Off The Wire Archive

News items for January 2006

Online storage service promises secure data protection
A new storage website has been launched that allows you to store your personal digital content that can then be accessed securely from any computer for PC users spelling the possible end to lost data. [more]
Tuesday, 31 January 2006, 5:49 PM CET

LiveJournal Cross Site Scripting security challenge
LiveJournal is offering a free permanent account and possibly other prizes to those who find new vulnerabilities in its XSS Security Challenge. [more]
Tuesday, 31 January 2006, 5:48 PM CET

UK To Strengthen Cybercrime Laws
One of the biggest problems with cybercrime in the UK remains the law. Back in 1990, the government passed the Computer Misuse Act. [more]
Tuesday, 31 January 2006, 5:47 PM CET

CRN: VoIP applications have inherent security issues
The Communications Research Network (CRN) believes that VoIP applications could provide excellent cover for launching denial of service (DoS) attacks because VoIP runs continuous media over IP packets. [more]
Tuesday, 31 January 2006, 4:37 PM CET

CERT Stats Under Fire
Linux supporters have roundly criticized a recent report from the United States Computer Emergency Readiness Team (CERT), which reported that during 2005, Linux and Unix combined had 2,328 vulnerabilities, compared with 812 vulnerabilities for Microsoft Windows. [more]
Tuesday, 31 January 2006, 4:31 PM CET

State gov't site hacked, credit card numbers stolen
Someone broke into the official Rhode Island state government Web site, www.ri.gov late last month and stole 4,117 credit card numbers, according to New England Interactive (NEI), the company that manages the site. [more]
Tuesday, 31 January 2006, 4:30 PM CET

Audit Chides Department Of Homeland Security's WAN
The Department of Homeland Security's wide area network risks service disruptions and losing data because of a high volume of security problems, according to a recent audit. [more]
Tuesday, 31 January 2006, 4:29 PM CET

Exploit lurks in AMD Web site
Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday. [more]
Tuesday, 31 January 2006, 4:28 PM CET

Sidebar: A Simple Rootkit Example
An important element of a kernel rootkit is its ability to hide itself and cover up what is really going on. Here's one way that some rootkits do that. [more]
Tuesday, 31 January 2006, 4:23 PM CET

AOL patches critical media player flaw
A new version of the Winamp player was released yesterday, the day after the rogue code was unleashed by malicious hackers. [more]
Tuesday, 31 January 2006, 4:22 PM CET

Symantec readies 'Genesis' subscription service
Symantec expects to begin offering a new consumer security service similar to Microsoft's Windows OneCare Live by September of this year, a company executive said Monday. [more]
Tuesday, 31 January 2006, 4:19 PM CET

Critical security flaw found in Winamp
An "extremely critical" security vulnerability has been discovered in AOL's Winamp digital media player, relating to the way the software handles filenames that include a computer name. [more]
Monday, 30 January 2006, 8:22 PM CET

Open source software is an easier hack: Mitnick
In an exclusive interview on Friday, infamous hacker Kevin Mitnick told Tectonic that, given the choice between finding security vulnerabilities in closed and open source, he'd prefer to attack an open source environment. [more]
Monday, 30 January 2006, 8:19 PM CET

Nyxem.e scheduled to strike on February 3rd
Kaspersky Lab warns users against Email-Worm.Win32.Nyxem.e, which potentially poses a serious threat. [more]
Monday, 30 January 2006, 8:17 PM CET

Microsoft to omit anti-virus from Vista
Microsoft will omit anti-virus protection in Vista, the next version of Windows, which it plans to ship late this year. [more]
Monday, 30 January 2006, 8:16 PM CET

Groceries: the new teachers of network security
After grappling with our company's compliance to Sarbanes-Oxley, I've come to the conclusion that retail store owners could teach us security professionals a thing or two about network security. [more]
Monday, 30 January 2006, 8:15 PM CET

MSNPawn – footprinting, profiling and assessment with MSN Search
SEARCH.MSN provides web services APIs to build applications using their search interface. For the examples outlined in this paper, some of the information is retrieved using this interface, with a sample application called MSNPawn. [more]
Monday, 30 January 2006, 10:34 AM CET

ChoicePoint's far from alone in data security dungeon
The Federal Trade Commission recorded more than 685,000 consumer fraud and identity theft complaints in its database in 2005. Thirty-seven percent of all of the complaints were due to identity theft. [more]
Monday, 30 January 2006, 2:14 AM CET

Oracle fires back at security researcher on PLSQL patch
Company says four-line PLSQL patch causes new problems. [more]
Monday, 30 January 2006, 1:50 AM CET

Denial of Service attack-detection techniques
Denial-of-service (DoS) detection techniques — such as activity profiling, change-point detection, and wavelet-based signal analysis — face the considerable challenge of discriminating network-based flooding attacks from sudden increases in legitimate activity or flash events. [more]
Monday, 30 January 2006, 1:09 AM CET

Cellcos and senate vs social engineering
New legislation proposed by Senator Chuck Schumer (D, NY) and backed by heavyweights from both major parties, seeks to criminalize both the practitioners and the dupes of "social engineering". [more]
Monday, 30 January 2006, 1:04 AM CET

Thief nabs backup data on 365,000 patients
About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records. [more]
Monday, 30 January 2006, 12:52 AM CET

Users wary of online crime
Internet users believe they are more likely to be victims of a cybercrime than a physical one in the coming year, according to a survey released this week. [more]
Monday, 30 January 2006, 12:49 AM CET

Microsoft tricks hacker into jail
Nobody was ever arrested for leaking the secret source code for parts of the Windows operating system in 2004, but a hacker who sold a copy online afterward was sentenced to two years in federal prison Friday. [more]
Monday, 30 January 2006, 12:24 AM CET

Secure Shell standard moving forward
The Secure Shell protocol is one step closer to becoming an Internet Engineering Task Force (IETF) standard. Earlier this month SSH Communications Security Corp. announced that the Secure Shell protocol specifications have reached Proposed Standard status. [more]
Monday, 30 January 2006, 12:20 AM CET

Blackmal virus spreads in India, Peru
The mass-mailing Blackmal.E virus has spread to more than 300,000 machines, far less than the 9 million hits indicated by a Web counter used by the program, according to an analysis of the data retrieved from the affected Internet service provider. [more]
Friday, 27 January 2006, 9:25 PM CET

Symantec warns of notebook dangers
New research from Symantec claims the average value of the data stored on a notebook computer "exceeds £500,000". [more]
Friday, 27 January 2006, 9:25 PM CET

U.K. bill would increase penalties for cybercriminals
The British government has proposed sharply increasing penalties for computer crimes, which are taking a financial toll on U.K. businesses. [more]
Friday, 27 January 2006, 9:24 PM CET

Phisher could get 30-year jail term
A Californian man faces up to 30 years in prison for a phishing scam that stole the credit and debit card numbers of AOL customers. [more]
Friday, 27 January 2006, 2:11 PM CET

Vista's new security features
A recap of the security upgrades in the next version of Windows shows better malware, spyware, and access control features throughout. [more]
Friday, 27 January 2006, 1:43 PM CET

