 AM CET

Internet phishing scams getting more devious
Cybercriminals are devising new tricks to get people to reveal sensitive data. [more]
Thursday, 20 January 2005, 12:22 AM CET

How to make your PC secure
An unguarded PC is a potentially dangerous window into your life and finances. We show you how to make it secure and keep it secure. [more]
Thursday, 20 January 2005, 12:21 AM CET

Cyber-crime bigger threat than cyber-terror
Cyber security experts say governments have largely succeeded in stopping the most vulnerable computer systems from cyber-terror, but civilian and business networks remain wide open. [more]
Thursday, 20 January 2005, 12:18 AM CET

Police nab creator of webcam Trojan
Man is accused of creating a Trojan horse that could steal info and spy on users. [more]
Thursday, 20 January 2005, 12:14 AM CET

Playing with firewalls
In these unfriendly times, keeping vandals and crooks off networks of any size is a constant battle. [more]
Thursday, 20 January 2005, 12:13 AM CET

New MOM management pack for password change notification
Microsoft this month introduced a new Microsoft Operations Manager Management Pack for the Microsoft Password Change Notification Service. [more]
Thursday, 20 January 2005, 12:11 AM CET

Oracle releases quarterly patch update
A security update from Oracle addresses 23 security holes in several versions of Oracle Database Server that left users vulnerable to denial-of-service attacks, trigger abuse, and outside access to sensitive information. [more]
Thursday, 20 January 2005, 12:09 AM CET

New ThinkPad T43 layers on security
The ThinkPad T43 notebook design due out in April layers on several new security functions. [more]
Thursday, 20 January 2005, 12:07 AM CET

Wi-Fi boom makes life easier for computer hackers
Most wireless networks come with security features to prevent snoopers reading emails and other documents, but many people do not use them because they are difficult to implement. [more]
Thursday, 20 January 2005, 12:05 AM CET

Police learning to fight online crime
Elearning course introduced after Home Office calls. [more]
Thursday, 20 January 2005, 12:03 AM CET

Astaro breaks out new all-in-one security appliances
If you're one of the most acclaimed security software companies in the market, what do you do for an encore? [more]
Thursday, 20 January 2005, 12:01 AM CET

UK gov ready to u-turn on passport-ID card link?
As the UK's ID cards bill charges through Parliament, signs are starting to emerge that the Home Office's dubious packaging plans might be coming apart at the seams. [more]
Wednesday, 19 January 2005, 11:58 PM CET

Toshiba releases IP-based, PoE security camera
Device includes PoE, two-way audio, an SD card slot, and built-in motion detection. [more]
Wednesday, 19 January 2005, 1:28 PM CET

Wireless hackers creep nearer to UK homes
Security experts are warning the rapid uptake of wireless networks in the UK could spell disaster for home working professionals, if they fail to safeguard their IT systems against “war-driving” attackers. [more]
Wednesday, 19 January 2005, 11:39 AM CET

Privacy: what developers and IT professionals should know
Whether you are manager, IT professional, developer, or security specialist, this book will get you some quality information you need to protect your customers and your organization. [more]
Wednesday, 19 January 2005, 10:57 AM CET

Fingerprinting plays key role in biometrics boom
In the IT space, low-priced fingerprinting systems represent a potential solution to a number of problems. Companies need to supplement password systems, which can be easily compromised, and fingerprinting represents a stronger security check. It also has the potential to lower IT costs. [more]
Wednesday, 19 January 2005, 9:12 AM CET

Apache 2 with SSL/TLS: step-by-step, part 1
This article begins a series of three articles dedicated to configuring Apache 2.0 with SSL/TLS support, in order to ensure maximum security and optimal performance of secure web communication. This part introduces key aspects of SSL/TLS and then shows how to compile and configure Apache 2.0 with support for these protocols. [more]
Wednesday, 19 January 2005, 9:11 AM CET

