Off the Wire

Off The Wire Archive

News items for January 2007

Phishing overtakes spam for the first time
For the first time the proportion of phishing attacks has exceeded the number of threats from virus or Trojan attacks, according to MessageLabs. [more]
Wednesday, 31 January 2007, 4:48 PM CET


Tracking the Russian scammers
Dmitry Ivanovich Golubov, a 22-year-old Ukrainian who went by the nickname "Script," was considered one of the godfathers of Eastern European carding rings. [more]
Wednesday, 31 January 2007, 4:46 PM CET


Interview with Fyodor about the seclists.org shutdown
So after the takedown of seclists.org, and all the different points of view that were being aired, on the various web sites, I decided to contact Fyodor and ask him exactly what happened, and what’s going to happen in the future in regard to godaddy.com. [more]
Wednesday, 31 January 2007, 4:45 PM CET


Internet Explorer unsafe for 284 Days in 2006
Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. [more]
Wednesday, 31 January 2007, 4:43 PM CET


Tightening the Net on Cybercrime
David Thomas' entree to online crime came through the conventional world of offline crime. He was born to a Texas oil family, but this circumstance did little to grease his way through life. [more]
Wednesday, 31 January 2007, 4:42 PM CET


Vista raises the bar for flaw finders
Microsoft launched its latest operating system - Windows Vista - on Monday, a move that will make finding easily exploitable vulnerabilities a lot harder, according to security researchers. [more]
Wednesday, 31 January 2007, 4:40 PM CET


Thoughts on PatchGuard (otherwise known as Kernel Patch Protection)
From the nynaeve.net blog: Recently, there has been a fair bit of press about PatchGuard. I’d like to clarify a couple of things (and clear up some common misconceptions that appear to be floating around out there). [more]
Wednesday, 31 January 2007, 4:39 PM CET


Vista vs. viruses
What exactly are the functions which are designed to offer the user security? And how effective will they really be? Is it true that once Vista is released an antivirus won’t be necessary? This article is designed to address some of these issues. [more]
Wednesday, 31 January 2007, 12:44 PM CET


Internet Explorer 7 security denial of service vulnerability
Various versions of Internet Explorer, including IE7 for Windows XP SP2 and the browser integrated into Windows Vista are vulnerable to exploits targeting a zero-day flaw. Microsoft has confirmed
the existence of the Internet Explorer ActiveX bgColor Property Denial of Service vulnerability reported by Determina Security Research. [more]
Wednesday, 31 January 2007, 12:43 PM CET


Getting the skinny on Vista security
Windows Vista contains Microsoft's most comprehensive collection of desktop-security features. But many of the safeguards are real departures from previous practice, and part of the method for benefiting from Vista's security features is knowing how they work. [more]
Wednesday, 31 January 2007, 12:42 PM CET


Security vendors ally on credit card rules
A group of eight security vendors will use next week's RSA Conference to seek more support for their new PCI Alliance, which hopes to sell more products to companies that need to comply with credit card industry regulations. [more]
Wednesday, 31 January 2007, 12:40 PM CET


Adware funders fined for malware contributions
Priceline.com, Travelocity.com and Cingular Wireless have agreed to pay a fine for advertising through an illegal adware application. [more]
Wednesday, 31 January 2007, 12:17 PM CET


Windows Vista's hyped security will be tested
Computer hackers are off and running trying to find vulnerabilities in Microsoft Corp.'s new Windows Vista operating system, putting to test the software maker's claim that it is the most secure Windows program ever. [more]
Wednesday, 31 January 2007, 12:15 PM CET


Cyber-criminals take aim at online games
Cyber-criminals are increasingly targeting online games in an effort to rob players of virtual assets and sell them on auction websites. [more]
Wednesday, 31 January 2007, 12:14 PM CET


Sony settles secret spyware suit
he Federal Trade Commission announced Tuesday that the music company agreed to settle charges that it embedded potentially damaging anti-piracy software in some of its CDs without the knowledge of buyers. [more]
Wednesday, 31 January 2007, 12:14 PM CET


Hype vs. reality in VoIP security
Voice over IP, like many new technologies, suffers from having security as an afterthought. [more]
Wednesday, 31 January 2007, 12:13 PM CET


Microsoft will change Vista to meet EU requirements
As Windows Vista appeared in computer stores worldwide, Microsoft Corp. said Tuesday that part of the design of the new operating system is the work of the European Commission. [more]
Wednesday, 31 January 2007, 12:11 PM CET


Script wreaks havoc on MySpace
A handful of enterprising people - at least one of them a teen - has devised a Javascript that allows its owner to temporarily access the browser's MySpace account. [more]
Wednesday, 31 January 2007, 12:11 PM CET


AACS LA to go after HD hackers
Following a wave of claims that the AACS content protection system in Blu-ray and HD DVD high definition media has been cracked, the organization behind the technology said that it will use "both technical and legal measures to deal with attacks". [more]
Tuesday, 30 January 2007, 6:01 PM CET


Vista 'most secure ever' - Gates
Windows Vista is "dramatically more secure than any other operating system released", Microsoft founder Bill Gates has told BBC News. [more]
Tuesday, 30 January 2007, 6:00 PM CET


Is open source superior?
It's sometimes hard to see through the brick and mortar of the commercial world, where trade secrets translate directly into dollars. [more]
Tuesday, 30 January 2007, 5:59 PM CET


Virus-busting made easy - and affordable
Larger companies have been able to keep their networks clean and their employees out of the back alleys of cyberspace with all-in-one devices that combine multiple layers of security capable of screening every byte traveling between the internal network and the Web. [more]
Tuesday, 30 January 2007, 5:50 PM CET


Firefox 2.0: happier browsing, but secure?
It's long past time to bother telling anyone how much better than IE Firefox is. Faster, smaller, more responsive, with tabbed browsing and useful extensions galore. [more]
Tuesday, 30 January 2007, 4:50 PM CET


Ajax fingerprinting for Web 2.0 applications
Fingerprinting is an age old concept and one that adds great value to assessment methodologies. There are several tools available for fingerprinting and each one uses a different method — inspecting the TCP stack, ICMP responses, HTTP responses. With this evolution of Web 2.0 applications that use Ajax extensively, it is important to fingerprint Ajax tools, framework or library used by a particular web site or a page. This paper describes the method of doing Ajax fingerprinting with a simple prototype serving as an example. [more]
Tuesday, 30 January 2007, 12:27 PM CET


