Off the Wire

Off The Wire Archive

News items for October 2002

Snort Enterprise Implementation
The purpose of this guide is to document the installation and configuration of a complete Snort enterprise implementation. [more]
Thursday, 31 October 2002, 2:34 PM CET

More security patches from Microsoft
In yet another combo pack, Microsoft released three security bulletins. The bulletins which are labeled from moderate to critical, deal with IIS, Windows 2000 and Windows XP. [more]
Thursday, 31 October 2002, 2:25 PM CET

ActivCard Gold 2.2 launched
ActivCard announced the worldwide availability of ActivCard Gold 2.2 and ActivCard Gold for CAC 2.2. They are also currently offering a free trial of the product. [more]
Thursday, 31 October 2002, 2:23 PM CET

Implementing secure web portals with RSA ClearTrust webinar
On Wednesday, November 06 2002, RSA Security and Geisinger Health System will host a web seminar titled "Implementing Secure Web Portals with the RSA ClearTrust Solution". [more]
Thursday, 31 October 2002, 2:22 PM CET

Do bug-hunting security firms put users at risk?
Publicizing software flaws before reporting them to the maker could help hackers attack, some insiders say. [more]
Thursday, 31 October 2002, 2:21 PM CET

Site shuts down credit transactions after security complaint
E-commerce site was this week forced to stop accepting credit card payments after an anonymous complaint that the site was not secure. [more]
Thursday, 31 October 2002, 2:19 PM CET

Responsible bug disclosure by corporate fiat
The new Organization for Internet Safety aims to make vulnerability disclosure more responsible. It's a good idea, but is the group too corporate to pull it off? [more]
Thursday, 31 October 2002, 1:53 PM CET

State of the wireless nation
Computer experts and amateurs are joining forces to map out wireless networks around the world and find out how many are secure. [more]
Thursday, 31 October 2002, 1:48 PM CET

Questions + Answers: Kevin Mitnick
Kevin Mitnick talks about the lessons he's learnt over his career and how he's using that knowledge to help business stay secure. [more]
Thursday, 31 October 2002, 1:38 PM CET

Why can't hackers be stopped?
Enterprise networks often use packet firewalls at the network perimeter, but they are of little use against active components because they examine only header information. [more]
Thursday, 31 October 2002, 1:35 PM CET

Virus Hunting in Saudi Arabia
Eddy Willems speaks about his trip to Saudi Arabia and getting black-market DVDs with viruses and anti virus products. [more]
Wednesday, 30 October 2002, 3:24 PM CET

BitDefender Professional 6.5 Released
BitDefender Professional 6.5 means new virus scan engines, integrating cutting-edge technologies for an ever increasing scanning speed and detection accuracy. [more]
Wednesday, 30 October 2002, 3:19 PM CET

Network Associates Fights Spam
The McAfee Security division of NAI announced a new initiative to combat spam through increased education, awareness, and technology, expanding upon the company's current anti-spam offerings. [more]
Wednesday, 30 October 2002, 3:16 PM CET

The IP Smart Spoofing
This paper describes a new technique for spoofing an IP address with any networking application. [more]
Wednesday, 30 October 2002, 2:40 PM CET

Check Point VPN-1/FireWall-1 added to Computer History Museum
Gil Shwed, chairman and CEO, Check Point Software Technologies commented: "Check Point's inclusion in the Computer History Museum is an honor." [more]
Wednesday, 30 October 2002, 1:35 PM CET

Are firewalls and virus software effective security measures?
Organisations only making use of traditional security products like firewalls and anti-virus software may not be using the most effective security strategy in the context of a total solution. [more]
Wednesday, 30 October 2002, 1:33 PM CET

CIA warns of Net terror threat
Al-Qaida is not the only terrorist network hoping to wreak havoc on the United States through "cyberwarfare," the CIA says. [more]
Wednesday, 30 October 2002, 12:48 PM CET

Book Review: Network Security with OpenSSL
The latest addition to O'Reilly's "must-have" references is Network Security with OpenSSL. The book covers pretty much all you'd ever need to know about using OpenSSL in your programs. [more]
Wednesday, 30 October 2002, 12:44 PM CET

China prevented repeat cyber attack on US
The Defense Department expected new cyber attacks from China but they never materialized: the Chinese government asked attackers not to repeat the 2001 defacement of U.S. government Web sites. [more]
Wednesday, 30 October 2002, 12:39 PM CET

How to protect your PC from viruses
Today, a worm or virus can arrive on anyone's machine through e-mail or an infected Web page. Before you lose a day's work to the latest malicious virus, follow these precautions. [more]
Wednesday, 30 October 2002, 12:35 PM CET

The hacker attackers get in training
Executrain recently hosted the Middle East’s first Symantec Gateway Security training course – the first such programme to be run outside of the USA. [more]
Tuesday, 29 October 2002, 3:02 PM CET

Wireless LAN security: Time to take action
By using wireless LANs without taking proper security measures, companies leave their networks vulnerable to even relatively unsophisticated attackers. [more]
Tuesday, 29 October 2002, 12:53 PM CET

Microsoft wirelessly hacked (not bad Microsoft...not bad!)
At Smau, the biggest Italian IT exhibition, Microsoft’s wireless system was penetrated halting most of the Wi-Fi network. [more]
Tuesday, 29 October 2002, 12:34 PM CET

Attack of the Mod Squads
Game console mod chips can be used for everything from watching movies to installing Linux on your X-Box. But under goofy copyright laws, the piracy app kills all the others. [more]
Tuesday, 29 October 2002, 12:28 PM CET

Talking security
With vandals trying to disrupt the Internet and probing the weaknesses of America's corporate data networks, White House Cyber Security chief Richard Clarke has his work cut out for him. [more]
Tuesday, 29 October 2002, 12:24 PM CET

Virus writer's conviction upheld
A Dutch appeals court has upheld the conviction of the man who created and unleashed the Anna Kournikova e-mail worm last year. [more]
Tuesday, 29 October 2002, 12:18 PM CET

Is that a virus, or a malfunction?
Virus symptoms are very like those of routine PC malfunctions. If a user thinks the system is infected, how can you be sure? [more]
Tuesday, 29 October 2002, 12:14 PM CET

DallasCon Wireless Security Conference for your wireless needs
If you're interested in wireless technology, you should attend DallasCon Wireless Security Conference that will be held in May next year. [more]
Monday, 28 October 2002, 4:41 PM CET

HNS Newsletter issue 133 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 28 October 2002, 4:28 PM CET

HNS Book Giveaway: Internet Site Security
We are giving away 3 copies of "Internet Site Security" by Erik Schetina, Ken Green and Jacob Carlson. Want some knowledge? [more]
Monday, 28 October 2002, 3:46 PM CET

'We are the worst security risk' - sys admins confess
More than half of all senior IT managers (58%) think that their own IT departments offer the largest threat to IT security. [more]
Monday, 28 October 2002, 3:16 PM CET

PayPal users targeted by e-mail scam - again
Users of PayPal have again been targeted by scam artists trying to steal their personal data, including name, address, home and work telephone numbers and credit card information. [more]
Monday, 28 October 2002, 3:14 PM CET

We must secure ourselves
The government helped create the Internet and then turned it over to us. Its protection is a matter of national security and economic need. [more]
Monday, 28 October 2002, 3:09 PM CET

Terrorists hijacking websites
The al-Qaeda terror network has begun breaking into websites to create secret pages that send messages to its followers. [more]
Monday, 28 October 2002, 3:07 PM CET

Black letter day for e-cards
Software from website is currently causing mass spam outbreaks and clogging corporate servers. [more]
Monday, 28 October 2002, 3:04 PM CET

Network security: to be secure or not to be ?
It is important for both system vendors and network management to understand that hardware-based IPSec and SSL acceleration is the only way to achieve multigigabit performance and throughput. [more]
Monday, 28 October 2002, 2:59 PM CET

Hacker runs up $10,000 phone bill
Thousands of junk e-mails charged to a Napier firm by a computer hacker are a costly lesson in company security, says a police information technology expert. [more]
Friday, 25 October 2002, 9:32 PM CET

Certifiably Certified
Despite impressive acronyms that look great on a resume, security certifications don't guarantee that the holder is qualified to secure vital information. [more]
Friday, 25 October 2002, 9:30 PM CET

Closing spyware loopholes
A recent court decision against AOL Netscape finally puts some limits on the clickwrap contracts that make spyware legal. [more]
Friday, 25 October 2002, 9:28 PM CET

Why hackers don't care about Wi-Fi
Experts at war driving exchange location secrets and sniffing tips over the Web, the way gamers trade strategies for reaching new levels. [more]
Friday, 25 October 2002, 9:23 PM CET

Are we living in the Golden Age of Hacking?
Recent months have seen an increase in security holes and in new tools used to exploit them, expert warns. [more]
Friday, 25 October 2002, 9:21 PM CET

McAfee anti virus included on MSN 8 cd-rom
McAfee Security Consumer announced a partnership with MSN. According to the terms, McAfee VirusScan Online will be included in the MSN 8 cd-rom. [more]
Thursday, 24 October 2002, 2:36 PM CET

Countering cyber war
Timothy Shimeall, Phil Williams and Casey Dunlevy argue that defence planning has to incorporate the virtual world to limit physical damage in the real. [more]
Thursday, 24 October 2002, 1:37 PM CET

The Complete Windows Trojans Paper
This is a paper about Windows Trojans, how they work, their variations and, of course, strategies to minimise the risk of infection. [more]
Thursday, 24 October 2002, 1:33 PM CET

Dealing with External Computer Security Incidents
This paper discusses some of the effort required to deal with external security incidents on an organization's hosts and network. [more]
Thursday, 24 October 2002, 1:31 PM CET

RSA Security collaborates with AMD to boost security
RSA Security is collaborating with AMD to deliver optimized encryption software for current AMD Athlon processors and upcoming AMD processors based on Hammer technology. [more]
Thursday, 24 October 2002, 12:04 PM CET

Reverse Engineering Hostile Code
This article outlines the process of reverse engineering hostile code. By "hostile code", we mean any process running on a system that is not authorized by the system administrator. [more]
Thursday, 24 October 2002, 12:03 PM CET

Net attacks: Internet pioneer predicted outages in 2000
Monday's attacks on the 13 root servers that serve the Internet were discussed as a distinct possibility by an Internet pioneer in The Age over two years ago. [more]
Thursday, 24 October 2002, 11:54 AM CET

No easy money suing spammers
Think deleting junk e-mail is a pain? Try taking a spammer to court. Some activists are making money pursuing spam cases in small claims court, but few say the profits are worth the hassle. [more]
Thursday, 24 October 2002, 11:30 AM CET

Using GnuPG
This article is intented as a simple introductory guide to GnuPG and not as a comprehensive guide to public key encryption. [more]
Thursday, 24 October 2002, 11:27 AM CET

Building a better virus defense
Antivirus on the desktop is fairly mature. However, the IT organization must now coordinate a layered defense to prevent viruses from penetrating the core network, particularly via e-mail. [more]
Thursday, 24 October 2002, 11:22 AM CET

Images get distortion-proof crypto marks
Researchers from Xerox and the University of Rochester have created a new way to encrypt information in a digital image and extract it later without any distortion or loss of information. [more]
Thursday, 24 October 2002, 11:20 AM CET

Experts meet to combat child porn
An international conference of police and criminologists aims to fight the rising tide of Web-based child pornography. [more]
Wednesday, 23 October 2002, 4:24 PM CET

The Norman Book on Computer Viruses
One of the most high-profile threats to information integrity is the computer virus. With global computing on the rise, computer viruses have had more visibility in the past two years. [more]
Wednesday, 23 October 2002, 4:21 PM CET

Wang Hack FAQ
These FAQs explain in great detail the most common questions asked about computers and security today. [more]
Wednesday, 23 October 2002, 4:11 PM CET

Check Point expands SMART product line
Check Point announced two add-ons to their SMART (Security Management Architecture) product line - SmartView Reporter and SmartView Monitor. [more]
Wednesday, 23 October 2002, 3:48 PM CET

HNS Book contest winners
Three lucky winners have been chosen, each one gets a copy of "Web Hacking: Attacks and Defense". Are you one of them? [more]
Wednesday, 23 October 2002, 3:09 PM CET

Call For Papers Announcement: Black Hat Windows Security
Papers and presentations are now being accepted for The Black Hat Briefings: Windows Security 2003 event in Seattle, Washington, February 26th to the 27th. [more]
Wednesday, 23 October 2002, 1:50 PM CET

Feds investigating 'largest ever' Internet attack
US Federal authorities are investigating an attack on the internet that has been described as the "largest and most complex" in history. [more]
Wednesday, 23 October 2002, 1:44 PM CET

Software security - a matter of trust
You can make a good argument that any practical computer security arrangement involves some level of trust between software providers and software users. [more]
Wednesday, 23 October 2002, 1:42 PM CET

Firewalls of the future
As security threats facing high-speed networks grow by the day, products such as firewalls are under constant demand to become more sophisticated. [more]
Wednesday, 23 October 2002, 1:41 PM CET

Tracking down insecure WLANs
Looking for something to do this weekend? Well, if you have a laptop and a wireless card, you can join dozens of other technophiles with time on their hands in searching out insecure WLANs. [more]
Wednesday, 23 October 2002, 1:39 PM CET

Can you trust your computer?
In this article Richard Stallman gives his view of "trusted computing". Do I have to emphasize that it's very much different from what Microsoft has to say? [more]
Tuesday, 22 October 2002, 2:48 PM CET

Martin Rakhmanoff wrote this article to (better) document the process of finding and exploiting buffer overrun bugs. [more]
Tuesday, 22 October 2002, 2:47 PM CET

Open Source Digital Forensics Tools: The Legal Argument
This paper addresses digital forensic analysis tools and their use in a legal setting. [more]
Tuesday, 22 October 2002, 2:46 PM CET

Common security mistakes still haunt enterprises
As enterprises expose their perimeters to customers and business partners more and more, there is less room or tolerance for security lapses. [more]
Tuesday, 22 October 2002, 2:44 PM CET

Why Web Application Security is the New Threat
The main causes of today's web application vulnerabilities lie within the development structure process. Developers are under pressure to meet deadlines and make sure the application works from day one. [more]
Tuesday, 22 October 2002, 2:39 PM CET

Web vandalism on the rise
Web vandalism is on the rise around the world, underscoring the shoddy state of affairs in IT security, according to [more]
Tuesday, 22 October 2002, 2:24 PM CET

Direct marketers endorse anti-spam laws
The Direct Marketing Association said that unsolicited e-mail has become so noxious that a federal anti-spam law is necessary. [more]
Tuesday, 22 October 2002, 2:22 PM CET

The rise of encryption
Over the past three years, sales of encryption products have jumped 86%, to $248 million - a figure that will rise to $379 million by 2006, according to the research firm IDC. [more]
Tuesday, 22 October 2002, 12:29 PM CET

Navy searching for hundreds of missing computers
At least 595 laptops and desktops belonging to the Navy's Pacific Command in Hawaii have been potentially lost or compromised, according to an internal report. [more]
Tuesday, 22 October 2002, 12:23 PM CET

Feds warming to the idea of regulating security
White house security officials are coming around to the idea that government regulation of the software industry may be needed to make the National Strategy to Secure Cyberspace work. [more]
Tuesday, 22 October 2002, 12:07 PM CET

ICSA Labs announces Q3 2002 certifications
ICSA Labs, an independent division of TruSecure Corporation announced that it has certified sixteen products in Q3 2002. [more]
Monday, 21 October 2002, 3:59 PM CET

Three more days to enter in the HNS book contest
We are giving away 3 copies of "Web Hacking: Attacks and Defense". Want some knowledge? [more]
Monday, 21 October 2002, 3:44 PM CET

HNS Newsletter issue 132 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 21 October 2002, 3:43 PM CET

Keep unwanted guests off your wireless net
Your Wi-Fi network could be an open door to attackers. Here's how to close it. [more]
Monday, 21 October 2002, 3:40 PM CET

Pepex worm fakes IE security patch
Pepex is a dangerous worm spreading via the Internet as an attachment in an e-mail message with the following subject: "Internet Explorer vulnerability patch". [more]
Monday, 21 October 2002, 3:12 PM CET

SA sites hit by hacker
A hacker is reported to have targeted at least 20 South African Web sites last week, 14 of the attacks occurring in a single day. [more]
Monday, 21 October 2002, 2:54 PM CET

MIT Palladium presentation
Last friday Brian LaMacchia from Microsoft held a presentation about a set of hardware and software security features currently under development for a future version of the Windows operating system. [more]
Monday, 21 October 2002, 2:52 PM CET

E-card Sneakware Delivers Web Porn
A Trojan horse program created by an Internet adult entertainment company routes surfers to racy sites. [more]
Monday, 21 October 2002, 12:29 PM CET

PC security: suite yourself
Surfing the Net without some level of security has become like driving in NASCAR without a seat belt. [more]
Monday, 21 October 2002, 12:18 PM CET

Chrooting daemons and system processes HOW-TO
The purpose of chrooting is designed to create an impenetrable (theoretically) "jail" protecting what is being chrooted from being able to read or modify any files outside of the chrooted environment. [more]
Monday, 21 October 2002, 12:15 PM CET

Tips on protecting yourself from viruses
How does a person stay safe and still get the most out of surfing the internet? Having an antivirus lifeguard on duty doesn't mean you don't have to pay attention to what's going on. [more]
Friday, 18 October 2002, 2:33 PM CET

Secure Linux desktop begins shipping to UK police force
A pilot scheme which could see police forces throughout England and Wales switching to Linux desktops has kicked off with delivery of the first systems to the West Yorkshire force. [more]
Friday, 18 October 2002, 2:32 PM CET

Cyberthreat Response and Reporting Guidelines
CIO Magazine worked with the Secret Service, the FBI and industry leaders to create guidelines for reporting security incidents - what to report, who to report it to, and how. [more]
Friday, 18 October 2002, 2:20 PM CET

Bogus Yahoo email picks up credit card numbers
Yahoo says that some of its customers have been tricked into giving their credit card numbers to an unaffiliated third party that had posed as Yahoo in a mass e-mail. [more]
Friday, 18 October 2002, 2:18 PM CET

UK firm touts alternative to digital certificates
Two factor authentication, using secure tokens is being backed as an alternative to digital certificates by Quizid Technologies, which is enjoying support from the Parliamentary All Party Export Group. [more]
Friday, 18 October 2002, 2:10 PM CET

Tif to take hackers to task
Blue-chip user group The Corporate IT Forum has set up a security taskforce to work with the police. [more]
Friday, 18 October 2002, 1:59 PM CET

Net forces scrutiny of open records
Crime victims, jurors and witnesses fear assailants can easily identify them. With many records now available on the Net, governments are revisiting public information policies. [more]
Friday, 18 October 2002, 1:58 PM CET

Can a hacker outfox Microsoft?
Cypherpunk Lucky Green files a defensive patent to prevent the software giant from using Palladium to block piracy efforts. Analysts say it just might work. [more]
Friday, 18 October 2002, 1:54 PM CET

HNS Book Contest
We are giving away 3 copies of "Web Hacking: Attacks and Defense" by Stuart McClure, Saumil Shah and Shreeraj Shah. [more]
Thursday, 17 October 2002, 5:00 PM CET

Microsoft releases another pack of security bulletins
In another combo pack, Microsoft released 3 security bulletins. The bulletins which are labeled from moderate to critical, deal with Microsoft Word and Excel, Windows XP, Microsoft SQL Server 7.0 and 2000. [more]
Thursday, 17 October 2002, 2:21 PM CET

The Tech Industry Rescue Squad
What makes CERT/CC unique is that it functions as an independent security reporting center that assumes anonymity with each client unless it receives permission to use the client's identity. [more]
Thursday, 17 October 2002, 1:25 PM CET

Openwall GNU/*/Linux aka Owl 1.0 released
Openwall GNU/*/Linux" aka Owl is a security-enhanced operating system with Linux and GNU software as its core, compatible with other distributions of GNU/*/Linux. [more]
Thursday, 17 October 2002, 1:25 PM CET

Student remembers hacking experience
Junior's experience highlights computer hacking concerns for C.U. technology offices. [more]
Thursday, 17 October 2002, 1:23 PM CET

Trust of Net declining, report says
Americans are using and enjoying the Internet more than ever, a private research firm said Wednesday, even though they're still not entirely sure their personal information is secure. [more]
Thursday, 17 October 2002, 1:16 PM CET

World cybercrime experts see need for laws, ties
Top international cyber-crimebusters wrapped up a three-day conference in the world's most wired country with a call for greater global cooperation to fight online offences. [more]
Thursday, 17 October 2002, 12:41 PM CET

Voiceprints make crypto keys
Researchers from Lucent Technologies' Bell Labs are tapping the individuality of the human voice to generate unique cryptographic keys for computer users. [more]
Thursday, 17 October 2002, 12:34 PM CET

Sklyarov denied US visa to testify in DMCA case
Dmitry Sklyarov, the Russian programmer at the centre of the first DMCA prosecution, has been denied a US visa in a move that jeopardises his requirement to testify in the forthcoming trial of ElcomSoft. [more]
Thursday, 17 October 2002, 12:30 PM CET

MS beta site cracked
The server on which Microsoft makes its beta programs available for testing has been infiltrated by outsiders who have downloaded an unspecified cornucopia of programs. [more]
Thursday, 17 October 2002, 12:23 PM CET

Book review: Internet Site Security
This book manages to shade a new light on the problems of security implementation. Read the review to find our how. [more]
Wednesday, 16 October 2002, 2:43 PM CET

Highlighting an 'ethical hacker'
Companies should bolster their computer network security by hiring hackers, said Ankit Fadia, a 17-year-old who is a popular "ethical hacker" from India. [more]
Wednesday, 16 October 2002, 2:40 PM CET

InfoSecU enterprise licensing announced
RedSiren Technologies announced enterprise licensing for their online information security training courses. [more]
Wednesday, 16 October 2002, 11:15 AM CET

Study finds spam worse in manufacturing sector
A report analyzing e-mail messages sent during September found that the problem of viruses and spam continued to grow, hitting manufacturing, banking and finance, and health care very hard. [more]
Wednesday, 16 October 2002, 11:12 AM CET

OpenSSH 3.5 has been released
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. [more]
Wednesday, 16 October 2002, 11:10 AM CET

Book review: The Art of Deception
Rather than focusing on the writer's past, it is clear that Mitnick wishes the book to be viewed as an attempt at redemption. [more]
Wednesday, 16 October 2002, 11:04 AM CET

The code makers get cracking
Wars have been won and lost by the cracking of secret codes. Now Australian scientists are involved in an international race to develop the ultimate secret weapon, an uncrackable code. [more]
Wednesday, 16 October 2002, 11:03 AM CET

Embedding security into servers
Embedded systems control much of the world's critical infrastructure, which makes them a prime target for attack by everyone from hackers to terrorists. [more]
Wednesday, 16 October 2002, 11:00 AM CET

Spam masquerades as admin alerts
Pop-up ads disguised as Windows system administration alerts annoy users and puzzle security experts. Spammers, on the other hand, say the tactic works. [more]
Wednesday, 16 October 2002, 10:56 AM CET

Freed hacker Mitnick debunks myths
Kevin Mitnick claims that false accusations of breaking into top secret US installations were used to demonise him by law enforcement agencies in their fight to bring him to justice. [more]
Wednesday, 16 October 2002, 10:47 AM CET

Security Online - Some basic IT hygiene tips
To stay on top of security when connected to the Internet, there are several systems for finding out exactly what is happening to your PC at any moment. [more]
Tuesday, 15 October 2002, 10:32 PM CET

Interview with Saumil Shah
Saumil Shah is a security researcher and is one of the authors of Web Hacking: Attacks and Defense. [more]
Tuesday, 15 October 2002, 1:48 PM CET

Phrack Magazine call for papers
New papers will be accepted up until Friday the 13th of December. Editorial changes to the papers can be submitted until Friday the 20th of December. [more]
Tuesday, 15 October 2002, 12:47 PM CET

Detecting cyberattacks by profiling "normal" computer habits
A new software system that detects cyberattacks while they are in progress by drawing highly personalized profiles of users has proven successful 94% of the time in simulated attacks. [more]
Tuesday, 15 October 2002, 11:34 AM CET

Fear factor
Here's a reality check on your top five concerns about reporting security incidents. [more]
Tuesday, 15 October 2002, 11:28 AM CET

German IT security expert robs ATMs
A German boffin who invented a security system for ATMs has been sentenced to nearly five years in prison for faking credit cards and using them to withdraw cash from the machines. [more]
Tuesday, 15 October 2002, 11:16 AM CET

NASA cyber program bears fruit
NASA has demonstrated that using a scanning and remediation program can turn the tide against hackers, according to a recent report. [more]
Tuesday, 15 October 2002, 11:15 AM CET

Spam fighter defeats junk email company
A "fearless spam fighter" has won a David and Goliath legal battle against a junk email marketing company. [more]
Tuesday, 15 October 2002, 11:13 AM CET

Former FBI chief takes on encryption
When Louis Freeh ran the FBI, he loved nothing more than launching into a heartfelt rant against the dangers of encryption technology. [more]
Tuesday, 15 October 2002, 11:06 AM CET

Linux Planet talks to Gene Spafford about OS security
Is open source software more secure? To most Linux enthusiasts, the answer is yes. But noted security expert Gene Spafford says that this may not necessarily be true. [more]
Tuesday, 15 October 2002, 11:04 AM CET

Weekly virus report - Rodok and Bugbear worms
This week's virus report focuses on two worms, Rodok, which spreads via MSN Messenger and Bugbear, which has continued to be a major source of infections in the last week. [more]
Monday, 14 October 2002, 6:53 PM CET

HNS Book contest winners
Eight lucky winners have been chosen, each one gets an excellent book. Are you one of them? [more]
Monday, 14 October 2002, 3:53 PM CET

HNS Newsletter issue 131 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 14 October 2002, 3:47 PM CET

Book review: Universal Command Guide for Operating Systems
According to Emmett Dulaney, if there is one book the administrator of a mixed network needs on his shelf, it is Universal Command Guide for Operating Systems. [more]
Monday, 14 October 2002, 1:50 PM CET

US Copyright Office wakes up to flaws in anti-hacking law
It seems the US Copyright Office has finally realised that some parts of the Digital Millennium Copyright Act are just plain stupid. [more]
Monday, 14 October 2002, 1:45 PM CET

Wireless - a security nightmare
Wireless devices could soon be ubiquitous in american business, but the security of their transmissions still has a ways to go. [more]
Monday, 14 October 2002, 12:04 PM CET

Chroot Jails Made Easy with the Jail Chroot Project
Once in a while, you can stumble on a real gem that simplifies even the most difficult system administration tasks. One such gem is the Jail Chroot Project. [more]
Monday, 14 October 2002, 11:59 AM CET

Hacktivists against censorship
Western hackers are developing programs to defeat the Internet censorship barriers of repressive countries overseas - and you can take part in the effort. [more]
Monday, 14 October 2002, 11:56 AM CET

Passwords a risky business
A Kiwi executive with RSA Security, Mark Pullen, says New Zealand's remote geography gives a false sense of security to organisations. [more]
Monday, 14 October 2002, 11:53 AM CET

Check Point claims victory in Firewall/VPN tests
Tests of three market-leading firewall/virtual private networking devices by the engineer calibre testing outfit The Tolly Group puts Check Point Technologies Ltd's VPN-1 Pro ahead of rival systems. [more]
Monday, 14 October 2002, 11:48 AM CET

PGP 8.0 Public Beta available for download
PGP 8.0 Public Beta is now offered for download. Two versions are available for your beta testing pleasures: PGP 8.0 for Windows Beta and PGP 8.0 for Mac OS X Beta. [more]
Friday, 11 October 2002, 4:32 PM CET

After school scam
A group of Long Island high-school students ran a cyber-fraud operation by using computers at a bank where they were interns. [more]
Friday, 11 October 2002, 4:30 PM CET

Apache log analysis using Python
This article first explains the framework, and then describes two examples that use it. My hope is that by the end of this article you will be able to use this framework for analyzing your own text files. [more]
Friday, 11 October 2002, 4:03 PM CET

Programming PHP with security in mind
Writing code that prevents some common types of attacks is rather easy - here are some guidelines. [more]
Friday, 11 October 2002, 4:01 PM CET

Practical Linux security
Developer Cameron Laird outlines strategies for keeping different types of users organized for secure account management. [more]
Friday, 11 October 2002, 3:59 PM CET

Is Linux really more secure than Windows?
Microsoft has organized a huge security program as a result of vocal complaints from users, while the Linux effort is, in Eric Hemmendinger's words, "less disciplined but more timely." [more]
Friday, 11 October 2002, 3:54 PM CET

Cybercrime victims hit back
As Web thieves get slicker, frustrated consumers are taking matters into their own hands to block further damage. [more]
Friday, 11 October 2002, 3:32 PM CET

Fingerprinting Exploits in System and Application Log Files
This article focuses on the identification of the footprints that exploits leave on system logfiles and what they mean, as well as some of the most common traces that some recent exploits leave. [more]
Friday, 11 October 2002, 3:23 PM CET

Bug Watch: The primitive problem of passwords
Recent security breaches have highlighted the inadequacy of passwords as a means of securing sensitive information, says Baltimore's Stephen Byrne. [more]
Friday, 11 October 2002, 3:21 PM CET

Scope on Attix5 secure backuping software
Attix5 announced the availability of Backup Professional Server Edition, a secure online backup system for corporations that need secure and reliable backup services. [more]
Thursday, 10 October 2002, 3:21 PM CET

How the press spreads FUD (Fear, Uncertainty and Doubt)
It's obvious that the press have managed to take over the term "hacker" and to use it to promote only negative activities. Here's an example from the RSA Conference 2002 in Paris. [more]
Thursday, 10 October 2002, 2:30 PM CET

Gemplus digital signature solution awarded with certification
Here at the RSA Conference 2002 in Paris, Gemplus announced that its digital signature product, GemSAFE eSigner 2.0, has received Identrus Compliance. [more]
Thursday, 10 October 2002, 12:50 PM CET

Lie detectors do tell lies too...
In routine security screening, polygraph tests often mark innocent people as lying but miss actual security risks, says panel. [more]
Thursday, 10 October 2002, 11:31 AM CET

Viruses attack rampant
At least 80% of computers in China have been affected by viruses, which increasingly spread through file downloading and Internet surfing. [more]
Thursday, 10 October 2002, 11:24 AM CET

Attachments can cause severe damage
FWD: FWD: FWD: Read Now! - How many times have you opened your e-mail inbox and found a similar message waiting for you? [more]
Thursday, 10 October 2002, 11:17 AM CET

Guide to Intrusion Prevention
Diverse security technologies deliver the same message: "Keep Out!" [more]
Thursday, 10 October 2002, 11:16 AM CET

Light may be key to safeguarding secrets
Advances in devices that emit the smallest possible amount of light may portend an era of guaranteed confidentiality in Digital Age communication, which until now has had almost no protection. [more]
Thursday, 10 October 2002, 11:13 AM CET

Mozilla's 'Code of Silence' Isn't
Developers are accused of not publicizing the browser's security vulnerabilities enough. But do we really need world wide alerts for every bug? [more]
Thursday, 10 October 2002, 11:11 AM CET

Virus threats on mobile tools
Handhelds are not yet targets for hostile code writers, but that will soon change. [more]
Thursday, 10 October 2002, 11:10 AM CET

FBI memo details surveillance lapses in terror, spy cases
FBI agents illegally videotaped suspects, intercepted e-mails without court permission and recorded the wrong phone conversations during sensitive terrorism and espionage investigations. [more]
Thursday, 10 October 2002, 11:09 AM CET

Wireless Security Threats
The man who spoke about wireless security here at the RSA Conference 2002 in Paris, was Kenneth de Spiegeleire - European Manager of X-Force Professional Services, Internet Security Services. [more]
Wednesday, 9 October 2002, 5:51 PM CET

VOIP: Don't overlook security
Corporations that are implementing VOIP technologies in a bid to cut communications costs shouldn't overlook the security risks that can crop up when the voice and data worlds converge. [more]
Wednesday, 9 October 2002, 5:50 PM CET

NetScreen opens new EMEA offices
NetScreen Technologies, Inc. announced at RSA Conference 2002 Europe that they have opened a number of new offices in the EMEA (Europe, Middle East and Asia) region. [more]
Wednesday, 9 October 2002, 5:27 PM CET

RSA Conference 2002 - The Exhibitors
This year's RSA Conference features 2900 square meters of exhibit space and more than 60 vendors displaying their products. [more]
Wednesday, 9 October 2002, 4:45 PM CET

Hacker book author: companies too stingy about security
The author of a book on network security warns that most companies aren't spending enough money to adequately protect themselves and most IT administrators are out of control of their own networks. [more]
Wednesday, 9 October 2002, 4:29 PM CET

Using honeypot wireless LAN
The busiest journalist here at the RSA Conference 2002, Peter Judge from ZDNet UK, did an article on another war* action - "wartrapping". [more]
Wednesday, 9 October 2002, 4:19 PM CET

Trojan horse in Sendmail source code
The CERT/CC has received confirmation that some copies of the source code for the Sendmail package were modified by an intruder to contain a Trojan horse. [more]
Wednesday, 9 October 2002, 11:26 AM CET

University to study combating cyberterror
The Defense Department is giving Carnegie Mellon University $35.5 million to develop tools and tactics for fighting cyberterrorism. [more]
Wednesday, 9 October 2002, 11:25 AM CET

Firewalls - back to basics
The most frequently asked questions (and answers) about Firewalls without the frills. [more]
Wednesday, 9 October 2002, 11:24 AM CET

Microsoft CTO on security and open source. What security?
Craig Mundie gave an overview of "Trustworthy Computing" and the Microsoft view of open source. Does Microsoft have a plan to increase security? [more]
Tuesday, 8 October 2002, 4:51 PM CET

RSA Conference 2002 Grand Opening
Today the conference started with a grand opening and a keynote by Art Coviello, RSA Security CEO and President. [more]
Tuesday, 8 October 2002, 4:50 PM CET

News from the RSA Security press conference
This afternoon RSA Security held a press conference where they informed the public of some new partnerships and products. [more]
Tuesday, 8 October 2002, 4:49 PM CET

Shutting down spyware loopholes
A recent court decision against AOL Netscape finally puts some limits on the clickwrap contracts that make spyware legal. [more]
Tuesday, 8 October 2002, 3:13 PM CET

Improve Linux security
Although Linux's native support for networking services is part of the OS's appeal, these services can also create a security risk. Stop unnecessary network services. [more]
Tuesday, 8 October 2002, 2:37 PM CET

Feds probe digital TV piracy furor
The Justice Department is investigating allegations that a company controlled by Rupert Murdoch's News Corp. hacked a rival's protection technology and distributed the information on the Internet. [more]
Tuesday, 8 October 2002, 2:26 PM CET

Spam Blocker has opposite effect
Satisfied users of junk e-mail filter SpamNet protest loudly when unsolicited messages suddenly flood their inboxes. The problem? System "upgrades" - and the widespread UUNet failure. [more]
Tuesday, 8 October 2002, 12:49 PM CET

DOD's wireless safety net
A Defense Department policy provides a workable strategy for eventually allowing the use of wireless communications within the Pentagon without compromising security. [more]
Tuesday, 8 October 2002, 12:46 PM CET

Bugbear to set new virus record
The virus is spreading a bit more slowly than last week, but is still on track to become the most prolific to date. [more]
Tuesday, 8 October 2002, 12:44 PM CET

Security Tools in Linux Distributions, Part II
The second part of this series is an overview of tools included in SuSE distributions for hardening, monitoring and securing your system. [more]
Tuesday, 8 October 2002, 12:42 PM CET

RSA Conference 2002 Paris - Tutorial day
Today is the first day of the RSA Conference here at Le Palais des Congrès in Paris. The first day is dedicated to developer and enterprise tutorials. [more]
Monday, 7 October 2002, 4:52 PM CET

"Mighty" Worm - a new threat to Linux
Like "Slapper", "Mighty" infects computers running Linux and the Apache Web-server and uses the OpenSSL Security System exploit to gain access. Kaspersky Labs registered over 1,600 infected systems. [more]
Monday, 7 October 2002, 3:30 PM CET

Malaysia refutes origin of Bugbear virus
Denying reports of the Bugbear virus's origin in Malaysia, cyber detectives of this region said that there is no proof to support the allegation. [more]
Monday, 7 October 2002, 12:41 AM CET

Opasoft targets Windows systems
Opasoft worm that targets machines running Microsoft's Windows 95, 98, and ME operating systems is spreading according to virus alerts posted by several antivirus companies. [more]
Monday, 7 October 2002, 12:38 AM CET

Fixing the FBI's 'Top 20' security flaws isn't enough
The U.S. FBI's top-20 list of software vulnerabilities provides a solid foundation for IT security. But you need to do more than just protect against these flaws alone. [more]
Monday, 7 October 2002, 12:36 AM CET

Security Tools in Linux Distributions, Part I
In part one of this two-part series, Bobby discusses various HIDS and NIDS that come with Red Hat distributions. [more]
Monday, 7 October 2002, 12:31 AM CET

Configuring firewalls for Linux using netfilter/iptables
The author provides an introduction to the netfilter/iptables system, how it works, its advantages, installing and configuring, and how to use it to configure firewalls on Linux systems to filter IP packets. [more]
Monday, 7 October 2002, 12:28 AM CET

Hackware author arrested - maybe
A group whose chat network took hits from a hacker known as Torner applauds his London arrest. But no one's certain that the man in custody is the one who wrote the hacking toolkit used in the attacks. [more]
Monday, 7 October 2002, 12:23 AM CET

Russian hacker sentenced to 3 years
A Russian man snared in an FBI scheme to catch computer hackers has been sentenced to three years in prison for convictions on 20 counts of conspiracy, fraud and related computer crimes. [more]
Monday, 7 October 2002, 12:15 AM CET

Virus writers get Slapper happy
Internet vandals have continued to modify the recent Slapper worm and have sent at least four new variants of the hostile Linux program into the electronic wilds. [more]
Monday, 7 October 2002, 12:12 AM CET

HNS Book Contest
We are giving away 4 copies of "Multitool Linux: Practical Uses for Open Source Software" and 4 copies of "Advanced Linux Networking". [more]
Friday, 4 October 2002, 6:12 PM CET

HNS Newsletter issue 130 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This one is a bit early since we're off to the RSA Conference tonight. Enjoy it! [more]
Friday, 4 October 2002, 5:16 PM CET

Interview with Jon Callas
Jon Callas, one of the founders of the new PGP Corporation, is an innovator and an acknowledged expert in all major aspects of contemporary business security. [more]
Friday, 4 October 2002, 11:16 AM CET

Federal proposal tells only part of cybercrime story
In the wake of the Sept. 11 terrorist attacks, the Canadian government hurriedly introduced a series of new anti-terror measures... [more]
Friday, 4 October 2002, 10:43 AM CET

6 myths about security policies
Al Berg writes: "In the course of working on the new policies, I learned the truth about my assumptions, which I now call the "Six Myths of Infosecurity Policies." [more]
Friday, 4 October 2002, 10:39 AM CET

Security: the number one worry for IT pros
A study claims to identify the pressures faced by IT managers and IT Directors in European companies with more than 200 employees. Guess what most of these people are worried about: Security. [more]
Friday, 4 October 2002, 10:36 AM CET

Inhospitable hosts
Mike Bobbitt writes: "Attackers may try the door, but intrusion prevention tools won't let them in." [more]
Friday, 4 October 2002, 10:30 AM CET

Security benchmark tools available
All federal agencies can now freely distribute and use the security configuration tools developed by the independent Center for Internet Security and endorsed by federal security experts. [more]
Friday, 4 October 2002, 10:18 AM CET

Scientists find key to water-tight encryption
Researchers have managed to send untamperable encryption keys over long distances, opening the way for secure communications. [more]
Friday, 4 October 2002, 10:16 AM CET

The book on Mitnick is by Mitnick
The social-engineering hacker whose name is synonymous with computer fraud has a new book and a nearly new lease on life. [more]
Friday, 4 October 2002, 10:14 AM CET

US Government site hacked
The US State Department briefly shut down one of its websites this week after computer hackers defaced its homepage with obscenities. [more]
Friday, 4 October 2002, 10:08 AM CET

News Report: satellites at risk of hacks
Want to find the most-ignored cybersecurity hole in America's critical infrastructure? Congressional investigators say, Look up! [more]
Friday, 4 October 2002, 10:06 AM CET

SANS and FBI Top 20 vuln list
SANS and FBI have announced the 20 most serious security vulnerabilities affecting both Windows and Unix systems. [more]
Thursday, 3 October 2002, 2:19 PM CET

SlapperII.A aka Slapper.D variant
The SlapperII.A variant was first detected on or around 28 September 2002. This worm retrieves the majority of its payload from a web server and also acts as an IRCbot. [more]
Thursday, 3 October 2002, 1:32 PM CET

Wireless mesh and ad-hoc technologies
Aashih Patil has mulled over the potential of various wireless technologies, and thinks that ad-hoc and mesh networks are worth talking about right now. [more]
Thursday, 3 October 2002, 1:16 PM CET

Kevin Mitnick hawking historic laptops, book
Famed hacker Kevin Mitnick said he is coming clean and hoping to make some money in the process. [more]
Thursday, 3 October 2002, 1:14 PM CET

Port 137 scans
As a followup to a Incidents mailing list thread on port 137 scans, ISC believes that the increase of these scans is connected to Bugbear and Scrup worms. [more]
Thursday, 3 October 2002, 1:01 PM CET

RSA debuts XML signatures security for Web
RSA Security has begun shipping its software development kit, RSA BSAFE SecurXML-C, allowing developers to add digital signatures using XML technology to Web services. [more]
Thursday, 3 October 2002, 12:21 PM CET

Nigerian email scam broken up
Spanish police have smashed a Nigerian-led scam that reaped up to €20 million. [more]
Thursday, 3 October 2002, 11:58 AM CET

It's a Bug, a Bear and a Worm
Watch out for Bugbear, the latest malicious worm making the rounds. Antiviral companies are naturally apoplectic over it because it is one of the nastiest ones to date. [more]
Thursday, 3 October 2002, 11:53 AM CET

SKT denies allegations of wiretapping
SK Telecom, Korea's largest mobile communications service provider, has flatly denied allegations that it is virtually impossible to listen in to calls on the 011 network. [more]
Thursday, 3 October 2002, 11:28 AM CET

Gartner slams MS security after latest flaw
The latest flaw with a major Microsoft product shows Redmond is unlikely to have anything that approximates to secure software until 2004 at the earliest. [more]
Thursday, 3 October 2002, 11:26 AM CET

The new face of malicious code
The profile of malicious code on the Internet is changing with porn diallers and Trojan horses becoming more serious problems. [more]
Wednesday, 2 October 2002, 10:26 AM CET

Scan of the month - a new challenge
This month's challenge is very different. Your job is to recover and analyze a floppy from a suspected drug dealer. [more]
Wednesday, 2 October 2002, 10:10 AM CET

Can software security be certified?
New rules for encryption products sold to Uncle Sam tighten the acceptable standards. That's a good start toward a worthy goal. [more]
Wednesday, 2 October 2002, 10:00 AM CET

Pro-Islamic militant hacker groups boost attacks
Pro-Islamic hacker group Unix Security Guards increased its activity tenfold to highlight the Palestinian cause and show solidarity with the Arab world as tensions rise in regard to the US conflict with Iraq. [more]
Wednesday, 2 October 2002, 9:56 AM CET

Examining the CIW Security Professional Exam
The CIW Security Professional exam requires knowledge of basic security concepts as well as how they are implemented in Linux/Unix and Windows NT/2000 servers. [more]
Wednesday, 2 October 2002, 9:54 AM CET

Security agency increases monitoring
The NSA spent $282 million to upgrade the technology it uses to sift through the huge volume of telephone conversations, e-mail and other worldwide communications chatter it monitors. [more]
Wednesday, 2 October 2002, 9:49 AM CET

Book review: XML security books
XML was originally developed without any thought to security and privacy. Here are reviews of two XML security books. [more]
Wednesday, 2 October 2002, 9:47 AM CET

'Bugbear' worm opens backdoors
Anti-virus companies warned computer users about a new worm that opens up a backdoor in the computers and logs keystrokes. [more]
Wednesday, 2 October 2002, 9:41 AM CET

Who’s listening in on your messages?
Too many organizations have critical data sitting on unsecured enterprise networks. Illena Armstrong explains how encryption technologies can protect this major asset. [more]
Wednesday, 2 October 2002, 9:36 AM CET

Interview with Roderick W. Smith
Roderick W. Smith is a professional computer book author who has extensive experience writing handbooks for users. A Linux and networking expert, he has several books to his name. [more]
Tuesday, 1 October 2002, 12:33 PM CET

Unix tools trace hackers
If you find you've been cracked use these old-school Unix tools to help track down the perpetrators. [more]
Tuesday, 1 October 2002, 11:43 AM CET

One Patch to Rule Them All
A recent XP security hole begs the question, do we really want Microsoft to release individual fixes for every bug? [more]
Tuesday, 1 October 2002, 11:30 AM CET

Spam filtering techniques
In this article, David discusses and compares several broad approaches to the automatic elimination of unwanted e-mail while introducing and testing some popular tools that follow these approaches. [more]
Tuesday, 1 October 2002, 11:21 AM CET

FBI to release computer-security updates
The FBI and SANS have a new initiatives to keep companies up to date on the most threatening software vulnerabilities. [more]
Tuesday, 1 October 2002, 11:09 AM CET

Web Site Defacements Hit All-Time High
More than 9000 attacks were recorded in September, with U.S. sites the prime targets, researcher says. [more]
Tuesday, 1 October 2002, 11:08 AM CET

Insiders, not hackers, biggest information theft risk
U.S. companies worried about hackers stealing their trade secrets should be even more afraid of former employees, competitors and contractors, according to a new study. [more]
Tuesday, 1 October 2002, 11:06 AM CET

Honeymoon over for Linux users
Iain Thomson writes: "As open source software becomes increasingly popular it is being targeted by virus writers and proving to be at least as vulnerable as Microsoft." [more]
Tuesday, 1 October 2002, 11:00 AM CET

GSA to unveil top 20 security flaws, focus on fixe
The focus will be on fixes this week when the U.S. General Services Administration unveils its list of the top 20 Internet security vulnerabilities to a gathering of about 350 IT professionals. [more]
Tuesday, 1 October 2002, 10:54 AM CET

eBusiness U.S. tech protests EU privacy laws
A group of American companies is attempting this week to persuade the European Union to relax its rules governing data protection, claiming they are bad for business. [more]
Tuesday, 1 October 2002, 10:52 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd