Off the Wire

Off The Wire Archive

News items for October 2007

Interview with the Head of Nokia Product Security
Janne Uusilehto is responsible for product security development at the world’s number 1 mobile device manufacturer. He is a member of several Nokia internal security related management boards, and Nokia’s main representative in the Trusted Computing Group and EICTA’s Mobile Security Group. [more]
Wednesday, 31 October 2007, 11:59 PM CET

How to secure Ubuntu with AppArmor
AppArmor is one way to protect your assets on your Ubuntu Gutsy system. [more]
Wednesday, 31 October 2007, 10:06 PM CET

Apache authentication and authorization using LDAP
Network administrators frequently use the Lightweight Directory Access Protocol (LDAP) to implement a centralized directory server. You can use LDAP to authenticate users in Apache. [more]
Wednesday, 31 October 2007, 12:16 PM CET

Whois may be scrapped to break deadlock
Tech industry lawyer Mark Bohannon frequently taps a group of searchable databases called Whois to figure out who may be behind a Web site that distributes pirated software or tricks visitors into revealing passwords. [more]
Tuesday, 30 October 2007, 7:31 PM CET

Book review: Ubuntu Linux for Non-Geeks, 2nd Edition
Many still believe that using Linux requires some advanced knowledge and that it's far for being user friendly. With time, user friendliness has become an important part of this OS and an increasing number of users have started to investigate it. This book is aimed at an audience of new users that wish to get things done with Ubuntu Linux. [more]
Tuesday, 30 October 2007, 7:30 PM CET

Spammers tempt surfers to help solve captchas
Call it an online game of strip poker, only spammers are the ones walking away with all the winnings. [more]
Tuesday, 30 October 2007, 5:33 PM CET

AT&T invents programming language for mass surveillance
From the company that brought you the C programming language comes Hancock, a C variant developed by AT&T researchers to mine gigabytes of the company's telephone and internet records for surveillance purposes. [more]
Tuesday, 30 October 2007, 9:54 AM CET

VA reports progress on information security
A Government Accountability Office report on our realignment progress correctly identified that more work needs to be done to have a successful transition from a decentralized to a centralized organization. [more]
Monday, 29 October 2007, 10:50 PM CET

Block data leakage at the source
Given how hard organisations try to prevent information about data leakage and data theft getting into the public domain, the fact that incidents are now being reported in the press on an almost weekly basis shows the potential size of the problem. And this problem ranges from high profile, highly publicised incidents down to individuals with key information on their laptops. [more]
Monday, 29 October 2007, 6:18 PM CET

Worst cybersecurity meltdowns
Most computer-security professionals don't believe in security. [more]
Monday, 29 October 2007, 12:00 AM CET

The risk of too much risk management
IT controls. Corporate governance. Decision support. Right-sized spending (another phrase I thought I coined, but I see it gets three hits in Google). These are all part of the all-too-nebulous activity often referred to as data security risk management. [more]
Friday, 26 October 2007, 7:57 PM CET

Securing data: the castle versus the tank
Most companies keep their data on storage they own. This storage is located in the datacentre.
Thursday, 25 October 2007, 7:18 PM CET

Theft and snooping alarm for your MacBook
iAlertU is a simple utility that turns your MacBook into a motion sensitive remote controlled alarm system. This article covers the software usage. [more]
Thursday, 25 October 2007, 7:13 PM CET

Are you secure? Prove it.
Are you operating a process that maintains an acceptable level of perceived risk? [more]
Thursday, 25 October 2007, 4:34 PM CET

A security focus on China outsourcing
Over the past 7-10 years, many security risk analysis and reviews have resulted in controls being implemented in most facets of security: administratively, physically and technically. Contracts now have the appropriate language to protect sensitive data and physical security measures have been built to align with the client’s company policies and standards. The technical measures continue to build upon a strong foundation built in partnerships with government and outsourcing firms. [more]
Wednesday, 24 October 2007, 8:02 PM CET

TJX breach was twice as bad as first reported
The largest digital data theft ever recorded was bigger than originally thought. [more]
Wednesday, 24 October 2007, 7:51 PM CET

