Browse archive

Latest news

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Hacking charge stations for electric cars

Off The Wire Archive

News items for November 2002

Sophos: Top 10 Viruses and Hoaxes in November 2002
This is the latest in a series of monthly charts counting down the ten most frequently occurring viruses and hoaxes as compiled by Sophos. [more]
Friday, 29 November 2002, 1:45 PM CET

Variant of the Harmful CIH Virus Found
Like its predecessor, this is a very dangerous malicious code as it deletes the contents of the hard disk in affected computers. [more]
Friday, 29 November 2002, 1:33 PM CET

ServGate Announces EdgeForce Plus Security Appliance
ServGate Technologies, Inc. launched EdgeForce Plus, an integrated security appliance tailored for enterprises that rely on secure site-to-site and remote access connectivity for business success. [more]
Friday, 29 November 2002, 1:32 PM CET

Mirapoint battles growth in spam
Messaging appliance vendor Mirapoint has released what it claims is the industry's most comprehensive spam-protection software. [more]
Friday, 29 November 2002, 1:20 PM CET

Jewish group tells of 'electronic Jihad' plan
Some militant Islamic groups are urging their followers to conduct "electronic Jihad" on Jewish websites, according to the Simon Wiesenthal Centre. [more]
Friday, 29 November 2002, 1:13 PM CET

No viruses, guaranteed
Antivirus firm Avecho has launched a unique product for SMEs which it claims can stop all spam messages and email viruses dead in their tracks. [more]
Friday, 29 November 2002, 1:07 PM CET

Book Review - Enterprise Security: The Manager's Defense Guide
The book is rather brief, written in plain English. It deals with too many general issues but still provides good guidelines for those managers who are not too familiar with IT area, or e-security. [more]
Thursday, 28 November 2002, 2:41 PM CET

Cracking OpenVMS Passwords with John the Ripper
Jean-loup Gailly has written a patch for John the Ripper to allow cracking OpenVMS (Vax and Alpha) passwords. [more]
Thursday, 28 November 2002, 2:34 PM CET

New system promises disaster proof e-mail
MessageOne Inc. unveiled a new "hot standby" technology meant to let businesses route messages through offsite servers when primary systems go down. [more]
Thursday, 28 November 2002, 2:23 PM CET

Certificate Distribution Proves a Vexing Problem
Just determining how to securely disseminate keys for a new PKI system proves to be a challenge in itself. [more]
Thursday, 28 November 2002, 2:18 PM CET

Feds, firms unveil test for security pros
A new certification program for entry-level computer-security professionals will officially get up and running Monday. [more]
Thursday, 28 November 2002, 1:09 PM CET

Challenge: How Did These Processes Get Here?
A cracker caused software to run at bootup, but the administrator couldn't figure out how. [more]
Thursday, 28 November 2002, 1:07 PM CET

Rights group looks at China and techs
Human rights group Amnesty International has fingered a handful of tech companies that allegedly have sold products used in government censorship of Internet speech in China. [more]
Thursday, 28 November 2002, 1:00 PM CET

HNS Book Giveaway: Real World Linux Security, 2/e
We are giving away 3 copies of "Real World Linux Security, 2/e" by Bob Toxen. Want some knowledge? [more]
Wednesday, 27 November 2002, 5:44 PM CET

Winevar Worm Details
The Winevar worm itself is a Windows PE EXE file about 91Kb of length written in Microsoft Visual C++. Read a detailed description by Kaspersky Lab. [more]
Wednesday, 27 November 2002, 5:39 PM CET

New Windows Server Security Management Solution
Aldebaran Systems announced the release of the latest version of their server management tool, ServerAssist. [more]
Wednesday, 27 November 2002, 5:37 PM CET

Security organization sets up international forum
The Homeland Security Industry Association has reached an agreement with a trade show management firm to increase information sharing among security companies and overseas organizations. [more]
Wednesday, 27 November 2002, 4:36 PM CET

Location-based security for wireless apps
The anticipated growth of location-based services necessitates the addressing information security issues, particularly for those applications that access valuable and proprietary information. [more]
Wednesday, 27 November 2002, 3:23 PM CET

Secure Programming with .NET
This article provides an overview of .NET framework security features and practical tips on how to write secure code in the .NET framework. [more]
Wednesday, 27 November 2002, 2:06 PM CET

UK Government fights off 6,000 online attacks
The UK government has fought off more than 6,500 digital attacks already this year, according to official figures. [more]
Wednesday, 27 November 2002, 1:49 PM CET

U.N. Hears from Wireless Experts
The security of wireless networks is of "critical concern," according to a report presented to the United Nations on Monday. [more]
Wednesday, 27 November 2002, 1:45 PM CET

Email limits can slow virus spread
Restricting the number of emails a PC can send can slow down the speed of virus infections, HP researchers have found. [more]
Wednesday, 27 November 2002, 1:40 PM CET

Sygate Secures $17.5 Million in Funding
Sygate Technologies, well known in the information security circles for their Sygate Secure Enterprise solution, announced that it has received $17.5 million in funding. [more]
Tuesday, 26 November 2002, 5:49 PM CET