Blue Hat 2005 - security researchers come to MS
Andrew Cushman a Security Architect tells you what Blue Hat is, what and who it's for, and why we were hosting a bunch of Security Researchers at Microsoft. [more]
Friday, 27 January 2006, 1:27 PM CET

Companies are turning to authentication vendors
As emerging security threats cause confidence in online services to wane, banks and businesses are searching for new ways to restore users' faith. [more]
Friday, 27 January 2006, 1:25 PM CET

Code scanning tools do not make software secure
There has been a lot of press recently about using ‘code scanning’ tools to find security bugs in source code. So I thought I’d share my view on code scanning tools. [more]
Friday, 27 January 2006, 1:24 PM CET

Security no longer a Linux deployment hurdle
The challenge for Linux —an operating system that has a reputation for its scalability and "hard as nails" security in the enterprise market—is simple: Where does it go from there? [more]
Friday, 27 January 2006, 1:22 PM CET

What to watch out for with Wi-Fi
Wi-Fi networks use short-range radio frequencies to communicate between devices, eliminating the necessity for running cable. While operating without wires is an advantage, users and IT personnel need to be aware that Wi-Fi networks do not recognize walls as barriers. [more]
Friday, 27 January 2006, 1:20 PM CET

Rootkits headed for BIOS
Insider attacks and industrial espionage could become more stealthy by hiding malicious code in the core system functions available in a motherboard's flash memory, researchers said on Wednesday at the Black Hat Federal conference. [more]
Friday, 27 January 2006, 1:19 PM CET

Cisco VPN gear vulnerable to DoS attacks
Organizations running certain Cisco VPN gear may be susceptible to a remote denial-of-service attack that could knock out network connections for teleworkers or traveling employees accessing a corporate network over the Internet. [more]
Friday, 27 January 2006, 1:19 PM CET

Ameriprise notifying 226,000 customers, advisers of data theft
A stolen laptop contained names, account numbers and Social Security numbers. [more]
Friday, 27 January 2006, 1:18 PM CET

Cisco VPN gear vulnerable to DoS attacks
Organizations running certain Cisco VPN gear may be susceptible to a remote denial-of-service attack that could knock out network connections for teleworkers or traveling employees accessing a corporate network over the Internet. [more]
Friday, 27 January 2006, 1:14 PM CET

ChoicePoint fined $15m for security blunders
The Federal Trade Commission (FTC) has agreed a $15m settlement with US credit bureau ChoicePoint after criminals hacked into the firm's databases last February. [more]
Friday, 27 January 2006, 1:08 PM CET

Court backs airport ID checks
Airlines and the U.S. government have the right to keep passengers from boarding planes if they refuse to show personal identification, a U.S. appeals court ruled Thursday. [more]
Friday, 27 January 2006, 12:49 PM CET

New year brings fresh security fears
Everybody knows that the pace of change in the technology world is relentless and that today's hi-tech hotshot can be tomorrow's also ran. [more]
Friday, 27 January 2006, 12:34 PM CET

Ethical hackers help firms fight attacks
Businesses are hiring a growing number of ethical hackers to test the security of their IT systems, the consulting group NCC said this week. [more]
Friday, 27 January 2006, 12:31 PM CET

Most businesses don't enforce mobile security policy
One in five companies with widespread deployment of mobile devices lacks security policies. [more]
Thursday, 26 January 2006, 3:25 PM CET

Cybercrime feared 3 times more than physical crime
Three times more Americans think they'll be hit by computer crime in the next year than real-world wrongdoing of the old-fashioned kind, a survey released Wednesday by IBM said. [more]
Thursday, 26 January 2006, 3:13 PM CET

MS sues over anti-spyware scam
Spyware Cleaner misleading and ineffective, alleges Washington state. [more]
Thursday, 26 January 2006, 3:02 PM CET

Phishers sneak into Yahoo accounts
Bogus web pages seek to elicit user names and passwords. [more]
Thursday, 26 January 2006, 3:00 PM CET

Spyware suspect arrested in Japan
Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that a suspected spyware developer has been arrested in Japan. [more]
Thursday, 26 January 2006, 2:56 PM CET

VoIP gives DDoS attackers perfect cover
Firms must act now to build defences as criminals will exploit this loophole sooner rather than later. [more]
Thursday, 26 January 2006, 2:32 PM CET

Microsoft readies two-way firewall for Vista
Filtering both inbound and outbound traffic will give administrators greater control over which applications are allowed to run on their systems. [more]
Thursday, 26 January 2006, 2:31 PM CET

State CIOs need more IT security support from DHS
Department of Homeland Security's detached attitude toward cybersecurity may be cause for alarm. [more]
Thursday, 26 January 2006, 2:28 PM CET

Cambridge prof warns of Skype botnet threat
VoIP traffic can cover a multitude of sins. [more]
Thursday, 26 January 2006, 2:27 PM CET

Malware potency increases as numbers drop
Global malware outbreaks decreased last year only to be replaced by smaller scale, stealthier attacks targeted at specific organisations or individuals, and designed to extract sensitive information. [more]
Thursday, 26 January 2006, 2:26 PM CET

Anti-spyware project helps users
Hi-tech firms are setting up a project to help users spot if downloads are infested with spyware and adware. [more]
Thursday, 26 January 2006, 2:26 PM CET

Avaya, Juniper team up for secure IP telephony
Partnership aims to help enterprises extend secure distributed IP voice capabilities worldwide. [more]
Thursday, 26 January 2006, 2:11 PM CET

Oracle in war of words with security researcher
A security researcher released details of a critical flaw in Oracle's application and Web software on Wednesday, criticising the company for not cooperating with the security community and taking too long to fix software issues that threaten its customers. [more]
Thursday, 26 January 2006, 2:08 PM CET

Emirates tightens network security
Intrusion prevention helps airline to prevent breaches. [more]
Thursday, 26 January 2006, 2:07 PM CET

Big risks come in small packages
Some years ago, I left my laptop computer on a train from Washington to New York. Replacing the computer was expensive, but at the time I was more worried about the data. [more]
Thursday, 26 January 2006, 2:06 PM CET

Coming to your PC's back door: Trojans
Targeted Trojans are key because they bypass most antivirus software and entice the recipient to believe the e-mail transmitting the Trojan is legitimate. [more]
Thursday, 26 January 2006, 2:05 PM CET

Gartner slams Oracle security processes
Firm's software 'can no longer be considered a bastion of security', claims analyst. [more]
Thursday, 26 January 2006, 2:04 PM CET

VoIP vulnerability may be over-hyped, analyst says
The surfacing of a pair of flaws in Cisco’s CallManager IP telephony servers last week raises the hot-button issue of how to secure enterprise VoIP networks from attacks. [more]
Wednesday, 25 January 2006, 3:04 PM CET

The perfect Linux firewall part 1 - IPCop
This document describes how to install the GNU/Linux GPL IPCop firewall and create a small home office network. [more]
Wednesday, 25 January 2006, 2:59 PM CET

MP3s – the big security risk in 2006
Once again the problem of mobile device security is raising its head. Yet that is the world we live in. Like it or not, the miniaturisation of disk storage technology means that the amount of data that can be stored on mobile devices continues to climb. [more]
Wednesday, 25 January 2006, 10:58 AM CET