Web advertisers settle N.Y. spyware lawsuit
Three of the most aggressive buyers of online advertising space today agreed to pay fines and reform their advertising practices as part of a landmark anti-spyware settlement. [more]
Tuesday, 30 January 2007, 11:11 AM CET


PGP: encryption everywhere
PGP Corporation may have the handle on protecting sensitive data everywhere. [more]
Tuesday, 30 January 2007, 11:11 AM CET


I was a cybercrook for the FBI
By the time David Thomas eased his Cadillac into the parking lot of an office complex in Issaquah, Washington, he already suspected the police were on to him. [more]
Tuesday, 30 January 2007, 11:09 AM CET


How Schwab shuts out hackers
Charles Schwab implements sophisticated system aimed at preventing unauthorized Web site logons. [more]
Tuesday, 30 January 2007, 12:03 AM CET


Optimizing enterprise Nessus scans for speed
This blog entry details some strategies that can help decrease scanning times with Nessus for very large networks. [more]
Tuesday, 30 January 2007, 12:00 AM CET


Log management – lifeblood of information security
Because of the widespread deployment of networked servers, workstations, and other computing devices, and the ever-increasing number of threats against networks and systems, the number, volume, and variety of computer security logs has increased greatly. This has created the need for computer security log management, which is the process for generating, transmitting, storing, analysing, and disposing of computer security log data. [more]
Monday, 29 January 2007, 6:34 PM CET


Meeting the Swedish bank hacker
Computer Sweden reporter Linus Larsson interviewed the hacker behind the recent Internet frauds perpetrated against Sweden's Nordea bank. The hacker claims responsibility for many more intrusions. "Ninety-nine percent of all bank intrusions are kept secret," he insists. [more]
Monday, 29 January 2007, 5:53 PM CET


The year hacking became a business
IT was the year when cyber-criminals targeted everything from MySpace to Wikipedia, and even a website maintained by a local boy scout troop wasn't safe. [more]
Monday, 29 January 2007, 5:37 PM CET


A long year of hackers disrupting the Web
Software makers who try to stop online crooks say they are bracing for a new level of nastiness in 2007. "Hackers realize they have a limited time before their attacks are blocked, so they are opening up their arsenal and trying everything possible," said Yuval Ben-Itzhak, chief technology officer of Finjan Software. [more]
Monday, 29 January 2007, 12:06 AM CET


Inside the Windows Vista Kernel
This is the first part of a series on what's new in the Windows Vista kernel. In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security. [more]
Monday, 29 January 2007, 12:03 AM CET


Silence and 'scareware' epidemic at MySpace
MySpace's immense popularity appears to have handed the social networking site an unwanted role as a clearinghouse for Web 2.0 naughties. [more]
Monday, 29 January 2007, 12:00 AM CET


SSL secures VNC applications
SSL provides a novel mechanism for convenient, secure access of remote desktops with VNC and standard Web browsers. [more]
Friday, 26 January 2007, 7:35 PM CET


Hackers actively exploit new Microsoft Word flaw
The new Microsoft Word threat, which Symantec has labeled Trojan.Mdropper.W, relies on a certain execution vulnerability to install files onto a compromised computer. When an infected Word document is opened, it drops a Trojan onto the computer to give the malicious hackers remote access to the machine. [more]
Friday, 26 January 2007, 7:35 PM CET


Security no matter what the OS
Running a "more secure" operating system doesn't excuse you from basic security management. [more]
Friday, 26 January 2007, 7:32 PM CET


Hi-def DVD security is bypassed
The encryption on high-definition DVDs has been bypassed, the consortium backing the copy protection system on discs has confirmed. [more]
Friday, 26 January 2007, 12:40 PM CET


Breaches: Boards need to wake up
The first reports of fraud using data stolen from retail giant TJX in December started to trickle in last week, and many observers fear a torrent will develop. [more]
Friday, 26 January 2007, 12:39 PM CET


Convicted cop killer stole Pa. man's identity
Thief stole money from bank account, purchased a used Cadillac Escalade. [more]
Friday, 26 January 2007, 12:43 AM CET


Why pirated Vista has Microsoft champing at the BitTorrent
On the eve of launch, P2P networks unnerve the software giant. [more]
Friday, 26 January 2007, 12:36 AM CET


Symantec storage revenue down; job cuts ahead
With sales of its storage software dropping, Symantec Corp. plans to lay off some of its staff as part of an effort to cut $200 million in expenses. [more]
Friday, 26 January 2007, 12:30 AM CET


Michigan treasurer falls for Nigerian scam
A public treasurer in the Michigan county of Alcona stands accused of embezzling tax payers out of more than $1.2m, at least part of which was used to cover costs he incurred falling for a Nigerian banking fraud. [more]
Friday, 26 January 2007, 12:09 AM CET


Substitute teacher faces jail time over spyware
A 40-year-old former substitute teacher from Connecticut is facing prison time following her conviction for endangering students by exposing them to pornographic material displayed on a classroom computer. [more]
Friday, 26 January 2007, 12:03 AM CET


Concern over net security patches
The firm that makes hardware for much of the backbone of the internet has released three patches for security holes in its products. [more]
Thursday, 25 January 2007, 3:49 PM CET


Bug brokers offering higher bounties
Adriel Desautels aims to be the go-to guy for researchers that want to sell information regarding serious security vulnerabilities. [more]
Thursday, 25 January 2007, 1:22 PM CET


In praise of security theater
While visiting some friends and their new baby in the hospital last week, I noticed an interesting bit of security. [more]
Thursday, 25 January 2007, 1:21 PM CET


Cracking the encryption of a Windows Mobile application
While the visual and operational functions of a program are easy to rate, many software components are hidden away inside the blackbox of the executable. [more]
Thursday, 25 January 2007, 11:45 AM CET


ActiveX flaw could affect up to 70 apps
Vulnerable third-party component used by more than 20 vendors. [more]
Thursday, 25 January 2007, 11:26 AM CET


Hide data in files with easy steganography tools
The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better. [more]
Thursday, 25 January 2007, 11:25 AM CET


Massachusetts' top prosecutor laughs off credit card fraud
Any would-be credit-card thieves will be cheered by the news that Massachusetts' chief prosecutor reckons the chances of catching crooks who steal credit card details to make purchases online are next to nil - even when they're attempting to defraud the attourney general herself. [more]
Thursday, 25 January 2007, 11:24 AM CET


Privacy board won't share documents
The White House Privacy and Civil Liberties Board responded to Wired News's request for documents about its briefings on the board's knowledge of the government's warrantless wiretapping of Americans and is refusing to release any records. [more]
Thursday, 25 January 2007, 12:21 AM CET


