Off the Wire

Off The Wire Archive

News items for January 2007

Phishing overtakes spam for the first time
For the first time the proportion of phishing attacks has exceeded the number of threats from virus or Trojan attacks, according to MessageLabs. [more]
Wednesday, 31 January 2007, 4:48 PM CET

Tracking the Russian scammers
Dmitry Ivanovich Golubov, a 22-year-old Ukrainian who went by the nickname "Script," was considered one of the godfathers of Eastern European carding rings. [more]
Wednesday, 31 January 2007, 4:46 PM CET

Interview with Fyodor about the shutdown
So after the takedown of, and all the different points of view that were being aired, on the various web sites, I decided to contact Fyodor and ask him exactly what happened, and what’s going to happen in the future in regard to [more]
Wednesday, 31 January 2007, 4:45 PM CET

Internet Explorer unsafe for 284 Days in 2006
Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. [more]
Wednesday, 31 January 2007, 4:43 PM CET

Tightening the Net on Cybercrime
David Thomas' entree to online crime came through the conventional world of offline crime. He was born to a Texas oil family, but this circumstance did little to grease his way through life. [more]
Wednesday, 31 January 2007, 4:42 PM CET

Vista raises the bar for flaw finders
Microsoft launched its latest operating system - Windows Vista - on Monday, a move that will make finding easily exploitable vulnerabilities a lot harder, according to security researchers. [more]
Wednesday, 31 January 2007, 4:40 PM CET

Thoughts on PatchGuard (otherwise known as Kernel Patch Protection)
From the blog: Recently, there has been a fair bit of press about PatchGuard. I’d like to clarify a couple of things (and clear up some common misconceptions that appear to be floating around out there). [more]
Wednesday, 31 January 2007, 4:39 PM CET

Vista vs. viruses
What exactly are the functions which are designed to offer the user security? And how effective will they really be? Is it true that once Vista is released an antivirus won’t be necessary? This article is designed to address some of these issues. [more]
Wednesday, 31 January 2007, 12:44 PM CET

Internet Explorer 7 security denial of service vulnerability
Various versions of Internet Explorer, including IE7 for Windows XP SP2 and the browser integrated into Windows Vista are vulnerable to exploits targeting a zero-day flaw. Microsoft has confirmed
the existence of the Internet Explorer ActiveX bgColor Property Denial of Service vulnerability reported by Determina Security Research. [more]
Wednesday, 31 January 2007, 12:43 PM CET

Getting the skinny on Vista security
Windows Vista contains Microsoft's most comprehensive collection of desktop-security features. But many of the safeguards are real departures from previous practice, and part of the method for benefiting from Vista's security features is knowing how they work. [more]
Wednesday, 31 January 2007, 12:42 PM CET

Security vendors ally on credit card rules
A group of eight security vendors will use next week's RSA Conference to seek more support for their new PCI Alliance, which hopes to sell more products to companies that need to comply with credit card industry regulations. [more]
Wednesday, 31 January 2007, 12:40 PM CET

Adware funders fined for malware contributions, and Cingular Wireless have agreed to pay a fine for advertising through an illegal adware application. [more]
Wednesday, 31 January 2007, 12:17 PM CET

Windows Vista's hyped security will be tested
Computer hackers are off and running trying to find vulnerabilities in Microsoft Corp.'s new Windows Vista operating system, putting to test the software maker's claim that it is the most secure Windows program ever. [more]
Wednesday, 31 January 2007, 12:15 PM CET

Cyber-criminals take aim at online games
Cyber-criminals are increasingly targeting online games in an effort to rob players of virtual assets and sell them on auction websites. [more]
Wednesday, 31 January 2007, 12:14 PM CET

Sony settles secret spyware suit
he Federal Trade Commission announced Tuesday that the music company agreed to settle charges that it embedded potentially damaging anti-piracy software in some of its CDs without the knowledge of buyers. [more]
Wednesday, 31 January 2007, 12:14 PM CET

Hype vs. reality in VoIP security
Voice over IP, like many new technologies, suffers from having security as an afterthought. [more]
Wednesday, 31 January 2007, 12:13 PM CET

Microsoft will change Vista to meet EU requirements
As Windows Vista appeared in computer stores worldwide, Microsoft Corp. said Tuesday that part of the design of the new operating system is the work of the European Commission. [more]
Wednesday, 31 January 2007, 12:11 PM CET

Script wreaks havoc on MySpace
A handful of enterprising people - at least one of them a teen - has devised a Javascript that allows its owner to temporarily access the browser's MySpace account. [more]
Wednesday, 31 January 2007, 12:11 PM CET

AACS LA to go after HD hackers
Following a wave of claims that the AACS content protection system in Blu-ray and HD DVD high definition media has been cracked, the organization behind the technology said that it will use "both technical and legal measures to deal with attacks". [more]
Tuesday, 30 January 2007, 6:01 PM CET

Vista 'most secure ever' - Gates
Windows Vista is "dramatically more secure than any other operating system released", Microsoft founder Bill Gates has told BBC News. [more]
Tuesday, 30 January 2007, 6:00 PM CET

Is open source superior?
It's sometimes hard to see through the brick and mortar of the commercial world, where trade secrets translate directly into dollars. [more]
Tuesday, 30 January 2007, 5:59 PM CET

Virus-busting made easy - and affordable
Larger companies have been able to keep their networks clean and their employees out of the back alleys of cyberspace with all-in-one devices that combine multiple layers of security capable of screening every byte traveling between the internal network and the Web. [more]
Tuesday, 30 January 2007, 5:50 PM CET

Firefox 2.0: happier browsing, but secure?
It's long past time to bother telling anyone how much better than IE Firefox is. Faster, smaller, more responsive, with tabbed browsing and useful extensions galore. [more]
Tuesday, 30 January 2007, 4:50 PM CET

Ajax fingerprinting for Web 2.0 applications
Fingerprinting is an age old concept and one that adds great value to assessment methodologies. There are several tools available for fingerprinting and each one uses a different method — inspecting the TCP stack, ICMP responses, HTTP responses. With this evolution of Web 2.0 applications that use Ajax extensively, it is important to fingerprint Ajax tools, framework or library used by a particular web site or a page. This paper describes the method of doing Ajax fingerprinting with a simple prototype serving as an example. [more]
Tuesday, 30 January 2007, 12:27 PM CET

Web advertisers settle N.Y. spyware lawsuit
Three of the most aggressive buyers of online advertising space today agreed to pay fines and reform their advertising practices as part of a landmark anti-spyware settlement. [more]
Tuesday, 30 January 2007, 11:11 AM CET

PGP: encryption everywhere
PGP Corporation may have the handle on protecting sensitive data everywhere. [more]
Tuesday, 30 January 2007, 11:11 AM CET

I was a cybercrook for the FBI
By the time David Thomas eased his Cadillac into the parking lot of an office complex in Issaquah, Washington, he already suspected the police were on to him. [more]
Tuesday, 30 January 2007, 11:09 AM CET

How Schwab shuts out hackers
Charles Schwab implements sophisticated system aimed at preventing unauthorized Web site logons. [more]
Tuesday, 30 January 2007, 12:03 AM CET

Optimizing enterprise Nessus scans for speed
This blog entry details some strategies that can help decrease scanning times with Nessus for very large networks. [more]
Tuesday, 30 January 2007, 12:00 AM CET

Log management – lifeblood of information security
Because of the widespread deployment of networked servers, workstations, and other computing devices, and the ever-increasing number of threats against networks and systems, the number, volume, and variety of computer security logs has increased greatly. This has created the need for computer security log management, which is the process for generating, transmitting, storing, analysing, and disposing of computer security log data. [more]
Monday, 29 January 2007, 6:34 PM CET

Meeting the Swedish bank hacker
Computer Sweden reporter Linus Larsson interviewed the hacker behind the recent Internet frauds perpetrated against Sweden's Nordea bank. The hacker claims responsibility for many more intrusions. "Ninety-nine percent of all bank intrusions are kept secret," he insists. [more]
Monday, 29 January 2007, 5:53 PM CET

The year hacking became a business
IT was the year when cyber-criminals targeted everything from MySpace to Wikipedia, and even a website maintained by a local boy scout troop wasn't safe. [more]
Monday, 29 January 2007, 5:37 PM CET

A long year of hackers disrupting the Web
Software makers who try to stop online crooks say they are bracing for a new level of nastiness in 2007. "Hackers realize they have a limited time before their attacks are blocked, so they are opening up their arsenal and trying everything possible," said Yuval Ben-Itzhak, chief technology officer of Finjan Software. [more]
Monday, 29 January 2007, 12:06 AM CET

Inside the Windows Vista Kernel
This is the first part of a series on what's new in the Windows Vista kernel. In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security. [more]
Monday, 29 January 2007, 12:03 AM CET

Silence and 'scareware' epidemic at MySpace
MySpace's immense popularity appears to have handed the social networking site an unwanted role as a clearinghouse for Web 2.0 naughties. [more]
Monday, 29 January 2007, 12:00 AM CET

SSL secures VNC applications
SSL provides a novel mechanism for convenient, secure access of remote desktops with VNC and standard Web browsers. [more]
Friday, 26 January 2007, 7:35 PM CET

Hackers actively exploit new Microsoft Word flaw
The new Microsoft Word threat, which Symantec has labeled Trojan.Mdropper.W, relies on a certain execution vulnerability to install files onto a compromised computer. When an infected Word document is opened, it drops a Trojan onto the computer to give the malicious hackers remote access to the machine. [more]
Friday, 26 January 2007, 7:35 PM CET

Security no matter what the OS
Running a "more secure" operating system doesn't excuse you from basic security management. [more]
Friday, 26 January 2007, 7:32 PM CET

Hi-def DVD security is bypassed
The encryption on high-definition DVDs has been bypassed, the consortium backing the copy protection system on discs has confirmed. [more]
Friday, 26 January 2007, 12:40 PM CET

Breaches: Boards need to wake up
The first reports of fraud using data stolen from retail giant TJX in December started to trickle in last week, and many observers fear a torrent will develop. [more]
Friday, 26 January 2007, 12:39 PM CET

Convicted cop killer stole Pa. man's identity
Thief stole money from bank account, purchased a used Cadillac Escalade. [more]
Friday, 26 January 2007, 12:43 AM CET

Why pirated Vista has Microsoft champing at the BitTorrent
On the eve of launch, P2P networks unnerve the software giant. [more]
Friday, 26 January 2007, 12:36 AM CET

Symantec storage revenue down; job cuts ahead
With sales of its storage software dropping, Symantec Corp. plans to lay off some of its staff as part of an effort to cut $200 million in expenses. [more]
Friday, 26 January 2007, 12:30 AM CET

Michigan treasurer falls for Nigerian scam
A public treasurer in the Michigan county of Alcona stands accused of embezzling tax payers out of more than $1.2m, at least part of which was used to cover costs he incurred falling for a Nigerian banking fraud. [more]
Friday, 26 January 2007, 12:09 AM CET

Substitute teacher faces jail time over spyware
A 40-year-old former substitute teacher from Connecticut is facing prison time following her conviction for endangering students by exposing them to pornographic material displayed on a classroom computer. [more]
Friday, 26 January 2007, 12:03 AM CET

Concern over net security patches
The firm that makes hardware for much of the backbone of the internet has released three patches for security holes in its products. [more]
Thursday, 25 January 2007, 3:49 PM CET

Bug brokers offering higher bounties
Adriel Desautels aims to be the go-to guy for researchers that want to sell information regarding serious security vulnerabilities. [more]
Thursday, 25 January 2007, 1:22 PM CET

In praise of security theater
While visiting some friends and their new baby in the hospital last week, I noticed an interesting bit of security. [more]
Thursday, 25 January 2007, 1:21 PM CET

Cracking the encryption of a Windows Mobile application
While the visual and operational functions of a program are easy to rate, many software components are hidden away inside the blackbox of the executable. [more]
Thursday, 25 January 2007, 11:45 AM CET

ActiveX flaw could affect up to 70 apps
Vulnerable third-party component used by more than 20 vendors. [more]
Thursday, 25 January 2007, 11:26 AM CET

Hide data in files with easy steganography tools
The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better. [more]
Thursday, 25 January 2007, 11:25 AM CET

Massachusetts' top prosecutor laughs off credit card fraud
Any would-be credit-card thieves will be cheered by the news that Massachusetts' chief prosecutor reckons the chances of catching crooks who steal credit card details to make purchases online are next to nil - even when they're attempting to defraud the attourney general herself. [more]
Thursday, 25 January 2007, 11:24 AM CET

Privacy board won't share documents
The White House Privacy and Civil Liberties Board responded to Wired News's request for documents about its briefings on the board's knowledge of the government's warrantless wiretapping of Americans and is refusing to release any records. [more]
Thursday, 25 January 2007, 12:21 AM CET