Notes from security school
Do you want to look inside the world of hackers and learn some lessons about how to thwart their attacks on your network? The SANS Institute's professional training courses may be the best place to start. [more]
Wednesday, 19 January 2005, 9:00 AM CET

Melbourne IT accepts blame for domain hijack
Melbourne IT has acknowledged that it was partially responsible for a Web domain hijacking that left a New York Internet hosting company without an Internet address over the weekend. [more]
Wednesday, 19 January 2005, 8:56 AM CET

The convergence of hacking and security tools
There is beginning to be a blurring of the lines when it comes to security tools, and hacking tools. Is there really a difference anymore between the two of them at all? [more]
Tuesday, 18 January 2005, 4:59 PM CET

IT security gets first passing grade - barely
After three years of failing grades from lawmakers, agencies are finally making progress toward better information security. [more]
Tuesday, 18 January 2005, 4:58 PM CET

Disaster recovery: preparing for the worst
Steve Gold explores how IT managers can make their disaster recovery plans as watertight as possible. [more]
Tuesday, 18 January 2005, 2:20 PM CET

Microsoft urges PC users to get secure
More than two-fifths of PC users fell victim to a computer virus during the last 12 months, a Microsoft survey reveals. [more]
Tuesday, 18 January 2005, 1:17 PM CET

Anti-spyware as anti-piracy
Is Microsoft's anti-malware giveaway part of a master plan to flush out software pirates? [more]
Tuesday, 18 January 2005, 8:01 AM CET

The state of Windows security
In recent years, security, especially of the Windows platform, seems to constantly reawaken as a topic of eager discussion. [more]
Tuesday, 18 January 2005, 7:55 AM CET

Blueprint for professionalism in IT security
For most employers, hiring IT security staff is a difficult challenge. The security profession has grown up in an ad hoc way over the past 20 years and there are no widely recognised definitions of what IT security should cover, let alone any consensus on what qualifications and experience IT professionals should have. [more]
Tuesday, 18 January 2005, 7:51 AM CET

Building a wireless sniffer with Perl
This article, the first in a two-part report, reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. [more]
Tuesday, 18 January 2005, 12:16 AM CET

Malware comes of age
The arrival of the true computer parasite. [more]
Tuesday, 18 January 2005, 12:11 AM CET

Compuware readies fault simulation, security tools
Offerings set for Microsoft apps development platform Compuware on Tuesday will announce tools providing fault simulation and security analysis for developers building applications on the Microsoft platform. [more]
Tuesday, 18 January 2005, 12:10 AM CET

Scottish man appears in court for internet extortion
Suspect arrested as part of international crackdown on DDOS attacks. [more]
Monday, 17 January 2005, 1:22 PM CET

Tsunami worm tricks net users
A new computer worm pretends to offer information on making a donation to help with the Indian Ocean tsunami disaster, security experts have warned. [more]
Monday, 17 January 2005, 1:12 PM CET

Common criteria – salvation for email security
With the increasing threat of far more sophisticated attacks than just spam and viruses, email security is taking a leap forward. But in implementing new solutions, organisations open up the risk to additional vulnerabilities, because the products they have chosen may not provide an adequate level of security. [more]
Monday, 17 January 2005, 1:01 PM CET

Keeping the world safe... running as local administrator
Have you seen the recent AOL commercials pushing their new anti-virus/anti-spyware feature? [more]
Monday, 17 January 2005, 10:42 AM CET

New York ISP's domain hijacked
The domain name of Panix, the oldest commercial internet service provider in New York, was hijacked on Friday evening US time and the company is in the process of recovering the same. [more]
Monday, 17 January 2005, 10:38 AM CET

Reporting Kernel security issues
A lengthy and interesting thread was started on the lkml by Chris Wright looking to define a centralized place to report security issues in the Linux Kernel. [more]
Monday, 17 January 2005, 10:37 AM CET

IT security companies take root, grow in East Bay
Everyone knows Silicon Valley is the world center of information technology. So it makes sense that data and network security companies would be clustered nearby. [more]
Monday, 17 January 2005, 10:33 AM CET