Making VOIP secure
A converged voice and data network may sound like a fabulous idea until you remember the last time a worm or denial of service attack brought your network to its knees. Do you really want the network and your phone system to go down together? [more]
Wednesday, 25 January 2006, 10:57 AM CET

Is Gates' prediction on spam a bust?
"I think the only way to characterize that prediction, as we stand today, is inaccurate," said Scott Chasin, chief technology officer at e-mail services company MX Logic, of Gates' declaration from two years ago. "Spam is still congesting the Internet, and it's obviously a very visible problem in most consumer mailboxes." [more]
Wednesday, 25 January 2006, 10:45 AM CET

Security hot issue for open-source database developers
According to Evans Data's Fall Database Development Survey, open-source database deployments were up more than 20 percent in the last six months. MySQL use, for example, increased by more than 25 percent in six months and is approaching majority status in the database space. Currently, forty-four percent of developers use the open-source MySQL system. [more]
Wednesday, 25 January 2006, 2:28 AM CET

Add an extra layer of security with systrace
Niels Provos' Systrace is a utility that monitors and controls what an application can access on a system by creating and enforcing access policies for system calls. [more]
Wednesday, 25 January 2006, 2:27 AM CET

Surge in CNP fraud causes concern
Payment firms say banks should do more to help online retailers to combat crime. [more]
Wednesday, 25 January 2006, 2:16 AM CET

Online crime matures beyond adolescence
Cybercrime is moving from broad ego-driven outbreaks to much smaller targeted attacks aimed at stealing sensitive data or extorting money from companies, IBM stated in its 2005 Global Business Security Index Report released on Monday. [more]
Wednesday, 25 January 2006, 2:14 AM CET

The year of living DRMishly
This year may be the year that gadget makers finally conquer the living room, replacing DVD players, VCRs and personal video recorders with all-in-one media devices that serve up HDTV, pre-recorded movies and digital music. [more]
Tuesday, 24 January 2006, 3:01 PM CET

Yahoo! phishing warning
Websense is warning internet users of a new phishing scam targeting Yahoo! users. [more]
Tuesday, 24 January 2006, 2:50 PM CET

Consumer group files complaint against 'adware' firm
A Washington, D.C., civil liberties and consumer group has filed two complaints against Web-based marketer 180solutions, accusing the company of "duping" Internet users into downloading intrusive advertising software. [more]
Tuesday, 24 January 2006, 1:37 PM CET

Chrooted SSH howto
This tutorial describes how to install and configure OpenSSH so that it will allow chrooted sessions for users. [more]
Tuesday, 24 January 2006, 1:37 PM CET

Next on your agenda: genetic privacy
Who could forget the scene in the film Minority Report where the police -- following a tip from mutants who could see the future -- raided a house and arrested a man before he could commit a foreseen crime? [more]
Tuesday, 24 January 2006, 11:20 AM CET

Fear of fraud hampers UK online banking
The UK's Financial Services Authority (FSA) has warned banks that they must do more to help consumers to deal with online banking fraud, warning that consumer confidence in internet banking is currently very fragile. [more]
Tuesday, 24 January 2006, 11:19 AM CET

How to get more out of your Windows Firewall
So have you ever wondered how to tell if your Windows firewall is working? Ever notice that there is no information really telling you what is going on? [more]
Tuesday, 24 January 2006, 11:15 AM CET

Linux struck by major security hole
Linux vendors have warned of a serious security flaw affecting the KDE desktop environment, one of the two main graphical user interfaces used on Linux and Unix operating systems. [more]
Tuesday, 24 January 2006, 11:13 AM CET

Microsoft nabs Bulgarian phishers
Hunter becomes the hunted. [more]
Tuesday, 24 January 2006, 11:11 AM CET

MasterCard charges ahead on managing security data
Rolling out a new breed of tools that capture information from IT security logs can be a daunting task for corporate users, who may need to bulk up their systems and storage devices to handle the torrents of data that can be generated. [more]
Tuesday, 24 January 2006, 11:08 AM CET

Encryption using chaos
Lasers that "hide" messages could mean more foolproof security. [more]
Tuesday, 24 January 2006, 11:07 AM CET

IBM sees cyber criminals turn pro
2006 promsises new challenges, report predicts. [more]
Tuesday, 24 January 2006, 11:05 AM CET

Hacker admits renting 'botnet' to spammers
Two military computers among those taken over. [more]
Tuesday, 24 January 2006, 11:05 AM CET

Encryption tossed into the too-hard basket
Very few enterprises in Australia use encryption to protect sensitive data, especially if it involves customer data. [more]
Monday, 23 January 2006, 12:38 PM CET

New opportunities, challenges for wiretaps
Modern communications networks can be tapped for vast volumes of information, but considerable technical challenges must be overcome before the data streams can be of any use to eavesdroppers. [more]
Monday, 23 January 2006, 12:37 PM CET

Microsoft earns patching praise from IT execs
Users say some rivals lag behind on fixing flaws, disclosing security info. [more]
Monday, 23 January 2006, 12:35 PM CET

CLI magic: OpenSSH + Bash
As a system administrator, I have used OpenSSH's piping abilities more times than I can remember. [more]
Monday, 23 January 2006, 12:33 PM CET

Trojan blitz poses as credit card warning
UK businesses faced a barrage of 115,000 emails containing a new Trojan on Friday, 22 January before anti-virus vendors scrambled out an update, according to email filtering firm BlackSpider Technologies. [more]
Monday, 23 January 2006, 12:32 PM CET

Nokia develops Web server for S60
For quite some time it has been possible to access the Internet using mobile phones, although the role of the phone has strictly been that of a client. Times have changed. [more]
Monday, 23 January 2006, 12:31 PM CET

Safeguarding wireless networks
Meru Networks' intrusion-prevention system scrambles radio-frequency signals carrying malicious code. [more]
Monday, 23 January 2006, 12:29 PM CET

Smartcard key to flier fast lane
Frequent fliers willing to be fingerprinted and background-checked may soon get their own airline screening lanes run by private companies in the nation's airports, homeland security officials say. [more]
Monday, 23 January 2006, 12:28 PM CET

Windows back door rumor is bunk
Contrary to a recent rumor circulating on the internet, Microsoft did not intentionally back-door the majority of Windows systems by means of the WMF vulnerability. Although it is a serious issue that should be patched straight away, the idea that it's a secret back door is quite preposterous. [more]
Monday, 23 January 2006, 12:27 PM CET

Q&A: Oracle exec says users get enough flaw info
The company’s security unit chief defends limited disclosures, quarterly patching schedule. [more]
Monday, 23 January 2006, 12:26 PM CET

LiveJournal makes changes to counteract security threat
The Weblog service moves to protect user account information. [more]
Monday, 23 January 2006, 12:11 PM CET

Tracing an e-mail
The purpose of this guide is to show the process involved in tracing an email. [more]
Monday, 23 January 2006, 1:48 AM CET

Security company uses Google to help find vulnerabilities
Malicious hackers have been doing it a while. Now, Secure Elements is using Google search technology to help security managers spot vulnerabilities in their networks. [more]
Friday, 20 January 2006, 2:45 AM CET