Time to reboot the Internet again
Cisco, the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. [more]
Thursday, 25 January 2007, 12:12 AM CET

High-tech crime units lack central support
Technology crime is low on local police force agendas. [more]
Thursday, 25 January 2007, 12:03 AM CET

UK firms naive to USB stick dangers
Half of UK companies are prepared to put their network security at risk by inserting a USB stick posing as a party invitation, according to research published this week. [more]
Thursday, 25 January 2007, 12:00 AM CET

Apple releases 'highly critical' QuickTime patch
Apple has patched a 'highly critical' vulnerability in QuickTime for both Mac OS X and Windows. [more]
Wednesday, 24 January 2007, 2:28 PM CET

Hillary: the privacy candidate?
The New York Democrat has clearly staked out her positions on the esoteric subject, and they're sending electronic civil libertarians' hearts a twitter. [more]
Wednesday, 24 January 2007, 11:54 AM CET

Asking for credentials from IT
If you are not part of the IT group, you may have to ask someone for the right credentials to perform patch and configuration audits with Nessus. This blog entry will offer some advice and strategies to consider when attempting to obtain access to the devices for auditing. [more]
Wednesday, 24 January 2007, 1:17 AM CET

One hacker kit accounts for 71% of attacks
The "Q406 Roll-up" is a security headache because the exploits are heavily encrypted, say experts. [more]
Wednesday, 24 January 2007, 1:09 AM CET

Fraud and hacks: prevention and recovery
It is officially open-season on small businesses. [more]
Wednesday, 24 January 2007, 12:15 AM CET

Tangling with identity management? There's help
Portal designed to aid developers building identity-based apps. [more]
Wednesday, 24 January 2007, 12:03 AM CET

Blu-ray DRM defeated
The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month.

Wednesday, 24 January 2007, 12:00 AM CET

Google admits to user data disclosure
Anti-phishing list logged user names and passwords. [more]
Tuesday, 23 January 2007, 2:03 PM CET

Nolisting - poor man's greylisting
Nolisting fights spam by specifying a primary MX that is always unavailable. [more]
Tuesday, 23 January 2007, 11:52 AM CET

Step by secure step: network security planning
With a little prioritization, setting up a network security plan doesn't have to eat up all your time. [more]
Tuesday, 23 January 2007, 11:51 AM CET

Malware more compatible with Vista than anti-malware products
Malware writers appear to be much further along in developing malware for Vista than the security industry is in making products to protect the new operating system. [more]
Tuesday, 23 January 2007, 1:55 AM CET

Hackers to target mobile banking, study says
This year could see a sharp rise in hacker attacks on Internet-enabled smartphones as a number of new banking and payment initiatives enter the mobile channel. [more]
Tuesday, 23 January 2007, 1:53 AM CET

Vista Service Pack 1 is coming
Reckon you won't upgrade to Vista until the first service pack is released? That's looking likely to be the second half of this year, according to Microsoft's latest email blast. [more]
Tuesday, 23 January 2007, 1:23 AM CET

Widgets: the next big security threat?
Desktop gadgets and widgets that display system information and other data, like weather forecasts, are becoming so popular they could become the next big security threat, says Eric Chien, security response engineer at Symantec. [more]
Monday, 22 January 2007, 5:06 PM CET

Vista copy protection is defended
Microsoft has defended the digital rights management systems integrated into its new Vista operating system. [more]
Monday, 22 January 2007, 4:55 PM CET

The Cross-Site Request Forgery (CSRF/XSRF) FAQ
This paper serves as a living document for Cross-Site Request Forgery issues. This document will serve as a repository of information from existing papers, talks, and mailing list postings and will be updated as new information is discovered. [more]
Monday, 22 January 2007, 11:22 AM CET

Researcher says PatchGuard changes helped Microsoft
Microsoft has come under fire for quietly releasing a fix to its PatchGuard kernel protection software in order to improve the performance of its Virtual Server 2005 product. [more]
Monday, 22 January 2007, 10:58 AM CET

ABA slams reports it wants customers liable for online security
Australian Banking Association (ABA) chief executive David Bell has slammed misleading reports that member banks have been lobbying the Australian Securities and Investment Commission (ASIC) to make customers liable for Internet banking fraud. [more]
Monday, 22 January 2007, 9:49 AM CET

Why antivirus technology is ineffective
Many malware blockers are inadequate because they target only known intruders, but there's hope in new security products. [more]
Monday, 22 January 2007, 9:22 AM CET

Hackers steal from customers of US federal savings plan
Keylogging software allowed criminals to record all keystrokes made by savings plan participants. [more]
Monday, 22 January 2007, 1:45 AM CET

RFID in the supply chain – a new demand for availability
Using data from their RFID tags, organisations can use this information to get a better insight into their manufacturing processes. Examples of how this information could be used include, monitoring the level of components compared to levels of completed goods for sale or demonstrating how all the stages of the manufacturing process are working. [more]
Monday, 22 January 2007, 1:00 AM CET

The growing threat of collateral hacking
Collateral hacking occurs when an entity trusted with critical data is compromised. [more]
Monday, 22 January 2007, 12:48 AM CET

Host multiple Apache SSL Web sites on a single network card with IP aliasing
The interest in using SSL and name-based virtual hosts together is on the increase. Some people will tell you that such a thing is impossible, but you can implement virtual hosts in Apache through IP-based virtual hosts. In this article, John Liao and Jim Miles show you how. [more]
Monday, 22 January 2007, 12:42 AM CET

iPod: new threat when it comes to mobile security
Manging mobility requires planning, says Ephraim Schwartz. [more]
Monday, 22 January 2007, 12:30 AM CET

New secure VPN tunneling protocol in the works at Microsoft
SSTP intended for remote access. [more]
Monday, 22 January 2007, 12:12 AM CET

Chinese professor cracks fifth data encryption algorithm
In five years, the U.S. government will cease to use SHA-1 and convert to a new and more advanced computer data encryption. [more]
Monday, 22 January 2007, 12:03 AM CET

Windows Vista content protection - twenty questions and answers
A conversation has cropped up since the recent publication of a paper scrutinizing how Windows handles digital rights management, especially for HD video. [more]
Monday, 22 January 2007, 12:00 AM CET

When pen testers go bad
Heads of security accused of corporate espionage. [more]
Friday, 19 January 2007, 11:18 PM CET

Hackers steal $35,000 from customers of federal savings plan
Thieves used keylogging software to break into accounts of Thrift Savings Plan. [more]
Friday, 19 January 2007, 10:37 PM CET