ActiveScan 4.0 Has a Powerful Heuristic Scan Engine
The latest version of Panda Software's free, online antivirus is faster and more powerful than ever, incorporating the ultimate technology to detect and eliminate malicious code. [more]
Tuesday, 26 November 2002, 5:48 PM CET

E-Commerce in the Shadow of the Hackers
Because shopping, unlike e-mail, can easily take place offline, shoppers might be the last to return after an extended outage, especially since buying online means disclosing personal information. [more]
Tuesday, 26 November 2002, 4:05 PM CET

Is Open Source Wide Open? Not So Fast
Open source advocates claim they can react faster and more efficiently because their software is open to inspection by anyone, which means vulnerabilities can be found and dealt with more quickly. [more]
Tuesday, 26 November 2002, 3:05 PM CET

'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
Eighteen months after Argus Systems challenged the hacker world to crack its PitBull security product in a much-ballyhooed global contest, the winners say they're still waiting for their prize money. [more]
Tuesday, 26 November 2002, 2:34 PM CET

Wireless hacking threat grows
The growing popularity of wireless technology is opening corporate networks to hackers as administrators face a trade-off between security and demand for easy access. [more]
Tuesday, 26 November 2002, 2:29 PM CET

Winning the Cybersecurity War
There must be a fundamental shift from addressing vulnerabilities in a reactive mode to tackling them proactively. [more]
Tuesday, 26 November 2002, 2:27 PM CET

Feds charge 3 in massive credit fraud scheme
Three men have been charged with selling people's personal and credit information to criminals who defrauded tens of thousands in what prosecutors called the largest identity theft case to date. [more]
Tuesday, 26 November 2002, 2:25 PM CET

UltraDNS under DDOS attack
UltraDNS Corp, which provides DNS services for the likes of oracle.com and top-level domains including .info and, from January 1 2003 .org, was hit by a DDoS attack unprecedented in its scale. [more]
Tuesday, 26 November 2002, 2:19 PM CET

Denial of Service Problems with Linksys Products
Through the iDEFENSE vulnerability contributor program, Alex S. Harasic disclosed information on denial of service problem in several Linksys products. [more]
Monday, 25 November 2002, 4:36 PM CET

Weekly Virus Report - Klez Dominance and Bride Worm
Virus news this week has centered around the appearance of Bride.B, and the continued dominance of Klez.I and Bugbear in the leading positions of the ranking of the most virulent malicious code. [more]
Monday, 25 November 2002, 4:00 PM CET

Forensic IT Trends Survey 2002
What are the trends in forensic IT reseach? Which tools are used? What are the objectives of a forensic IT investigation? [more]
Monday, 25 November 2002, 3:31 PM CET

HNS Newsletter issue 137 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 25 November 2002, 3:19 PM CET

Actel Expands Security Solutions with Encryption Cores
Actel announced the availability of new AES and DES intellectual property cores optimized for Actel's nonvolatile Axcelerator. [more]
Monday, 25 November 2002, 3:17 PM CET

Lawyers fear misuse of cyber murder law
If the attacker only causes or attempts to cause bodily injury through hacking, the crime carries a 20-year sentence. [more]
Monday, 25 November 2002, 3:16 PM CET

Marines Move Toward PKI
The Marine Corps' Marine Forces Pacific is scheduled to transition to a new public-key infrastructure early next year, but it found that the process has been more difficult than anticipated. [more]
Monday, 25 November 2002, 2:58 PM CET

Think Your Privacy Is Safe on the Internet? Think Again
Today you can do more than simply resign yourself to having your every online step or utterance monitored, tracked and recorded. Many tools offer protection against common online privacy violations. [more]
Monday, 25 November 2002, 2:07 PM CET

Homeland Security Is Watching You
On balance, it seems the Homeland Security bill has created a sprawling bureaucratic Frankenstein whose goal is to see everything stored on your PC and which is too large to properly monitor. [more]
Monday, 25 November 2002, 2:02 PM CET

CodeCon 2003 Call For Papers
CodeCon is an excellent opportunity for developers to demonstrate their work, and for coding hackers to find out about what's going on in their community. [more]
Monday, 25 November 2002, 1:58 PM CET

Book Review: Real World Linux Security, 2/e
Greatly written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work. [more]
Friday, 22 November 2002, 2:25 PM CET

MandrakeLinux 9.0 includes RAV AntiVirus
MandrakeSoft teamed up with RAV Antivirus in order to include RAV Antivirus for Mail Servers protection in the commercial CD (packed) with the new distribution of MandrakeLinux, version 9.0. [more]
Friday, 22 November 2002, 1:56 PM CET

T-Mobile installs GPRS network firewall
In a move to head off hacker probes detected earlier this month on its GPRS cellular network, T-Mobile USA has installed a firewall. [more]
Friday, 22 November 2002, 1:54 PM CET

VPN, firewall sales expected to boom
Worldwide revenue from sales of VPN and firewall hardware and software will grow by 31% from $668 million in the 3rd quarter of 2002 to $874 million in the 3rd quarter of 2003. [more]
Friday, 22 November 2002, 1:07 PM CET

SQL Injection and Oracle
The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack. [more]
Friday, 22 November 2002, 12:36 PM CET

Patch slipup raises security questions
The questionable handling of a fix for a recent widespread software vulnerability has some administrators worried that developers can't be trusted to make security a top priority. [more]
Friday, 22 November 2002, 12:32 PM CET

Why is mi2g so unpopular?
Richard Forno has launched a broadside against mi2g, accusing the UK-based security consultancy of spreading fear, uncertainty and doubt about cyberterrorism risks. [more]
Friday, 22 November 2002, 12:26 PM CET

Light at End of Encryption Tunnel
Quantum encryption is about to make life much more difficult for Internet spies. [more]
Friday, 22 November 2002, 12:14 PM CET

Comdex's Secure Side
Here's a sampling of the information security products on the menu at Comdex. [more]
Friday, 22 November 2002, 12:11 PM CET

The Cult of Hackers
How did hacker myths arise? What sparks our fascination with those who illicitly explore computer systems? [more]
Friday, 22 November 2002, 12:09 PM CET

Interview with Jacob Carlson, co-author of "Internet Site Security"
Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team. [more]
Thursday, 21 November 2002, 1:21 PM CET

A matter of trust or is it?
Who do you know who you are really dealing with when disclosing your personal details over the Internet? How can you ensure the credit card details you submit are to the site you expected? [more]
Thursday, 21 November 2002, 1:21 PM CET

"Secure E-Mail and Document Delivery" web seminar
On Wednesday December 18 2002, ZixCorp will host a web seminar titled "Secure E-Mail and Document Delivery - Protecting Content, Authenticating Users". [more]
Thursday, 21 November 2002, 12:46 PM CET

Authentication - who's site is it really?
Whilst a lot of work seems to have been done on personal authentiction, little or no work has been done over or about web site authentication to users. [more]
Thursday, 21 November 2002, 12:46 PM CET

Computer Virus Families: Origins and Differences
Klez.F and Klez.I or Opaserv, Opaserv.D and Opaserv.H are just some examples of malicious code which due to common characteristics and roots are grouped into families by the antivirus industry. [more]
Thursday, 21 November 2002, 12:33 PM CET

Critical Microsoft Vulnerability Announced
In the 65th Security Bulletin this year, Microsoft announced a critical vulnerability in MDAC, a collection of components used to provide database connectivity on Windows platforms. [more]
Thursday, 21 November 2002, 11:48 AM CET

Mass-Distribution Two-Factor Authentication System
Think of what changes when literally everyone in the developed world can have a strong network authenticator the way everyone has an ATM card. [more]
Thursday, 21 November 2002, 11:40 AM CET

Mask Your Web Server for Enhanced Security
Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. [more]
Thursday, 21 November 2002, 11:30 AM CET

Remote net probe reveals sloppy software upkeep
A unique study of hundreds of live internet servers shows that many computer administrators do not repair even the most serious computer bugs. [more]
Thursday, 21 November 2002, 11:13 AM CET

Homeland security’s tech effects
The vote by the Senate approving a Homeland Security Department clears the way for massive reorganization of the federal government that will have a dramatic impact on computer and network security. [more]
Thursday, 21 November 2002, 11:11 AM CET

Microsoft Spills Customer Data
A server glitch makes internal Microsoft documents, including a massive database of customer names and addresses, accessible online. [more]
Wednesday, 20 November 2002, 6:55 PM CET

How Microsoft makes its own WLAN secure
Security Chief John Biccum said: "Reality is that if you have 3,500 access points, you can't just say "On Monday we will switch keys!" Read to see what Microsoft did. [more]
Wednesday, 20 November 2002, 4:45 PM CET

Wired Security Mentality for WLANs
Latis Networks, a company known more for its wireline network security applications, is taking its wired mentality into the Wi-Fi realm with the release of its StillSecure Border Guard Wireless application. [more]
Wednesday, 20 November 2002, 4:40 PM CET

How Much Hack Info Is Too Much?
To disclose or not disclose - it's a question that's been under heavy discussion in the computer security industry over the past year. [more]
Wednesday, 20 November 2002, 4:36 PM CET

Cisco expands SAFE Blueprint
Cisco Systems Inc said it has added a dozen upgrades to its products with the aim of enhancing its SAFE Blueprint security strategy. [more]
Wednesday, 20 November 2002, 4:32 PM CET

Comdex: Panel predicts biometrics shakeout
The United States government is lagging behind those of other nations in the adoption of biometric technology, participants said during a panel discussion on the topic. [more]
Wednesday, 20 November 2002, 4:31 PM CET

US government flunks computer security: panel
Most US government agencies - including the Defence and Justice Departments - have woefully inadequate computer security, according to a congressional panel. [more]
Wednesday, 20 November 2002, 4:27 PM CET

Stop wasting money on security
Organizations can prevent costly attacks on their infrastructure when they stop following security dogma and chasing vulnerabilities and fancy new security devices. [more]
Wednesday, 20 November 2002, 4:22 PM CET

Interview with Lance Spitzner
Lance Spitzner is the founder of the Honeynet Project, moderator of the honeypot mailing list, co-author of "Know Your Enemy", author of "Honeypots: Tracking Hackers" and several whitepapers. [more]
Tuesday, 19 November 2002, 4:04 PM CET

Palm i705 Available With Go.Web OnPrem Security Solution
GoAmerica, Inc., a leading developer of wireless data technology announced that it has integrated Go.Web OnPrem with Palm's i705 handheld. [more]
Tuesday, 19 November 2002, 4:01 PM CET

Improvements to Microsoft Security Reponse Communications
Steve Lipner, Director of Security Assurance at Microsoft, posted a message to the Security Notification mailing list about some new changes in the communications practices that they're making. [more]
Tuesday, 19 November 2002, 12:46 PM CET

mi2g Intelligence Briefing: "Brazil exports Cyber-crime"
According to mi2g reports, one of the largest "cyber crime exporters" in the world is Brasil. [more]
Tuesday, 19 November 2002, 12:46 PM CET

Web Application Security Software Goes Open Source
Butterfly Security, a developer of web application security infrastructure software, announced today the open source release of its web application security software CodeSeeker. [more]
Tuesday, 19 November 2002, 12:23 PM CET

Key factors for secure Web services
To successfully implement Web services, every piece must be in place. This means that certain components, including security, reliability, and architecture, can make or break a Web services implementation. [more]
Tuesday, 19 November 2002, 12:22 PM CET

Bin Laden associate warns of cyberattacks
Sheikh Omar Bakri Muhammad, spokesman for Osama bin Laden, said all types of technology, including the Internet, are being studied for use in the global jihad against the West. [more]
Tuesday, 19 November 2002, 12:18 PM CET

Smart cards also open to attack
Sydney University engineering student Ryan Junee has demonstrated a smart card attack for his final year thesis, using a method called "differential power analysis". [more]
Tuesday, 19 November 2002, 11:35 AM CET

Don't Be a Doormat for Viruses
It's essential that anyone voyaging through cyberspace install a first-class antivirus program and a decent firewall. [more]
Tuesday, 19 November 2002, 11:33 AM CET

AirDefense Wireless LAN Security to Deflect and Trap Intruders
ActiveDefense is a security appliance that shields 802.11 wireless LANs from intruders with pioneering technology that deflects intruders and traps them into wireless dead-end connections. [more]
Monday, 18 November 2002, 5:43 PM CET

Bind Security Vulnerabilities Roundup
Roundup updates: revised FreeBSD security advisory, OpenPKG security advisory, OpenBSD patches and SuSE's Olaf Kirch commentary. [more]
Monday, 18 November 2002, 5:41 PM CET

HNS Newsletter issue 136 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 18 November 2002, 3:20 PM CET

Security holes... Who cares?
This is an observational study of user response following the OpenSSL remote buffer overflows of July 2002 and the worm that exploited it in September 2002. [more]
Monday, 18 November 2002, 1:17 PM CET

Japan may drop Windows to boost security
The Japanese government may replace Windows with another operating system to bolster security. The planned move came in the wake of recent event of leakage of secure data from Japan's military network. [more]
Monday, 18 November 2002, 12:54 PM CET

Hacking the Xserve
Mac Observer editor Brian Chaffin said an administrator must know what he or she is doing because the default configuration renders the Xserve secure - and effectively useless. [more]
Monday, 18 November 2002, 12:49 PM CET

The SSH Cryptosystem
This article shows how the SSH cryptosystem provides privacy protection, integrity, and authenticity of data as it traverses a network. [more]
Monday, 18 November 2002, 12:42 PM CET

TriSentry, a Unix Intrusion Detection System
Network administrators have a wide range of sophisticated tools to improve auditing, and to report and block intrusion. The TriSentry suite is one such free tool. [more]
Monday, 18 November 2002, 12:40 PM CET

The Peon's Guide To Secure System Development
Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. [more]
Monday, 18 November 2002, 12:34 PM CET

Get back to security basics
Attempting to do too much without sufficient resources and an awareness of some basic security practices can put an organisation's security in jeopardy. [more]
Monday, 18 November 2002, 12:31 PM CET

HNS Book Giveaway Winners
Three lucky winners have been chosen, each one gets a copy of "Honeypots: Tracking Hackers". Are you one of them? [more]
Friday, 15 November 2002, 8:17 AM CET

Spoofing - Arts of attack and defense
How to spot and avoid potential spoof atacks. Covers DNS spoofing, IP address spoofing, email address spoofing, link alteration, name similarity and content theft. [more]
Friday, 15 November 2002, 8:15 AM CET

Explaining encryption
Make any enquiry about computer security, and you will almost immediately fall over the terms cryptography and encryption (and also decryption), but what exactly is meant by this? [more]
Friday, 15 November 2002, 8:15 AM CET

How do you deal with Internet fraud?
This paper covers fraud that uses Internet technology as an integral part of the fraud and fraud that is already taking place by other means where the Internet is merely another method of delivery. [more]
Friday, 15 November 2002, 8:14 AM CET

Study Makes Less of Hack Threat
With growing talk in Washington about the threat of "cyberterrorism," a new report shows a decrease in attacks on government computer networks worldwide. [more]
Friday, 15 November 2002, 8:09 AM CET

Russians wage cyber war on Chechen Web sites
Two Chechen news Web sites collapsed after an alleged coordinated cyber attack from Russian security services. [more]
Friday, 15 November 2002, 8:06 AM CET

Reverse Engineering Win32 Trojans on Linux
This article offers a detailed examination of the reversing process, using a trojan found in the wild, and focusing on techniques for reversing Windows-native code entirely under Linux. [more]
Friday, 15 November 2002, 8:02 AM CET

The worst security problems?
The FBI list is misleading in that many readers and editors would have seen this as an FBI certification of the relative equality of security problems between systems running Windows and those running Unix. [more]
Friday, 15 November 2002, 7:58 AM CET

Bind Security Vulnerabilities Roundup
Roundup contains: original advisory on this topic, vendor workaround and patches, security advisories by Linux vendors and additional information on the topic. [more]
Friday, 15 November 2002, 2:05 AM CET

Norman Virus Control Receives Virus Bulletin 100% Award
The data security company Norman ASA has received yet another Virus Bulletin 100% Award. [more]
Thursday, 14 November 2002, 5:20 PM CET

The Unix Auditor's Practical Handbook
This is a step-by-step practical guide to auditors when carrying out a Unix Audit. It mostly covers Sun Solaris systems, but it has cross-references for AIX and Linux. [more]
Thursday, 14 November 2002, 5:07 PM CET

UK malicious hacker to fight US extradition
A British man wanted in the US for allegedly hacking into nearly 100 computer networks operated by the US military and Nasa has said he will fight any attempt to extradite him. [more]
Thursday, 14 November 2002, 5:05 PM CET

WEP is out, WPA is in
Wi-Fi Protected Access (WPA) will replace Wired Equivalent Privacy (WEP), which presents security concerns on wireless LANs. Enterprises should install WPA as soon as it becomes available. [more]
Thursday, 14 November 2002, 4:58 PM CET

Maintaining Credible IIS Log Files
This article will offer advice on how to maintain the credibility of IIS log files. [more]
Thursday, 14 November 2002, 4:52 PM CET

Back to the Insecure Future
Web services, such as Microsoft's .NET platform, represent a return to centralized computing. But that's not all, they also pose some serious security issues. [more]
Thursday, 14 November 2002, 4:46 PM CET

House votes life sentences for hackers
A last-minute addition to a proposal for a Department of Homeland Security would punish malicious hackers with life in prison. [more]
Thursday, 14 November 2002, 4:43 PM CET

Microsoft hires national security advisor
Hoping to play a larger role in homeland security, Microsoft has tapped former US political adviser Thomas Richey for a new position counselling policymakers on IT issues. [more]
Thursday, 14 November 2002, 4:42 PM CET

The changing face of web security
Are we winning or losing the battle of web security? Read this white paper backed by industry figures to ensure you are aware of the facts. [more]
Wednesday, 13 November 2002, 3:58 PM CET

What makes a good Password?
This whitepaper tells you what makes a good password and how to select one. [more]
Wednesday, 13 November 2002, 3:57 PM CET

An introduction to PKI
This guide provides the reader with a basic introduction to key terms and concepts used in a PKI including Certificates, Keys and Authorities. [more]
Wednesday, 13 November 2002, 3:57 PM CET

Encrypted NFS with OpenSSH and Linux
NFS is a protocol that allows computers to share files over a network. It has several security related problems. This article provides a solution to most of these problems for Linux clients and servers. [more]
Wednesday, 13 November 2002, 3:55 PM CET

Congress OKs cyber security grants
Congress approved Tuesday $903 million in grants to spur federal agencies, industry and universities to devote more energy to cyber security research. [more]
Wednesday, 13 November 2002, 3:43 PM CET

Web Identity: Weighing the Alternatives
Microsoft's Passport and Liberty Alliance specify incompatible authentication technologies today. Here's how they work - and how they might interoperate in the future. [more]
Wednesday, 13 November 2002, 3:41 PM CET

Fourth Anniversary of Bubbleboy and Self Executing Viruses
This month marks the fourth anniversary of Bubbleboy, the first malicious code to run automatically -without user intervention- by exploiting a vulnerability in MS Outlook and MS Outlook Express. [more]
Wednesday, 13 November 2002, 3:36 PM CET

Trojan Found in libpcap and tcpdump
Members of The Houston Linux Users Group discovered that the newest sources of libpcap and tcpdump available from tcpdump.org were contaminated with trojan code. [more]
Wednesday, 13 November 2002, 2:56 PM CET

Make Nessus Your New Security Tool of Choice
No ace sysadmin should be without Nessus, it's the utility of choice for hardcore security scanning. [more]
Wednesday, 13 November 2002, 2:15 PM CET

Web designer charged with virus writing and child porn offences
A 21-old Welsh Web designer has appeared in court charged with creating and distributing three mass mailer viruses. [more]
Wednesday, 13 November 2002, 2:13 PM CET

Host Discovery with nmap
This document will illustrate (at a very technical level) the methodology that I use to accurately discover which hosts are accessible prior to conducting port scanning or a vulnerability assessment. [more]
Tuesday, 12 November 2002, 4:47 PM CET

WLAN Discovery Applications for Intrusion Detection
This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications. [more]
Tuesday, 12 November 2002, 4:47 PM CET

Timing the Application of Security Patches for Optimal Uptime
Security vulnerabilities are discovered, become publicly known, get exploited by attackers, and patches come out. When should one apply security patches? [more]
Tuesday, 12 November 2002, 4:45 PM CET

Security warning on open source
Linux is not a more secure environment than NT or Windows, Internet Security Systems chief technology officer Chris Klaus warns. [more]
Tuesday, 12 November 2002, 4:44 PM CET

New spam control added to Mxtreme Mail Firewall
BorderWare Technologies Inc. announced today a new weapon in the war against spam and unwanted email. This is the latest innovation to the MXtreme Mail Firewall range of appliances. [more]
Tuesday, 12 November 2002, 4:43 PM CET

Plan for a security architecture
An architecture-based approach to information security will reduce legal liability and improve the efficiency of security initiatives. [more]
Tuesday, 12 November 2002, 3:38 PM CET

Computer Break-Ins: Your Right to Know
California law now demands that the public be informed when government or corporate databases are breached. It's about time. [more]
Tuesday, 12 November 2002, 2:02 PM CET

Hackers beware: quantum encryption is coming
Quantum encryption pioneers promise to put the world's first uncrackably secure networks online by early 2003. [more]
Tuesday, 12 November 2002, 1:56 PM CET

Antenna to boost wireless security
An optical antenna that uses a geometrically shaped lens promises to bring greater security to wireless networks for businesses, according to British scientists. [more]
Tuesday, 12 November 2002, 1:26 PM CET

US cracks case of attacker who broke into military networks
Federal authorities have cracked the case of an international attacker who broke into roughly 100 unclassified U.S. military networks over the past year. [more]
Tuesday, 12 November 2002, 1:25 PM CET

HNS Newsletter issue 135 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 11 November 2002, 3:47 PM CET

New NetScreen-5XT features increase security for remote sites
The new features in NetScreen-5XT will increase the level of security provided for companies looking needing a secure way of connecting to remote sites and telecommuters. [more]
Monday, 11 November 2002, 3:46 PM CET

Your Mobile Phone Is Safe - "Ace-?" is a Hoax
A rumor is spreading among Internet users regarding a new computer virus that infects mobile telephones and renders them junk. [more]
Monday, 11 November 2002, 3:45 PM CET

Vulnerabilities in Microsoft's Java implementation
Microsoft Internet Explorer comes with Java virtual machine and accompanying class packages. Multiple security vulnerabilities have been found in the Java environment. [more]
Monday, 11 November 2002, 3:44 PM CET

Are Macs Virus-Proof?
Mac OS X users should install an effective, configurable firewall, which comes included with a point-and-click interface in OS 10.2, also known as Jaguar. [more]
Monday, 11 November 2002, 3:43 PM CET

Feds Consider New Security Reporting Role
Government security officials have been discussing the possibility of creating a central point of contact within the government for reporting security vulnerabilities. [more]
Monday, 11 November 2002, 3:42 PM CET

Secure twice, open once
The increasing popularity of VPN technology has exposed a number of serious vulnerabilities in the software used to connect thousands of remote offices and workers to their corporate networks. [more]
Monday, 11 November 2002, 2:30 PM CET

Stones, Fire and Water
A nasty trade secret lawsuit displays the ugly side of the network security industry... [more]
Monday, 11 November 2002, 2:26 PM CET

Small firms warned over attackers
Smaller businesses do not have adequate defences against the increasing threat from electronic attacks by terrorists, the British Chambers of Commerce has warned. [more]
Monday, 11 November 2002, 2:12 PM CET

5 steps to secure mobile data
Mobile and wireless technology is revolutionising how businesses use and profit from information. [more]
Monday, 11 November 2002, 2:10 PM CET

HNS Book Giveaway - Honeypots: Tracking Hackers
We are giving away 3 copies of "Honeypots: Tracking Hackers" by Lance Spitzner. Want some knowledge? [more]
Friday, 8 November 2002, 2:47 PM CET

Oror Worm - Highest Threat Levels Since Bugbear
Panda Software reported maximum threat levels on variants of the Oror Worm which deletes all of the files in the infected computer's hard disk and every network drive accessible from the infected machine. [more]
Friday, 8 November 2002, 2:13 PM CET

Nokia focuses on privacy, mobile Web services and security tools
Nokia introduced a complete end-to-end security solution to provide the enterprise mobile workforce with secure connections to enterprise network resources. [more]
Friday, 8 November 2002, 2:12 PM CET

Sophos Anti-Virus detection: a technical overview
This paper describes the main components of Sophos Anti-Virus and how they relate to each other. [more]
Friday, 8 November 2002, 2:10 PM CET

Self-extracting exe files - the unhidden dangers
The use of passwords to control access to self decrypting executable files is not defensible as a security technique and should be avoided in favor of much stronger techniques. [more]
Friday, 8 November 2002, 2:09 PM CET

The problems with Secure Email
Learn to fully protect your data simply and securely while avoiding complex interactions between proprietary systems. [more]
Friday, 8 November 2002, 2:08 PM CET

"Keeping Secure - Managing Cyberspace Security Risk" webcast
Find out how Red Hat Network keeps enterprise systems secure through automated alerts and centralized management. [more]
Friday, 8 November 2002, 2:07 PM CET

Inadequate IT security training in the UK
UK employees lack the appropriate IT security training necessary to combat potential threats to organisations such as viruses. [more]
Friday, 8 November 2002, 2:06 PM CET

Network Signals Just Scream to Be Exploited
Organizations ignore the security risks of wireless networking at their peril. [more]
Friday, 8 November 2002, 1:49 PM CET

The FBI's Cybercrime Crackdown
In contrast to the teenage hackers of yore, today's perpetrators mount extremely sophisticated attacks. They don't brag, and they don't leave obvious tracks. [more]
Friday, 8 November 2002, 12:57 PM CET

Hack attacks on rise in Asia
Attackers based in Indonesia and Malaysia have been launching attacks on neighbouring countries. [more]
Friday, 8 November 2002, 12:50 PM CET

Network Worm "Roron"- Red Alert
Kaspersky Labs, an international data security software developer, reports the appearance of a new network worm named "Roron", constructed in Bulgaria. [more]
Thursday, 7 November 2002, 1:16 PM CET

Sony Releases New Fingerprint Identification Unit
Sony's new fingerprint identification device can serve as the basis for enterprise-wide employee identification solutions in work environments where employee mobility is critical. [more]
Thursday, 7 November 2002, 1:15 PM CET

eEye Web Seminar On Vulnerability Assessment
On Tuesday November 12, 2002 eEye will host a web seminar titled "Technical Demonstration: Enterprise Vulnerability Assessment and Remediation". [more]
Thursday, 7 November 2002, 1:14 PM CET

Honeypot Best Practices security conference
The very first security conference ever dedicated to honeypot technologies is starting today in Las Vegas. [more]
Thursday, 7 November 2002, 1:13 PM CET

Buffer Overflows: A Technical Discussion - Web Seminar Slides
Buffer overflows comprise more than 60% of known vulnerabilities. Buffer overflow exploits are powerful and are the tool of choice for most attackers. [more]
Thursday, 7 November 2002, 1:12 PM CET

Security standard gains OASIS approval
The Organization for the Advancement of Structured Information Standards formally approved a standard security protocol that is likely to become the building block for integrating corporate user access control systems over the Internet. [more]
Thursday, 7 November 2002, 1:11 PM CET

Complete Snort-based IDS Architecture, Part One
This two-part article will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. [more]
Thursday, 7 November 2002, 12:29 PM CET

Navy Sites Spring Security Leaks
A group of French Internet security enthusiasts uncovers holes in two online databases owned by the U.S. Navy, exposing password information and reports on malfunctioning weapons equipment. [more]
Thursday, 7 November 2002, 12:28 PM CET

Notre Dame math guru cracks code
And you thought you had tough math homework? Consider the work that went into cracking a secret code developed by Certicom, which makes wireless encryption software... [more]
Thursday, 7 November 2002, 12:24 PM CET

Book Review: "Honeypots: Tracking Hackers" by Lance Spitzner
If you're serious about setting up a honeypot than this is THE book to read. It will give you all the necessary concepts, guidelines and tools to get you started. [more]
Wednesday, 6 November 2002, 3:36 PM CET

Nokia and Trend Micro establish a strategic alliance
The two companies announced a Memorandum of Understanding to establish a strategic alliance focused on delivering network-based, best-of-breed content security solutions to enterprises. [more]
Wednesday, 6 November 2002, 3:33 PM CET

"Wireless Security: A Contradiction in Terms?" web seminar
This is the seminar that will be held on Thursday, November 7, 2002 by renowned security expert and TruSecure Chief Technical Officer. [more]
Wednesday, 6 November 2002, 3:10 PM CET

nCipher and Cardinal partner on secure e-transactions
Cardinal, a develop of e-transaction security products, is the latest e-payment company to use nCipher's hardware-based encryption products to secure online payments. [more]
Wednesday, 6 November 2002, 3:03 PM CET

If Microsoft Had Written Nmap
This amusing article was written by security expert Ed Skoudis, author of "Counter Hack". [more]
Wednesday, 6 November 2002, 12:08 PM CET

Hacking syndicates threaten banking
The number of hacking syndicates targeting financial institutions around the world is growing. And so is the number of banks willing to pay these high-tech extortionists hush money to protect their reputations. [more]
Wednesday, 6 November 2002, 12:03 PM CET

Mitigation of cookie stealing XSS attacks
Microsoft's Michael Howard discusses the points of scrubbing secret data from memory, as well as expounding on mitigating cross-site scripting issues using the HttpOnly cookie extension. [more]
Wednesday, 6 November 2002, 11:51 AM CET

China's cyberwall nearly concrete
Thanks in large part to American technologies, Internet censorship in China is strong and far-reaching - much like the Great Wall itself. A commission urges the U.S. government to act fast. [more]
Wednesday, 6 November 2002, 11:49 AM CET

Smart security: network scanners
Don't wait for a hacker to show you where your network's vulnerabilities lie. Be smart, and use a network scanner with intelligence. [more]
Wednesday, 6 November 2002, 11:44 AM CET

Sony's Biometrics Footprint Widens
Sony Electronics released information about the latest addition to its family of fingerprint identification devices, which so far have included the FIU-300, the FIU-710 Puppy, and now the FIU-600. [more]
Wednesday, 6 November 2002, 11:36 AM CET

Court rules against AOL on Net privacy
With laws on Internet privacy still unsettled, the ruling could have a significant effect on how users' anonymity is protected. [more]
Tuesday, 5 November 2002, 1:10 PM CET

FTC: where spam goes off to die
For years, the Federal Trade Commission has been receiving forwarded spam from Internet users. What exactly has the agency been doing with it? [more]
Tuesday, 5 November 2002, 1:03 PM CET

Gemplus introduces ResIDent
Gemplus launched ResIDent, a smart card-based ID system designed for advanced e-Government programs. [more]
Tuesday, 5 November 2002, 12:56 PM CET

Wireless LAN Security
This paper addresses the security concerns raised by both current and upcoming 802.11 network technologies. [more]
Tuesday, 5 November 2002, 11:24 AM CET

Security Enhanced Linux BETA Available
A fully functioning distribution of Security Enhanced Linux is now available in BETA for community and industry evaluation. [more]
Tuesday, 5 November 2002, 11:03 AM CET

"Untangling Web Services Security" web seminar
On Wednesday, November 20 2002, RSA Security will host a web seminar titled "Untangling Web Services Security". [more]
Tuesday, 5 November 2002, 11:02 AM CET

Digital Signatures and PKCS#11 Smart Cards
This article deals with applying digital signatures on documents using cryptographic smart cards and readers. We shall also discuss using MS Crypto API for verifying these digital signatures. [more]
Tuesday, 5 November 2002, 10:26 AM CET

New PCs likely to cede some control
To thwart hackers and foster online commerce, the next generation of computers will almost certainly cede some control to software firms, Hollywood and other outsiders. [more]
Tuesday, 5 November 2002, 10:00 AM CET

SBC has plans for Internet security
SBC Communications announced Monday that it is forming an Internet security project designed to improve network defenses. [more]
Tuesday, 5 November 2002, 9:47 AM CET

NSA taps vendors for encryption
NSA selected 3 vendor teams to develop Gigabit Ethernet encryptors to support the secure exchange of top-secret information via commercial IP-based, wide-area networks at speeds of at least 1 gigabit/sec. [more]
Tuesday, 5 November 2002, 9:42 AM CET

HNS Newsletter issue 134 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 4 November 2002, 8:37 PM CET

HNS Book Giveaway Winners
Three lucky winners have been chosen, each one gets a copy of "Internet Site Security". Are you one of them? [more]
Monday, 4 November 2002, 8:31 PM CET

The danger of PDAs
PDAs (personal digital assistants), pocket-sized diaries that are becoming increasingly more powerful, can represent a serious threat to corporate security. [more]
Monday, 4 November 2002, 6:44 PM CET

Weekly Virus Report - Opaserv, Oror and Mylka Worm
More viruses come our way - over the last few days, three new malicious codes have been discovered... [more]
Monday, 4 November 2002, 6:40 PM CET

Hacker takes advantage of dialer billing system
A malicious hacker in Germany has increased revenues on his own premium rate telephone service by E400,000, by diverting calls from other companies to his service. [more]
Monday, 4 November 2002, 6:36 PM CET

How to avoid security problems, Linux vs. Windows security
If it's not the Slapper worm, it's the Mighty worm - if you're watching the technology press recently, you might think Linux is plagued with security problems lately. [more]
Monday, 4 November 2002, 6:31 PM CET

Firms leave firewall gaps
Poorly configured firewalls make distributed denial-of-service attacks too easy for hackers. [more]
Monday, 4 November 2002, 6:30 PM CET

Simple things to improve your system's security
Here are some small and simple things that you can do to improve the security of your OpenBSD system. [more]
Monday, 4 November 2002, 6:27 PM CET

Future hacking: how vulnerable is the net?
As a new safety precaution, the organizations that operate the Internet's root servers will add more servers to each system. This will make each location less vulnerable to DDoS attacks. [more]
Monday, 4 November 2002, 6:19 PM CET

Feds getting IT together
Government security officials have begun a new era of interagency cooperation that has led to new levels of information sharing. [more]
Monday, 4 November 2002, 6:17 PM CET

New Outlook to give spammers the boot
Microsoft is taking spam fighting more seriously in the next version of its Outlook e-mail and contact-management software. [more]
Friday, 1 November 2002, 11:53 PM CET

Norton Internet Security 2003 Review
A new Worm Blocking feature checks outbound e-mails so you won't be guilty of passing along the next Sircam... [more]
Friday, 1 November 2002, 11:48 PM CET

Root-Server Attack Traced to South Korea, U.S.
Last week's attacks on the Internet's backbone likely emanated from computers in the United States and South Korea, FBI Director Robert Mueller today said. [more]
Friday, 1 November 2002, 11:58 AM CET

Mac OS among least prone to attack
The Macintosh was among the computer operating systems least prone to attack and damage from malicious hackers, worms and viruses during this year. [more]
Friday, 1 November 2002, 11:55 AM CET

Hacking victims to remain secret
The government will increasingly work to keep secret the names of companies that become victims to major hacking crimes, along with any sensitive corporate disclosures that could prove embarrassing. [more]
Friday, 1 November 2002, 11:52 AM CET

Hire hackers to find loopholes in IT system, firms advised
As computer system security becomes an increasingly major concern, organisations can look to hiring ethical hackers to uncover their systems’ vulnerabilities before the hackers do. [more]
Friday, 1 November 2002, 11:50 AM CET