CLI magic: Tcpdump
Don't worry, I'm not going to try to turn you into to a network security analyst or administrator. But if you're interested in what's happening under the hood on your Internet connection, I'll be happy to introduce you to an old and respected command-line tool. [more]
Monday, 17 January 2005, 10:32 AM CET

Experts warn of trick to bypass IE security
A computer security researcher and an antivirus company are warning Microsoft customers about an unpatched hole in the company's Internet Explorer Web browser that could allow a remote attacker to bypass security warnings and download malicious content onto vulnerable systems. [more]
Monday, 17 January 2005, 10:25 AM CET

FBI retires its Carnivore
Newly-released reports show the bureau embracing commercial solutions for Internet surveillance, in investigations ranging from providing material support to terrorists to making harassing telephone calls. [more]
Monday, 17 January 2005, 10:24 AM CET

VoIP hackers can put spam in your ear
As an increasing number of companies and individuals make phone calls through the Internet, phone systems can become as vulnerable as computer networks to hackers, computer viruses and network disruptions. [more]
Monday, 17 January 2005, 10:23 AM CET

iTunes users at risk from hackers
Subscribers urged to upgrade software immediately. [more]
Friday, 14 January 2005, 7:14 PM CET

Windows Trojans hit P2P
Madrid-based anti-virus firm Panda Software reports the circulation on peer-to-peer (P2P) networks of Trojans that are spread by exploiting digital rights management features in Windows media player, reports The Register. [more]
Friday, 14 January 2005, 12:22 PM CET

Rings of steel combat net attacks
Gambling is hugely popular, especially with tech-savvy criminals. [more]
Friday, 14 January 2005, 12:18 PM CET

A look at Microsoft AntiSpyware
It's a little Microsoft-centric, but we generally like the software giant's full-featured beta antispyware program. [more]
Friday, 14 January 2005, 12:04 PM CET

Malware, spam prompts mass net turn off
Both beginners and veterans are finding the Interweb experience so repellent that they're disconnecting in droves, blaming malware and spam. [more]
Friday, 14 January 2005, 11:56 AM CET

DHS, DOJ plan cybercrime survey
In what they hope will become the premier measure of national cybercrime statistics, officials at the Homeland Security and Justice departments plan to survey 36,000 businesses this spring to examine the type and frequency of computer security incidents. [more]
Friday, 14 January 2005, 11:54 AM CET

Torvalds criticizes security approaches
Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers. And it wasn't all good. [more]
Friday, 14 January 2005, 1:39 AM CET

A personal desktop back-up solution
A hard drive crash over the holidays left me scrambling to get back to a productive desktop as quickly as possible. [more]
Friday, 14 January 2005, 1:37 AM CET

Google patches Gmail security hole
Google has fixed a bug in its Web-based e-mail service, Gmail, that allowed users to read the contents of other people's messages. [more]
Friday, 14 January 2005, 12:25 AM CET

US slaps on the wardriver-busting paint
Security-minded US decorators' supply outfit Force Field Wireless claims to have developed a DIY solution to the international menace of marauding geek wardrivers. [more]
Friday, 14 January 2005, 12:23 AM CET

Securing Linux production systems
This article is a practical step-by-step guide for securing Linux production systems. [more]
Thursday, 13 January 2005, 10:15 AM CET

A new tool In the spam war
Arbitration is part of the next wave of security measures, and can be effective against spammers who illegally harvest email addresses from a honeypot on your website. [more]
Thursday, 13 January 2005, 10:14 AM CET

Battery management IC takes security onboard
A novel intelligent battery management IC easily identifies potentially unsafe batteries not approved by consumer electronics manufacturers for use in their devices. [more]
Thursday, 13 January 2005, 10:12 AM CET

XML - the end of security through obscurity?
New Web services protocols make data easy to read-and almost as easy to hide. [more]
Thursday, 13 January 2005, 10:11 AM CET

Developer raps Linux security
Brad Spengler of grsecurity characterized the Linux Security Model, or LSM, as merely a way to allow the National Security Agency's SELinux to be used as a module. "The framework is unfit for any security system that does anything remotely innovative, such as grsecurity and RSBAC [Rule Set-Based Access Control]," he declared. [more]
Thursday, 13 January 2005, 12:12 AM CET

Black hats gaining ground on Microsoft
The latest batch of security bulletins from Microsoft Corp contain notable omissions - the names of people who practiced responsible disclosure by telling Microsoft about the bugs before anyone else. [more]
Wednesday, 12 January 2005, 12:09 PM CET

Will Longhorn boost computer security?
Truly trustworthy computing is still a few years off, HP exec says. [more]
Wednesday, 12 January 2005, 10:42 AM CET

War on terrorism turns to information network
Hundreds of cyber crime experts gather to compare notes at the Westin Innisbrook Resort. [more]
Wednesday, 12 January 2005, 10:41 AM CET

Another computer security official quits
The Homeland Security Department official in charge of protecting the nation's physical and computer infrastructure is stepping down at the end of the month. [more]
Wednesday, 12 January 2005, 10:39 AM CET

Hacker penetrates T-Mobile systems
A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year. [more]
Wednesday, 12 January 2005, 10:29 AM CET

Full disclosure put on trial in France
The trial of a French security researcher last week has become a cause celebre. Its outcome will decide if interested parties can "peek under the bonnet" in testing the road-worthiness of security products without falling foul of French law. [more]
Wednesday, 12 January 2005, 10:27 AM CET

Comparing the ISA Firewall to non-ISA Firewall Solutions
This article kicks off a series that compares the ISA firewall to the other major players in the firewall market. [more]
Wednesday, 12 January 2005, 12:30 AM CET

Interview with Ken Cutler, Vice President, Information Security, MIS Training Institute
In this interview Mr. Cutler discusses today's biggest online threats, closed source vs. open source security, the full disclosure of vulnerabilities, the challenge of protecting sensitive information at the enterprise leve, and more. [more]
Wednesday, 12 January 2005, 12:26 AM CET

Microsoft releases two critical security fixes for Windows
Microsoft Corp. released two security fixes Tuesday that carry its most severe threat rating. [more]
Wednesday, 12 January 2005, 12:12 AM CET

Trojan exploits Windows DRM
Anti-Virus and security vendor Panda Labs is reporting the discovery of a threat that takes advantage of Windows Digital Rights Management (DRM). [more]
Wednesday, 12 January 2005, 12:10 AM CET

Shape up your WAN traffic
Packeteer and 8e6 traffic managers offer choice between luxury and thrift. [more]
Wednesday, 12 January 2005, 12:08 AM CET

Nokia unveils IP VPN suite for mobile security
Nokia announced a suite of IP security virtual private network-based solutions that offer secure remote access to corporate networks from mobile devices and remote locations. [more]
Wednesday, 12 January 2005, 12:07 AM CET

Eliminate passwords with OATH
Someday soon, you'll be able to forget your passwords and still access all the secure servers you use now. In fact, no one will have to remember any passwords at all. [more]
Wednesday, 12 January 2005, 12:07 AM CET

Simple snoop-proof email launched
Software that aims to make encrypted email communications simple enough for even computer novices to use was released on Tuesday. [more]
Wednesday, 12 January 2005, 12:05 AM CET

Microsoft virus clean-up tool sparks controversy
Microsoft debuts a malicious software removal tool today. It represents the first tangible fruits of Microsoft's June 2003 acquisition of Romanian anti-virus firm GeCAD Software. [more]
Wednesday, 12 January 2005, 12:03 AM CET

The perils of deep packet inspection
This paper looks at the evolution of firewall technology towards Deep Packet Inspection, and then discusses some of the security issues with this evolving technology. [more]
Wednesday, 12 January 2005, 12:02 AM CET

Unisys IT security predictions
Unisys IT security experts predict that 2005 will bring greater liability, growing mobile and cyber threats and increased identity management. [more]
Tuesday, 11 January 2005, 1:27 PM CET

AMD promotes new AMD holographic label, security features
MD today announced an educational campaign focused on the security features of AMD boxed processors. [more]
Tuesday, 11 January 2005, 12:20 PM CET

Does your privacy policy mean anything?
These days, your company's privacy policy is a handy tool. It can placate worried consumers. A privacy policy assures them their personal data won't ever be used, shared, or abused. [more]
Tuesday, 11 January 2005, 12:18 PM CET

Attackers capture info from George Mason University
Computer attackers captured the names, Social Security numbers and other information of more than 30,000 students and staff at George Mason University. [more]
Tuesday, 11 January 2005, 12:17 PM CET

High-tech answers to ID theft
Brace yourself for retina scans, chip implants and other gizmos that are already replacing plastic but are much more secure... if a little creepy. [more]
Tuesday, 11 January 2005, 12:05 PM CET

Securing Thunderbird email with OpenPGP
Email is commonly used in business today, yet only a small percentage of users take the time to guarantee their email is sent in a secure and confidential manner. If you're not part of that elite group, read on to learn how to setup OpenPGP with the Mozilla Thunderbird mail component. [more]
Tuesday, 11 January 2005, 12:03 PM CET

Letting the telecommuters into the network
You worked hard to keep the space rabble out of your network. Now make sure the good guys can get in. [more]
Tuesday, 11 January 2005, 12:01 PM CET

Microsoft can save its ailing authentication service
Microsoft can save its ailing authentication service, but only by scaling back its expectations on what kind of accounts and services it's fit to secure. [more]
Tuesday, 11 January 2005, 12:00 PM CET

Feds called in over Trojan tax scam
E-mail scammers have shifted their sights from a staple diet of banks, betting shops and auction sites to government agencies, with the Australian Taxation Office (ATO) calling in Australian Federal Police over a spam deluge that tries to send taxpayers to Trojan-infected Web sites. [more]
Tuesday, 11 January 2005, 11:58 AM CET

Security leaders create blueprint for professional standards
Senior IT security professionals are pressing for new IT security qualifications and the creation of a national accreditation body in a bid to improve standards. [more]
Tuesday, 11 January 2005, 11:57 AM CET

More worms target mobile phones
Latest variants could be a sign of what's to come, security experts warn. [more]
Tuesday, 11 January 2005, 11:56 AM CET

McAfee tool spots site vulnerabilities
McAfee division Foundstone Professional Services is offering SiteDigger 2.0, a security tool that searches enterprise Web sites to spot confidential material that has been exposed to view accidentally over the Internet. [more]
Tuesday, 11 January 2005, 11:55 AM CET

Critical flaw plagues Mozilla
New flaw in old browsers. [more]
Monday, 10 January 2005, 2:23 PM CET

Panda pitches at corporates
Vendor follows up on home-market success with relaunch of its partner programme. [more]
Monday, 10 January 2005, 2:21 PM CET

Firefox's grassroots cure for Internet insecurity
There's a new challenger for the browser crown, offering security the champ can't match. [more]
Monday, 10 January 2005, 1:11 PM CET

Secure a J2ME environment with JCE
Securing pervasive content is no simple issue, and the Java Cryptography Extension, while accepted as the standard here, brings its own problems to development. Don't raise the white flag, though. This article focuses on those problems and offers the solutions. [more]
Monday, 10 January 2005, 1:06 PM CET

Showing the government how Linux provides better security
Showing government offices and agencies how Linux and open-source software provide better security. [more]
Monday, 10 January 2005, 12:58 PM CET

How to sign your custom RPM package with GPG Key
GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. [more]
Monday, 10 January 2005, 12:29 PM CET