Encrypt your instant messages with Gaim
You're instant messaging your wife from the office and you'd rather the IT guys weren't privy to the conversation. You're IM'ing a potential investor about your stealth startup at the coffee shop. [more]
Friday, 19 January 2007, 9:45 PM CET

Microsoft helps fight online child abuse in India
Microsoft is working with the International Centre for Missing & Exploited Children (ICMEC) and the international police force Interpol to help fight online child abuse in India. [more]
Friday, 19 January 2007, 9:28 PM CET

Don’t get fobbed off – use a PayPal security key
Confound phishers with the latest security device in the web user’s armoury – a key fob password generator [more]
Friday, 19 January 2007, 9:22 PM CET

Stolen GPS devices make for easy burglary arrest
A trio of thieves who looted GPS systems out of cars in a New York garage had a tough time concealing their location, as the devices led police right to the suspects' home. [more]
Friday, 19 January 2007, 9:21 PM CET

Thumb-print banking takes India
Banks and ATM machines are an unfamilar sight in the rural countryside here, but the government hopes to change that with new technology that could ease the transition from cash to computers. [more]
Friday, 19 January 2007, 11:51 AM CET

Spam on IP telephony
Spam filters can easily be trained to give better than 90 per cent effectiveness with zero false positives. [more]
Friday, 19 January 2007, 11:51 AM CET

A security overview of Microsoft Visual Studio 2005 Team Edition
To integrate database development into the overall life cycle most effectively, you must understand the variety of security implications in Team Edition for Database Professionals. [more]
Friday, 19 January 2007, 1:49 AM CET

Crawling Ajax-driven Web 2.0 Applications
Crawling web applications is one of the key phases of automated web application scanning whose objective is to collect all possible resources from the server in order to automate vulnerability detection on each of these resources. A resource that is overlooked during this discovery phase can mean a failure to detect some vulnerabilities. The introduction of Ajax throws up new challenges for the crawling engine. [more]
Friday, 19 January 2007, 12:30 AM CET

Top data protection challenges faced by IT administrators
For the past two years, disk as a backup target has been hailed as data protection's "big fix". [more]
Friday, 19 January 2007, 12:03 AM CET

Microsoft lines up Vista security partners
Eleven security vendors promise to have Vista-ready products when Microsoft's new operating system is availavle to consumers at the end of the month. [more]
Friday, 19 January 2007, 12:00 AM CET

U.S. agencies given deadline for smart ID testing
Smart-card samples must be submitted by Friday to meet security directive. [more]
Thursday, 18 January 2007, 2:39 PM CET

Encrypted virus code: new spin on old trick?
Viruses using encrypted code are nothing new for hackers or security developers. [more]
Thursday, 18 January 2007, 2:39 PM CET

NSA warrantless spying now special warrant spying
The government's warrantless wiretapping of Americans' overseas communications will now get special warrants from a secret court, according to a letter by Attorney General Alberto Gonzales sent Wednesday to the Senate Judiciary Committee. [more]
Thursday, 18 January 2007, 2:38 PM CET

Firm hired to improve VA security
The Department of Veterans Affairs will pay a defense contractor millions of dollars to help the agency improve data security after the theft last year of a computer packed with personal information, company officials said Wednesday. [more]
Thursday, 18 January 2007, 9:01 AM CET

Critical Windows bug exploit code goes public
Code that exploits a critical Windows vulnerability disclosed and patched last week has been posted to a public mailing list, raising the risk of an attack, security vendors said Wednesday. [more]
Thursday, 18 January 2007, 9:01 AM CET

Dutch prosecutors seek jail time for botnet duo
Phishing, extortion, and keylogging merit more than a fine. [more]
Thursday, 18 January 2007, 1:30 AM CET

Great strides in phishing
Earlier this month, Security Fix called attention to a phishing scam where bad guys were making use of the real Web site to trick people into entering personal information at a fake Amazon site they created. [more]
Thursday, 18 January 2007, 1:09 AM CET

MySpace to offer parental notification software
‘Zephyr’ to help find name, age and location their children use online. [more]
Thursday, 18 January 2007, 12:30 AM CET

Less data, more security
Barely a week goes by these days without news of laptops stolen or lost, and loaded with data that can expose employees, consumers or patients to identity theft. [more]
Thursday, 18 January 2007, 12:12 AM CET

Why ignoring arrogance at work hurts corporate security
The Duke lacrosse scandal highlights the root of security problems. [more]
Thursday, 18 January 2007, 12:03 AM CET

Report highlights business risks facing technology
Companies torn between civil liberties and security. [more]
Thursday, 18 January 2007, 12:00 AM CET

Computer privacy in distress
A rash of recent court decisions says the Constitution may not be enough to protect a laptop from examination by the police. [more]
Wednesday, 17 January 2007, 11:02 AM CET

Google partner in China accused of abetting piracy
Download engine Xunlei allegedly aiding copyright infringement. [more]
Wednesday, 17 January 2007, 3:27 AM CET

Botnet herders face jailtime
Network controlling millions of PCs netted €60,000. [more]
Wednesday, 17 January 2007, 3:05 AM CET

Worms pwn Symantec users
Corporate users of some Symantec antivirus product are facing persistent attacks that target a vulnerability that the security provider patched more than seven months ago. [more]
Wednesday, 17 January 2007, 2:37 AM CET

Bolster your browsing privacy at work
As a firm believer that you can do your job well while getting in a little personal time with Sweet Lady Internet, this week I'm going to highlight a few methods for adding a layer of privacy and freedom to your work browsing. [more]
Wednesday, 17 January 2007, 2:00 AM CET

Interview with Balazs Fejes, CTO of EPAM Systems
In this interview, Mr. Fejes discusses the security implications of outsourcing, privacy breaches and compliance laws. [more]
Wednesday, 17 January 2007, 1:24 AM CET

UK proposes sharing data among gov't agencies
Agencies claim better service, but civil libertarians cry foul. [more]
Wednesday, 17 January 2007, 1:18 AM CET

VoIP soon to be a target for hackers
In Hacking Exposed VoIP, which hit bookshelves last month, authors David Endler and Mark Collier argue that voice-over-IP technology “is about to hit critical mass” and will become a favorite security hole for hackers to slip through to disrupt IT operations. [more]
Wednesday, 17 January 2007, 1:06 AM CET

Pentagon viewing Americans' bank records
he Pentagon and to a lesser extent the CIA have been using a little-known power to look at the banking and credit records of hundreds of Americans and others suspected of terrorism or espionage within the United States, officials said Saturday. [more]
Wednesday, 17 January 2007, 12:51 AM CET