Would-be identity thief finds himself stumped without printer drivers
There are a few things in this world that thieves need to keep in mind in order to run a successful criminal operation. [more]
Wednesday, 24 October 2007, 12:55 AM CET

Consumers don't understand the privacy risks of Web 2.0
Privacy may soon become a much bigger deal to the Web 2.0 world. [more]
Wednesday, 24 October 2007, 12:52 AM CET

Book review: Wi-Fi Hotspots
These days, if you find yourself at the airport, in a hotel or coffee shop, you're bound to see someone using a notebook, smartphone or PDA connected to the Internet. This is due to the increasing proliferation of wireless hotspots, both free and commercial. Read on to discover how this book tackles the topic. [more]
Tuesday, 23 October 2007, 7:06 PM CET

How Leopard will improve your security
With the release last week of the feature list for Mac OS X 10.5 Leopard, the security world is buzzing about some extremely important updates. [more]
Tuesday, 23 October 2007, 12:06 AM CET

High-level reverse engineering
This paper aims to present a methodical framework for high-level reverse engineering. The methodology is a culmination of existing tools and techniques within the IT security research community, which presents ways to identify process operation at a higher-level of abstraction than traditional binary reversing. [more]
Monday, 22 October 2007, 5:26 PM CET

A hacker for the MPAA tells it all
Promises of Hollywood fame and fortune persuaded a young hacker to betray former associates in the BitTorrent scene to Tinseltown's anti-piracy lobby, according to the hacker. [more]
Monday, 22 October 2007, 9:45 AM CET

SELinux sparks tussle over Linux security model
Should Security Enhanced Linux be designated as the sole security framework for Linux? [more]
Monday, 22 October 2007, 2:21 AM CET

Rising laptop thefts push prevention initiatives
It's the stuff of nightmares: A business executive on the road leaves a laptop computer in a parked car or on a restaurant table. [more]
Monday, 22 October 2007, 1:06 AM CET

BitLocker and the complexities of trust
I'd like to build a case detailing why I believe there are sound reasons for giving BitLocker a chance. [more]
Monday, 22 October 2007, 12:21 AM CET

Security service targets gamers
A British intelligence agency has targeted a new generation of recruits by advertising in computer games. [more]
Monday, 22 October 2007, 12:00 AM CET

Security and privacy enhancements for Firefox users through CustomizeGoogle
CustomizeGoogle extension for Firefox contains a number of security enhancements that could make your online life much easier and more private. This is an overview of these security functions. [more]
Friday, 19 October 2007, 11:57 PM CET

Wi-fi security system is 'broken'
More holes have been picked in the security measure designed to protect the privacy and data of wi-fi users. [more]
Friday, 19 October 2007, 6:08 PM CET

P2P networks threaten home PC security
Media-sharing software loaded by kids can expose trove of financial data. [more]
Friday, 19 October 2007, 12:39 AM CET

Senate and Bush agree on terms of spying bill
Some telecom companies would receive immunity. [more]
Thursday, 18 October 2007, 5:35 PM CET

CardSpace: first time sign-in experience
One of the biggest goals for CardSpace in the .NET Framework 3.5 is to simplify and improve the user experience. [more]
Thursday, 18 October 2007, 9:16 AM CET

Man accused of hacking into 911
Washington man accused of faking emergency call that sent armed response to unsuspecting Lake Forest family's home. [more]
Thursday, 18 October 2007, 12:06 AM CET

Book review: Linux Firewalls
Countless security professionals turn to Linux when it comes to deploying firewalls using open source tools and Michael Rash, the author of this book, is one of them. Read on to see what you can find in this title. [more]
Wednesday, 17 October 2007, 10:15 PM CET

Myth vs. reality: wireless SSIDs
Do you ever wonder sometimes how it is that some ideas just won't die? Like the thought that not broadcasting your wireless network's SSID will somehow make you more secure? [more]
Wednesday, 17 October 2007, 6:36 AM CET

Bill would let ID theft victims seek restitution
Legislation would also give prosecutors more tools to combat cyber crime. [more]
Wednesday, 17 October 2007, 6:35 AM CET

Rogue access points: back doors into your network
Let's say that an employee in your company gets a new laptop. He's excited about the laptop's WiFi capabilities, but the company he works for doesn't have wireless capabilities. What's he do? [more]
Wednesday, 17 October 2007, 6:25 AM CET

Report highlights blog censorship
Bloggers are now finding themselves prey to censorship from repressive governments as much as journalists in traditional media, a report says. [more]
Wednesday, 17 October 2007, 6:17 AM CET

Of supplicants and keys: the lowdown on WiFi security
Wireless security protocols have improved considerably, despite the lackadaisical attitude of most users towards their computer security. [more]
Wednesday, 17 October 2007, 6:16 AM CET

Removable devices: the menace within
This article looks at the threat businesses face from handheld USB devices and how to secure core business systems against them, without sacrificing productivity. [more]
Tuesday, 16 October 2007, 6:15 PM CET

Additional security doesn’t mean additional money
IT managers trying to figure out how much money to budget for information security purposes each year might want to take note of some recent advice from Gartner. [more]
Tuesday, 16 October 2007, 5:29 PM CET

Skype Defender malware alert
Some Windows users have been affected by a malware program that imitates Skype software and attempts to steal sensitive information. [more]
Tuesday, 16 October 2007, 12:14 PM CET

Lessons learned from five years of building more secure software
Security is not a static field—it constantly evolves as attackers attack, defenders defend, and each party learns more about the other's techniques. [more]
Tuesday, 16 October 2007, 11:50 AM CET

Bypass any firewall or throttling ISP with SSH
On some networks it’s impossible to use BitTorrent. [more]
Tuesday, 16 October 2007, 2:35 AM CET

27 suspended for Clooney file peek
More than two dozen employees at Palisades Medical Center have been suspended after accessing the personal medical records of actor George Clooney, who was taken to the North Bergen, N.J., hospital last month after a motorcycle accident. [more]
Tuesday, 16 October 2007, 2:15 AM CET

The Federal Bureau of Investigation - capabilities and service
This article provides an overview of FBI teams, InfraGard and the FBI Citizens' Academy. Gideon T. Rasmussen wrote it after attending 8 weeks of FBI Citizens' Academy briefings. The topics discussed within will be of interest to security professionals (e.g. the computer crime program, the white collar crime program, engagement models, and others). [more]
Monday, 15 October 2007, 7:42 PM CET

Hackers target Finnish forum, crack logins for 79,000 users
A group of hackers has disclosed the login information of approximately 79,000 forum users in Finland. [more]
Monday, 15 October 2007, 5:27 PM CET

Secure data warehouses rise again
They are among the most fortified institutions in greater Washington. [more]
Monday, 15 October 2007, 9:23 AM CET

Privacy concerns dog IT efforts to implement RFID
Employees often rebel against plans to include chips in corporate ID badges. [more]
Monday, 15 October 2007, 9:17 AM CET

Virtual security and digital panic
Many within Central and Eastern Europe are unaware that Big Brother has not only put on a three-piece suit, but has also gone digital. [more]
Monday, 15 October 2007, 9:07 AM CET

Air Force to get ‘cyber sidearms’
The Air Force will soon give service members working on networks a new tool to help detect cyberattacks, service officials said. [more]
Friday, 12 October 2007, 11:32 PM CET

One of the best forgers in Europe sentenced in the UK
Magic fingers and an unerring eye gave “Hologram Tam”, one of the best forgers in Europe, the skills to produce counterfeit banknotes so authentic that when he was arrested nearly £700,000 worth were in circulation. [more]
Friday, 12 October 2007, 8:50 PM CET

Where have all the good fingerprinters gone?
Historically, there are a lot of programs that attempted to do this. They weren’t necessarily very good, but at least they attempted to figure out what was running where. [more]
Friday, 12 October 2007, 5:17 PM CET

Implicit trust in DNS servers
How many people actually know which DNS server they're using? [more]
Friday, 12 October 2007, 3:23 PM CET

Implement Windows' encrypting file system
This article takes a deeper look into what it takes to roll out EFS in your organization. [more]
Friday, 12 October 2007, 3:03 PM CET