Time to reboot the Internet again
Cisco, the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. [more]
Thursday, 25 January 2007, 12:12 AM CET


High-tech crime units lack central support
Technology crime is low on local police force agendas. [more]
Thursday, 25 January 2007, 12:03 AM CET


UK firms naive to USB stick dangers
Half of UK companies are prepared to put their network security at risk by inserting a USB stick posing as a party invitation, according to research published this week. [more]
Thursday, 25 January 2007, 12:00 AM CET


Apple releases 'highly critical' QuickTime patch
Apple has patched a 'highly critical' vulnerability in QuickTime for both Mac OS X and Windows. [more]
Wednesday, 24 January 2007, 2:28 PM CET


Hillary: the privacy candidate?
The New York Democrat has clearly staked out her positions on the esoteric subject, and they're sending electronic civil libertarians' hearts a twitter. [more]
Wednesday, 24 January 2007, 11:54 AM CET


Asking for credentials from IT
If you are not part of the IT group, you may have to ask someone for the right credentials to perform patch and configuration audits with Nessus. This blog entry will offer some advice and strategies to consider when attempting to obtain access to the devices for auditing. [more]
Wednesday, 24 January 2007, 1:17 AM CET


One hacker kit accounts for 71% of attacks
The "Q406 Roll-up" is a security headache because the exploits are heavily encrypted, say experts. [more]
Wednesday, 24 January 2007, 1:09 AM CET


Fraud and hacks: prevention and recovery
It is officially open-season on small businesses. [more]
Wednesday, 24 January 2007, 12:15 AM CET


Tangling with identity management? There's help
Portal designed to aid developers building identity-based apps. [more]
Wednesday, 24 January 2007, 12:03 AM CET


Blu-ray DRM defeated
The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month.

[more]
Wednesday, 24 January 2007, 12:00 AM CET


Google admits to user data disclosure
Anti-phishing list logged user names and passwords. [more]
Tuesday, 23 January 2007, 2:03 PM CET


Nolisting - poor man's greylisting
Nolisting fights spam by specifying a primary MX that is always unavailable. [more]
Tuesday, 23 January 2007, 11:52 AM CET


Step by secure step: network security planning
With a little prioritization, setting up a network security plan doesn't have to eat up all your time. [more]
Tuesday, 23 January 2007, 11:51 AM CET


Malware more compatible with Vista than anti-malware products
Malware writers appear to be much further along in developing malware for Vista than the security industry is in making products to protect the new operating system. [more]
Tuesday, 23 January 2007, 1:55 AM CET


Hackers to target mobile banking, study says
This year could see a sharp rise in hacker attacks on Internet-enabled smartphones as a number of new banking and payment initiatives enter the mobile channel. [more]
Tuesday, 23 January 2007, 1:53 AM CET


Vista Service Pack 1 is coming
Reckon you won't upgrade to Vista until the first service pack is released? That's looking likely to be the second half of this year, according to Microsoft's latest email blast. [more]
Tuesday, 23 January 2007, 1:23 AM CET


Widgets: the next big security threat?
Desktop gadgets and widgets that display system information and other data, like weather forecasts, are becoming so popular they could become the next big security threat, says Eric Chien, security response engineer at Symantec. [more]
Monday, 22 January 2007, 5:06 PM CET


Vista copy protection is defended
Microsoft has defended the digital rights management systems integrated into its new Vista operating system. [more]
Monday, 22 January 2007, 4:55 PM CET


The Cross-Site Request Forgery (CSRF/XSRF) FAQ
This paper serves as a living document for Cross-Site Request Forgery issues. This document will serve as a repository of information from existing papers, talks, and mailing list postings and will be updated as new information is discovered. [more]
Monday, 22 January 2007, 11:22 AM CET


Researcher says PatchGuard changes helped Microsoft
Microsoft has come under fire for quietly releasing a fix to its PatchGuard kernel protection software in order to improve the performance of its Virtual Server 2005 product. [more]
Monday, 22 January 2007, 10:58 AM CET


ABA slams reports it wants customers liable for online security
Australian Banking Association (ABA) chief executive David Bell has slammed misleading reports that member banks have been lobbying the Australian Securities and Investment Commission (ASIC) to make customers liable for Internet banking fraud. [more]
Monday, 22 January 2007, 9:49 AM CET


Why antivirus technology is ineffective
Many malware blockers are inadequate because they target only known intruders, but there's hope in new security products. [more]
Monday, 22 January 2007, 9:22 AM CET


Hackers steal from customers of US federal savings plan
Keylogging software allowed criminals to record all keystrokes made by savings plan participants. [more]
Monday, 22 January 2007, 1:45 AM CET


RFID in the supply chain – a new demand for availability
Using data from their RFID tags, organisations can use this information to get a better insight into their manufacturing processes. Examples of how this information could be used include, monitoring the level of components compared to levels of completed goods for sale or demonstrating how all the stages of the manufacturing process are working. [more]
Monday, 22 January 2007, 1:00 AM CET


The growing threat of collateral hacking
Collateral hacking occurs when an entity trusted with critical data is compromised. [more]
Monday, 22 January 2007, 12:48 AM CET


Host multiple Apache SSL Web sites on a single network card with IP aliasing
The interest in using SSL and name-based virtual hosts together is on the increase. Some people will tell you that such a thing is impossible, but you can implement virtual hosts in Apache through IP-based virtual hosts. In this article, John Liao and Jim Miles show you how. [more]
Monday, 22 January 2007, 12:42 AM CET


iPod: new threat when it comes to mobile security
Manging mobility requires planning, says Ephraim Schwartz. [more]
Monday, 22 January 2007, 12:30 AM CET


New secure VPN tunneling protocol in the works at Microsoft
SSTP intended for remote access. [more]
Monday, 22 January 2007, 12:12 AM CET


Chinese professor cracks fifth data encryption algorithm
In five years, the U.S. government will cease to use SHA-1 and convert to a new and more advanced computer data encryption. [more]
Monday, 22 January 2007, 12:03 AM CET


Windows Vista content protection - twenty questions and answers
A conversation has cropped up since the recent publication of a paper scrutinizing how Windows handles digital rights management, especially for HD video. [more]
Monday, 22 January 2007, 12:00 AM CET


When pen testers go bad
Heads of security accused of corporate espionage. [more]
Friday, 19 January 2007, 11:18 PM CET


Hackers steal $35,000 from customers of federal savings plan
Thieves used keylogging software to break into accounts of Thrift Savings Plan. [more]
Friday, 19 January 2007, 10:37 PM CET