First pirated HD DVD movie hits BitTorrent
The pirates of the world have fired another salvo in their ongoing war with copy protection schemes with the first release of the first full-resolution rip of an HD DVD movie on BitTorrent. [more]
Wednesday, 17 January 2007, 12:41 AM CET

Apple's iPhone: theoretical risks of unreleased handset
Apple's iPhone is unlikely to become a gateway device for mobile malware, Symantec says. [more]
Wednesday, 17 January 2007, 12:30 AM CET

CA backup software has 'critical' security flaws
It has now released patches for the security flaws. [more]
Wednesday, 17 January 2007, 12:21 AM CET

Vista security: a petulant child
Should third-party software vendors reduce the security noise Windows Vista makes? [more]
Wednesday, 17 January 2007, 12:03 AM CET

Banks making big IT systems changes
It's not enough for banks simply to offer attractive services -- the key to retention is the ability to bundle products and services in a way that reflects the customers' specific lifestyles and financial requirements. And the biggest issue that banks must overcome to make bundling a reality is disparate I.T. systems. [more]
Wednesday, 17 January 2007, 12:00 AM CET

Wide support for spyware teacher
A Connecticut teacher, recently convicted of morals offences after her laptop displayed a range of pornographic sites to a classroom of children, has been backed by several malware experts. [more]
Tuesday, 16 January 2007, 4:19 PM CET

Privately, Hollywood admits DRM isn't about piracy
For almost ten years now I have argued that digital rights management has little to do with piracy, but that is instead a carefully plotted ruse to undercut fair use and then create new revenue streams where there were previously none. [more]
Tuesday, 16 January 2007, 4:08 PM CET

Six ways to protect your systems in a merger
Here's how to stay safe when joining two organizations that may have different security philosophies, policies, technologies and needs. [more]
Tuesday, 16 January 2007, 4:04 PM CET

Oracle flags up 52 security flaws
Databases come under security spotlight. [more]
Tuesday, 16 January 2007, 11:52 AM CET

Are viruses, malware winning the security battle?
Rootkits, originally programmes designed to help computer administrators, are the current bugbear for security firms trying to prevent them from sneaking worms, trojans, and viruses past anti-virus programs. [more]
Tuesday, 16 January 2007, 11:45 AM CET

Why it’s time for Network Access Control
Security and compliance policies are only successful if they are enforced. That’s where network access control comes in. [more]
Tuesday, 16 January 2007, 11:45 AM CET

Creating a culture of security – the real challenge
An ever-growing growing percentage of computer crimes are being committed by professional “criminals” who steal market-valued sensitive data – e.g. credit card data and customer identities. [more]
Tuesday, 16 January 2007, 1:03 AM CET

Anti-piracy firm holds $40K hacker challenge
The winner of WIBU Systems' Hacker's Contest 2007, which will be running from January 31 to March 14, requires the potential hacker must be able to run the protected program without the CM-Stick, describe their methodology of removing the protection, and discover a secret message hidden in the program. [more]
Tuesday, 16 January 2007, 12:45 AM CET

MI5 makes public email alert system more secure
A system set up by MI5 to send email terror alerts to the public has been made more secure, according to Spyblog. [more]
Tuesday, 16 January 2007, 12:27 AM CET

US wants all your fingerprints
Brits planning a trip to the US will now have to surrender all 10 of their digits to the authorities for fingerprinting. The prints will then be added to the same FBI database which stores the prints of convicted criminals. [more]
Tuesday, 16 January 2007, 12:12 AM CET

If you've traveled abroad recently, you've been investigated
You've been assigned a score indicating what kind of terrorist threat you pose. [more]
Tuesday, 16 January 2007, 12:06 AM CET

Spamonomics 101
The biggest thing I've wondered about spam is: Why do the spammers even bother? [more]
Tuesday, 16 January 2007, 12:02 AM CET

Disaster recovery
How prepared is your organization to deal with the challenges of a disaster? How safe are your facilities, your data, your people? [more]
Tuesday, 16 January 2007, 12:00 AM CET

Could invisibility beat encryption?
PCMesh has unveiled software which it claims can hide any Windows file or directory, not only from other users - or thieves - of the same PC, but even from the operating system or a virus. [more]
Monday, 15 January 2007, 5:41 PM CET

Fraudsters using new phishing tactics
Kit discovered that can be easily configured to suit different targets. [more]
Monday, 15 January 2007, 4:55 PM CET

Ten tips for smart post-CES security
Dialing down post-holiday, post-show woe. [more]
Monday, 15 January 2007, 4:54 PM CET

PayPal claims key victory against fraud
Key fob device provides new security code every 30 seconds. [more]
Monday, 15 January 2007, 4:52 PM CET

Hacking enters new era of crime
It was the year when cybercriminals targeted everything from MySpace to Wikipedia, and even a Web site by a Kentucky Boy Scout troop wasn't safe for browsing. [more]
Monday, 15 January 2007, 4:51 PM CET

Zombie computers clog the Web with spam
Email inboxes are being clogged with what seems like a huge increase in unwanted spam messages. [more]
Monday, 15 January 2007, 8:23 AM CET

The vulnerability disclosure game: are we more secure?
Can we speak frankly about "vulnerability disclosure" now? More than a decade into the process, can anyone say security has improved? [more]
Monday, 15 January 2007, 8:22 AM CET

Hack this application!
Products like TiVo DVRs and the Xbox highlight the benefits of allowing hackers to tinker with technology. [more]
Monday, 15 January 2007, 12:21 AM CET

Stolen laptop had files on taxpayers
A laptop computer containing files on 30,000 taxpayers was stolen from the car of an N.C. Department of Revenue employee last month, and state officials are cautioning everyone on the list to keep an eye on their finances for potential fraud. [more]
Monday, 15 January 2007, 12:12 AM CET

Spy vs. open source searcher
The U.S. State Department effort last month to issue a travel ban on 12 Iranians suspected of supporting that nation's nuclear program wasn't big news at first. [more]
Monday, 15 January 2007, 12:03 AM CET

Consider outsourcing data backup
Online storage does not have to replace local storage such as an external hard drive. [more]
Monday, 15 January 2007, 12:00 AM CET

Expensive new U.S. spy satellite not working: sources
U.S. officials are unable to communicate with an expensive experimental U.S. spy satellite launched last year by the U.S. National Reconnaissance Office (NRO), a defense official and another source familiar with the matter told Reuters on Thursday. [more]
Friday, 12 January 2007, 8:54 PM CET