Password management with PasswordSafe
PasswordSafe is intended to be a secure solution for maintaining a list of passwords. It uses a secure, encrypted database to store each password and can only be accessed by providing the master password. [more]
Monday, 10 January 2005, 11:39 AM CET

Don't talk to strangers
Agencies can reduce spam by setting up e-mail registration databases. [more]
Monday, 10 January 2005, 11:32 AM CET

Sun unveils smallest secure Web server
Researchers from the Next Generation Crypto team at Sun Microsystems Laboratories have created the world's smallest secure web server. [more]
Monday, 10 January 2005, 11:31 AM CET

Security market set to flourish in 2005
But vendors must consolidate products to combat customer confusion. [more]
Monday, 10 January 2005, 10:40 AM CET

Making the Internet safer for your employees
There are numerous steps that you can use to make your corporate network a safer place for those users who routinely use the Internet. [more]
Monday, 10 January 2005, 12:32 AM CET

Linux Netwosix developments
This brief article outlines the history and story behind Linux Netwosix, a security-focused distribution. [more]
Friday, 7 January 2005, 6:48 PM CET

Plugs to be pulled on EU biometric visa scheme?
The European Union is poised to accept that its current plans for biometric visas are unworkable, reports Statewatch. [more]
Friday, 7 January 2005, 5:00 PM CET

NIST issues recommendations for secure VOIP
The National Institute of Standards and Technology has offered some cautionary advice for offices considering moving their telephone systems to voice over IP. [more]
Friday, 7 January 2005, 4:59 PM CET

Home WLAN security: the next generation
Even though the 802.11i security standard begat WPA2 for even better encryption of Wi-Fi signals in homes, vendors and chip makers know that end-users need a simpler way to turn security on than filling in numerous fields in Web interfaces and hoping the keys all match. If they don't match, you can't even go online. [more]
Friday, 7 January 2005, 2:38 AM CET

VMware now shipping ACE secure PC environment
Software uses virtual machine technology to create an 'assured computing environment'. [more]
Friday, 7 January 2005, 1:58 AM CET

Is Microsoft making a security play?
There is widespread speculation that Microsoft is planning to enter the security space, and that its two offers of free anti-spyware tools are the initial move. Microsoft partners reportedly have been briefed on an upcoming security subscription service code-named A1. [more]
Friday, 7 January 2005, 1:10 AM CET

Microsoft Antispyware - first impressions
Microsoft Corp., whose popular Windows software is a frequent target for Internet viruses, is offering a free security program to remove the most dangerous infections from computers. [more]
Friday, 7 January 2005, 12:26 AM CET

eBay aims to thwart phishing
eBay is rolling out a private messaging service to customers to make it easier to distinguish official announcements from fraudulent 'phishing' emails. [more]
Friday, 7 January 2005, 12:24 AM CET

Zen and the art of intrusion detection
If a tree falls in a forest with no-one to hear it, does it make a sound? So goes a typical zen-like philosophical question. While it's thought-provoking, what does it have to do with Intrusion Detection Systems (IDS)? Simple - if you're not there to watch the tree fall, do you need to know whether it fell or not? [more]
Friday, 7 January 2005, 12:22 AM CET

Sims 2 hacks spread like viruses
If kitchen appliances and other household objects are exhibiting strange behavior in your virtual home, you may have unknowingly picked up hacked code from the official Sims 2 website. What's more, you may have spread it. [more]
Friday, 7 January 2005, 12:21 AM CET

Phishers migrating to Trojan horse attacks
The latest report from the Anti-Phishing Working Group (APWG) suggests a depressing if unsurprising outlook for phishing trends in the year ahead. [more]
Friday, 7 January 2005, 12:16 AM CET

Viruses AIM for IM
Virus writers, scammers and spammers are plying their trade via instant messaging. Liane Cassavoy and Andrew Brandt identify the real threats and offer tips on avoiding them. [more]
Friday, 7 January 2005, 12:15 AM CET