Encrypt your instant messages with Gaim
You're instant messaging your wife from the office and you'd rather the IT guys weren't privy to the conversation. You're IM'ing a potential investor about your stealth startup at the coffee shop. [more]
Friday, 19 January 2007, 9:45 PM CET


Microsoft helps fight online child abuse in India
Microsoft is working with the International Centre for Missing & Exploited Children (ICMEC) and the international police force Interpol to help fight online child abuse in India. [more]
Friday, 19 January 2007, 9:28 PM CET


Don’t get fobbed off – use a PayPal security key
Confound phishers with the latest security device in the web user’s armoury – a key fob password generator [more]
Friday, 19 January 2007, 9:22 PM CET


Stolen GPS devices make for easy burglary arrest
A trio of thieves who looted GPS systems out of cars in a New York garage had a tough time concealing their location, as the devices led police right to the suspects' home. [more]
Friday, 19 January 2007, 9:21 PM CET


Thumb-print banking takes India
Banks and ATM machines are an unfamilar sight in the rural countryside here, but the government hopes to change that with new technology that could ease the transition from cash to computers. [more]
Friday, 19 January 2007, 11:51 AM CET


Spam on IP telephony
Spam filters can easily be trained to give better than 90 per cent effectiveness with zero false positives. [more]
Friday, 19 January 2007, 11:51 AM CET


A security overview of Microsoft Visual Studio 2005 Team Edition
To integrate database development into the overall life cycle most effectively, you must understand the variety of security implications in Team Edition for Database Professionals. [more]
Friday, 19 January 2007, 1:49 AM CET


Crawling Ajax-driven Web 2.0 Applications
Crawling web applications is one of the key phases of automated web application scanning whose objective is to collect all possible resources from the server in order to automate vulnerability detection on each of these resources. A resource that is overlooked during this discovery phase can mean a failure to detect some vulnerabilities. The introduction of Ajax throws up new challenges for the crawling engine. [more]
Friday, 19 January 2007, 12:30 AM CET


Top data protection challenges faced by IT administrators
For the past two years, disk as a backup target has been hailed as data protection's "big fix". [more]
Friday, 19 January 2007, 12:03 AM CET


Microsoft lines up Vista security partners
Eleven security vendors promise to have Vista-ready products when Microsoft's new operating system is availavle to consumers at the end of the month. [more]
Friday, 19 January 2007, 12:00 AM CET


U.S. agencies given deadline for smart ID testing
Smart-card samples must be submitted by Friday to meet security directive. [more]
Thursday, 18 January 2007, 2:39 PM CET


Encrypted virus code: new spin on old trick?
Viruses using encrypted code are nothing new for hackers or security developers. [more]
Thursday, 18 January 2007, 2:39 PM CET


NSA warrantless spying now special warrant spying
The government's warrantless wiretapping of Americans' overseas communications will now get special warrants from a secret court, according to a letter by Attorney General Alberto Gonzales sent Wednesday to the Senate Judiciary Committee. [more]
Thursday, 18 January 2007, 2:38 PM CET


Firm hired to improve VA security
The Department of Veterans Affairs will pay a defense contractor millions of dollars to help the agency improve data security after the theft last year of a computer packed with personal information, company officials said Wednesday. [more]
Thursday, 18 January 2007, 9:01 AM CET


Critical Windows bug exploit code goes public
Code that exploits a critical Windows vulnerability disclosed and patched last week has been posted to a public mailing list, raising the risk of an attack, security vendors said Wednesday. [more]
Thursday, 18 January 2007, 9:01 AM CET


Dutch prosecutors seek jail time for botnet duo
Phishing, extortion, and keylogging merit more than a fine. [more]
Thursday, 18 January 2007, 1:30 AM CET


Great strides in phishing
Earlier this month, Security Fix called attention to a phishing scam where bad guys were making use of the real Amazon.com Web site to trick people into entering personal information at a fake Amazon site they created. [more]
Thursday, 18 January 2007, 1:09 AM CET


MySpace to offer parental notification software
‘Zephyr’ to help find name, age and location their children use online. [more]
Thursday, 18 January 2007, 12:30 AM CET


Less data, more security
Barely a week goes by these days without news of laptops stolen or lost, and loaded with data that can expose employees, consumers or patients to identity theft. [more]
Thursday, 18 January 2007, 12:12 AM CET


Why ignoring arrogance at work hurts corporate security
The Duke lacrosse scandal highlights the root of security problems. [more]
Thursday, 18 January 2007, 12:03 AM CET


Report highlights business risks facing technology
Companies torn between civil liberties and security. [more]
Thursday, 18 January 2007, 12:00 AM CET


Computer privacy in distress
A rash of recent court decisions says the Constitution may not be enough to protect a laptop from examination by the police. [more]
Wednesday, 17 January 2007, 11:02 AM CET


Google partner in China accused of abetting piracy
Download engine Xunlei allegedly aiding copyright infringement. [more]
Wednesday, 17 January 2007, 3:27 AM CET


Botnet herders face jailtime
Network controlling millions of PCs netted €60,000. [more]
Wednesday, 17 January 2007, 3:05 AM CET


Worms pwn Symantec users
Corporate users of some Symantec antivirus product are facing persistent attacks that target a vulnerability that the security provider patched more than seven months ago. [more]
Wednesday, 17 January 2007, 2:37 AM CET


Bolster your browsing privacy at work
As a firm believer that you can do your job well while getting in a little personal time with Sweet Lady Internet, this week I'm going to highlight a few methods for adding a layer of privacy and freedom to your work browsing. [more]
Wednesday, 17 January 2007, 2:00 AM CET


Interview with Balazs Fejes, CTO of EPAM Systems
In this interview, Mr. Fejes discusses the security implications of outsourcing, privacy breaches and compliance laws. [more]
Wednesday, 17 January 2007, 1:24 AM CET


UK proposes sharing data among gov't agencies
Agencies claim better service, but civil libertarians cry foul. [more]
Wednesday, 17 January 2007, 1:18 AM CET


VoIP soon to be a target for hackers
In Hacking Exposed VoIP, which hit bookshelves last month, authors David Endler and Mark Collier argue that voice-over-IP technology “is about to hit critical mass” and will become a favorite security hole for hackers to slip through to disrupt IT operations. [more]
Wednesday, 17 January 2007, 1:06 AM CET


Pentagon viewing Americans' bank records
he Pentagon and to a lesser extent the CIA have been using a little-known power to look at the banking and credit records of hundreds of Americans and others suspected of terrorism or espionage within the United States, officials said Saturday. [more]
Wednesday, 17 January 2007, 12:51 AM CET


First pirated HD DVD movie hits BitTorrent
The pirates of the world have fired another salvo in their ongoing war with copy protection schemes with the first release of the first full-resolution rip of an HD DVD movie on BitTorrent. [more]
Wednesday, 17 January 2007, 12:41 AM CET


Apple's iPhone: theoretical risks of unreleased handset
Apple's iPhone is unlikely to become a gateway device for mobile malware, Symantec says. [more]
Wednesday, 17 January 2007, 12:30 AM CET


CA backup software has 'critical' security flaws
It has now released patches for the security flaws. [more]
Wednesday, 17 January 2007, 12:21 AM CET


Vista security: a petulant child
Should third-party software vendors reduce the security noise Windows Vista makes? [more]
Wednesday, 17 January 2007, 12:03 AM CET


Banks making big IT systems changes
It's not enough for banks simply to offer attractive services -- the key to retention is the ability to bundle products and services in a way that reflects the customers' specific lifestyles and financial requirements. And the biggest issue that banks must overcome to make bundling a reality is disparate I.T. systems. [more]
Wednesday, 17 January 2007, 12:00 AM CET


Wide support for spyware teacher
A Connecticut teacher, recently convicted of morals offences after her laptop displayed a range of pornographic sites to a classroom of children, has been backed by several malware experts. [more]
Tuesday, 16 January 2007, 4:19 PM CET


Privately, Hollywood admits DRM isn't about piracy
For almost ten years now I have argued that digital rights management has little to do with piracy, but that is instead a carefully plotted ruse to undercut fair use and then create new revenue streams where there were previously none. [more]
Tuesday, 16 January 2007, 4:08 PM CET


Six ways to protect your systems in a merger
Here's how to stay safe when joining two organizations that may have different security philosophies, policies, technologies and needs. [more]
Tuesday, 16 January 2007, 4:04 PM CET


Oracle flags up 52 security flaws
Databases come under security spotlight. [more]
Tuesday, 16 January 2007, 11:52 AM CET


Are viruses, malware winning the security battle?
Rootkits, originally programmes designed to help computer administrators, are the current bugbear for security firms trying to prevent them from sneaking worms, trojans, and viruses past anti-virus programs. [more]
Tuesday, 16 January 2007, 11:45 AM CET


Why it’s time for Network Access Control
Security and compliance policies are only successful if they are enforced. That’s where network access control comes in. [more]
Tuesday, 16 January 2007, 11:45 AM CET


Creating a culture of security – the real challenge
An ever-growing growing percentage of computer crimes are being committed by professional “criminals” who steal market-valued sensitive data – e.g. credit card data and customer identities. [more]
Tuesday, 16 January 2007, 1:03 AM CET


Anti-piracy firm holds $40K hacker challenge
The winner of WIBU Systems' Hacker's Contest 2007, which will be running from January 31 to March 14, requires the potential hacker must be able to run the protected program without the CM-Stick, describe their methodology of removing the protection, and discover a secret message hidden in the program. [more]
Tuesday, 16 January 2007, 12:45 AM CET


MI5 makes public email alert system more secure
A system set up by MI5 to send email terror alerts to the public has been made more secure, according to Spyblog. [more]
Tuesday, 16 January 2007, 12:27 AM CET


US wants all your fingerprints
Brits planning a trip to the US will now have to surrender all 10 of their digits to the authorities for fingerprinting. The prints will then be added to the same FBI database which stores the prints of convicted criminals. [more]
Tuesday, 16 January 2007, 12:12 AM CET


If you've traveled abroad recently, you've been investigated
You've been assigned a score indicating what kind of terrorist threat you pose. [more]
Tuesday, 16 January 2007, 12:06 AM CET


Spamonomics 101
The biggest thing I've wondered about spam is: Why do the spammers even bother? [more]
Tuesday, 16 January 2007, 12:02 AM CET


Disaster recovery
How prepared is your organization to deal with the challenges of a disaster? How safe are your facilities, your data, your people? [more]
Tuesday, 16 January 2007, 12:00 AM CET


Could invisibility beat encryption?
PCMesh has unveiled software which it claims can hide any Windows file or directory, not only from other users - or thieves - of the same PC, but even from the operating system or a virus. [more]
Monday, 15 January 2007, 5:41 PM CET


Fraudsters using new phishing tactics
Kit discovered that can be easily configured to suit different targets. [more]
Monday, 15 January 2007, 4:55 PM CET


Ten tips for smart post-CES security
Dialing down post-holiday, post-show woe. [more]
Monday, 15 January 2007, 4:54 PM CET


PayPal claims key victory against fraud
Key fob device provides new security code every 30 seconds. [more]
Monday, 15 January 2007, 4:52 PM CET


Hacking enters new era of crime
It was the year when cybercriminals targeted everything from MySpace to Wikipedia, and even a Web site by a Kentucky Boy Scout troop wasn't safe for browsing. [more]
Monday, 15 January 2007, 4:51 PM CET


Zombie computers clog the Web with spam
Email inboxes are being clogged with what seems like a huge increase in unwanted spam messages. [more]
Monday, 15 January 2007, 8:23 AM CET


The vulnerability disclosure game: are we more secure?
Can we speak frankly about "vulnerability disclosure" now? More than a decade into the process, can anyone say security has improved? [more]
Monday, 15 January 2007, 8:22 AM CET


Hack this application!
Products like TiVo DVRs and the Xbox highlight the benefits of allowing hackers to tinker with technology. [more]
Monday, 15 January 2007, 12:21 AM CET


Stolen laptop had files on taxpayers
A laptop computer containing files on 30,000 taxpayers was stolen from the car of an N.C. Department of Revenue employee last month, and state officials are cautioning everyone on the list to keep an eye on their finances for potential fraud. [more]
Monday, 15 January 2007, 12:12 AM CET


Spy vs. open source searcher
The U.S. State Department effort last month to issue a travel ban on 12 Iranians suspected of supporting that nation's nuclear program wasn't big news at first. [more]
Monday, 15 January 2007, 12:03 AM CET


Consider outsourcing data backup
Online storage does not have to replace local storage such as an external hard drive. [more]
Monday, 15 January 2007, 12:00 AM CET


Expensive new U.S. spy satellite not working: sources
U.S. officials are unable to communicate with an expensive experimental U.S. spy satellite launched last year by the U.S. National Reconnaissance Office (NRO), a defense official and another source familiar with the matter told Reuters on Thursday. [more]
Friday, 12 January 2007, 8:54 PM CET