F-Secure quickly fixes 23 AV flaws
Finnish security company F-Secure released patches for its flagship Windows and Linux anti-virus line Thursday to fix flaws revealed by an independent researcher. [more]
Friday, 20 January 2006, 2:37 AM CET

Botnets shrinking in size, harder to trace
Criminal hackers increasingly launch extortion schemes backed by the muscle of botnets. [more]
Friday, 20 January 2006, 2:06 AM CET

MasterCard deploys security information manager tool
MasterCard International Inc. launched new security information manager (SIM) software purchased from a small vendor last April and only three months later saw big improvements in security management efficiency that continue today. [more]
Friday, 20 January 2006, 2:03 AM CET

Spy on yourself online
Forget spyware. Here comes myware. Soon you'll collect data on your own Web use for fun and profit. [more]
Friday, 20 January 2006, 2:00 AM CET

Portable storage devices pose security threat
Have you been following the story about cell phone records being sold on the Internet? The Chicago Sun-Times published an interesting article on this not long ago, but this outrageous practice has been going on for quite some time. [more]
Friday, 20 January 2006, 1:37 AM CET

Inside the WMF backdoor
The WMF vulnerability stems from the fact that WMF supports the SetAbortProc API, which is the GDI call to set an abort procedure, that Windows expects abort procedure code to be stored directly in the SetAbortProc WMF record, and that Windows will invoke the procedure under certain conditions immediately after processing the record. [more]
Friday, 20 January 2006, 1:21 AM CET

Graphical passwords for Windows
How do you get users to make passwords that are simple enough to remember but complex enough that they can't be guessed? [more]
Friday, 20 January 2006, 1:16 AM CET

Phishing attacks hit all-time high
The continued rise in phishing attacks shows increasing sophistication in strategy as well as more organized efforts among online criminals, said Dave Jevans, APWG chairman. [more]
Friday, 20 January 2006, 12:42 AM CET

HP and Hitachi to jointly improve enterprise security
HP and Hitachi are to conduct joint work on key security and privacy technology issues.
[more]
Friday, 20 January 2006, 12:21 AM CET

Flaw researcher offers ad space in report
A security researcher who previously tried to auction off a vulnerability in Microsoft Excel plans to sell ad space in the public report about the flaw, SecurityFocus has learned. [more]
Friday, 20 January 2006, 12:13 AM CET

Twenty years of computer viruses
It is 20 years since the release of the world's first PC virus, according to antivirus firm F-Secure. [more]
Friday, 20 January 2006, 12:06 AM CET

Symantec warns of Veritas NetBackup exploit
According to Galen Schreck, a senior analyst at Forrester Research, although buffer-overflow attacks are a serious risk, the impact from this exploit is limited at best, and is unlikely to become a major issue. [more]
Friday, 20 January 2006, 12:01 AM CET

Security threat to back-up systems
Companies are being urged to patch their data back-up systems against a number of security holes in the products of two market leading companies. [more]
Thursday, 19 January 2006, 2:12 PM CET

Microsoft downplays Windows Wi-Fi 'anomaly'
A design flaw in Windows XP and Windows 2003 systems with built-in wireless capabilities could be exploited by hackers to lure Wi-Fi users into connecting to malicious wireless networks, according to Microsoft, which recently completed an investigation of the issue. [more]
Thursday, 19 January 2006, 12:57 PM CET

The backhoe: a real cyberthreat
At half-past noon on Jan. 9, cable TV contractors sinking a half-mile of cable near Interstate 10 in rural Arizona pulled up something unexpected in the bucket of their backhoe: an unmarked fiber-optic cable. [more]
Thursday, 19 January 2006, 11:38 AM CET

New FBI computer crime survey
Want insight into the cyber attacks that U.S. organizations are facing, what defenses they're using against these assaults, and the implications for industry and government? [more]
Thursday, 19 January 2006, 11:25 AM CET

Network access security device sales to soar over 1000%
Worldwide revenues from sales of network access control (NAC) enforcement products will soar 1,101% over the next three years, according to a new report from Infonetics research. [more]
Thursday, 19 January 2006, 11:11 AM CET

IBM Secure Shell library for Java
A lightweight implementation of the Internet Engineering Task Force (IETF) Secure Shell (SSH-2) protocol. [more]
Thursday, 19 January 2006, 11:10 AM CET

How not to respond to a security advisory
A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals. [more]
Thursday, 19 January 2006, 11:08 AM CET

Simple worm makes great strides
The worm's attachment can be either an executable file or a MIME file that contains an executable. [more]
Thursday, 19 January 2006, 2:09 AM CET

Understanding elliptic-curve cryptography
The risk of intrusion and eavesdropping goes up as electronic communication equipment becomes increasingly wireless and ubiquitous. [more]
Thursday, 19 January 2006, 2:06 AM CET

Security concerns mount for wireless networks
Security is top-of-mind for businesses managing wireless networks, especially as they start adding new applications, such as voice over IP. Meru Networks' new offering scrambles malicious code at the radio-frequency signal level. [more]
Thursday, 19 January 2006, 1:43 AM CET

Segregate duties to lessen security risks
The basic intent of segregation of duties (SOD) controls are that no one person should have excessive control over one or more critical processes. [more]
Thursday, 19 January 2006, 1:10 AM CET

US Marine scam email hits inboxes
Three Kings comes to the 419 scam. [more]
Thursday, 19 January 2006, 12:56 AM CET

It's time to band together for better data security
A steady stream of high-profile data breaches has shone a bright spotlight on the need for improving information and data security. [more]
Thursday, 19 January 2006, 12:52 AM CET

Business booms as virus threats grow
Computing talks to Eva Chen, chief executive of Japanese security firm Trend Micro. [more]
Thursday, 19 January 2006, 12:38 AM CET

Detect, deploy, and defend against outside threats
Learn how to defend against viruses - and prevent costly downtime - by ensuring that your systems are automatically patched against security threats. Close security holes before hacking, compliance or infringement issues jeopardize your infrastructure. [more]
Thursday, 19 January 2006, 12:21 AM CET

Mass spying means gross errors
The United States government either currently has, or soon will have, new technology that makes mass surveillance possible. The next question for citizens and other policy makers is whether and when to use this capability. [more]
Wednesday, 18 January 2006, 11:38 AM CET

Mac security concerns answered
Technology commentator Bill Thompson responds to the feedback he received over his column suggesting that Mac users are too smug about computer security. [more]
Wednesday, 18 January 2006, 10:15 AM CET

Spyware makers aiming for enterprises
Targeted attacks against organizations are supplanting spyware attacks against consumers as the most common malware threats on the Internet, according to a recent report from Panda software. [more]
Wednesday, 18 January 2006, 10:15 AM CET

Blackmailers target $1m website
Alex Tew hit the headlines at the start of the year when he revealed his Million Dollar Homepage had made him a million dollars in four months. [more]
Wednesday, 18 January 2006, 10:13 AM CET

Oracle releases quarterly security patches
Update addresses 37 vulnerabilities in database software and some in server products. [more]
Wednesday, 18 January 2006, 10:11 AM CET