Flawed IT security poses legal threat
Companies could face action over data exposed by hacking, say experts. [more]
Thursday, 6 January 2005, 2:02 PM CET

Thieves find a home on eBay
Auction site used to cash in on stolen goods. [more]
Thursday, 6 January 2005, 10:24 AM CET

Sydney kids accused of global net scam
Four Sydney high school students have been charged with helping run a global internet scam. [more]
Thursday, 6 January 2005, 10:22 AM CET

Microsoft hurries antispyware, holds Exchange updates
Microsoft is on target to release code from its Giant Company Software acquisition this month, but Exchange improvements will be delayed. [more]
Thursday, 6 January 2005, 10:11 AM CET

Companies team to enable push-button security in WiFi nets
Broadcom has teamed up with Linksys and Hewlett-Packard to bring push-button security capabilities to WiFi networks. [more]
Thursday, 6 January 2005, 10:07 AM CET

Adobe Policy Server sets PDF access rights
Adobe announced the availability of the Adobe LifeCycle Policy Server, which company officials say provides the strongest and most versatile security controls Adobe has ever delivered for determining who can open or modify PDF documents. [more]
Thursday, 6 January 2005, 1:10 AM CET

Congresswoman reintroduces spyware bill
Spyware legislation that would allow fines of up to $3 million for makers of software that steals personal information from a user's computer or highjacks its browser will get a second look after the U.S. Congress failed to pass the legislation in 2004. [more]
Thursday, 6 January 2005, 1:08 AM CET

Symantec and Veritas: a fearsome twosome
Veritas is the king of data protection, and Symantec is the king of security. Together, it's easy to spin a story of synergy. [more]
Thursday, 6 January 2005, 1:07 AM CET

SSL VPNs will become access standard
Forrester survey says SSL VPNs will surpass traditional IPsec VPNs as the de-facto remote access security standard by 2008. [more]
Thursday, 6 January 2005, 1:03 AM CET

SSH port forwarding
In this article we look at SSH Port Forwarding in detail, as it is a very useful but often misunderstood technology. SSH Port Forwarding can be used for secure communications in a myriad of different ways. [more]
Thursday, 6 January 2005, 12:57 AM CET

Is a job in security the cure for job insecurity?
At various times in the past four years, many IT professionals have suffered from job insecurity. And as we turn the calendar to 2005, a long-term cure for such a problem might be a job in security. [more]
Thursday, 6 January 2005, 12:23 AM CET

ThinkPad T42 with biometric security
IBM has again raised the bar on laptop security by adding built-in biometric security to its already attractive ThinkPad T42 series. [more]
Thursday, 6 January 2005, 12:22 AM CET

From Russia with malice
Organised online crime has risen dramatically in the former Soviet Union - and it's still growing. [more]
Thursday, 6 January 2005, 12:20 AM CET

A secure start for 2005
Security appliances are still coming out in droves. [more]
Thursday, 6 January 2005, 12:19 AM CET

AOL set to simplify online security
ID tags some way off but insecurities will be flagged every time members log in. [more]
Thursday, 6 January 2005, 12:17 AM CET

New advance fee scam
It's as dangerous offline as it is online. [more]
Wednesday, 5 January 2005, 1:03 PM CET

Linux and security at Salem Hospital: a case study
Salem Hospital of Oregon switches from barebones OS projects to commercialized Linux for its security. [more]
Wednesday, 5 January 2005, 1:02 PM CET

Security through testing
Protection of data against threats from outside organisations is fairly mature and most organisations are now taking steps to improve internal security in terms of access rights and password management, but threats from in-house software are still often overlooked. [more]
Wednesday, 5 January 2005, 11:49 AM CET

Army solicits network ideas
Army officials want to develop an architecture to better defend the service's network of voice, video and data systems. [more]
Wednesday, 5 January 2005, 11:08 AM CET

How to plan for a possible network attack
In this article we will focus on a much needed topic which is proactive planning. [more]
Wednesday, 5 January 2005, 11:05 AM CET