The anatomy of a covert wireless security assessment
Maybe I’m a little old for it, but I do enjoy the change of pace a big wireless security penetration project provides. [more]
Friday, 12 January 2007, 8:15 PM CET


The Pirate Bay plans to buy island
Swedish file-sharing website The Pirate Bay is planning to buy its own nation in an attempt to circumvent international copyright laws. [more]
Friday, 12 January 2007, 7:10 PM CET


Government looks at data shake-up
The way the government makes its vast amounts of data available to the public could be about to change. [more]
Friday, 12 January 2007, 7:06 PM CET


Myths and misconceptions about security
How treading down the wrong path leaves your enterprise at risk. [more]
Friday, 12 January 2007, 12:31 PM CET


Doing your NAC policy homework
If grade schools had technology that could stop students from coming to class unless their homework was complete, would they turn students away at the door if they hadn't finished their assignments? [more]
Friday, 12 January 2007, 12:30 PM CET


Vista contest offers cash for exploits
Security vendor offers $8,000 for reports of Vista and IE7 flaws. [more]
Friday, 12 January 2007, 12:27 PM CET


Oracle now giving early notice of security updates
Oracle has taken a cue from Microsoft and started giving its customers an early warning of what they can expect from upcoming security patch releases. [more]
Friday, 12 January 2007, 1:30 AM CET


UI announces data theft
The names, addresses and Social Security numbers of about 70,000 students, faculty members and donors to the University of Idaho may have been stolen along with three computers over the Thanksgiving holiday, the university announced today. [more]
Friday, 12 January 2007, 1:09 AM CET


Teens charged with breaking into school computer
Two New Jersey teens have been accused by police of illegally tapping in to a school computer to change grades. [more]
Friday, 12 January 2007, 1:03 AM CET


Technology giving police more power to spy on us
Tucson police have a new law-enforcement tool: a car-mounted license-plate scanner. [more]
Friday, 12 January 2007, 12:45 AM CET


More Adobe Reader vulnerabilities
Last week, Security Fix warned readers about a newly discovered design flaw in Adobe Reader that could be used to trick users into giving away personal and financial data. [more]
Friday, 12 January 2007, 12:27 AM CET


IT security experts warn of phishing kit peril
Universal Man-in-the-Middle phishing kit discovered by RSA. [more]
Friday, 12 January 2007, 12:15 AM CET


PHP apps: security's low-hanging fruit
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. [more]
Friday, 12 January 2007, 12:09 AM CET


Companies fear their workers' lax e-mail security
Companies spend millions on systems to keep corporate e-mail safe. If only their employees were as paranoid. [more]
Friday, 12 January 2007, 12:03 AM CET


Hitman spam threatens users for cash
Pay me off or I'll carry out the job, claims bogus email. [more]
Friday, 12 January 2007, 12:00 AM CET


Automated scanning vs. the OWASP Top Ten
The OWASP Top Ten is a list of the most critical web application security flaws – a list also often used as a minimum standard for web application vulnerability assessment (VA) and compliance. [more]
Thursday, 11 January 2007, 9:48 PM CET


Prosecutors file first charges in HP spying case
Prosecutors on Wednesday filed the first federal charges in the Hewlett-Packard spy scandal, accusing a Colorado private investigator of fraudulently obtaining private phone records of HP directors, employees and reporters who covered the company. [more]
Thursday, 11 January 2007, 12:31 PM CET


Saddam spam hides Trojan malware
Clips of former dictator's execution used to spread malware. [more]
Thursday, 11 January 2007, 12:20 PM CET


New PayPal key to help thwart phishers
Additional password-generating security measure should be opened to beta users within the next month [more]
Thursday, 11 January 2007, 11:09 AM CET


Handling password hashes
Many of today's computer passwords are stored and transmitted in a cryptographic hashed form. [more]
Thursday, 11 January 2007, 10:30 AM CET


Burglar-proof Windows?
Vista's new security features may be annoying, but they're good for you. [more]
Thursday, 11 January 2007, 10:30 AM CET


Secure passwords keep you safer
Ever since I wrote about the 34,000 MySpace passwords I analyzed, people have been asking how to choose secure passwords. [more]
Thursday, 11 January 2007, 10:29 AM CET


Microsoft: Home Server sports serious security
Windows Home Server will include security features taken from Windows Server 2003, but won't work as a central distributor for patches to PCs on the home network. [more]
Thursday, 11 January 2007, 1:15 AM CET


Kids take Web threats more seriously than their parents
I.T. security expert Christoph Fischer says he sees a dangerous lack of concern among older Internet users. [more]
Thursday, 11 January 2007, 1:06 AM CET


Canadian coins bugged, U.S. security agency says
They say money talks, and a new report suggests Canadian currency is indeed chatting, at least electronically, on behalf of shadowy spies. [more]
Thursday, 11 January 2007, 12:54 AM CET


Senators: Government data mining needs oversight
Current civil-liberties canaries not up to the task. [more]
Thursday, 11 January 2007, 12:45 AM CET


A positive impact on Web application security
Web security vulnerabilities continually impact the risk of doing business on the Web. [more]
Thursday, 11 January 2007, 12:33 AM CET


Microsoft confirms NSA's role in Vista security
The NSA's involvement with Windows Vista -- which was confirmed by Microsoft this week -- is not the first time the NSA has provided guidance to Redmond. [more]
Thursday, 11 January 2007, 12:27 AM CET


How the Web makes creating software vulnerabilities easier
How the Web makes creating software vulnerabilities easier, disclosing them more difficult and discovering them possibly illegal. [more]
Thursday, 11 January 2007, 12:21 AM CET


Mozilla takes aim at Opera security
Opera Software may well be putting its browser users at risk by not properly disclosing security vulnerabilities to vulnerable users. [more]
Thursday, 11 January 2007, 12:03 AM CET


Duo deny LA traffic hack charges
A pair of Los Angeles traffic system engineers have been charged with manipulating traffic signals to disrupt transportation across the city in the run-up to a union protest last August. [more]
Thursday, 11 January 2007, 12:00 AM CET


Malware: Windows is only part of the problem
We’ve all been hearing a lot about secure applications recently, or more accurately about insecure applications; specifically those that are exploited in identity theft raids or that we can be “tricked” into running on our PCs. [more]
Wednesday, 10 January 2007, 5:13 PM CET


Further Information on the Pocket PC MMS Exploit
F-Secure have done further study on the MMS exploit discovered by Collin Mulliner. [more]
Wednesday, 10 January 2007, 3:59 PM CET