Suits seek end to domestic spying
Federal lawsuits were filed Tuesday seeking to halt President Bush's domestic eavesdropping program, calling it an "illegal and unconstitutional program" of electronic eavesdropping on American citizens. [more]
Wednesday, 18 January 2006, 10:09 AM CET

New keylogging trojan races around the world
PC Tools' research team discovered the trojan and on Wednesday classified it as high risk. [more]
Wednesday, 18 January 2006, 10:08 AM CET

U.S. government sued over NSA spying
The American Civil Liberties Union and the Center for Constitutional Rights filed lawsuits on Tuesday against the Bush Administration for conducting wiretaps of American citizens without judicial oversight. [more]
Wednesday, 18 January 2006, 12:44 AM CET

Banks to face no charges over India data theft incident
UK Commissioner's Office concludes that security policies at Indian call centers were sufficient. [more]
Wednesday, 18 January 2006, 12:38 AM CET

Windows XP Service Pack 3: not until 2007
The 'preliminary' due date for the next collection of fixes and patches for Microsoft's desktop operating system is as more than a year later than many company watchers were expecting. [more]
Wednesday, 18 January 2006, 12:23 AM CET

5 application-level attacks and the countermeasures to beat them
Attend this expert webcast today to receive a comprehensive overview of each type of application-level attack - active content; cross-site scripting; denial of service and SYN attacks; SQL injection attacks; and malicious bots. [more]
Wednesday, 18 January 2006, 12:05 AM CET

Phishing fraudsters target Apple
Email fraudsters are targeting Apple fans in a change of tactic from standard phishing attacks. [more]
Wednesday, 18 January 2006, 12:03 AM CET

Security specification readied for home networks
A hardware-based specification that could help paid-for content flow securely between devices in the digital living room is getting its finishing touches. [more]
Tuesday, 17 January 2006, 3:39 AM CET

How to make an RFID blocking wallet
With the proliferation of RFID devices and related privacy concerns, it seemed due time to create the RFID Blocking Duct Tape Wallet. [more]
Tuesday, 17 January 2006, 3:33 AM CET

Imprisoned Russian billionaire's fortune offered by 419 scammers
Sophos stopped thousands of messages related to an email scam that attempts to fool computer users into thinking they are in line to receive money from a jailed Russian oil tycoon. [more]
Tuesday, 17 January 2006, 3:21 AM CET

Security pros get their due
There's a growing market for information security expertise, and salaries are reflecting heightened demand. [more]
Tuesday, 17 January 2006, 3:15 AM CET

It's just the key to your room
Computerworld surveys 100 hotel card keys to explode an urban myth. [more]
Tuesday, 17 January 2006, 3:12 AM CET

Create a login and registry system in Apache Geronimo
Use JSP and a Java servlet to collect and insert user registration data into Geronimo's built-in Apache Derby database. [more]
Tuesday, 17 January 2006, 3:01 AM CET

Web applications are easy targets
Business software vendors are getting their security act together, but web apps remain a cause for concern. [more]
Tuesday, 17 January 2006, 2:52 AM CET

The search for the perfect electronic key
Electronic lock companies and hotels are experimenting with other security key devices, including biometric fingerprint readers, smart cards, and proximity cards that allow the guest to unlock the door without touching the lock. [more]
Tuesday, 17 January 2006, 2:37 AM CET

5 essential steps to PC security
As the new year begins, Fred Langa says keep these items in mind to help prevent data theft, identity theft, and private information falling into the wrong hands. These steps will give you 365 days of safe computing. [more]
Tuesday, 17 January 2006, 1:46 AM CET

Mac users 'too smug' over security
Technology commentator Bill Thompson is worried about the lack of herd immunity among his fellow Apple Mac users. [more]
Tuesday, 17 January 2006, 1:27 AM CET

The consolidated hacking guide for the Linksys WRT54GL
I recently acquired a Linksys WRT54GL wireless broadband router. The nice thing about this piece of networking gear is that it runs Linux. [more]
Tuesday, 17 January 2006, 1:10 AM CET

Fears raised over digital rights
A UK consumer watchdog has called for new laws to protect users' rights to use digital music and movies. [more]
Tuesday, 17 January 2006, 1:03 AM CET

US tests e-Passports
he US government has started testing electronic passports which contain an RFID chip holding information and a digital photo of the passport's carrier. [more]
Tuesday, 17 January 2006, 12:13 AM CET

Mobility done right - without the risk
Mobility is having a profound impact on productivity within organizations today. In a recent study, workers were found to be 13.4% more productive when using wireless devices. [more]
Tuesday, 17 January 2006, 12:10 AM CET

Data theft hits the Bahamas
Trouble in paradise, as database break-in exposes resort guests' personal information. [more]
Tuesday, 17 January 2006, 12:07 AM CET

Phishing scam exploiting the Microsoft WMF vulnerability
The Microsoft patch for the WMF vulnerability has now been out there for more than 10 days. Today we saw a phishing scam exploiting this vulnerability. [more]
Monday, 16 January 2006, 4:04 PM CET

Nortel road map stresses security
Nortel next month is expected to start revitalizing its enterprise switching business by introducing a new endpoint security product, which may be followed by a series of LAN resiliency and security announcements throughout the year. [more]
Monday, 16 January 2006, 1:49 PM CET

Towards a secure Web environment
Companies need to evolve with the Internet in implementing an effective network security strategy to reduce online risks. [more]
Monday, 16 January 2006, 11:32 AM CET

Rootkits in commercial software
By now many of you have heard that Symantec released a security advisory last Tuesday that reported its use of rootkit-like cloaking technology in its SystemWorks product. [more]
Monday, 16 January 2006, 11:20 AM CET

Tips for staying secure in 2006
Securing data while it travels between applications, business partners, suppliers, customers, and other members of an extended enterprise is crucial. As enterprise networks continue to become increasingly accessible, so do the risks that information will be intercepted or altered in transmission. [more]
Monday, 16 January 2006, 2:45 AM CET

Windows wireless flaw a danger to laptops
Mark "Simple Nomad" Loveless released information on a staggeringly simple but very dangerous wireless security problem with a feature built into most laptop computers running any recent version of the Microsoft Windows operating system. [more]
Monday, 16 January 2006, 2:29 AM CET

Trusted computing? Nothing to do with us, says UK IT
How interested is the computer industry in trusted computing? Not as much as you might think, suggests Eddie Bleasdale of netproject. [more]
Monday, 16 January 2006, 2:20 AM CET

Security vendors looking to define 'rootkit'
Symantec, Anti-Spyware Coalition hope to ease confusion over cloaking techniques. [more]
Monday, 16 January 2006, 2:19 AM CET

Anonymity on a disk
To many privacy geeks, it's the holy grail - a totally anonymous and secure computer so easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks. [more]
Monday, 16 January 2006, 2:09 AM CET

Detroit spammer faces slammer
A US spammer likely faces at least two years in jail next week after he admitted using networks of compromised PCs to distribute junk mail messages. [more]
Monday, 16 January 2006, 2:03 AM CET

Attacks mounting on 'Million Dollar Homepage'
British university student's profitable Web page coming under intense DDoS attacks. [more]
Monday, 16 January 2006, 12:14 AM CET

Kaspersky Lab denies using rootkits
Russian antivirus firm Kaspersky Lab has responded to allegations that it uses rootkit technology which could put customers at risk from hackers. [more]
Monday, 16 January 2006, 12:12 AM CET

WLAN security: which protocol is best for you?
If your organization has ever investigated WPA or WPA2 for securing its wireless infrastructure, the terms '802.1X' and 'EAP' will come up frequently. [more]
Monday, 16 January 2006, 12:10 AM CET

RFID scare tactics and the push to adopt
CIOs should focus on conveying the consumer benefits of RFID tags, said Forrester Research analyst Christine Overby. "Without clarification about how RFID works, consumers will base their opinion on the Big Brother stories currently making the headlines." [more]
Monday, 16 January 2006, 12:09 AM CET

GSA's vendor Web site closed to fix security flaw
Flaw could allow applicants to see and change data on other vendors. [more]
Monday, 16 January 2006, 12:08 AM CET

How to protect your organization with e-mail policies
Attend this webcast and hear why companies need to implement email policies to help stem the flow of sensitive information via email and how to reduce all types of risks associated with email. [more]
Monday, 16 January 2006, 12:03 AM CET

Real-time user monitoring
Complex networks hide the end-user experience. Real-time user monitoring technology lets you see things from your customers' perspective and address performance problems promptly. [more]
Friday, 13 January 2006, 3:29 PM CET

Three indicted In Xbox scam
Three men who were charged in December for allegedly pirating video games and installing them on modified Xbox consoles have been formally indicted. [more]
Friday, 13 January 2006, 10:03 AM CET

Hackers target IM products
Many experts in the field of extended communications agree that in 2005 there was a tipping point for recognition by enterprises of the usefulness of instant messaging (IM) products. [more]
Friday, 13 January 2006, 1:44 AM CET

Entangled photons seen as route to secure comms
More secure optical networks are a step closer following a breakthrough involving quantum devices that was reported Thursday (Jan. 12) by Toshiba Research Europe Ltd. (TRRL) and scientists from the University of Cambridge. [more]
Friday, 13 January 2006, 1:43 AM CET

Apple downplays iTunes 'spyware' fears
Track selection monitored but not stored, apparently. [more]
Friday, 13 January 2006, 1:41 AM CET

Symantec denies it uses rootkit in software
Symantec disputes the claim by researchers who said it was using a rootkit to hide files from users. [more]
Friday, 13 January 2006, 1:40 AM CET

Zero-day WMF flaw underscores patch problems
For four days in January, network administrators and security-savvy home users had a choice: Download and install an unofficial open-source fix for the critical flaw in the Windows Meta File (WMF) format or wait an estimated week for an official patch from Microsoft. [more]
Friday, 13 January 2006, 1:39 AM CET

Secure Java apps on Linux using MD5 crypt
Interface your applications to PAM-compatible authentication systems. [more]
Friday, 13 January 2006, 1:38 AM CET

The fix is in: filtering workplace Web use
You hook up a packet analyzer and find out that 50 percent of your bandwidth is being consumed by personal usage of the Web during business hours. [more]
Friday, 13 January 2006, 1:38 AM CET

The insider threat: understanding the risks
In today's world of disappearing network perimeters and high-stakes cyber-crime, no threat looms larger than that of the Insider. [more]
Friday, 13 January 2006, 1:37 AM CET

Viisage, Identix merging to form biometric ID giant
Two major players in the biometric identity, Viisage Technology and Identix, announced Thursday that they will merge. [more]
Friday, 13 January 2006, 1:35 AM CET

Symantec fixes 'rootkit' bug in Systemworks
Symantec has updated its popular Norton SystemWorks security suite this week following the discovery of a security bug that creates a possible means for hackers to hide computer viruses on infected systems. [more]
Thursday, 12 January 2006, 3:20 PM CET

Windows support program bent to fit
Microsoft's Windows maintenance program is in the spotlight as the company has admitted to bending its support rules over security while cutting support to users of Windows XP Home Edition early. [more]
Thursday, 12 January 2006, 1:24 PM CET

Anonymity won't kill the Internet
In a recent essay, Kevin Kelly warns of the dangers of anonymity. [more]
Thursday, 12 January 2006, 11:52 AM CET

FBI warns of mining accident e-mail scam
Internet users urged caution in opening and responding to unsolicited e-mail. [more]
Thursday, 12 January 2006, 9:50 AM CET

Wiretapping, FISA, and the NSA
U.S. wiretapping laws, FISA and Presidential powers given to the NSA to intercept communications make for interesting times when coupled with technology. What are the issues surrounding privacy, search, seizure and surveillance? [more]
Thursday, 12 January 2006, 1:26 AM CET

Linux security a national matter
U.S. taxpayers are now helping to improve open source software code and security thanks to a grant issued by the Department of Homeland Security (DHS). [more]
Thursday, 12 January 2006, 1:25 AM CET

MasterCard offers incentives to merchants that beef up security
Company to cut transaction rates, offer free network scans. [more]
Thursday, 12 January 2006, 1:16 AM CET

Review: AirMagnet Handheld Analyzer
Security vulnerabilities are abundant on wireless networks (WLAN) without the right safeguards in place, however. A cool product known as AirMagnet Handheld Analyzer can assist you in locking down your WLAN and trouble-shoot performance problems to boot. [more]
Thursday, 12 January 2006, 12:57 AM CET

Five mistakes of vulnerability management
Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done with Microsoft Corp.'s monthly patch update. Yet another group considers it a marketing buzzword made up by vendors. [more]
Thursday, 12 January 2006, 12:53 AM CET

Cracking the Bluetooth PIN
This paper describes the implementation of an attack on the Bluetooth security mechanism. [more]
Thursday, 12 January 2006, 12:28 AM CET

An introduction to services, runlevels, and rc.d scripts
What's the first thing that you do once you've logged onto Linux? Is it to manually start up a processes such as Apache or MySQL, or even start your network connection? [more]
Thursday, 12 January 2006, 12:22 AM CET

IT security body approved
Government authorises institute for computer security professionals. [more]
Thursday, 12 January 2006, 12:20 AM CET

US DHS funds security for open source
Grant to fund audits of more than 40 open source projects. [more]
Thursday, 12 January 2006, 12:17 AM CET

Security and compliance: danger lurks for stored data
Safeguarding stored data has always been challenging, but in a world where information is digital more than ever, and where compliance directives are increasingly more demanding, an effective data storage security strategy is a key aspect of doing business today. [more]
Thursday, 12 January 2006, 12:15 AM CET

Microsoft vs. computer security
Why the software giant still can't get it right. [more]
Wednesday, 11 January 2006, 6:57 PM CET

Phone tap: how's the traffic?
Driving to work, you notice the traffic beginning to slow. And because you have your cell phone on, the government senses the delay, too. [more]
Wednesday, 11 January 2006, 6:56 PM CET

Scammers offer defunct MS mag to developers
Fraudsters are attempting to sell subscriptions to a defunct magazine in a lame attempt to defraud Microsoft developers. [more]
Wednesday, 11 January 2006, 6:53 PM CET

SMEs not taking security seriously
Security experts at a roundtable event have warned that many retailers are still not deploying enough layers of protection to guard against online fraud. [more]
Wednesday, 11 January 2006, 6:52 PM CET

More WMF woes for Microsoft
Redmond dismisses new flaws as just 'performance issues'. [more]
Wednesday, 11 January 2006, 6:49 PM CET

Novell unveils Linux app security project
AppArmor is enterprise-level security software that Novell says can be deployed in hours and maintained cost-effectively without needing deep Linux or security expertise. [more]
Wednesday, 11 January 2006, 6:49 PM CET

More cracks appear in Windows
Microsoft released two more critical patches on Tuesday - days after it released an emergency fix for a critical WMF vulnerability that has been exploited by hackers and virus writers. [more]
Wednesday, 11 January 2006, 6:44 PM CET

Apple patches QuickTime vulnerabilities
Fixes five flaws that allow attackers to run malicious code on Mac OS X or Windows systems running the media player. [more]
Wednesday, 11 January 2006, 6:36 PM CET

Malware - future trends
Malware has truly evolved during the last couple of years. Its potential for financial and network based abuse was quickly realized, and thus, tactics changed, consolidation between different parties occurred, and the malware scene became overly monetized, with its services available on demand. [more]
Wednesday, 11 January 2006, 5:14 PM CET

New PC? How to set up a safe, secure system
"Building a solid security foundation is the key to protecting a brand new computer for years to come," said Marc Solomon, director of product management, McAfee Consumer Strategy and Marketing Group. "It is much easier to secure a new computer when you bring it home than to try to clean up an old one that's been infected with viruses and worms." [more]
Tuesday, 10 January 2006, 4:07 PM CET

US criminalises cyber-harassment
A US legal amendment has made it an offence to annoy anyone anonymously over the internet. [more]
Tuesday, 10 January 2006, 3:27 PM CET

Microsoft Research India to work on cryptography
Microsoft taps India's leading academic institutions for students with complex mathematical skills. [more]
Tuesday, 10 January 2006, 3:25 PM CET

Judge gives nod to Sony BMG copy-protection deal
A federal judge Friday gave preliminary approval to a deal that would settle several lawsuits filed against Sony BMG Music over flawed copy-protection programs. [more]
Tuesday, 10 January 2006, 3:15 PM CET

Hackers are ready for IPv6 - are you?
One of the arguments for moving to version 6 of the Internet Protocols is that it will offer more security. [more]
Tuesday, 10 January 2006, 3:11 PM CET

Network security appliance segment looking good
The worldwide market for network security appliances and software may have experienced anemic growth in the second and third quarters of last year, but -- its temporary anemia notwithstanding -- industry watcher Infonetics Research expects says this segment will explode over the coming year. [more]
Tuesday, 10 January 2006, 3:02 PM CET

Security flaws on the rise, questions remain
After three years of modest or no gains, the number of publicly reported vulnerabilities jumped in 2005, boosted by easy-to-find bugs in web applications. [more]
Tuesday, 10 January 2006, 2:56 PM CET

Former cyber security chief to head CIA unit
Former U.S. cyber security chief Amit Yoran is the new president and CEO of In-Q-Tel, the CIA's independent venture capital arm. [more]
Tuesday, 10 January 2006, 2:55 PM CET

Information security salaries rise
Information security pros with bachelor's degrees don't get any more money than high school grads, but a master's or doctorate is convertible to higher salaries, according to the study. Moreover, communications skills rate more important than technical skills for career advancement. [more]
Tuesday, 10 January 2006, 2:52 PM CET

High Court approves service of a lawsuit by email
Emails that initiated legal proceedings were ignored as spam by a shipping firm... [more]
Tuesday, 10 January 2006, 2:51 PM CET

Apacs standard to help secure net transactions
The Association of Payment Clearing Services (Apacs) has arrived at a UK standard for an authentication device for cardholder-not-present credit and debit card transactions, conducted online or over the phone. [more]
Tuesday, 10 January 2006, 2:50 PM CET

Network security 101: the value of a protected network
Knowing the actual business value of your IT infrastructure as it relates to your business operations and company mission is crucial to understanding the financial consequences of any network security breach. [more]
Tuesday, 10 January 2006, 2:47 PM CET

Firms offshoring to India urged to review security
Incident shows a need to review and upgrade protection. [more]
Monday, 9 January 2006, 4:50 PM CET

All quiet on the Sober front
No downloads and the virus stops spreading. [more]
Monday, 9 January 2006, 4:32 PM CET

Review: Core Impact 5.0
Core Security's Impact is probably the most known commercial tool for penetration testing. [more]
Monday, 9 January 2006, 4:26 PM CET

IM worm makes new use of old techniques
The Sober virus was not the only worm to make its run on Friday. FaceTime Communications reported the discovery of a new worm transmitted via instant messaging. [more]
Monday, 9 January 2006, 3:31 PM CET

Adobe buys document security firm
Adobe announced it has acquired the FileLine DRM division of Navisware, an established technology company bridging CAD and enterprise intelligence. [more]
Monday, 9 January 2006, 3:30 PM CET

Is your network safe for 3rd party access?
Please join Robert Whiteley, a security analyst with Forrester Research, as he shares his insights on the LAN security challenges created by allowing 3rd parties access to enterprise network resources. [more]
Monday, 9 January 2006, 3:20 PM CET

Interview with Dr. Horst Joepen, Senior Vice President Strategic Alliances CyberGuard
In this interview, Dr. Joepen discusses Instant Messaging (IM) security, monitoring employee activity as well as the evolution of threats in the future. [more]
Monday, 9 January 2006, 3:13 PM CET

Patched Windows bug will be danger for months
Although Microsoft pushed out a patch early to fix a major bug and even recommended that enterprises deploy it immediately, the underlying vulnerability will continue to haunt Windows users for the next six to eight months, a security professional said Friday. [more]
Monday, 9 January 2006, 2:12 PM CET

Another storage security misadventure
Now that it's the first week of January, I probably should be looking at the storage excitement that 2006 has already brought us, such as what's happening at Storage Decision and CES in Las Vegas. But 2005 went out with a bang that's impossible to ignore. [more]
Monday, 9 January 2006, 2:11 PM CET

Three more U.S. states add laws on data breaches
Companies struggling to keep up with a patchwork of U.S. state laws related to data privacy and information security have three more to contend with, as new security-breach notification laws went into effect in Illinois, Louisiana and New Jersey on Jan. 1. [more]
Monday, 9 January 2006, 2:10 PM CET

US-CERT's FUD
The US-CERT summaries have become the fodder for a FUD festival, and many scribes sympathetic to the Microsoft cause go out of their way to make sure the real picture never emerges. [more]
Monday, 9 January 2006, 2:08 PM CET

No break for viruses at CES
Viruses aren’t going away any time soon. In fact, they’re going to worsen as hackers become savvier and devices proliferate. Each new device on the market provides hackers with new opportunities. [more]
Monday, 9 January 2006, 2:07 PM CET

Data sharing tops UK banks' anti-fraud agenda
Data sharing and co-ordination top the agenda of UK banks in the fight against financial fraud, according to an exit poll at a recent financial crime conference. [more]
Monday, 9 January 2006, 2:06 PM CET

The great firewall of China
In the space of about a decade, China's tech development has raced ahead to catch up with some of the most advanced countries in the West. But there are still stark differences, finds Richard Taylor. [more]
Monday, 9 January 2006, 2:05 PM CET

Sober worm outbreak under control
Concerns over the latest potentially high-profile Internet worm attack seem to have been allayed this week, as security vendors, their partners and customers seem better prepared than usual to deal with the threat. [more]
Friday, 6 January 2006, 2:38 PM CET

Spammer lands $11 billion fine
Small town ISP wins huge payout. [more]
Friday, 6 January 2006, 2:35 PM CET

Why asset-based security makes sense
Implementing a strategic, asset-based security program is absolutely vital to protecting your critical assets from attacks now and in the future. Regardless of what the preferred method of attack will be in the future, the target will still remain the same. [more]
Thursday, 5 January 2006, 5:50 PM CET

Denial of service in the BlackBerry browser
A vulnerability has been detected in the browser in BlackBerry devices, which could allow remote attackers to cause denial of service conditions. [more]
Thursday, 5 January 2006, 5:48 PM CET

Encrypt ViewState in ASP.NET 2.0
To reduce the chance of someone intercepting the information stored in the ViewState, it is good design to encrypt the ViewState. [more]
Thursday, 5 January 2006, 5:20 PM CET

Windows beats Linux / Unix on vulnerabilities - CERT
It might not feel like it, but Windows suffered less security vulnerabilities than Linux and Unix during 2005. [more]
Thursday, 5 January 2006, 5:19 PM CET

Remote authentication: different types and uses
Corporate networks have not only grown in size over the years, but they have also grown in complexity. [more]
Thursday, 5 January 2006, 5:19 PM CET

Unix engineer takes RFID implant in hand
Mikey Sklar opposed RFID. Then, he requested that the technology be implanted in his hand. [more]
Thursday, 5 January 2006, 5:18 PM CET

Scams 'dupe millions in Britain'
As many as five million people may have been lured into responding to con artists, according to new research. [more]
Thursday, 5 January 2006, 5:16 PM CET

Spear phishers target eBay
Security researchers have uncovered a campaign of targeted spam messages that seek to defraud eBay sellers. [more]
Thursday, 5 January 2006, 5:12 PM CET

Another storage security misadventure
Marriott Vacation Club's woes reinforce a familiar lesson: Secure your backup tapes! [more]
Thursday, 5 January 2006, 5:11 PM CET

Buyers' guide: PC security software
Protecting your PC is important, but which software should you use? We point you in the right direction, [more]
Thursday, 5 January 2006, 5:10 PM CET

Security for enterprises in the 21st century
Enterprise security solutions are a combination of hard/software that will consolidate from disparate perimeter implementation into holistic platforms with centralized intelligence and policy-based control. [more]
Thursday, 5 January 2006, 5:10 PM CET

Banks set security standard
Apacs completes work on two-factor online authentication specification. [more]
Wednesday, 4 January 2006, 5:51 PM CET

Microsoft to issue critical security patch next week as infections rise
Microsoft plans to issue a critical security patch next Tuesday that is designed to fix a graphics Windows flaw that came to light over the Christmas period. [more]
Wednesday, 4 January 2006, 2:22 PM CET

Why Linux is more secure than ever
As Linux becomes more prevalent in today’s enterprise systems, it raises questions about the best way to protect the open source technology. [more]
Wednesday, 4 January 2006, 12:33 PM CET

Security hole found in BlackBerry Enterprise Server
Research In Motion says it's developed fixes for the vulnerability and can recommend temporary precautions until customers are able to update their software. [more]
Wednesday, 4 January 2006, 12:32 PM CET

Security: don't be camera-shy
Surveillance is serious business. [more]
Tuesday, 3 January 2006, 7:02 PM CET

EBay users hit by mass phishing attacks
Fraudsters anticipate Christmas bonanza with concerted theft of accounts. [more]
Tuesday, 3 January 2006, 3:45 PM CET

The antispyware consipiracy
Recent trends show that there’s a fuzzy line between second-tier antispyware vendors and the malware they clean. [more]
Tuesday, 3 January 2006, 3:44 PM CET

US tests RFID passports at San Francisco airport
The US Department of Homeland Security is to begin a major trial of passports embedded with radio frequency identification (RFID) chips at San Francisco International Airport this month. [more]
Tuesday, 3 January 2006, 3:07 PM CET

Reporter's notebook: security
Compliance will dominate the security agenda for 2006. The growing number of regulations -- and the consequences of not complying with them -- have elevated security into the boardroom. [more]
Tuesday, 3 January 2006, 1:41 PM CET

Phishing by the numbers: 41,000 blocked sites in 2005
The Netcraft Toolbar has blocked more than 41,000 confirmed phishing URLs since its launch on Dec. 28 2004. [more]
Tuesday, 3 January 2006, 1:39 PM CET

Hackers target zero-day Windows vulnerability
Microsoft has issued a security advisory warning about an unpatched security hole in Windows that is actively being exploited by online criminals. [more]
Tuesday, 3 January 2006, 1:38 PM CET

Linux Netwosix creator discusses 2.0 vision, future
Exclusive interview with 19-year-old Vincenzo Ciaglia. [more]
Tuesday, 3 January 2006, 1:11 AM CET

People power combats cyber fraud
Like so many other aspects of our lives, major fraud has gone high tech. In fact, fuelled by excited media comment, computer crime and fraud are regarded as synonymous by many. But it’s important to remember that it’s not the computers that commit crimes - it’s the people that use them, and the cost of their crimes to business is immense. [more]
Monday, 2 January 2006, 9:50 PM CET

Sad state of data security
Businesses and government agencies seem inept when it comes to protecting personal information, as the list of mishaps keeps getting longer. [more]
Monday, 2 January 2006, 6:30 PM CET

Windows metafile vulnerability: from bad to worse
Some experts say the recently announced Windows metafile vulnerability isn't so bad. However, new exploits demonstrate its unfortunate potential.
[more]
Monday, 2 January 2006, 12:27 AM CET

Do you know where your security policies are?
If you haven't set a schedule for reviewing your security policies in 2006--or if you haven't developed those policies yet--get started now. [more]
Monday, 2 January 2006, 12:09 AM CET

Choosing the right EAP type for wireless LAN security
To ensure the security of a WLAN, its connection with wireless client devices must be authenticated and encrypted, this is accomplished via encryption protocols such as WPA, WPA2 and WEP in addition to the 802.1x authentication protocol. [more]
Monday, 2 January 2006, 12:05 AM CET

Insecure security software?
Could 2006 be the year that security software vulnerabilities enable malware to compromise target computers? [more]
Monday, 2 January 2006, 12:03 AM CET

Spotlight

IT security jobs: What's in demand and how to meet it

Posted on 15 May 2013.  |  Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.

Is Microsoft is reading your Skype communications?

Posted on 15 May 2013.  |  The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.

Internet Explorer best at blocking malware

Posted on 14 May 2013.  |  While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Researcher refuses to help Saudi telco to spy on people

Posted on 14 May 2013.  |  You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.

Malicious browser extensions are hijacking Facebook accounts

Posted on 13 May 2013.  |  Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.