Biometric passports fail early privacy tests
Personal information stored in the passport's chip is vulnerable to hacking. [more]
Wednesday, 5 January 2005, 9:58 AM CET

'Spamford' accepts injunction in FTC spyware case
The Federal Trade Commission and Sanford Wallace reached an agreement that will prevent Wallace from putting so-called spyware programs on users' computers while an FTC lawsuit against him proceeds. [more]
Wednesday, 5 January 2005, 9:56 AM CET

Securing your workstation with Firestarter
Firestarter is a GPL-licensed graphical firewall configuration program for iptables. [more]
Wednesday, 5 January 2005, 9:49 AM CET

Remote access security
Remote-access security is a priority. Here's how to find the system that works for any situation and any budget. [more]
Wednesday, 5 January 2005, 9:39 AM CET

The difference between spyware and viruses
Is it a virus, or spyware? [more]
Wednesday, 5 January 2005, 9:38 AM CET

Phishing attacks increase by 29 per cent
More than 1518 spoof sites reported by Anti-Phishing Working Group. [more]
Wednesday, 5 January 2005, 9:33 AM CET

SanDisk acquires Secure Flash developer
SanDisk Corp. said it has acquired MDRM, a privately held Israeli developer of technology for secure content distribution through flash memory cards. [more]
Wednesday, 5 January 2005, 9:32 AM CET

Microsoft readies 'A1' security subscription service
Microsoft's anti-virus/anti-spyware strategy is taking shape. Sources say Redmond's prepping a fee-based bundle, which could go beta soon. [more]
Tuesday, 4 January 2005, 4:49 PM CET

It's Easy to secure Windows 2000 servers
Although Windows 2000 servers have a reputation for being notoriously insecure, if you take the time it is actually possible to lock them down so tightly that leading scanners will not even recognize that they are Windows servers. [more]
Tuesday, 4 January 2005, 4:42 PM CET

Bots and adware top threats for 2005
Bots and mass-mailers are expected to remain the predominant methods by which virus writers attack enterprises in 2005, according to security experts. [more]
Tuesday, 4 January 2005, 3:44 PM CET

Forensic discover with MACtimes
At times knowing when something happened is more valuable than knowing what took place. There are two ways to get time data: by observing activity directly and by observing that activity's secondary effects on its environment. In this article, we focus on the latter. [more]
Tuesday, 4 January 2005, 1:36 PM CET

Golden state of privacy
California laws that went live on New Year's Day keep cell phones unlisted and rental cars unmonitored. The effects could be felt nationwide. [more]
Tuesday, 4 January 2005, 1:22 PM CET

Stalking the wild Wi-Fi network
Several devices on the market will help you find a Wi-Fi network, but the same price doesn't mean the same performance. [more]
Monday, 3 January 2005, 3:21 PM CET

Entrap: a file integrity checker
Ed and John introduce their Entrap utility, which is a suite of Korn shell scripts that compares two snapshots of a system and reports the differences. [more]
Monday, 3 January 2005, 9:58 AM CET

Linux stateful firewall design
This tutorial shows you how to use netfilter to set up a powerful Linux stateful firewall. [more]
Monday, 3 January 2005, 9:56 AM CET

How to build an ISA firewall lab with Virtual PC 2004
This article talks about how to use the advanced networking features of Virtual PC and using them in an ISA firewall lab. [more]
Monday, 3 January 2005, 1:10 AM CET

Security: still critical
Four ways to protect your tech investments. [more]
Monday, 3 January 2005, 12:00 AM CET

Spotlight

Is it time to professionalize information security?

Posted on 23 May 2013.  |  The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.

Review: Logging and Log Management

Posted on 22 May 2013.  |  Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.

Experts highlight top data breach vulnerabilities

Posted on 22 May 2013.  |  Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.

A closer look at Mega cloud storage

Posted on 21 May 2013.  |  Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.

The CSO perspective on healthcare security and compliance

Posted on 20 May 2013.  |  Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.