Broken botnet cuts global spam by a third
But junk mail will still reach breaking point this year. [more]
Wednesday, 10 January 2007, 3:57 PM CET


Security project could overwhelm state governments
Homeland Security ID plan applies the pressure. [more]
Wednesday, 10 January 2007, 1:04 PM CET


Truste survey finds support for government use of biometric IDs
But they do have misgivings about a loss of privacy. [more]
Wednesday, 10 January 2007, 11:49 AM CET


Researchers: Hack will help kill HD-DVD copy protection
Another encryption standard cut off at the knees. [more]
Wednesday, 10 January 2007, 12:21 AM CET


Identity thief cons way into Harvard
Cunning thief fools top universities and signs up for criminology classes. [more]
Wednesday, 10 January 2007, 12:21 AM CET


Mystery drop in fraud and spam
Spam levels suddenly dropped 30 per cent last week, according to managed security firm SoftScan, which attributes the let-up to a "broken" botnet. [more]
Wednesday, 10 January 2007, 12:15 AM CET


Microsoft turned to NSA for Vista security help
Microsoft has confirmed and elaborated on the role the National Security Agency played in helping secure the firm's Vista operating system, according to a report in Tuesday's Washington Post. [more]
Wednesday, 10 January 2007, 12:03 AM CET


Personal details are being revealed online
Users are becoming more at ease with revealing information on the web. [more]
Wednesday, 10 January 2007, 12:00 AM CET


The mighty sniffer
One of the most important tools in a security professional's arsenal is the mighty 'sniffer'. Its power is never underestimated, never undervalued. A sniffer is many things to many people. In the right hands it is invaluable, allowing for the analysis of complex traffic passing over the network, in the wrong hands it can be a destructive force, allowing for the capture of confidential or sensitive data as it flows on the wire. [more]
Tuesday, 9 January 2007, 6:07 PM CET


Experts warn of WiMax security holes
Even before the much-hyped WiMax wide area wireless networking gets off the ground experts are warning of security issues affecting the technology. [more]
Tuesday, 9 January 2007, 2:48 PM CET


Experts: Vendors need to reach DRM consensus
It's time for a DRM showdown, according to experts and industry executives. [more]
Tuesday, 9 January 2007, 2:47 PM CET


UK gets email terror alerts
Change in threat level will pop up in your inbox. [more]
Tuesday, 9 January 2007, 2:46 PM CET


Financial services firms should outsource security
IT is getting too complicated for these firms to watch over their own houses. [more]
Tuesday, 9 January 2007, 12:12 AM CET


PHP apps: security's low-hanging fruit
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. [more]
Tuesday, 9 January 2007, 12:03 AM CET


Teen hacks Venezuelan government Web sites
A 17-year-old has been detained by Venezuelan authorities after hacking into multiple government Web sites and posting playful photos of President Hugo Chavez and his close ally, Cuba's Fidel Castro, on some of them. [more]
Tuesday, 9 January 2007, 12:00 AM CET


Rogue diallers still a threat
Users with dial-up modems most at risk. [more]
Monday, 8 January 2007, 3:14 PM CET


Best practices in Wi-Fi network security
As wireless technology explodes in popularity it also presents a new challenge to IT security, especially as it relates to maintaining confidentiality and integrity of data. [more]
Monday, 8 January 2007, 3:13 PM CET


Wi-Fi body to simplify security
Wi-Fi Alliance will detail its Wi-Fi Protected Setup spec at CES on Monday. [more]
Monday, 8 January 2007, 3:12 PM CET


Cisco patches Clean Access flaws
Vulnerabilities could allow unauthorised administrator access. [more]
Monday, 8 January 2007, 3:11 PM CET


Why blurring sensitive information is a bad idea
Blurring sensitive numbers and text is not secure. [more]
Monday, 8 January 2007, 12:24 AM CET


Security threats on Web more serious this year
It was the year when cybercriminals targeted everything from MySpace to Wikipedia, and even a Web site maintained by a Kentucky Boy Scout troop wasn't safe for casual browsing. [more]
Monday, 8 January 2007, 12:15 AM CET


Destroy your data
Most of the time you want to avoid destroying your data. [more]
Monday, 8 January 2007, 12:09 AM CET


Tips for protecting the home computer
Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows’ ubiquity makes it fertile ground for network-based attacks. [more]
Monday, 8 January 2007, 12:03 AM CET


Patch Tuesday to be a half-day
Microsoft pulls four of eight announced security fixes. [more]
Monday, 8 January 2007, 12:00 AM CET


Q&A with Amichai Shulman on the critical vulnerability in AJAX technology
Recently, the Imperva Application Defense Center (ADC) announced the discovery of a critical vulnerability in DWR (Direct Web Reporting), a key underlying technology in the AJAX web application development framework. To discuss this vulnerability and its implications we talked with Amichai Shulman, the co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC). [more]
Friday, 5 January 2007, 7:57 PM CET


PDF security risk greater than originally thought
A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned Thursday. [more]
Friday, 5 January 2007, 5:03 PM CET


Microsoft's Achilles' heel: Office
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. [more]
Friday, 5 January 2007, 1:37 PM CET


A tour of the Google blacklist
Michael Sutton decided to devote a day to walking through the Google Blacklist. While some of the findings were to be expected, others proved somewhat surprising. [more]
Friday, 5 January 2007, 11:36 AM CET


A new SSL certificate is on the way
Web-based businesses face a crisis in consumer confidence because of phishing scams. [more]
Friday, 5 January 2007, 11:33 AM CET


Researcher says QuickTime hole still a problem
Vulnerability that kneecapped MySpace could be exploited again. [more]
Friday, 5 January 2007, 3:57 AM CET


WiMAX security gaps present revenue opportunities
Gaps in WiMAX security fall into three categories: user terminals, intrusion detection, and connectivity service networks. [more]
Friday, 5 January 2007, 3:14 AM CET


How secure is your Wi-Fi connection?
I recently filmed six episodes of a new TV series. In one of them, I wanted to get to the bottom of this Wi-Fi snooping business. [more]
Friday, 5 January 2007, 3:10 AM CET


Create custom login experiences with credential providers for Windows Vista
Windows Vista offers developers many new opportunities for integrating with the platform. [more]
Friday, 5 January 2007, 3:01 AM CET


Microsoft prepares 8 January patches
Software maker plans to plug critical vulnerabilities in Office and Windows. [more]
Friday, 5 January 2007, 1:41 AM CET


Ready to produce IMs in court?
Guidelines expand types of electronic info you'll need for discovery. [more]
Friday, 5 January 2007, 12:51 AM CET