How to stop snarfing and other common switch hacks
ARP poisoning, SNMP snarfing, and "fuzzing" are common hacks perpetrated on Ethernet switch gear. Cisco networking expert Jimmy Ray Purser explains how to guard against these hacks.
Friday, 12 October 2007, 10:51 AM CET

Data leak: cyber sherlocks outwit hackers
Matching wits, beating hackers in their own game, computer forensic experts dabble with technology to bring cyber crooks to book. [more]
Friday, 12 October 2007, 10:46 AM CET

Privacy and security depend on program managers
Program managers need to apply privacy and security best practices early when they plan systems if they want to manage risk effectively. [more]
Friday, 12 October 2007, 10:44 AM CET

Behave cautiously online
I can’t always know when I can trust a Web site to guard my private data. So I will take steps to keep personal information personal. [more]
Friday, 12 October 2007, 12:15 AM CET

Guide to online antivirus solutions part 8: CA Online Virus Scanner
This article continues our overview of well-known online antivirus solutions. This week we are taking a look at the CA Online Virus Scanner. [more]
Thursday, 11 October 2007, 4:45 PM CET

The other side of iPhone security
Over the past few weeks, hackers and enthusiasts have given the iPhone’s platform a thorough massage, attempting to break through Apple’s barriers. [more]
Thursday, 11 October 2007, 2:09 PM CET

Yahoo! susceptible to Cross Site Request Forgery (XSRF) attacks
Businesses seem to derive a false sense of security from the fact that these “mobile” web-sites execute lower amount of transactions than the full-fledged version: it is thus incorrectly assumed that the security risk posed by the mobile version is lower. [more]
Thursday, 11 October 2007, 1:27 PM CET

Encrypting exec e-mail addresses security issue
Media giant Bertelsmann is putting a bit of money where its mouth is. [more]
Thursday, 11 October 2007, 12:30 PM CET

New features discovered in Windows XP SP3: is it better than Vista?
According to preliminary reports from Neosmart, testers there found evidence that the company is hardening XP's network security with added features. [more]
Thursday, 11 October 2007, 10:30 AM CET

Oracle fixes glitch in PHP Web applications
The open-source Oracle Call Interface 8 driver repairs a flaw that led to PHP-based Web apps overwhelming Oracle databases with requests. [more]
Thursday, 11 October 2007, 10:28 AM CET

Securing Web services
With the advent of Web Services, backend systems running in data centers and mainframes are available in well-published Web Service APIs. As a result, developers, architects and administrators become more concerned about the security of Web Services. [more]
Thursday, 11 October 2007, 10:25 AM CET

House panel approves new wiretapping legislation
In a party-line 20-14 vote, the House Judiciary Committee today approved legislation expanding federal wiretapping powers while simultaneously imposing some new reporting and oversight requirements. [more]
Thursday, 11 October 2007, 10:00 AM CET

Student who disclosed security breach barely escapes expulsion
A student at Western Oregon University who accidentally discovered a file containing personal data on a publicly accessible university server and then handed that data over to the student newspaper has narrowly escaped being expelled for his actions. [more]
Thursday, 11 October 2007, 9:59 AM CET

'Critical' flaw exposes Adobe Acrobat, Reader
PCs vulnerable to hacks; patch might not be available until late October. [more]
Thursday, 11 October 2007, 12:15 AM CET

Attacking the build through cross-build injection
This paper surveys previous attacks related to building open source software, including attacks against Sendmail, OpenSSH and IRSSI. It then shows how three popular build tools for Java (Apache Ant,1 Maven2 and Ivy3) are commonly misused in ways that make them susceptible to cross-build injection (XBI) vulnerabilities, which can allow attackers to insert Trojans, back doors, or other malicious code. [more]
Wednesday, 10 October 2007, 8:43 PM CET

Hackers could skew US elections
The web may not deserve its reputation as a great democratic tool, security experts say. [more]
Wednesday, 10 October 2007, 8:33 PM CET

US grapples with cybersecurity
A cybersecurity conference in Washington discusses the latest intrusions into US government information systems as a key security official works to make the US 'the most dangerous' place for cyber criminals. [more]
Wednesday, 10 October 2007, 8:31 PM CET

Secure your webserver using SSL and TinyCA
SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated. [more]
Wednesday, 10 October 2007, 9:24 AM CET

Audio forensics experts reveal (some) secrets
Some audio forensic examiners go to extraordinary lengths to validate recordings. [more]
Wednesday, 10 October 2007, 9:23 AM CET

How disaster-tolerant is your company?
Establishing a disaster tolerant infrastructure can be a very complex and costly undertaking. [more]
Wednesday, 10 October 2007, 12:40 AM CET

I will keep my Mac safe from other users
When it comes to security, you may be your own worst enemy. [more]
Wednesday, 10 October 2007, 12:21 AM CET

Some unanswered website vulnerability questions
In the industry we discuss at great length the legal risks and ethical responsibilities of the person disclosing an issue, but not enough about the same when it comes to the business itself. [more]
Wednesday, 10 October 2007, 12:00 AM CET

WLAN security blamed for TJX payment card breach
A new report issued by the Office of the Privacy Commissioner of Canada last week cited Winners Merchant International and its parent company, TJX, for failure to satisfy personal information protection standards during a break-in that compromised 45 million payment cards. [more]
Tuesday, 9 October 2007, 3:28 PM CET

IE 7 bug reopens debate over patch responsibilities
Researchers argue over who to blame; Microsoft again denies there's a bug. [more]
Tuesday, 9 October 2007, 2:40 PM CET

Bastille: classic Linux and Unix security

Avoiding pitfalls of cyberspace [more]
Tuesday, 9 October 2007, 2:32 PM CET

Technology's challenge to privacy
Internet law professor Michael Geist wonders whether technology threatens the legal foundations of privacy law. [more]
Tuesday, 9 October 2007, 2:31 PM CET

Democrats likely to relax stance on wiretaps
Two months after vowing to roll back broad new wiretapping powers won by the Bush administration, congressional Democrats appear ready to make concessions that could extend some of the key powers granted to the National Security Agency. [more]
Tuesday, 9 October 2007, 2:26 PM CET

A preview of Microsoft Windows Vista SP1 beta
Now, roughly nine months after Vista started hitting desktops, Service Pack 1 (SP1) has started its beta run. [more]
Tuesday, 9 October 2007, 12:10 AM CET

Review - Virtual Honeypots: From Botnet Tracking to Intrusion Detection
In order to stay one step ahead the attackers you have to learn what they know. Virtual honeypots enable security professionals to identify potential risks and improve their defensive techniques. Written by two industry veterans, "Virtual Honeypots" promises to tackle this topic heads-on, with lots of technical details. [more]
Monday, 8 October 2007, 8:21 PM CET

Viruses 'hit 1m China computers'
Almost one million Chinese computers were hit by viruses during last week's national holidays, state media has reported. [more]
Monday, 8 October 2007, 7:22 PM CET

MPs call for ID theft czar
UK politicians are calling for the creation of an identity theft "czar" to lead the fight against the growing form of crime. [more]
Monday, 8 October 2007, 7:22 PM CET

Security: whacking hackers
In a single case this summer, an attack by hackers disabled a reported 1,500 Pentagon computers. [more]
Monday, 8 October 2007, 12:27 AM CET

Online campaign 2008: a phishing bonanza?
The 2008 presidential contenders' online fund-raising tactics could encourage one gigantic phishing attack. [more]
Monday, 8 October 2007, 12:00 AM CET

Retailers take swipe at PCI security standard
Frustration growing over card data rules. [more]
Friday, 5 October 2007, 4:18 PM CET

Jury orders woman to pay RIAA $222,000 for illegal music sharing
Verdict possible shot in the arm for recording industry effort. [more]
Friday, 5 October 2007, 3:17 PM CET

Security debate: Mozilla Thunderbird vs. Microsoft Outlook
Face it, what do most people use the Internet for? Web browsing and email are likely to be at the top of just about anyone’s list. What are the most popular browser and emailer? Simple: IE and Outlook, and by a pretty darned big margin.
Friday, 5 October 2007, 2:29 PM CET