The anatomy of a covert wireless security assessment
Maybe I’m a little old for it, but I do enjoy the change of pace a big wireless security penetration project provides. [more]
Friday, 12 January 2007, 8:15 PM CET

The Pirate Bay plans to buy island
Swedish file-sharing website The Pirate Bay is planning to buy its own nation in an attempt to circumvent international copyright laws. [more]
Friday, 12 January 2007, 7:10 PM CET

Government looks at data shake-up
The way the government makes its vast amounts of data available to the public could be about to change. [more]
Friday, 12 January 2007, 7:06 PM CET

Myths and misconceptions about security
How treading down the wrong path leaves your enterprise at risk. [more]
Friday, 12 January 2007, 12:31 PM CET

Doing your NAC policy homework
If grade schools had technology that could stop students from coming to class unless their homework was complete, would they turn students away at the door if they hadn't finished their assignments? [more]
Friday, 12 January 2007, 12:30 PM CET

Vista contest offers cash for exploits
Security vendor offers $8,000 for reports of Vista and IE7 flaws. [more]
Friday, 12 January 2007, 12:27 PM CET

Oracle now giving early notice of security updates
Oracle has taken a cue from Microsoft and started giving its customers an early warning of what they can expect from upcoming security patch releases. [more]
Friday, 12 January 2007, 1:30 AM CET

UI announces data theft
The names, addresses and Social Security numbers of about 70,000 students, faculty members and donors to the University of Idaho may have been stolen along with three computers over the Thanksgiving holiday, the university announced today. [more]
Friday, 12 January 2007, 1:09 AM CET

Teens charged with breaking into school computer
Two New Jersey teens have been accused by police of illegally tapping in to a school computer to change grades. [more]
Friday, 12 January 2007, 1:03 AM CET

Technology giving police more power to spy on us
Tucson police have a new law-enforcement tool: a car-mounted license-plate scanner. [more]
Friday, 12 January 2007, 12:45 AM CET

More Adobe Reader vulnerabilities
Last week, Security Fix warned readers about a newly discovered design flaw in Adobe Reader that could be used to trick users into giving away personal and financial data. [more]
Friday, 12 January 2007, 12:27 AM CET

IT security experts warn of phishing kit peril
Universal Man-in-the-Middle phishing kit discovered by RSA. [more]
Friday, 12 January 2007, 12:15 AM CET

PHP apps: security's low-hanging fruit
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. [more]
Friday, 12 January 2007, 12:09 AM CET

Companies fear their workers' lax e-mail security
Companies spend millions on systems to keep corporate e-mail safe. If only their employees were as paranoid. [more]
Friday, 12 January 2007, 12:03 AM CET

Hitman spam threatens users for cash
Pay me off or I'll carry out the job, claims bogus email. [more]
Friday, 12 January 2007, 12:00 AM CET

Automated scanning vs. the OWASP Top Ten
The OWASP Top Ten is a list of the most critical web application security flaws – a list also often used as a minimum standard for web application vulnerability assessment (VA) and compliance. [more]
Thursday, 11 January 2007, 9:48 PM CET

Prosecutors file first charges in HP spying case
Prosecutors on Wednesday filed the first federal charges in the Hewlett-Packard spy scandal, accusing a Colorado private investigator of fraudulently obtaining private phone records of HP directors, employees and reporters who covered the company. [more]
Thursday, 11 January 2007, 12:31 PM CET

Saddam spam hides Trojan malware
Clips of former dictator's execution used to spread malware. [more]
Thursday, 11 January 2007, 12:20 PM CET

New PayPal key to help thwart phishers
Additional password-generating security measure should be opened to beta users within the next month [more]
Thursday, 11 January 2007, 11:09 AM CET

Handling password hashes
Many of today's computer passwords are stored and transmitted in a cryptographic hashed form. [more]
Thursday, 11 January 2007, 10:30 AM CET

Burglar-proof Windows?
Vista's new security features may be annoying, but they're good for you. [more]
Thursday, 11 January 2007, 10:30 AM CET

Secure passwords keep you safer
Ever since I wrote about the 34,000 MySpace passwords I analyzed, people have been asking how to choose secure passwords. [more]
Thursday, 11 January 2007, 10:29 AM CET

Microsoft: Home Server sports serious security
Windows Home Server will include security features taken from Windows Server 2003, but won't work as a central distributor for patches to PCs on the home network. [more]
Thursday, 11 January 2007, 1:15 AM CET

Kids take Web threats more seriously than their parents
I.T. security expert Christoph Fischer says he sees a dangerous lack of concern among older Internet users. [more]
Thursday, 11 January 2007, 1:06 AM CET

Canadian coins bugged, U.S. security agency says
They say money talks, and a new report suggests Canadian currency is indeed chatting, at least electronically, on behalf of shadowy spies. [more]
Thursday, 11 January 2007, 12:54 AM CET

Senators: Government data mining needs oversight
Current civil-liberties canaries not up to the task. [more]
Thursday, 11 January 2007, 12:45 AM CET

A positive impact on Web application security
Web security vulnerabilities continually impact the risk of doing business on the Web. [more]
Thursday, 11 January 2007, 12:33 AM CET

Microsoft confirms NSA's role in Vista security
The NSA's involvement with Windows Vista -- which was confirmed by Microsoft this week -- is not the first time the NSA has provided guidance to Redmond. [more]
Thursday, 11 January 2007, 12:27 AM CET

How the Web makes creating software vulnerabilities easier
How the Web makes creating software vulnerabilities easier, disclosing them more difficult and discovering them possibly illegal. [more]
Thursday, 11 January 2007, 12:21 AM CET

Mozilla takes aim at Opera security
Opera Software may well be putting its browser users at risk by not properly disclosing security vulnerabilities to vulnerable users. [more]
Thursday, 11 January 2007, 12:03 AM CET

Duo deny LA traffic hack charges
A pair of Los Angeles traffic system engineers have been charged with manipulating traffic signals to disrupt transportation across the city in the run-up to a union protest last August. [more]
Thursday, 11 January 2007, 12:00 AM CET

Malware: Windows is only part of the problem
We’ve all been hearing a lot about secure applications recently, or more accurately about insecure applications; specifically those that are exploited in identity theft raids or that we can be “tricked” into running on our PCs. [more]
Wednesday, 10 January 2007, 5:13 PM CET

Further Information on the Pocket PC MMS Exploit
F-Secure have done further study on the MMS exploit discovered by Collin Mulliner. [more]
Wednesday, 10 January 2007, 3:59 PM CET

Broken botnet cuts global spam by a third
But junk mail will still reach breaking point this year. [more]
Wednesday, 10 January 2007, 3:57 PM CET

Security project could overwhelm state governments
Homeland Security ID plan applies the pressure. [more]
Wednesday, 10 January 2007, 1:04 PM CET

Truste survey finds support for government use of biometric IDs
But they do have misgivings about a loss of privacy. [more]
Wednesday, 10 January 2007, 11:49 AM CET

Researchers: Hack will help kill HD-DVD copy protection
Another encryption standard cut off at the knees. [more]
Wednesday, 10 January 2007, 12:21 AM CET

Identity thief cons way into Harvard
Cunning thief fools top universities and signs up for criminology classes. [more]
Wednesday, 10 January 2007, 12:21 AM CET

Mystery drop in fraud and spam
Spam levels suddenly dropped 30 per cent last week, according to managed security firm SoftScan, which attributes the let-up to a "broken" botnet. [more]
Wednesday, 10 January 2007, 12:15 AM CET

Microsoft turned to NSA for Vista security help
Microsoft has confirmed and elaborated on the role the National Security Agency played in helping secure the firm's Vista operating system, according to a report in Tuesday's Washington Post. [more]
Wednesday, 10 January 2007, 12:03 AM CET

Personal details are being revealed online
Users are becoming more at ease with revealing information on the web. [more]
Wednesday, 10 January 2007, 12:00 AM CET

The mighty sniffer
One of the most important tools in a security professional's arsenal is the mighty 'sniffer'. Its power is never underestimated, never undervalued. A sniffer is many things to many people. In the right hands it is invaluable, allowing for the analysis of complex traffic passing over the network, in the wrong hands it can be a destructive force, allowing for the capture of confidential or sensitive data as it flows on the wire. [more]
Tuesday, 9 January 2007, 6:07 PM CET

Experts warn of WiMax security holes
Even before the much-hyped WiMax wide area wireless networking gets off the ground experts are warning of security issues affecting the technology. [more]
Tuesday, 9 January 2007, 2:48 PM CET

Experts: Vendors need to reach DRM consensus
It's time for a DRM showdown, according to experts and industry executives. [more]
Tuesday, 9 January 2007, 2:47 PM CET

UK gets email terror alerts
Change in threat level will pop up in your inbox. [more]
Tuesday, 9 January 2007, 2:46 PM CET

Financial services firms should outsource security
IT is getting too complicated for these firms to watch over their own houses. [more]
Tuesday, 9 January 2007, 12:12 AM CET

PHP apps: security's low-hanging fruit
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. [more]
Tuesday, 9 January 2007, 12:03 AM CET

Teen hacks Venezuelan government Web sites
A 17-year-old has been detained by Venezuelan authorities after hacking into multiple government Web sites and posting playful photos of President Hugo Chavez and his close ally, Cuba's Fidel Castro, on some of them. [more]
Tuesday, 9 January 2007, 12:00 AM CET

Rogue diallers still a threat
Users with dial-up modems most at risk. [more]
Monday, 8 January 2007, 3:14 PM CET

Best practices in Wi-Fi network security
As wireless technology explodes in popularity it also presents a new challenge to IT security, especially as it relates to maintaining confidentiality and integrity of data. [more]
Monday, 8 January 2007, 3:13 PM CET

Wi-Fi body to simplify security
Wi-Fi Alliance will detail its Wi-Fi Protected Setup spec at CES on Monday. [more]
Monday, 8 January 2007, 3:12 PM CET

Cisco patches Clean Access flaws
Vulnerabilities could allow unauthorised administrator access. [more]
Monday, 8 January 2007, 3:11 PM CET

Why blurring sensitive information is a bad idea
Blurring sensitive numbers and text is not secure. [more]
Monday, 8 January 2007, 12:24 AM CET

Security threats on Web more serious this year
It was the year when cybercriminals targeted everything from MySpace to Wikipedia, and even a Web site maintained by a Kentucky Boy Scout troop wasn't safe for casual browsing. [more]
Monday, 8 January 2007, 12:15 AM CET

Destroy your data
Most of the time you want to avoid destroying your data. [more]
Monday, 8 January 2007, 12:09 AM CET

Tips for protecting the home computer
Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows’ ubiquity makes it fertile ground for network-based attacks. [more]
Monday, 8 January 2007, 12:03 AM CET

Patch Tuesday to be a half-day
Microsoft pulls four of eight announced security fixes. [more]
Monday, 8 January 2007, 12:00 AM CET

Q&A with Amichai Shulman on the critical vulnerability in AJAX technology
Recently, the Imperva Application Defense Center (ADC) announced the discovery of a critical vulnerability in DWR (Direct Web Reporting), a key underlying technology in the AJAX web application development framework. To discuss this vulnerability and its implications we talked with Amichai Shulman, the co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC). [more]
Friday, 5 January 2007, 7:57 PM CET

PDF security risk greater than originally thought
A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned Thursday. [more]
Friday, 5 January 2007, 5:03 PM CET

Microsoft's Achilles' heel: Office
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. [more]
Friday, 5 January 2007, 1:37 PM CET

A tour of the Google blacklist
Michael Sutton decided to devote a day to walking through the Google Blacklist. While some of the findings were to be expected, others proved somewhat surprising. [more]
Friday, 5 January 2007, 11:36 AM CET

A new SSL certificate is on the way
Web-based businesses face a crisis in consumer confidence because of phishing scams. [more]
Friday, 5 January 2007, 11:33 AM CET

Researcher says QuickTime hole still a problem
Vulnerability that kneecapped MySpace could be exploited again. [more]
Friday, 5 January 2007, 3:57 AM CET

WiMAX security gaps present revenue opportunities
Gaps in WiMAX security fall into three categories: user terminals, intrusion detection, and connectivity service networks. [more]
Friday, 5 January 2007, 3:14 AM CET

How secure is your Wi-Fi connection?
I recently filmed six episodes of a new TV series. In one of them, I wanted to get to the bottom of this Wi-Fi snooping business. [more]
Friday, 5 January 2007, 3:10 AM CET

Create custom login experiences with credential providers for Windows Vista
Windows Vista offers developers many new opportunities for integrating with the platform. [more]
Friday, 5 January 2007, 3:01 AM CET

Microsoft prepares 8 January patches
Software maker plans to plug critical vulnerabilities in Office and Windows. [more]
Friday, 5 January 2007, 1:41 AM CET

Ready to produce IMs in court?
Guidelines expand types of electronic info you'll need for discovery. [more]
Friday, 5 January 2007, 12:51 AM CET

Social networking sites in the crosshairs?
At a high level, social engineering attacks are Web 2.0 attacks. As more users go online to take advantage of Web 2.0 applications like social networking sites, blogs, wikis and RSS feeds, malware authors are going to be right behind them, predicted Dan Nadir, vice president of product strategy at ScanSafe. [more]
Friday, 5 January 2007, 12:42 AM CET

Rift widens over bug disclosure
There's a growing rift among the research community over whether the Month-of-Bugs initiatives are helping security or hurting it. [more]
Friday, 5 January 2007, 12:15 AM CET

Patch issued for WMF vulnerability
Flaw could enable unauthorized code to run on a targeted computer. [more]
Friday, 5 January 2007, 12:09 AM CET

"Skype" Trojan analysis
The file was protected with "NTkrnl Secure Suite", a commercial protection system using anti-cracking techniques, polymorphic engines, and other interesting features. [more]
Friday, 5 January 2007, 12:06 AM CET

XSS worm strikes GaiaOnline
GaiaOnline is a highly popular web based game, a perfect target for an XSS worm. [more]
Friday, 5 January 2007, 12:03 AM CET

Internet Explorer unsafe for 284 days in 2006
Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. [more]
Friday, 5 January 2007, 12:00 AM CET

Pentagon: Efforts to steal U.S. tech rising
Asia-Pacific countries expected to intensify bids to steal defense technology. [more]
Thursday, 4 January 2007, 1:49 AM CET

7 new features that enhance security in SharePoint
Implementing effective security measures for your Microsoft Office SharePoint Server (MOSS) 2007 environment can significantly reduce management overhead while allowing teams to collaborate and share business data in a safe environment. [more]
Thursday, 4 January 2007, 1:32 AM CET

VoIP fuels security threats
As more businesses choose to convert to VoIP in 2007, the security threat is set to increase, according to a new report. [more]
Thursday, 4 January 2007, 1:24 AM CET

Major university servers being used to facilitate spam
What do Purdue University, Cornell U, Iowas State U, Texas Tech U, Kansas State U have in common? Hint, it has nothing to do with education or sports. They're all advertising and don't know it. [more]
Thursday, 4 January 2007, 1:15 AM CET

Google on security alert
Though the New Years holiday was a long vacation for many, it was a long work weekend for those in Google's security operations. [more]
Thursday, 4 January 2007, 1:00 AM CET

PDF reader falls victim to cross-site scripting flaw
Vulnerability could allow for malicious code to be remotely tied-on to files from trusted sites. [more]
Thursday, 4 January 2007, 12:03 AM CET

Protecting your data center during power-outage season
Overhead lines pose risk in rough weather, but they're better than you think. [more]
Thursday, 4 January 2007, 12:00 AM CET

Flash phishing
We've now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content.

Two recent examples, both targeting PayPal: and

These sites look like the real PayPal front page, but they are actually Flash recreations. [more]
Wednesday, 3 January 2007, 3:03 PM CET

Risk mitigation for legacy Windows NT 4.0 systems
Arguably one of today’s biggest risks for network security and compliance are lingering systems that are no longer supported by their vendors. The security flaws in these systems may have been widely known for years, as is the case with Windows NT 4.0. In this article, we’ll examine the risks associated with continuing to run these systems as well as provide some countermeasures that can be used to mitigate these risks. [more]
Wednesday, 3 January 2007, 2:33 PM CET

Not your average phishing scam
One of the first phishing scams to catch Security Fix's eye in the new year -- a counterfeit login page -- may set the tone for the sophistication of online schemes involving fake bank and e-commerce sites in 2007. [more]
Wednesday, 3 January 2007, 2:24 PM CET

Security expert: E-voting issues persist
Eugene Spafford sees trend toward auditable results. [more]
Wednesday, 3 January 2007, 12:21 AM CET

Memories of a media card
Anyone who has upgraded their digital camera probably has a few older incompatible media cards lying around - so why not post them on Ebay? Well if you do, be sure to properly wipe them because the digital voyeurs are watching. [more]
Wednesday, 3 January 2007, 12:19 AM CET

eBay cross verification bug
For an e-tailer, there isn’t a worse time of year to have major issues with your site than the run-up to Christmas, but that is precisely what eBay has been struggling with at the moment. [more]
Tuesday, 2 January 2007, 6:32 PM CET

The devil's guide to Vista security
If you don't need protection from yourself, then here's a way around Vista's security measures. [more]
Tuesday, 2 January 2007, 3:06 PM CET

How to crash a Windows mobile using MMS
Test code spotlights mobile malware menace. [more]
Tuesday, 2 January 2007, 1:41 PM CET

Keep your friends close and your enemies closer. Why the Pentagon's toughest Internet crime fighter likes hanging out with blackhat hackers. [more]
Tuesday, 2 January 2007, 12:10 PM CET

13 easy ways to safeguard your privacy in 2007
A handy guide for everyone. [more]
Tuesday, 2 January 2007, 2:35 AM CET

QuickTime flaw kicks off month of Apple bugs
A previously undocumented flaw in Apple's QuickTime media player could be exploited remotely. [more]
Tuesday, 2 January 2007, 12:29 AM CET

Choosing passwords
Among the best security practices that everyone should adopt, choosing strong passwords is at the top of the list. [more]
Monday, 1 January 2007, 3:22 PM CET

Five security technologies for 2007
Data integrity tools and systems topped the list of the most critical technologies for 2007 among the IT executives who participated in Computerworld’s Vital Signs trends survey for the first quarter of 2007. [more]
Monday, 1 January 2007, 3:14 PM CET

Managed security: seeking a payoff
Surging demand for managed security services and related investments lead organizations to find efficient partners outside. [more]
Monday, 1 January 2007, 3:09 PM CET

Navigating a sea of new security threats
New security threats demand new thinking and solid executive backing. [more]
Monday, 1 January 2007, 3:06 PM CET

The Web's dark side grows darker
Spam, bots and other malicious gremlins gear up for a busy 2007. [more]
Monday, 1 January 2007, 12:09 AM CET

How the anti-copyright lobby makes big business richer
We're continually being told the Internet empowers the individual. [more]
Monday, 1 January 2007, 12:01 AM CET

Cell phone users, beware
Cell phone users, beware. The FBI can listen to everything you say, even when the cell phone is turned off. [more]
Monday, 1 January 2007, 12:00 AM CET


What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 22nd