Social networking sites in the crosshairs?
At a high level, social engineering attacks are Web 2.0 attacks. As more users go online to take advantage of Web 2.0 applications like social networking sites, blogs, wikis and RSS feeds, malware authors are going to be right behind them, predicted Dan Nadir, vice president of product strategy at ScanSafe. [more]
Friday, 5 January 2007, 12:42 AM CET


Rift widens over bug disclosure
There's a growing rift among the research community over whether the Month-of-Bugs initiatives are helping security or hurting it. [more]
Friday, 5 January 2007, 12:15 AM CET


Patch issued for OpenOffice.org WMF vulnerability
Flaw could enable unauthorized code to run on a targeted computer. [more]
Friday, 5 January 2007, 12:09 AM CET


"Skype" Trojan analysis
The file was protected with "NTkrnl Secure Suite", a commercial protection system using anti-cracking techniques, polymorphic engines, and other interesting features. [more]
Friday, 5 January 2007, 12:06 AM CET


XSS worm strikes GaiaOnline
GaiaOnline is a highly popular web based game, a perfect target for an XSS worm. [more]
Friday, 5 January 2007, 12:03 AM CET


Internet Explorer unsafe for 284 days in 2006
Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. [more]
Friday, 5 January 2007, 12:00 AM CET


Pentagon: Efforts to steal U.S. tech rising
Asia-Pacific countries expected to intensify bids to steal defense technology. [more]
Thursday, 4 January 2007, 1:49 AM CET


7 new features that enhance security in SharePoint
Implementing effective security measures for your Microsoft Office SharePoint Server (MOSS) 2007 environment can significantly reduce management overhead while allowing teams to collaborate and share business data in a safe environment. [more]
Thursday, 4 January 2007, 1:32 AM CET


VoIP fuels security threats
As more businesses choose to convert to VoIP in 2007, the security threat is set to increase, according to a new report. [more]
Thursday, 4 January 2007, 1:24 AM CET


Major university servers being used to facilitate spam
What do Purdue University, Cornell U, Iowas State U, Texas Tech U, Kansas State U have in common? Hint, it has nothing to do with education or sports. They're all advertising and don't know it. [more]
Thursday, 4 January 2007, 1:15 AM CET


Google on security alert
Though the New Years holiday was a long vacation for many, it was a long work weekend for those in Google's security operations. [more]
Thursday, 4 January 2007, 1:00 AM CET


PDF reader falls victim to cross-site scripting flaw
Vulnerability could allow for malicious code to be remotely tied-on to files from trusted sites. [more]
Thursday, 4 January 2007, 12:03 AM CET


Protecting your data center during power-outage season
Overhead lines pose risk in rough weather, but they're better than you think. [more]
Thursday, 4 January 2007, 12:00 AM CET


Flash phishing
We've now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content.

Two recent examples, both targeting PayPal: www.ppal-form-ssl.com and www.welcome-ppl.com.

These sites look like the real PayPal front page, but they are actually Flash recreations. [more]
Wednesday, 3 January 2007, 3:03 PM CET


Risk mitigation for legacy Windows NT 4.0 systems
Arguably one of today’s biggest risks for network security and compliance are lingering systems that are no longer supported by their vendors. The security flaws in these systems may have been widely known for years, as is the case with Windows NT 4.0. In this article, we’ll examine the risks associated with continuing to run these systems as well as provide some countermeasures that can be used to mitigate these risks. [more]
Wednesday, 3 January 2007, 2:33 PM CET


Not your average phishing scam
One of the first phishing scams to catch Security Fix's eye in the new year -- a counterfeit Amazon.com login page -- may set the tone for the sophistication of online schemes involving fake bank and e-commerce sites in 2007. [more]
Wednesday, 3 January 2007, 2:24 PM CET


Security expert: E-voting issues persist
Eugene Spafford sees trend toward auditable results. [more]
Wednesday, 3 January 2007, 12:21 AM CET


Memories of a media card
Anyone who has upgraded their digital camera probably has a few older incompatible media cards lying around - so why not post them on Ebay? Well if you do, be sure to properly wipe them because the digital voyeurs are watching. [more]
Wednesday, 3 January 2007, 12:19 AM CET


eBay cross verification bug
For an e-tailer, there isn’t a worse time of year to have major issues with your site than the run-up to Christmas, but that is precisely what eBay has been struggling with at the moment. [more]
Tuesday, 2 January 2007, 6:32 PM CET


The devil's guide to Vista security
If you don't need protection from yourself, then here's a way around Vista's security measures. [more]
Tuesday, 2 January 2007, 3:06 PM CET


How to crash a Windows mobile using MMS
Test code spotlights mobile malware menace. [more]
Tuesday, 2 January 2007, 1:41 PM CET


CSI: TCP/IP
Keep your friends close and your enemies closer. Why the Pentagon's toughest Internet crime fighter likes hanging out with blackhat hackers. [more]
Tuesday, 2 January 2007, 12:10 PM CET


13 easy ways to safeguard your privacy in 2007
A handy guide for everyone. [more]
Tuesday, 2 January 2007, 2:35 AM CET


QuickTime flaw kicks off month of Apple bugs
A previously undocumented flaw in Apple's QuickTime media player could be exploited remotely. [more]
Tuesday, 2 January 2007, 12:29 AM CET


Choosing passwords
Among the best security practices that everyone should adopt, choosing strong passwords is at the top of the list. [more]
Monday, 1 January 2007, 3:22 PM CET


Five security technologies for 2007
Data integrity tools and systems topped the list of the most critical technologies for 2007 among the IT executives who participated in Computerworld’s Vital Signs trends survey for the first quarter of 2007. [more]
Monday, 1 January 2007, 3:14 PM CET


Managed security: seeking a payoff
Surging demand for managed security services and related investments lead organizations to find efficient partners outside. [more]
Monday, 1 January 2007, 3:09 PM CET


Navigating a sea of new security threats
New security threats demand new thinking and solid executive backing. [more]
Monday, 1 January 2007, 3:06 PM CET


The Web's dark side grows darker
Spam, bots and other malicious gremlins gear up for a busy 2007. [more]
Monday, 1 January 2007, 12:09 AM CET


How the anti-copyright lobby makes big business richer
We're continually being told the Internet empowers the individual. [more]
Monday, 1 January 2007, 12:01 AM CET


Cell phone users, beware
Cell phone users, beware. The FBI can listen to everything you say, even when the cell phone is turned off. [more]
Monday, 1 January 2007, 12:00 AM CET


Spotlight

What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //