Off the Wire

Off The Wire Archive

News items for October 2005

Safer with SOAs - or not?
Security concerns may arise for companies implementing service-oriented architectures. [more]
Monday, 31 October 2005, 10:22 AM CET

IT security in China shows cracks
As U.S. businesses move aggressively into the burgeoning Chinese market, they had better investigate the level of IT security in place among the local companies that could become their customers and business partners. [more]
Monday, 31 October 2005, 9:09 AM CET

22 ways to foil credit card thieves
You probably won’t end up paying the bill, but a stolen credit card can still cost you big in time and aggravation. Here's how to protect yourself online and off. [more]
Monday, 31 October 2005, 9:07 AM CET

15 minutes to complete data protection
Is your network data really safe? [more]
Monday, 31 October 2005, 8:29 AM CET

You know these security threats - you hired them
New products are designed to stop threats that come from the inside. [more]
Monday, 31 October 2005, 8:17 AM CET

IBM adds security for ATMs with encryption facility for z/OS
IBM announced the availability of encryption software and plans for enhanced encryption security for Automatic Teller Machines. [more]
Monday, 31 October 2005, 8:11 AM CET

Rootkit-armed worm attacking AIM
A worm spreading through America Online's Instant Messenger (AIM) network carries a dangerous rootkit, code designed to hide a hacker's work from anti-virus scanners, a security firm warned Friday. [more]
Monday, 31 October 2005, 1:57 AM CET

Selecting a secure enterprise OS
It's pretty common to focus on functionality when choosing an operating system, particularly for businesses with specific technical needs. But Bruce Potter warns that making your selection without paying due attention to the operating system's security issues may hit hard in the long term. [more]
Monday, 31 October 2005, 1:53 AM CET

Discover potential security risks in nearby Bluetooth devices
AirMagnet introduced its BlueSweep software, designed to identify nearby devices with Bluetooth wireless technology and alert users to potential Bluetooth security risks. [more]
Friday, 28 October 2005, 3:15 PM CET

Paranoid penguin - single sign-on and the corporate directory
Author Ti Leggett presents the first in a series of articles focused on building a secure corporate directory, including support for single-sign-on that's scalable up to thousands of users. [more]
Friday, 28 October 2005, 10:57 AM CET

Advanced Linux LDAP authentication
If client machines are to authenticate through LDAP, administrators must make sure user changes are reflected within the LDAP server. [more]
Friday, 28 October 2005, 10:31 AM CET

IBM researchers take AXE to computer security
Researchers at IBM's Almaden Labs have developed a way to keep those nasty worms and viruses from running on computers, without the use of antivirus software. [more]
Friday, 28 October 2005, 10:21 AM CET

Are open source databases more secure?
If a recent Evans Data Corp. survey is any indication, IT administrators are increasingly worried about security holes in mainstream database products and are looking at open source alternatives. [more]
Friday, 28 October 2005, 10:18 AM CET

US spy agency’s patents under security scrutiny
The hyper-secretive US National Security Agency – the government’s eavesdropping arm - appears to be having its patent applications increasingly blocked by the Pentagon. [more]
Friday, 28 October 2005, 10:15 AM CET

How to control employees' Internet use
Left uncontrolled, employees with unrestricted Internet access will waste time and open the network to viruses, spyware and other security problems. [more]
Friday, 28 October 2005, 5:43 AM CET

A private, public approach to Internet safety
With the threats of spam and other illegal activities, tech companies and government agencies are coming together more and more to promote Internet safety. [more]
Friday, 28 October 2005, 5:21 AM CET

Users concerned about data security, encryption
Keeping data secure, tracking who uses it and managing it in a way that maintains backup windows and keeps information available to customers. [more]
Friday, 28 October 2005, 4:37 AM CET

Microsoft hunts for zombie spammers
Microsoft is investigating 13 spam operations it believes sent millions of junk mail messages through a single PC that the Microsoft purposefully set up as a "zombie," the company said Thursday. [more]
Friday, 28 October 2005, 4:27 AM CET

Leveraging the power of network-based firewalls
Today, more and more companies are migrating to network-based firewalls for a holistic security strategy that protects their information assets, provides them secure Internet access, and supports e-Business infrastructures. [more]
Friday, 28 October 2005, 4:21 AM CET

Bosses face court over 'hacking'
Scores of documents that formed the basis of government policy reviews were allegedly stolen from the email system of economic consultants Access Economics, putting the careers of two senior executives of a rival consultancy in doubt. [more]
Friday, 28 October 2005, 4:05 AM CET

Industry group defines spyware
Anti-Spyware Coalition publishes two documents for best security practices. [more]
Friday, 28 October 2005, 3:58 AM CET

Wireless LANs, the new 'secure' network
Once considered a playground for hackers and malicious attacks, wireless networks are fast becoming more secure than their wired counterparts. [more]
Friday, 28 October 2005, 3:52 AM CET

Banks urged to look beyond passwords for security
Transaction-level controls and account monitoring systems are important, too. [more]
Friday, 28 October 2005, 3:34 AM CET

SANS reveals Oracle hack
Password hashing algorithm cracked. [more]
Friday, 28 October 2005, 3:21 AM CET

Addressing the root cause of the security epidemic
Security and development professionals need to work together, writes CIO Update guest columnist John Viega of Secure Software. [more]
Friday, 28 October 2005, 3:16 AM CET

Microsoft outlines Explorer 7 security changes
Changes to IE7 and Windows Vista could cause trouble for some Web sites. [more]
Friday, 28 October 2005, 3:06 AM CET

(IN)SECURE Magazine issue 4 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. Get your copy of the fourth issue today! [more]
Thursday, 27 October 2005, 10:10 PM CET

Telcos strive for better global security
Of the portion of company budgets given to information technology, an average of 13 percent was spent on security last year, compared with 9 percent in 2002, according to research by the Economist Intelligence Unit for AT&T to be published on Nov. 8. The report predicted that the proportion would rise to 15 percent over the next two years. [more]
Thursday, 27 October 2005, 2:53 PM CET

Making signatures more secure
Forging someone's signature is one of the oldest and most popular forms of identity theft. [more]
Thursday, 27 October 2005, 2:17 PM CET

UK launches major net security awareness campaign
A major UK government campaign to help consumers and small businesses protect themselves from internet security threats launches in the UK on Thursday. [more]
Thursday, 27 October 2005, 2:02 PM CET

Fiorina pops up on security company's board
Former HP CEO joins Cybertrust's board of directors, signs contract to write her memoirs. [more]
Thursday, 27 October 2005, 2:01 PM CET

10 security myths that need to be put to rest
One of the nice things about security is that there’s a lot of information out there. In fact, just about everyone has a favorite theory, a pet practice, or even a set of guidelines that will tell you what to do to be safe. [more]
Thursday, 27 October 2005, 10:08 AM CET

How to use cryptography to tighten security
Enterprise security is at a crossroads. Attacks are more numerous and financially damaging, and tougher security standards are kicking in. [more]
Thursday, 27 October 2005, 10:06 AM CET

Web of fear: net surfers cut back
As identity theft has grown, so has fear of being victimized through high-tech means. [more]
Thursday, 27 October 2005, 10:05 AM CET

Microsoft and Nokia team on security appliance
Microsoft and Nokia, archrivals in the mobile phone operating-system space, are partnering on a Unified Threat Management security appliance, sources familiar with the companies' plans said. [more]
Thursday, 27 October 2005, 10:04 AM CET

DNS trust issues
Over three-quarters of DNS servers may be vulnerable to cache poisoning and denial of service attacks, a new report from The Measurement Factory finds. [more]
Thursday, 27 October 2005, 9:58 AM CET

Nessus fork emerges
With news settling in that the makers of the network vulnerability scanner Nessus will not open source the next version of the software, the team behind the soon-to-be-renamed GNessUs project is growing fast and attracting attention. [more]
Thursday, 27 October 2005, 9:55 AM CET

Advanced Bash-scripting guide
An in-depth exploration of the art of shell scripting. [more]
Thursday, 27 October 2005, 9:54 AM CET

Web defacer sentenced, facing deportation
Rafael Nuñez-Aponte will soon be going home to Caracas after spending seven months in a U.S. jailhh. [more]
Thursday, 27 October 2005, 9:53 AM CET

Keychain - Openssh key management
Ever since networking came out, one important issue, to a various extent over the time, has been how to give the legitimate users the right access - authentication, which is one of the three basic elements in security: authentication, authorization and access control. [more]
Thursday, 27 October 2005, 9:52 AM CET

Sweating in the hot zone at Symantec
Imagine what life would be like if your product were never finished, if your work were never done, if your market shifted 30 times a day. The computer-virus hunters at Symantec don't have to imagine. [more]
Thursday, 27 October 2005, 9:50 AM CET

RFID chips to travel in U.S. passports
U.S. passports issued after October 2006 will contain embedded radio frequency identification chips that carry the holder's personal data and digital photo. [more]
Wednesday, 26 October 2005, 5:41 PM CET

App IDS guards databases
Applications and their back-end databases are increasingly exposed to application-level intrusions, such as SQL injection, cross-site scripting attacks and access by unauthorized users - all of which bypass front-end security systems and attack data at its source. [more]
Wednesday, 26 October 2005, 5:40 PM CET

German security agency warns of VoIP security risks
Report lists 19 varieties of attacks on VoIP systems. [more]
Wednesday, 26 October 2005, 5:39 PM CET

Crypto Improvements in Internet Explorer 7 Beta 2
The Microsoft IE Weblog reported new improvements related to security and user experience for HTTPS connections. It is said that for Internet Explorer 7, the default HTTPS protocol settings will be changed to disable the weaker SSLv2 protocol. [more]
Wednesday, 26 October 2005, 3:02 PM CET

Spammers punt 'snake oil' avian flu cure
Spammers are peddling drugs online that claim to combat bird flu. [more]
Wednesday, 26 October 2005, 12:04 PM CET

Provider blocks Hotmail emails
Undelivered messages threatened to cripple entire email service. [more]
Wednesday, 26 October 2005, 12:03 PM CET

Chasing vulnerabilities for fun and profit
Cross-site scripting attacks have recently shot into the spotlight following a high-profile MySpace worm and banks taking extra measures to stop phishing. In a guest column for BetaNews, security expert Jeremiah Grossman delves into the XSS problem with a peek inside the world of those hunting down security flaws. [more]
Wednesday, 26 October 2005, 11:46 AM CET

Poll: Storage professionals less sure of security
Storage professionals are feeling less confident in the security of their storage networking infrastructures, according to an informal poll conducted during the Storage Networking World conference today. [more]
Wednesday, 26 October 2005, 11:31 AM CET

Security software set for healthy sales growth
Year-over-year sales for security software face difficult comparisons to a strong September 2004. [more]
Wednesday, 26 October 2005, 11:28 AM CET

Document security flap at U.N. causes uproar
A “technical fault” in a U.N. report on the assassination of the prime minister of Lebanon that was posted to the Internet has led to a crisis at the world body and heightened tensions in the international community. [more]
Wednesday, 26 October 2005, 11:13 AM CET

Internet phone wiretap rule challenged
A new federal regulation making it easier for law enforcement to tap Internet phone calls is being challenged in court. [more]
Wednesday, 26 October 2005, 11:10 AM CET

Are you ready to be hacked?
"The Air Force and the Pentagon are extremely attractive targets and so the publicity acts as a draw for hackers," said Frost & Sullivan industry analyst for network security Rob Ayoub. [more]
Wednesday, 26 October 2005, 11:09 AM CET

Skype buffer overflow vulnerability
It looks like that Skype can be made to execute arbitrary code through a buffer overflow when the software is called upon to handle malformed URLs that are in form of callto:// and skype://. [more]
Tuesday, 25 October 2005, 6:47 PM CET

Broadcom unveils security processors for networks
Broadcom unveiled a trio of security processors designed to improve security on networks while freeing up some of the processing load on host processors. [more]
Tuesday, 25 October 2005, 3:51 PM CET

Microsoft security initiative in Germany moves forward
'Safe in the Net' aims to make users aware of e-mail viruses, Trojan horses, other malicious software. [more]
Tuesday, 25 October 2005, 3:49 PM CET

Teen uses worm to boost popularity
Age old problem of teen angst points to serious problem for web administrators. [more]
Tuesday, 25 October 2005, 3:48 PM CET

12 months of progress for the Microsoft Security Response Centre
Stephen Toulouse, the Security Program Manager of the Microsoft Security Response Centre (MSRC), writes about Microsoft's security efforts in the past year. [more]
Tuesday, 25 October 2005, 3:36 PM CET

BitTorrent user guilty of piracy
A Hong Kong man has been convicted of movie internet piracy in what is believed to be the first case involving BitTorrent file-sharing software. [more]
Tuesday, 25 October 2005, 12:18 PM CET

Security products and iSCSI arrays set for SNW unveiling
Disk-to-disk backup options are also expected to be featured at conference. [more]
Tuesday, 25 October 2005, 12:17 PM CET

Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2
In the past, we’ve called upon website operators to ensure they are using HTTPS securely. This time, I’d like to tell you about the changes IE7 has made to improve the security and user experience for HTTPS connections. [more]
Tuesday, 25 October 2005, 10:11 AM CET

Endpoint security: let the users grumble
The security mechanisms that protect the corporate network and enterprise applications may be well established, but for many organizations, endpoint security remains a weak point -- and a big headache. [more]
Tuesday, 25 October 2005, 8:06 AM CET

The click-wrap conundrum
Suppose you are setting up a website to deliver the latest software, product, or service. Before the site goes live, you go to your lawyer, of course you do, don't you? [more]
Tuesday, 25 October 2005, 8:05 AM CET

Cisco takes aim at LAN security
Cisco Systems is expanding its network-security initiative from wide area network access points to the switches and wireless devices used in local area networks. [more]
Tuesday, 25 October 2005, 8:04 AM CET

Visa and MasterCard combine security standards
Visa and MasterCard have launched free, self-assessment tools for merchants and providers to test and validate the security of their e-commerce connections. [more]
Tuesday, 25 October 2005, 8:00 AM CET

Next generation solutions for spam: a predictive approach
Without the ability to automatically adapt to detect new types of threats, an anti-spam solution will always be a step behind the spammers. [more]
Tuesday, 25 October 2005, 7:59 AM CET

Colleges not happy with extension of US wiretap law
Universities in the US are facing the prospect of having to overhaul their campus networks in order to comply with a 1994 Federal wiretap law. [more]
Tuesday, 25 October 2005, 7:57 AM CET

Oracle patches fail to cover security risk
Oracle's most recent set of critical security patches has left some serious problems unfixed, according to a security researcher.
Tuesday, 25 October 2005, 7:57 AM CET

After a security breach
Every network is vulnerable to some type of attack. The important thing is how you respond. [more]
Tuesday, 25 October 2005, 7:55 AM CET

The story of Snort: past, present and future
Last week we met with Martin Roesch, the creator of Snort, the de facto standard for intrusion detection/prevention.

Presented here is the entire story of Snort in his words that covers seven years of development that made this tool one of the most important security software titles ever developed. [more]
Monday, 24 October 2005, 7:34 PM CET

VoIP Security Alliance delivers VoIP Security Framework
The Voice over IP Security Alliance (VOIPSA), today released the first comprehensive description of security and threats in the field of VoIP. [more]
Monday, 24 October 2005, 3:34 PM CET

My adventures in anti-spam
For 24 hours I was in IT hell. A simple move to stop the onslaught of spam that was overwhelming my inbox turned into a nightmare. [more]
Monday, 24 October 2005, 3:32 PM CET

Virus writers craft PnP botnet client
Zombie network fails to bite. [more]
Monday, 24 October 2005, 3:32 PM CET

Gartner event focuses on security
With many keeping one eye on Hurricane Wilma churning off the coast, 6,000 IT executives last week heard Gartner analysts offer their vision on everything from security trends to wireless network directions. [more]
Monday, 24 October 2005, 3:27 PM CET

Flaw finders score loyalty rewards from iDefense
Security firm iDefense, a subsidiary of VeriSign, announced on Friday the recipients of two rounds of bonuses rewarding the most prolific researchers taking part in the firm's Vulnerability Contributor Program (VCP). [more]
Monday, 24 October 2005, 3:26 PM CET

Help's a firewall away
Flash back to December 2002. Barely in his 20s, self-taught network engineer and help-desk staffer Joel Bomgaars is frustrated because firewalls prevent him from accessing PCs of users needing help. [more]
Monday, 24 October 2005, 12:39 PM CET

Automating network management and compliance
This E-book is a fast-paced, short guide that will give everyone from executive-level IT managers to network administrators the know-how to improve network operations, security and compliance. [more]
Monday, 24 October 2005, 12:38 PM CET

Can spyware ever come in from the cold?
Layers of blind partnerships, botnets, and the many distributors that make up the online ad business make spyware almost impossible to trace. [more]
Monday, 24 October 2005, 12:31 PM CET

Met police hooks up with commonwealth to fight cybercrime
London police and industry are teaming up to fight economic crime. The inaugural meeting of the New Scotland Yard Economic Crime Working Group took place at Lord's Cricket ground in London on Thursday. [more]
Monday, 24 October 2005, 12:28 PM CET

Take on VoIP's security and privacy challenges
Voice-over-IP apps face the same risks as other IP services--take, for example, the data-over-IP problem of denial-of-service attacks. [more]
Monday, 24 October 2005, 12:22 PM CET

Keep networks safe and sound
To protect network infrastructure from malicious code threats, companies need full-featured solutions with multiple security features. [more]
Monday, 24 October 2005, 12:21 PM CET

Microsoft patch problems continue
Windows users are continuing to experience problems with Microsoft 's latest round of security patches. [more]
Monday, 24 October 2005, 12:20 PM CET

Homeland security mulls cyber czar nomination
The Homeland Security Department on Oct. 1 created a new post for a cyber-security czar -- a post that the technology industry and Congress repeatedly have urged for two years -- but has yet to nominate a candidate for the job. [more]
Monday, 24 October 2005, 12:16 PM CET

Cybercrime being fought in new ways
An arm of the U.S. Army's homeland security office uses data-mining software from Chicago-based SPSS to fight cybercrime. [more]
Monday, 24 October 2005, 11:58 AM CET

Cybercrime being fought in new ways
An arm of the U.S. Army's homeland security office uses data-mining software from Chicago-based SPSS to fight cybercrime. [more]
Monday, 24 October 2005, 11:57 AM CET

Spyware 'rampant' in UK computers
The UK has one of the highest rates of computers infected with secret programs that can track what people do with their machines, research shows. [more]
Monday, 24 October 2005, 11:50 AM CET

The hacker as terrorist?
If Congress approves the controversial anti-terror bill that Pres. Gloria Macapagal Arroyo is eagerly pushing to become a law, hacking or cracking would soon be considered as an act of terrorism. [more]
Monday, 24 October 2005, 3:19 AM CET

Face recognition security comes to mobiles
Nice phone, shame about the boat race. [more]
Monday, 24 October 2005, 3:18 AM CET

Security breach on CBD web site
Commercial Bank of Dubai (CBD) is ditching its web site provider following concerns about security for the site. [more]
Monday, 24 October 2005, 3:16 AM CET

Strong encryption technology used in Nectec’s secure telephone system
If you are concerned that somebody may tap your telephone, here is some possible protection. [more]
Monday, 24 October 2005, 3:15 AM CET

How ATM fraud nearly brought down British banking
This is the story of how the UK banking system could have collapsed in the early 1990s, but for the forbearance of a junior barrister who also happened to be an expert in computer law. [more]
Friday, 21 October 2005, 7:16 PM CET

DRM, wiretaps called threats
Digital civil liberties group warns legal restrictions will stall tech innovation. [more]
Friday, 21 October 2005, 7:11 PM CET

Marketers look to adopt spam-fighting technology
Separate authentication technologies pushed by Microsoft and Yahoo would help an Internet service provider verify that a message's sender is accurate and authorized. [more]
Friday, 21 October 2005, 12:30 PM CET

Rootkit creators turn professional
Dodging the virus shield becomes big business as authors 'outsource' malware creation. [more]
Friday, 21 October 2005, 10:44 AM CET

Linux vs. Windows security: how about the truth?
With the hundreds of thousands of dollars Microsoft puts in to spreading fear, uncertainity and desire, and the over-zealous Linux users spreading the same uncertainity, but from a different angle we really have to ask ourselves, is Linux more secure than Windows? [more]
Friday, 21 October 2005, 7:21 AM CET

Exploit circulating for newly patched Oracle bug
Attackers use a technique called an SQL injection attack. [more]
Friday, 21 October 2005, 7:09 AM CET

Internet fraud, deception targeted by N.Y. attorney general
New York State Attorney General Eliot Spitzer announced a double dose of legal action targeting both adware and Web sites accused of charity, mortgage, and marketing scams. [more]
Friday, 21 October 2005, 6:46 AM CET

Integrating risk management and security
Despite the fact that the risk manager should take the lead in creating a business continuity plan, he or she should not attempt to do so alone. [more]
Friday, 21 October 2005, 6:35 AM CET

White House wants more IT security funds for FAA
The Bush administration is urging Congress to appropriate more funds for the Federal Aviation Administration’s information security projects, claiming that legislation being debated on the Senate floor would leave the agency short of the needed funding. [more]
Friday, 21 October 2005, 6:21 AM CET

You've got mail - but is it safe?
The challenges faced by organizations in maintaining information and email flow have become more complex. This paper explains the security threat that email poses to businesses and demonstrating a consolidated solution for email security. [more]
Friday, 21 October 2005, 6:14 AM CET

Scammers hide malicious JavaScript on web sites
Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday. [more]
Friday, 21 October 2005, 5:59 AM CET

Botnet operation ruled 1.5 million zombie PCs
Largest zombie army surpasses the worst of expectations. [more]
Friday, 21 October 2005, 5:57 AM CET

Guard against Titan Rain hackers
At the moment, there's a dirty little secret that only a few people in the information security world seem to be privileged to know about, or at least take seriously. [more]
Friday, 21 October 2005, 5:49 AM CET

IT security must invest in suite products
IT departments will reduce expenditures by switching from best-of-breed to solutions, and by enforcing security best practices. [more]
Friday, 21 October 2005, 5:27 AM CET

Windows XP security guide
The Windows XP Security Guide has been updated to provide specific recommendations. [more]
Friday, 21 October 2005, 5:21 AM CET

Security outsourcing: how to do it right
Outsourcing your organization's information security can expose you to great risks. We show you how a well-planned strategy can realize benefits in cost, efficiency, expertise and peace of mind. [more]
Friday, 21 October 2005, 5:17 AM CET

Evolution of Web-based worms
The Myspace Web worm used a simple vulnerability and XSS to propagate, and it might be a sign of things to come. [more]
Friday, 21 October 2005, 3:58 AM CET

Email security: how much is enough?
Although we have long since known about the virility of email threats and viruses, this year continues to supply heavily evolved and critically destructive email attacks. [more]
Friday, 21 October 2005, 3:50 AM CET

Webroot guesstimates inflate UK spyware problem
The UK had the third highest rate of spyware infections last quarter, according to research by anti-spyware firm Webroot Software which lumps tracking cookies in with far more malicious risks such as Trojans and keylogging programs. [more]
Friday, 21 October 2005, 3:29 AM CET

Responding to data-security needs
Despite the increased awareness, the recent frequency of security breaches seems to indicate that many companies have not adequately responded to the issue of data security within their organizations. [more]
Friday, 21 October 2005, 3:07 AM CET

ISO 27001 security standard published
After several months in final draft mode, ISO 27001 has been published as an official standard. It essentially defines an Information Security Management System and compliments the ISO 17799 'code of practice' standard. [more]
Thursday, 20 October 2005, 4:23 PM CET

Playstation Portable Trojan...the demo
So what happens when a group of geeks gets an itch to destroy an expensive toy but nobody in the AVR lab is willing to pony up their own personal PSP? You make a call, get someone to donate a PSP, fire up the video camera & record it for posterity. [more]
Thursday, 20 October 2005, 4:12 PM CET

ZoneAlarm sniffs out spyware behavior
Zone Labs Wednesday rolled out an anti-spyware product for consumers and small businesses that takes a proactive approach by basing its defense on firewall technology. [more]
Thursday, 20 October 2005, 4:12 PM CET

Internet heightens embedded systems security
Software security is an increasingly critical issue in embedded system designs that are web-enabled, according to supplier of real-time operating systems Green Hills Software. [more]
Thursday, 20 October 2005, 4:09 PM CET

How to (ethically) hack wireless networks
In this webcast, Kevin Beaver and Peter T. Davis, will discuss the latest ethical hacking techniques for testing the security of 802.11-based wireless systems. [more]
Thursday, 20 October 2005, 1:45 PM CET

Sue companies, not coders
At a security conference last week, Howard Schmidt, the former White House cybersecurity adviser, took the bold step of arguing that software developers should be held personally accountable for the security of the code they write. [more]
Thursday, 20 October 2005, 1:41 PM CET

Virus writers motivated by money: expert
The image of virus and malware writers as 'script kiddies' with too much time on their hands is an outdated one, a leading web security analyst has said. [more]
Thursday, 20 October 2005, 12:03 PM CET

Windows security: a year of progress?
Microsoft's OS continues to suffer from flaws and exploits, but the software giant is working to secure it. Here are our expert's tips on how to make the most of Microsoft's efforts. [more]
Thursday, 20 October 2005, 10:28 AM CET

10-minute guide to killing network malware
If you have any doubts about how serious an issue malware has become, just check in with the company help desk. They're probably in constant motion, trying to revive PCs that have slowed to a crawl. [more]
Thursday, 20 October 2005, 9:40 AM CET

Nigeria to outlaw e-mail spamming
Nigeria is considering making spamming a criminal offense. [more]
Thursday, 20 October 2005, 2:13 AM CET

Snort vulnerability "wormable" but not widespread
A three-month-old flaw in a preprocessor function for the open-source intrusion detection system may attract worm writers, but the number of vulnerable systems is likely low, security experts said on Wednesday. [more]
Thursday, 20 October 2005, 2:10 AM CET

New plans to safeguard LANs
802.1AE provides encapsulation and the cryptography framework for Ethernet protection. [more]
Thursday, 20 October 2005, 1:57 AM CET

Web application firewalls: the first layer of protection
Anyone who has worked as a security auditor, sometimes called a “white hat," knows that most organizations have gotten pretty good at configuring their firewalls and patching their externally facing servers. [more]
Thursday, 20 October 2005, 1:55 AM CET

Analyst: expect to pay less for desktop security
A Gartner analyst predicts Microsoft will charge less than $15 per user per year for its new anti-malware product. [more]
Thursday, 20 October 2005, 1:51 AM CET

Oracle patches 88 holes in quarterly security update
Oracle released a bundle of critical security patches for its software on Tuesday. [more]
Thursday, 20 October 2005, 1:49 AM CET

RSA Conference Europe 2005 Showcase Video
The video is 2:00 minutes in length, available in Windows Media 9 256K (3.7 MB) and 64K (936 KB). Click on the icons below to download the video. [more]
Wednesday, 19 October 2005, 10:36 AM CET

Security pros win out in office politics
Business managers starting to listen (allegedly). [more]
Wednesday, 19 October 2005, 10:34 AM CET

Prepare for the worst when it comes to laptop security
The attractiveness of a laptop computer is the very weakness that makes it so stealable. [more]
Wednesday, 19 October 2005, 10:27 AM CET

Congress raises cyber security awareness
It may have escaped your attention, but October is National Cyber Security Awareness Month. [more]
Wednesday, 19 October 2005, 10:26 AM CET

Secure your wireless network
Properly configure clients and APs and watch out for rogue APs. [more]
Wednesday, 19 October 2005, 10:25 AM CET

DRM and wiretapping huge threats to cyber freedom
The effort spearheaded in the US to require people building voice technologies to code in wiretapping from the beginning of development, is currently the gravest threat to cyber-freedom, according to Brad Templeton from the Electronic Frontier Foundation who spoke at AUUG 2005 today. [more]
Wednesday, 19 October 2005, 10:20 AM CET

International laws for international crimes
Global cooperation on information security is still at the pipe-dream stage if a panel at the RSA Security conference this week is anything to go by. [more]
Tuesday, 18 October 2005, 5:04 PM CET

Costly virus damage
Malware cost the global economy an estimated $166 billion in 2004, according to a new report by antivirus firm Eset, producer of NOD32 Antivirus System. [more]
Tuesday, 18 October 2005, 1:29 PM CET

Cisco expands its Network Admission Control framework
Cisco Systems today announced advancements to its Network Admission Control (NAC) framework that help protect organizations from threats such as spyware, viruses and worms attempting to gain network access through a growing number of endpoint devices. [more]
Tuesday, 18 October 2005, 1:07 PM CET

RSA Conference Europe 2005 Photos
Here you can catch a bit of the atmosphere at the exhibition floor of the RSA Conference in Vienna this morning. [more]
Tuesday, 18 October 2005, 12:55 PM CET

European Information Security Awards 2005
The Awards are given in acknowledgement of the outstanding contribution of both individuals and companies in the field of Information Security across Europe. [more]
Tuesday, 18 October 2005, 12:55 PM CET

Survey shows that awareness of identity theft is lowest in EU member states
The research survey, conducted in Germany, France, the United Kingdom and the United States by Momentum Research Group. [more]
Tuesday, 18 October 2005, 12:54 PM CET

RSA Security integrates enterprise single sign-on and Strong authentication for Microsoft Windows desktops and networks
RSA Security Inc. today announced RSA Sign-On Manager 4.5, an enterprise single sign-on (ESSO) solution that expands integration with RSA SecurID technology. [more]
Tuesday, 18 October 2005, 12:54 PM CET

Vordel unveils latest version of industry's favorite Web Services security test tool
The XML Web Services security company Vordel today unveiled the latest version of Vordel SOAPbox, the world's most widely used security testing tool for Web Services. [more]
Tuesday, 18 October 2005, 12:54 PM CET

Security staff pack more punch with top managers
Responsibility for IT security appears to be devolving away from the IT department, according to research to be published at this week's RSA Security Conference in Vienna. [more]
Tuesday, 18 October 2005, 12:52 PM CET

Lessons of warfare for IT security
To best apply limited resources to maximize defense success, carefully select your turf. [more]
Tuesday, 18 October 2005, 11:30 AM CET

Phishing attacks slip for second straight month
The number of phishing attacks spammed to computer users fell for the second straight month, the Anti-Phishing Working Group (APWG) said last week as it reported on August's scams. [more]
Tuesday, 18 October 2005, 11:29 AM CET

Device security seminar tours 12 cities
Four embedded software and services companies will team up on a series of half-day seminars on device security. [more]
Tuesday, 18 October 2005, 11:22 AM CET

US push to two-factor security
US Federal regulators have ordered banks to tighten their internet security procedures by the end of 2006 to help thwart identity theft. [more]
Tuesday, 18 October 2005, 11:21 AM CET

IRCbot trojan spoofing Skype
Security firm MessageLabs has detected a new variant of the IRCbot Trojan disguised as the latest release of the popular Skype VoIP software client version 1.4. [more]
Tuesday, 18 October 2005, 11:18 AM CET

Security concerns weigh on HP, users
Company says it will build security into hardware and software to reduce complexity. [more]
Tuesday, 18 October 2005, 11:18 AM CET

Minimize spam threats with locked addresses
The service called CanIt 'Locked Addresses' offers you the possibility to create unlimited ammount of forwarders to your real e-mail address. It remembers the first sender to the newly created forwarder and from that point on it only lets this specific address to send e-mails to your newly created address. [more]
Tuesday, 18 October 2005, 11:00 AM CET

Looking beyond simple spam filtering
E-mail security vendors add anti-virus, encryption, outbound content filtering. [more]
Monday, 17 October 2005, 5:20 PM CET

Price war looms as Microsoft enters security market
Microsoft's entry into the security market next year will dramatically reduce the price of anti-malware software, according to analyst firm Gartner. [more]
Monday, 17 October 2005, 5:19 PM CET

Cisco finally brings security push to LAN
Cisco this week is expected to announce Phase II of its Network Admission Control program, including the ability to block network access for dangerous clients at the LAN/wireless LAN device level. [more]
Monday, 17 October 2005, 5:18 PM CET

Spyware: what you need to know
It can turn your system against you, slow your browser to a crawl and inhabit your computer like some grotesque parasite. [more]
Monday, 17 October 2005, 5:15 PM CET

Millions of UK households at risk of ID theft
Beware the phantom bin raider. [more]
Monday, 17 October 2005, 5:15 PM CET

CLI magic: trojan scan
We're all about security this week. Not the security you get from being all wrapped up in a baby-blanket, coddling, gratuitous GUI, but the kind that comes from knowing who is connected to your machine, and why. [more]
Monday, 17 October 2005, 5:14 PM CET

Microsoft patch problematic for some, security firm says
The patch was released this week to plug a vulnerability in Windows 2000. [more]
Monday, 17 October 2005, 7:35 AM CET

FBI puts stop to spam king
Agents close up shop by seizing equipment from bulk e-mailer's W. Bloomfield home in recent raid. [more]
Monday, 17 October 2005, 6:33 AM CET

Find Out What's new with code access security in the .NET Framework 2.0
This article discusses the role of CAS in .NET security and some key new features and changes in CAS in the .NET Framework 2.0. [more]
Monday, 17 October 2005, 6:14 AM CET

Newest mobile devices are latest threat to network security
Today’s next-generation mobile devices enhance mobile workers’ productivity, but they’re also placing unprecedented demands on enterprise security infrastructure. [more]
Monday, 17 October 2005, 5:54 AM CET

A comparison of Solaris, Linux, and FreeBSD kernels
One of the more interesting aspects of the three OSes is the amount of similarities between them. [more]
Monday, 17 October 2005, 4:56 AM CET

Viruses increasingly infecting enterprise networks via IM
"Instant Messaging applications are the most rapidly adopted 'greynets' on end-user systems," said Ashvini Naidu, a spokesman for FaceTime, a developer of anti-spyware solutions. [more]
Monday, 17 October 2005, 4:49 AM CET

Automated backups with rdiff-backup
This tutorial describes how to do automated server backups with the tool rdiff-backup. [more]
Monday, 17 October 2005, 4:34 AM CET

Email security requirements - technical overview
It's a war zone out there - email systems administrators versus hackers, viruses, spam, and who knows what next. Over 450 new viruses are discovered each month, according to IDC research. Less destructive, but equally disruptive is spam. [more]
Monday, 17 October 2005, 4:15 AM CET

Weekly report on viruses and intruders
This week’s report from Panda Software looks at one worm, Sdbot.FHG, three Trojans, Multidropper.AYC, Tahen.A and Tahen.B, and the vulnerabilities covered in Microsoft bulletins MS05-044 to MS05-052. [more]
Friday, 14 October 2005, 4:42 PM CET

Microsoft aligns with Nigeria to crack down on scams
Agreement calls for Microsoft to help break up crime rings that use Internet for fraud and theft. [more]
Friday, 14 October 2005, 4:24 PM CET

WifiScanner 1.0.0 Linux wireless tool released
After a couple of years of development, Linux based wireless tool WifiScanner got its 1.0.0 release. [more]
Friday, 14 October 2005, 3:57 PM CET

Massachusetts hits "Internet spam gang" with $37 million fine
To collect, the state's Attorney General is looking for Leo Kuveyev, the leader of the spam ring, who's believed to be in Russia. [more]
Friday, 14 October 2005, 3:41 PM CET

Security experts warn of Windows worm
Fears are growing of a new Windows worm after security companies reported that exploit code is already circulating for three Microsoft patches released on Tuesday. [more]
Friday, 14 October 2005, 3:02 PM CET

Microsoft employee blasts 'fake' service pack
Unauthorized Windows XP Service Pack 3 surfaces on Web site. [more]
Friday, 14 October 2005, 1:32 PM CET

Domestic defense
Could proposed new intelligence-gathering powers for the Pentagon lead to spying on U.S. citizens? The question is being asked as the White House considers new roles for the military inside America's borders. [more]
Friday, 14 October 2005, 1:29 PM CET

Security: Microsoft's next antitrust battle?
Software giant argues antivirus, spyware-fighting are logical extension to operating system. [more]
Friday, 14 October 2005, 1:25 PM CET

Design and deploy secure Web apps with ASP.NET 2.0 and IIS 6.0
This article discusses best practices that allow you to take advantage of the security features of ASP.NET 2.0 and IIS 6.0 to build and deploy more secure Web applications. [more]
Friday, 14 October 2005, 1:09 PM CET

Interview with Terry Dickson, CEO and Co-Founder of Avinti
In this interview Mr. Dickson discusses a newly discovered targeted destination e-mail attack, the biggest challenge in protecting sensitive information at the enterprise level, and more. [more]
Friday, 14 October 2005, 1:01 PM CET

The challenge of managing remote users
"By design and policy, no data is stored remotely," said Mark Moroses, senior director technical services/security officer at Maimonides Medical Center in New York. [more]
Friday, 14 October 2005, 12:59 PM CET

Red Hat tests security skills
Red Hat is launching what it says is the first performance-based security certification for enterprise Linux servers. [more]
Friday, 14 October 2005, 12:44 PM CET

Your next job title: CISO?
"In small firms, the same person tends to do both jobs under one title," said Eliot Zember, vice president of industry solutions at Fox Technologies. [more]
Friday, 14 October 2005, 12:41 PM CET

Cisco exec on security, Black Hat brouhaha
Jeff Platon, vice president of product marketing for security and application networking technology at Cisco Systems, talked this week with Computerworld about security technology at the networking company. [more]
Friday, 14 October 2005, 12:24 PM CET

Identity theft on the rise
Fresh concerns have been raised about the security of information held by Companies House, after a leading credit agency warned that it was aware of more than 100 cases of theft of auditors’ identities. [more]
Friday, 14 October 2005, 12:23 PM CET

Lloyds steps up online security
Lloyds TSB is to trial a new security system for online banking customers, in an attempt to beat internet fraud. [more]
Friday, 14 October 2005, 12:18 PM CET

Cross-Site Scripting worm hits MySpace
With the advent of social networking sites, becoming more popular is as easy as crafting a few lines of JavaScript code, it seems. [more]
Friday, 14 October 2005, 12:14 PM CET

New Commwarrior variant detected
The Commwarrior.C seems to function in similar manner as A and B variants. [more]
Thursday, 13 October 2005, 3:44 PM CET

VoIP is not as secure as you think
Voice-over-Internet Protocol (VoIP), also known as Internet telephony, may be all the rage these days but it is not as secure as the general public think it is. [more]
Thursday, 13 October 2005, 3:43 PM CET

US cybersecurity risks are been poorly managed
US cybersecurity risks are been poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor. [more]
Thursday, 13 October 2005, 3:34 PM CET

Specialist police units tackle computer crime
In their fourth year, Hi-Tech Crime Units are proving invaluable to police forces across the country. [more]
Thursday, 13 October 2005, 3:33 PM CET

Desktop search and malware: friend or foe?
Double-edged sword. [more]
Thursday, 13 October 2005, 3:32 PM CET

Government must push on IT security
Computing talks with John Thompson, chief executive of Symantec, about IT security measures for the future. [more]
Thursday, 13 October 2005, 3:32 PM CET

Basic Bluetooth security
Bluetooth security implementation revolves around making devices as well as services offered by them secure. [more]
Thursday, 13 October 2005, 12:26 PM CET

Spammer's net name scam revealed
Peter Francis-Macrae is currently on trial for alleged death threats, made as police and trading standards moved in on his fraudulent net operation. [more]
Thursday, 13 October 2005, 12:24 PM CET

Expect bigger attacks after Microsoft, Yahoo connect IM networks
IM attacks are already exploding, up a whopping 2,000% since last year. [more]
Thursday, 13 October 2005, 12:21 PM CET

OpenBSD's network stack
SecurityFocus interviews three OpenBSD developers about their network stack protection against DoS ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD. [more]
Thursday, 13 October 2005, 12:18 PM CET

Arrests 'unlikely' to impact botnet threat
The recent arrests of three men in The Netherlands who allegedly controlled a network of more than 100,000 compromised computers will not likely curtail the criminal economy surrounding so-called bot nets, security experts said this week. [more]
Thursday, 13 October 2005, 12:11 PM CET

Exploit already out for new Windows 2000 bug
The exploit takes advantage of the most dangerous of the 14 vulnerabilities Microsoft described--and released patches for--this week. [more]
Thursday, 13 October 2005, 4:38 AM CET

Banks caught by 5m Euro spy sting
Police say money-laundering conman is the greatest trickster they have faced. [more]
Thursday, 13 October 2005, 4:11 AM CET

Bacon Raton keeps US at top of spam charts
The US has yet again topped a list of spam producing countries. [more]
Thursday, 13 October 2005, 3:53 AM CET

A look inside the security development lifecycle at Microsoft
The goals of the Security Development Lifecycle (SDL), now embraced by Microsoft, are twofold: to reduce the number of security-related design and coding defects, and to reduce the severity of any defects that are left. [more]
Thursday, 13 October 2005, 3:32 AM CET

How to use multilayered security to defeat viruses
Read about virus preventive systems being used today, the formula for successful protection with options, including Global Traffic Data, Threat Operations Center and Dynamic Quarantines. Also review history, motives and trends of security viruses. [more]
Thursday, 13 October 2005, 2:49 AM CET

Higher R&D spenders fail to secure success
Global Innovation 1000 report reveals little benefit from major investment. [more]
Thursday, 13 October 2005, 2:26 AM CET

Generating random passwords with ASP.NET
The purpose of this article is to provide a random password generator for ASP.NET. [more]
Thursday, 13 October 2005, 1:54 AM CET

Virus writers create Nintendo DS Trojan
Virus writers - no doubt inspired by news of the first PlayStation Portable Trojan - have created the first malware to target the Nintendo DS handheld gaming console. [more]
Thursday, 13 October 2005, 1:39 AM CET

Security is hard work
Implementing effective IT security involves long hours of planning, monitoring and analysis. [more]
Thursday, 13 October 2005, 1:22 AM CET

Privacy fears hinder the growth of RFID
Report urges industries to look at wider benefits. [more]
Thursday, 13 October 2005, 12:59 AM CET

Email scam suspect made 'threats to kill'
Peter Francis-Macrae faces a variety of charges. [more]
Thursday, 13 October 2005, 12:42 AM CET

Chip-and-PIN linked to drop in card fraud
Security scheme gathers pace and nears final deadline. [more]
Thursday, 13 October 2005, 12:32 AM CET

Most support health network - security a big concern
More than 70 percent of Americans are in support of a nationwide health-information exchange or network for doctors and patients. [more]
Thursday, 13 October 2005, 12:13 AM CET

Copying files securely between systems
If you need to copy files from one system to another over an unprotected network, you can do it in a few ways. [more]
Wednesday, 12 October 2005, 6:01 PM CET

The end of passwords
Reliable and affordable fingerprint identification systems, already in use and pushing into prime time, are taking over. [more]
Wednesday, 12 October 2005, 5:58 PM CET

CA reports unpatched security flaw
Computer Associates has reported an unpatched flaw in its iGateway security software, which allows remote attackers to take over a system and execute arbitrary code. [more]
Wednesday, 12 October 2005, 5:54 PM CET

Grisoft predicts Linux virus plague
'Only a matter of time,' warns antivirus firm. [more]
Wednesday, 12 October 2005, 4:10 PM CET

Phishing attack targets one-time passwords
A Swedish internet bank was forced to shut down its website for a short time last week after its one-time password security system was targeted by a new type of phishing scam. [more]
Wednesday, 12 October 2005, 4:09 PM CET

Securing mobile data more important than viruses
Hype about mobile viruses is overshadowing the need for better data security. [more]
Wednesday, 12 October 2005, 4:09 PM CET

Is security software the next battle for Microsoft?
Microsoft’s planned moves into the security software market seem likely to generate more concerns over how it uses its market strength. [more]
Wednesday, 12 October 2005, 1:34 PM CET

Symantec AntiVirus Scan Engine has serious bug
Users of Symantec Corp.'s AntiVirus Scan Engine are being advised to upgrade their software, as a result of a critical security bug in the product. [more]
Wednesday, 12 October 2005, 12:58 PM CET

Liberty Alliance releases legal, privacy guidelines
The Liberty Alliance Project released guidelines that aim to help organizations deal with some of the legal and privacy issues that arise from such federated identity projects. [more]
Wednesday, 12 October 2005, 12:54 PM CET

Is RFID secure?
Perform due diligence with RFID security. [more]
Wednesday, 12 October 2005, 12:52 PM CET

Who's that knocking at your PC?
The average broadband PC is the target of hundreds of attempted break-ins every day. [more]
Wednesday, 12 October 2005, 12:47 PM CET

Insider security threats Q&A
We conducted a brief Q&A session with David Lynch, CMO at Apani Networks. He discusses a recent security breach in the White House, internal security attacks in general and how to prevent them. [more]
Wednesday, 12 October 2005, 12:35 PM CET

Spyware spreads despite security efforts
Spyware writers understand that their model is under siege, and to survive they're employing every tactic that they can. [more]
Wednesday, 12 October 2005, 12:30 PM CET

McAfee ships two wireless network security products
Security software vendor McAfee, Inc. said Tuesday that it has started shipping two separate suites with built-in security capabilities for home wireless networks. [more]
Wednesday, 12 October 2005, 7:21 AM CET

OpenSSL patches security hole
OpenSSL has released a software update to fix a flaw that could make it easier for hackers to attack secure web servers. The security issue could allow attackers to force an SSL-enabled site to use the outdated and potentially insecure SSL version 2.0 protocol. [more]
Wednesday, 12 October 2005, 1:50 AM CET

Microsoft Patch Tuesday brings nine patches
As expected, Microsoft released several patches today. Eight of this month's Security Bulletins affect Microsoft Windows while one affects Exchange 2000 Server. [more]
Tuesday, 11 October 2005, 9:47 PM CET

Dutch police crush big 'botnet,' arrest trio
A huge network of 100,000 PCs was used to conduct a denial-of-service attack against an unidentified U.S. company in an extortion attempt, and for many other nefarious deeds, according to Dutch police. [more]
Tuesday, 11 October 2005, 3:58 PM CET

Princeton plans cryptography detector launch
Early next year, Princeton Lightwave plans to launch products for quantum cryptography applications featuring its own avalanche photodetectors combined with world-leading technology licensed from IBM. [more]
Tuesday, 11 October 2005, 3:21 PM CET

Secure your PC and maintain your privacy
Configure Windows XP and ensure that your PC and its data remain safe. [more]
Tuesday, 11 October 2005, 1:35 PM CET

What are digital vaults?
This article gives an overview on digital vaults and looks at why they are increasingly growing in popularity. [more]
Tuesday, 11 October 2005, 1:26 PM CET

Users want ISPs to filter spyware
I don't know what it is but get rid of it. [more]
Tuesday, 11 October 2005, 1:11 PM CET

The spam vigilantes
"This is a message that spells out, 'I am a spammer,'" says Eran Reshef, his voice echoing in the receiver from half a world away. [more]
Tuesday, 11 October 2005, 1:10 PM CET

Man with 130 IDs steals £1m
Five years jail for fake passport fiend. [more]
Tuesday, 11 October 2005, 12:00 PM CET

Microsoft updates Windows Malicious Software Removal Tool
Version 1.9 checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software and helps remove any infection found. [more]
Tuesday, 11 October 2005, 10:02 AM CET

Security management advances
Three new products hitting the market. [more]
Tuesday, 11 October 2005, 9:47 AM CET

A convicted hacker debunks some myths
To many, the name Kevin Mitnick is synonymous with hacking, the cinematic sort where a snot-nosed kid thumbs his nose at authority. But, Mitnick says, the characterization is a bit overdone and the legend untrue, if not libelous. [more]
Tuesday, 11 October 2005, 9:46 AM CET

Slew of new IM threats reported
The Akonix report revealed several new findings, including a new phase in the sophistication of the social engineering efforts used by IM virus writers to target unsuspecting IM users. [more]
Tuesday, 11 October 2005, 9:45 AM CET

Google plugs cross-scripting security hole
Google has fixed a cross-scripting flaw that opened user accounts to hijacking, the search giant confirmed Monday. [more]
Tuesday, 11 October 2005, 5:48 AM CET

Microsoft releases service pack for Navision
Enhancements are intended to better integrate with Microsoft Office, Microsoft SQL Server and Microsoft Small Business Server. [more]
Tuesday, 11 October 2005, 5:41 AM CET

Hacking for dollars
With hackers looking for dollars instead of bragging rights today, education is the key to your defense, writes CIO Update columnist Mark Egan of Symantec. [more]
Tuesday, 11 October 2005, 5:26 AM CET

Mathematician rides curve toward new type of security
Scott Vanstone is the co-founder and executive vice president of Certicom Corp., a security company specializing in a special version of publickey cryptography called elliptic curve. [more]
Tuesday, 11 October 2005, 5:24 AM CET

Symbian device protection gets stronger with mobile firewall
F-Secure Corporation extended the support for its F-Secure Mobile Anti-Virus to Microsoft’s Windows Mobile operating system. Symbian Series 80 users will also get a new product called F-Secure Mobile Security, which contains a mobile firewall alongside anti-virus functionality. [more]
Monday, 10 October 2005, 8:31 PM CET

You need not be paranoid to fear RFID
Because they need no batteries, RFID chips can be made small enough to attach invisibly to practically anything. [more]
Monday, 10 October 2005, 5:16 PM CET

Visa CEO supports tougher penalties for ID theft and e-fraud
Visa U.S.A. Inc. is exploring ways to reward businesses that enhance their security practices to protect against credit card fraud and online scams, the company's CEO said last week. [more]
Monday, 10 October 2005, 5:15 PM CET

Feds make security a priority in IT purchases
Proposed rule goes into effect, requires new procurement practices at agencies. [more]
Monday, 10 October 2005, 5:12 PM CET

The four most dangerous security myths
A lot of the accepted wisdom about network security is flat-out wrong. How can you be safe? Use our guide to the most dangerous security myths, and get help separating facts from fiction. [more]
Monday, 10 October 2005, 5:06 PM CET

MS security bundling plan causes waves
Symantec assists EU 'reconnaissance probe'. [more]
Monday, 10 October 2005, 5:05 PM CET

Data security risks missing from disaster recovery plans
Scope of contingency programs needs to be expanded, execs say. [more]
Monday, 10 October 2005, 5:05 PM CET

Mobile security products on tap
Among other new wares expected at a conference in Chicago this week is the PGP Support Package for BlackBerry, a jointly developed product that allows for automatic encryption and decryption of e-mail on BlackBerry handsets. [more]
Monday, 10 October 2005, 5:02 PM CET

Microsoft: keeping security friends close, enemies closer
Microsoft has announced a new security product and set up an alliance to link security partners. [more]
Monday, 10 October 2005, 12:55 PM CET

Web application firewall evaluation criteria announced
The Web Application Firewall Evaluation Criteria project announced its first public release. The goal of the project is to develop a testing methodology that can be used by any reasonably skilled technician to independently assess quality of a web application firewall. [more]
Monday, 10 October 2005, 12:30 PM CET

Anti-spam user authentication is 'worse than useless'
Claims that user authentication schemes will reduce spam are not just wrong but "wrongheaded", a security researcher warned on Friday. [more]
Monday, 10 October 2005, 12:13 PM CET

Reel in phishers
Network-based security stops phishing E-mails from reaching the server, and a California law lets victims recover losses. [more]
Monday, 10 October 2005, 12:12 PM CET

DDoS by mobile phone: is it a goer?
Mobile phone networks could be swamped by text messages to phones in a denial of service attack by hackers, academics warn. [more]
Monday, 10 October 2005, 12:10 PM CET

Cops smash 100,000 node botnet
Largest zombie army ever detected. [more]
Monday, 10 October 2005, 12:09 PM CET

Mac security: identifying changes to the file system
When you use a Macintosh, or indeed any Unix-based system, it's comforting to know that your computer is more secure than Windows. [more]
Monday, 10 October 2005, 11:05 AM CET

A special budget for security
With a focus on enforcement, organisations are assigning special budgets that encompass security practices in an organisation. [more]
Monday, 10 October 2005, 10:18 AM CET

10 tips for safer instant messaging
Communicating with an IM program has some of the same security and privacy risks as e-mail, but there are a few unique dangers that are worth mentioning. [more]
Monday, 10 October 2005, 9:43 AM CET

Bank of America notifying customers after laptop theft
Data compromised from Visa Buxx, a prepaid credit card for teenagers. [more]
Monday, 10 October 2005, 9:30 AM CET

Dutch smash 100,000-strong zombie army
Dutch police have arrested three people for building a worldwide zombie network of more than 100,000 PCs used to launch internet attacks on companies and to hack into bank and Paypal accounts. [more]
Monday, 10 October 2005, 9:14 AM CET

Fingerprint payments taking off despite security concerns
Consumers embarking on a shopping spree may be able to leave their wallets behind in the near future, despite some security and privacy experts' concerns. [more]
Monday, 10 October 2005, 9:03 AM CET

Phishers plant fake Google Toolbar
Phishers are playing off Google's brand name. [more]
Friday, 7 October 2005, 6:11 PM CET

T-K worm creators jailed
Two people have been jailed for helping to create a virus that infected thousands of computers worldwide. [more]
Friday, 7 October 2005, 6:08 PM CET

Sober returns using social engineering techniques
PandaLabs has recorded the appearance of a new variant of the Sober worm, Sober.Y, which spreads using social engineering techniques in emails sent in English or German. [more]
Friday, 7 October 2005, 6:02 PM CET

China purges spam SMS
China has ordered telcos to purge spam SMSes of smut and other "unhealthy" influences, including "superstitious content" like fortune telling. [more]
Friday, 7 October 2005, 1:11 PM CET

Malicious attack trends: good, bad, and worse
Automated code and for-profit hackers have information theft on the rise. [more]
Friday, 7 October 2005, 12:52 PM CET

Internet Explorer 7 security
Internet Explorer has certainly had its share of flaws and vulnerabilities. [more]
Friday, 7 October 2005, 12:27 PM CET

How to stop phishing in one easy step
Here's a security concept for everyone: "if you can't do it securely, then don't do it at all." [more]
Friday, 7 October 2005, 12:23 PM CET

Hackers take VoIP by the throat
Hackers have Voice over IP in their sights, according to Symantec’s latest Internet Security Threat Report. [more]
Friday, 7 October 2005, 12:02 PM CET

What is Activity Monitor (or how to take your Mac's pulse)
Activity Monitor is a GUI application included with Mac OS X. It provides graphical representations of your computer's CPU, system memory, disk activity, disk usage, and network processes. [more]
Friday, 7 October 2005, 11:58 AM CET

Protecting files at home using encrypted containers
Many people encrypt partitions or drives to keep data safe, but if you're looking for something a little simpler but still safe, try using containers. [more]
Friday, 7 October 2005, 11:57 AM CET

Playing nice with physical security
At a small company, the information security manager is sometimes also responsible for physical security. [more]
Friday, 7 October 2005, 11:54 AM CET

Monitoring network traffic with Ruby and Pcap
This is an introductory tutorial to network filtering with libpcap and Ruby in which you will learn how to make a script that intercepts AIM instant messages sent from or received by any computer on your local network. [more]
Friday, 7 October 2005, 10:55 AM CET

New security nightmare: robot networks
Hacker-controlled zombie computers can overload business Web sites with so many access requests that they are forced offline. [more]
Friday, 7 October 2005, 10:45 AM CET

Microsoft readies eight October patches
Microsoft is preparing to release eight Windows security patches next Tuesday during its monthly patch release cycle, the company said in a security bulletin on its website. [more]
Friday, 7 October 2005, 10:44 AM CET

Affordable IT: security outsourcing
Outsourcing your organization's information security can expose you to great risks. We show you how a well-planned strategy can realize benefits in cost, efficiency, expertise and peace of mind. [more]
Friday, 7 October 2005, 10:43 AM CET

Private sector needed for identity management
Identity management is crucial to protect public and private sectors alike, and requires the cooperation and expertise of both to be achieved. [more]
Friday, 7 October 2005, 1:57 AM CET

Feds point finger at US spyware pperation
Webroot Vice President of threat research Richard Stiennon told the E-Commerce Times the FTC spyware suit was very significant. [more]
Friday, 7 October 2005, 1:49 AM CET

Tsunami hacker convicted
Fine and costs for Daniel Cuthbert. [more]
Friday, 7 October 2005, 1:43 AM CET

Security policy and governance
Twenty years ago security was considered an overhead. But after two decades of education and example it is now considered a vital part of operating practice. [more]
Friday, 7 October 2005, 1:41 AM CET

Hackers fiercer than ever, FBI says
Ruthless cybercrooks can do more damage than simply steal data. [more]
Friday, 7 October 2005, 1:33 AM CET

A new security strategy for Microsoft?
Microsoft is expanding its security protection services with the upcoming launch of two new products. [more]
Friday, 7 October 2005, 1:30 AM CET

Define a network security policy
This "How-To" guide shows you how to define a network security policy and helps you understand how firewall hardware and software can turn your network security business rules into security reality. [more]
Friday, 7 October 2005, 1:23 AM CET

First trojan for Sony PSP sighted
Trojan hacking tool will break portable gaming device. [more]
Friday, 7 October 2005, 12:20 AM CET

Nokia/Symantec tie-in targets mobile viruses
Pair claim better protection against mobile malware. [more]
Thursday, 6 October 2005, 6:12 PM CET

PDF security video tutorial
In this video tutorial you learn about the security features of Adobe Acrobat. [more]
Thursday, 6 October 2005, 4:12 PM CET

A legal shield for pen-test results
Planning a penetration test? Call an attorney. [more]
Thursday, 6 October 2005, 4:09 PM CET

A real remedy for phishers
Last week California became the first state to enact a law specifically addressing phishing. [more]
Thursday, 6 October 2005, 4:02 PM CET

FTC clamps down on spyware firm
The US’ Federal Trade Commission has gone after what it claims is a spyware and adware operation that invaded users’ machines and served up bogus search pages. [more]
Thursday, 6 October 2005, 4:00 PM CET

Windows XP SP3 preview surfaces on Web
An "unofficial" preview pack of Windows XP service pack 3 (SP3) is available. [more]
Thursday, 6 October 2005, 2:57 PM CET

Check Point to acquire makers of Snort
Check Point Software Technologies Ltd. and Sourcefire, Inc., developers of Snort, today announced that they have signed a definitive agreement for Check Point to acquire privately held Sourcefire for a total consideration of approximately $225 million. [more]
Thursday, 6 October 2005, 2:52 PM CET

SMS attacks could cripple cell phones
Hackers could bring down cellular service by flooding phones with unwanted text messages. [more]
Thursday, 6 October 2005, 2:52 PM CET

Pass on passwords with scp
Learn how to propagate files quickly and do backups easily when you set up scp to work without needing passwords. [more]
Thursday, 6 October 2005, 2:33 PM CET

Victims coughing up to online extortionists
Online bookmakers who become victims of online extortion attacks more often than not pay up, according to an IBM security researcher. [more]
Thursday, 6 October 2005, 2:33 PM CET

Firms hit hard by organised IT crime
Financial losses from accident and attacks begin to mount. [more]
Thursday, 6 October 2005, 2:32 PM CET

Microsoft to roll virus and spyware protection into one
Microsoft’s much anticipated entry into the antivirus market is set to take a step forward today, with the unveiling of a new product for businesses called Microsoft Client Protection. [more]
Thursday, 6 October 2005, 2:31 PM CET

Police tighten grip on sign-on access
Staffordshire force installs IT password management system. [more]
Thursday, 6 October 2005, 1:32 AM CET

FTC targets N.H. spyware operation
The company allegedly steers Internet users to fake search engines. [more]
Thursday, 6 October 2005, 1:09 AM CET

'DEC hacking' trial opens
Accused gives evidence. [more]
Thursday, 6 October 2005, 12:42 AM CET

Phish down, spam up
Over the last week or so, the volume of spam has been rising markedly. [more]
Thursday, 6 October 2005, 12:39 AM CET

Spyware maker hauled before court
FTC files charges against peer-to-peer fileshare app distributor. [more]
Thursday, 6 October 2005, 12:35 AM CET

Miniature version of the 'Net used to assess security schemes
Like a ship in a bottle, the Internet-Simulation Event and Attack Generation Environment is a miniature version of the real thing. [more]
Thursday, 6 October 2005, 12:19 AM CET

Be wary of mobile device security
The use of mobile devices, especially wireless ones, poses a unique security threat. [more]
Wednesday, 5 October 2005, 4:25 PM CET

Web attack extorts by encryption
Pay up or you'll never see your data again. [more]
Wednesday, 5 October 2005, 3:13 PM CET

Microsoft ready to reveal security roadmap
Microsoft is expected to update business users on its security strategy at a Munich IT event. [more]
Wednesday, 5 October 2005, 3:12 PM CET

Common Malware Enumeration Initiative
The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks. [more]
Wednesday, 5 October 2005, 3:08 PM CET

Hackers take aim at web-based apps
Hackers are turning away from corporate networks and redirecting their attacks against business applications on the web, security experts warned today. [more]
Wednesday, 5 October 2005, 2:33 PM CET

E-voting experts call for revised security guidelines
A federally funded group of voting system experts called on the United States' Election Assistance Commission to revamp its recommended process for evaluating the security of electronic voting devices. [more]
Wednesday, 5 October 2005, 2:33 PM CET

Massachusetts outfit switches to more secure network
The events of Sept. 11, 2001 forced the Massachusetts Port Authority, which operates Boston's Logan Airport and other properties, to re-examine its security practices on a number of levels. [more]
Wednesday, 5 October 2005, 2:23 PM CET

Details from the Anti-Phishing Act of 2005
California is the first US state to pass anti phishing laws. Finally someone went a step further into, at least, trying to create a more secure cyberspace. Here are some of the most important snippets from the act. [more]
Wednesday, 5 October 2005, 2:21 PM CET

Florida man first arrested in Katrina Internet scam
A South Florida man was the first arrested on charges of Internet-based fraud involving the Hurricane Katrina disaster, the Department of Justice said Monday. [more]
Wednesday, 5 October 2005, 12:41 PM CET

Threat modelling
Threat modelling is an important first step in protecting your network, systems and custom applications from attack. [more]
Wednesday, 5 October 2005, 12:36 PM CET

Kaspersky says it's fixed AV scanner flaw
Kaspersky Labs on Tuesday confirmed that its anti-virus scanning engine was flawed, and said it was working on a fix. [more]
Wednesday, 5 October 2005, 12:30 PM CET

Start-up getting financing for fingerprint technology
The company has already rolled out its biometric payment system in a "couple of hundred" stores. [more]
Wednesday, 5 October 2005, 12:28 PM CET

Reducing browser privileges
Security companies and researchers have made careers out of identifying the latest bugs in Internet Explorer. [more]
Wednesday, 5 October 2005, 12:24 PM CET

Secure USB authentication boosts online banking confidence
Identity theft is a major obstacle financial organizations must overcome to maximize the potential of online banking. USB strong authentication tokens with built-in smartcard technology combat identity theft and fraud. [more]
Wednesday, 5 October 2005, 12:23 PM CET

Overview of XML encryption
XML encryption classifies a course of action for encrypting plain text data, generating ciphertext, and decrypting the ciphertext to retrieve the plaintext data. [more]
Tuesday, 4 October 2005, 5:39 PM CET

Sun Java desktop system XFree86 server vulnerable
Sun has reported a vulnerability in the XFree86 server, which could allow an unprivileged local user to run arbitrary code with the privileges of the server. [more]
Tuesday, 4 October 2005, 5:35 PM CET

What's your company's privacy strategy?
With reports of security breaches undermining consumer confidence in corporate information practices, it's never been more important for companies to define a privacy strategy. [more]
Tuesday, 4 October 2005, 2:58 PM CET

Web helps criminals trap victims
Malicious hackers and hi-tech criminals are changing tactics in a bid to outwit security firms. [more]
Tuesday, 4 October 2005, 2:27 PM CET

Nordic phishing attacks
An unknown party launched a large-scale attack against Nordea Sweden. [more]
Tuesday, 4 October 2005, 2:02 PM CET community website hacked once again
As you may remember, back in July, had its security compromised. Unfortunately this happened again, this time because of vulnerabilities in the TWiki system. [more]
Tuesday, 4 October 2005, 1:58 PM CET

10-step security
If you have about an hour, you can batten down your machine's hatches against Net threats new and old. Here's how. [more]
Tuesday, 4 October 2005, 1:49 PM CET

Security by the numbers
Cybercrime and worries about online safety continue to grow. Here's information on trends, product use, and losses relating to online security issues. [more]
Tuesday, 4 October 2005, 1:27 PM CET

Can writing software be a crime?
Can writing software be a crime? A recent indictment in San Diego, California indicates that the answer to that question may be yes. [more]
Tuesday, 4 October 2005, 1:22 PM CET

Security experts barely keeping up with online fraud
We build a 10-foot wall and the bad guys build an 11-foot ladder. [more]
Tuesday, 4 October 2005, 1:21 PM CET

Kaspersky anti-virus has a security flaw?
An attacker could use malformed files in the Microsoft .cab format to take over target systems. [more]
Tuesday, 4 October 2005, 1:20 PM CET

Password risks grow
Businesses are facing increased costs and IT security is at risk because employees are failing to cope with the proliferation of passwords they need at work, research has revealed. [more]
Tuesday, 4 October 2005, 1:19 PM CET

Nortel demos integrated data encryption for 10 Gbps networks
Nortel is the first to achieve integrated data encryption for 10 Gbps optical networks using the Advanced Encryption Standard (AES) approved by the U.S. National Security Agency to ensure that the highest levels of security are met for confidential and sensitive communications. [more]
Monday, 3 October 2005, 4:43 PM CET

New security strategies are needed
In the second quarter of 2005 there was a 300% quarter-on-quarter increase in security incidents involving compromised bot machines – PCs that play unwitting host to "zombie" code. [more]
Monday, 3 October 2005, 4:39 PM CET

Backdoor trojan targets Microsoft Access
Zero day vuln gives hackers open access. [more]
Monday, 3 October 2005, 4:36 PM CET

2005 semi-annual Web security trends report
Websense released the 2005 Semi-Annual Web Security Trends Report. The new report summarizes findings for the first half of 2005 and presents projections for the upcoming year. [more]
Monday, 3 October 2005, 4:33 PM CET

HP ProCurve hopes to open doors with switch
Four new products are coming to market that could help resellers boost security business. [more]
Monday, 3 October 2005, 4:19 PM CET

Playing nice with physical security
There's a fine line between a company's security departments, and you have to be careful in crossing it. [more]
Monday, 3 October 2005, 4:11 PM CET

Keep humans in the authentication loop
Proving the identity of a human computer user is so yesterday -- all those what-you-have, what-you-know and what-you-are questions. [more]
Monday, 3 October 2005, 4:08 PM CET

Security tops LAN switch purchase considerations in '06
Security, standards compliance and price/performance are key aspects for IT professionals when choosing a LAN switch vendor, according to a recent survey. [more]
Monday, 3 October 2005, 3:35 PM CET

Hackers turn Microsoft Office flaw into full-blown exploit
Microsoft is contending with a new Trojan exploit in its Office collaborative software suite that could allow remote attackers to take over vulnerable computers. [more]
Monday, 3 October 2005, 2:42 PM CET

Does Instant Messaging improve communication or threaten security?
Companies should have their content filtering systems upgraded now because the cost of improving IT security is more than offset by the ensuing increase in productivity. [more]
Monday, 3 October 2005, 12:38 PM CET

Darik's Boot and Nuke: a great tool for obliterating your data
Do you know what happened to your data when you disposed of your last PC? [more]
Monday, 3 October 2005, 12:20 PM CET

Aligning IT security with business goals
Most people believe security can’t be directly linked to the business initiatives, supporting SOX compliance or improving top line revenue. [more]
Monday, 3 October 2005, 12:18 PM CET

CLI magic: Logrotate
This week's CLI Magic comes from Mayank Sharma. While some might think that Logrotate is strictly a tool for system administrators, Mayank disagrees. [more]
Monday, 3 October 2005, 12:16 PM CET

The state of e-mail (in)security
Avinti's CEO discusses the successful and unscrupulous of the online underworld. [more]
Monday, 3 October 2005, 12:12 PM CET

Strategy clinic: How can we spread the security message?
How can we get our message across most effectively? [more]
Monday, 3 October 2005, 12:10 PM CET

Secure email for privacy and accountability
The privacy of electronic information must be protected under penalty of law; when in transit via email, that information can be protected using encryption and tracked using secure open/read methods. This white paper reviews regulatory compliance. [more]
Monday, 3 October 2005, 12:08 PM CET

Multiple passwords creating insecurity
Employee confusion leaves networks vulnerable. [more]
Monday, 3 October 2005, 12:06 PM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Aug 28th