SQL Server 2008: Transparent data encryption feature
TDE should not be perceived as a replacement of the encryption solutions shipped with SQL Server 2005; instead, TDE should be viewed as a complementary feature providing encryption at a coarser granularity level. [more]
Friday, 5 October 2007, 11:46 AM CET

iPhone buffer exploit may lead to jailbreak
A newly discovered iPhone exploit could help developers find another way to run third-party applications on Apple's device. [more]
Friday, 5 October 2007, 11:44 AM CET

China's Great Firewall turns its attention to RSS feeds
As many readers who follow the antics of the Chinese government know, when it comes to enforcing the "Great Firewall of China," consistency isn't exactly its strong point. [more]
Friday, 5 October 2007, 11:37 AM CET

Secure remote access to your desktop
Accessing your home server safely can be problematic, especially if you don't have a fixed IP address, but with Linux, DynDNS, PAM, and NX Free you can create a safe remote access path to your machine. [more]
Friday, 5 October 2007, 11:34 AM CET

Internet badness: China, Russia and the USA
While sources, types and responses to Internet badness vary widely, there exists a clear intersection in technical and policy implications that may note be completely obvious. [more]
Friday, 5 October 2007, 6:00 AM CET

Automation won't solve weaponized rootkits
Most IT folks have heard the term "rootkit" but most don't truly understand how to mitigate the threat. [more]
Friday, 5 October 2007, 12:01 AM CET

Mac security freeware: password manager, screen locker and MD5 checksum checker
In a series of articles on Mac security freeware I will be covering a number of newly released security tools for Mac OS X. This time I am taking a look at KeyMaster 1.0.1 password manager, Utility Lock 1.0.3b screen locking mechanism and MD5 2.6 checksum checker. [more]
Thursday, 4 October 2007, 8:19 PM CET

Battle to beat fake Ebay e-mails
Fake Ebay and Paypal e-mails which are used to con users out of money are being targeted by a secure mail system. [more]
Thursday, 4 October 2007, 2:40 PM CET

Security for all
With the converged networks of the future, security will not only be built in, it will become one of the applications on the network. [more]
Thursday, 4 October 2007, 12:06 AM CET

Solving the keylogger conundrum
These days the weapons of choice are not sawn-off automatics, or revolvers fitted with silencers. It’s much more likely to be illicitly gathered passwords, user-names and dates of birth. And of the armory at their disposal, keyloggers are an increasingly popular choice. [more]
Wednesday, 3 October 2007, 11:50 PM CET

One more crack at the WEP
Wireless Equivalency Protocol (WEP) has been one of the hottest topics in Irish news over the last few days. One of the leading providers of DSL in Ireland has supplied users with wireless routers protected using WEP. [more]
Wednesday, 3 October 2007, 4:14 PM CET

Web 2.0 is 'security risk', warns analyst
Criminals are taking increasing advantage of “Web 2.0” and social networking to attack companies, according to analyst Christian Christiansen, vice president for security products and services at IDC. [more]
Wednesday, 3 October 2007, 3:50 PM CET

Could Adobe be vulnerable to an AIR attack?
Software vendor faces increasing security challenges due to support for new apps. [more]
Wednesday, 3 October 2007, 10:48 AM CET

Security researchers look beyond Vista
The improved security in Microsoft's newest software products may leave some security researchers looking elsewhere for work. [more]
Wednesday, 3 October 2007, 10:46 AM CET

Traverse corporate firewalls
Censorship has never been popular with American citizens. Unfortunately, censorship is very popular with American corporations. [more]
Wednesday, 3 October 2007, 10:41 AM CET

How to write insecure code
In the interest of ensuring that there will be a future for hackers, criminals, and others who want to destroy the digital future, this paper captures tips from the masters on how to create insecure code. [more]
Wednesday, 3 October 2007, 12:21 AM CET

Civil liberties: surveillance and privacy
Learning to live with Big Brother. [more]
Wednesday, 3 October 2007, 12:00 AM CET

Think your job's tough? Try protecting Net access for the U.S. Army
For most large companies, an attack that brings down the corporate network means millions of dollars in lost revenue and unhappy customers. [more]
Tuesday, 2 October 2007, 1:09 PM CET

Plan a privacy week
Employee education must be part of every agency’s privacy and information security program. So, how do you craft a privacy program that effectively educates your agency’s work force from the chief executive to interns? [more]
Tuesday, 2 October 2007, 11:36 AM CET

Information security and NFL espionage
Over the past several weeks, just as the the 2007-08 NFL regular season comes into full swing, the contents of email boxes everywhere started being bombarded with yet another NFL-driven social engineering vector. [more]
Tuesday, 2 October 2007, 11:12 AM CET

Review: Ubuntu Unleashed (2nd edition)
According to the 2007 Desktop Linux Survey, 30 percent of the respondents are using Ubuntu, and this makes it the most popular desktop Linux distribution. With such a large user base, there's always need for books that explore every aspect of a distribution for both novice and knowledgeable users. "Ubuntu Unleashed" is a huge title packed with a ton of content, but does it deliver? Read on to find out. [more]
Tuesday, 2 October 2007, 11:00 AM CET

FBI at risk for internal espionage
Six years after arresting spy Robert Hanssen, bureau still vulnerable. [more]
Tuesday, 2 October 2007, 4:33 AM CET

Vista SP1 offers no new features, focuses on OS tweaks, security
Unlike XP's SP2, this service pack offers mainly under-the-hood changes. [more]
Tuesday, 2 October 2007, 3:12 AM CET

Contested UK encryption disclosure law takes effect
A controversial new British law requires individuals and businesses to decrypt data sought in police investigations. [more]
Tuesday, 2 October 2007, 2:27 AM CET

Public wants surveillance, Bloomberg says
Residents of big cities like New York and London must accept that they are under constant watch by video cameras, New York Mayor Michael Bloomberg said Monday. [more]
Tuesday, 2 October 2007, 2:18 AM CET

Americans wrong about computer security
Most Americans believe their computers are protected against viruses and spyware, but scans found that a large number had outdated or disabled security software, according to a poll released on Monday. [more]
Tuesday, 2 October 2007, 12:15 AM CET

Mac OS X - Automator backup workflow tutorial
Here's an article on how to use Automator to write a very simple backup utility—you’ll be able to compress and copy a given folder with a single mouse click. [more]
Tuesday, 2 October 2007, 12:03 AM CET

Just how bad is the Storm worm?
The Storm worm has earned its share of superlatives, but security experts disagree over just how many computers running Microsoft Windows have been compromised by the e-mail worm. [more]
Monday, 1 October 2007, 7:14 PM CET

Remote kernel exploitation
As little as three years ago, the concept of remote kernel exploitation remained arcane for most people in the security industry and was believed in some circles to be practically impossible, mostly due to reliability issues. [more]
Monday, 1 October 2007, 7:05 PM CET

Beware the default password
The default password exists to allow an administrator initial access, for setup and configuration, and you are generally forced, or at least you should be, to change the password to something more complicated as the configuration advances. Unfortunately, this is not a step that everyone takes. [more]
Monday, 1 October 2007, 7:03 PM CET

Random placement of security checkpoints
To help combat the terrorism threat, officials at Los Angeles International Airport are introducing a bold new idea into their arsenal: random placement of security checkpoints. Can game theory help keep us safe? [more]
Monday, 1 October 2007, 4:00 AM CET

Coppola plea after computer theft
Film director Francis Ford Coppola has appealed for the return of his computer backup device following a robbery at his house in Argentina on Wednesday. [more]
Monday, 1 October 2007, 1:03 AM CET

Stolen laptop had Gap job applicants' data
The Gap company says a thief stole a laptop computer that contained the personal information of about 800,000 job applicants. [more]
Monday, 1 October 2007, 12:30 AM CET

Enforce data security rules
A state-owned computer stolen from a revenue agency employee on Long Island last month also contained bank account information and routing numbers for more than 1,600 Connecticut businesses. [more]
Monday, 1 October 2007, 12:21 AM CET

Morgan Stanley must pay millions for withholding e-mails
The Financial Industry Regulatory Authority this week said Morgan Stanley has to pay $12.5 million in fines to resolve charges that it mishandled e-mail. [more]
Monday, 1 October 2007, 12:09 AM CET

The new security disclosure landscape
Security disclosure has always been a contested topic, pitting “those that find the bugs” against “those that are responsible for the bugs.” [more]
Monday, 1 October 2007, 12:00 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd