Off the Wire

Off The Wire Archive

News items for November 2003

Hackers haunting Europe now
Hackers, it appears, are now forsaking North America in favour of European targets. [more]
Saturday, 29 November 2003, 9:15 AM CET


Struggle in Australia over anti-spam laws
Opposition parties in Australia have watered down anti-spam legislation at a debate in the upper house of Canberra's parliament. [more]
Saturday, 29 November 2003, 9:14 AM CET


Wireless world gets a new worry: viruses
As more consumers begin surfing the Web and sending e-mail messages on cellphones and handheld devices, along comes a new worry: worms and viruses spread via Internet-enabled equipment. [more]
Friday, 28 November 2003, 6:55 PM CET


Police arrest man in bank PC theft
Police have arrested a California man in connection with a burglary in which a computer with sensitive information about Wells Fargo customers was stolen, officials said Wednesday. [more]
Friday, 28 November 2003, 6:53 PM CET


Reseller touts home WLAN pack with easy to use security
UK reseller Dabs has launched a Wi-Fi offering that it claims will deliver a fully secure environment yet retain plug-and-play access to home WLANs. [more]
Friday, 28 November 2003, 6:52 PM CET


Single bug or virus attack could cost your business £66,000
The cost to businesses of a single bug or virus attack can be as much as £66,000, research has revealed. [more]
Friday, 28 November 2003, 6:44 PM CET


Norwegian hacker rebuts music piracy criticism
A Norwegian hacker, famed for defeating Hollywood in a cyber piracy trial, yesterday rejected allegations he had illegally unlocked a code that enables unauthorised copying of music files from the Internet. [more]
Friday, 28 November 2003, 6:43 PM CET


Current antivirus software is not enough
The antivirus protection installed in most companies does an excellent job of protecting against viruses. However, in today's world we also need to fight many other threats which, while they may not directly damage our computer systems, can cause other indirect damage. [more]
Friday, 28 November 2003, 4:35 PM CET


Review - PDA Security
This book will suit a number of readers interested in the field of PDA security in general. The authors managed to cover a broad range of topics surrounding the most popular handhelds and delivered a useful guide through corporate aspects of PDA security. [more]
Thursday, 27 November 2003, 5:58 PM CET


E-commerce targeted by blackmailers
Law enforcement agencies are investigating an increasing number of reports of organised criminal gangs carrying out denial-of-service (DDos) attacks - with the specific intention of blackmailing companies. [more]
Thursday, 27 November 2003, 5:45 PM CET


Lawmakers: spam bill is a turkey
Not a single United States senator voted against the anti-spam bill wending its way toward the White House. In the House of Representatives, 392 members clamored forth to support the nation's first legislation to combat unwanted, unsolicited commercial e-mail. [more]
Thursday, 27 November 2003, 3:32 PM CET


So when will Linux vendors charge for security fixes?
Linux vendors spend money building security bug fixes. How much longer will they give them away for free, writes SecurityFocus columnist Hal Flynn. [more]
Thursday, 27 November 2003, 3:24 PM CET


Weak monitoring lets hackers run riot
Too many IT administrators are taking their eye off the ball and allowing easy back-door entry into company systems, a leading computer forensics expert has claimed. [more]
Thursday, 27 November 2003, 3:21 PM CET


Phoenix adds security at the hardware level
The major BIOS developer, Phoenix Technologies has unveiled its first product based on its new extensible Core System Software (CSS). The new technology has been built with security in mind and offers embedded security features that protect the core system software from malicious attack and a security API. [more]
Thursday, 27 November 2003, 3:19 PM CET


Top-down security
Finally – a secure wireless technology designed that way from the beginning. [more]
Thursday, 27 November 2003, 3:14 PM CET


You thought Internet viruses and trip videos bugged you?
Viruses. Worms. Trojan horses. Drive-by downloads. Adware. Spyware. Browser hijackers. Zombies. Spam. These are the Nine Plagues of the Internet - insidious assaults on our sanity, productivity and peace of mind. [more]
Thursday, 27 November 2003, 3:14 PM CET


Spanish police arrest Raleka worm suspect
Spanish police have arrested a 23-year-old man in Madrid, who is suspected of being the author of the W32/Raleka worm which infected more than 120,000 computers in August. [more]
Thursday, 27 November 2003, 3:11 PM CET


Secure chips will lead to biometric passports
Last week’s Cartes 2003 smartcard conference in Paris was notable for the emergence of secure chips suitable for storing biometric data in passports and ID cards. [more]
Thursday, 27 November 2003, 3:09 PM CET


NamITech moves into information security training
Courses currently offered by NamITrust include: information security fundamentals, introduction to Perl programming, applied hacking, etc. [more]
Thursday, 27 November 2003, 3:07 PM CET


Foreign firms must toe US security line
New agreement could improve good security practice. [more]
Wednesday, 26 November 2003, 6:50 PM CET


Scripting flaws pose severe risk for IE users
A set of five unpatched scripting vulnerabilities in Internet Explorer creates a mechanism for hackers to compromise targeted PCs. [more]
Wednesday, 26 November 2003, 1:22 PM CET


Virus protection: it's time to patch things up!
Gartner's pronouncement that, 'through 2005, 90 per cent of cyber attacks will exploit known security flaws for which a patch is available or a solution known' will not be a huge surprise to anyone. [more]
Wednesday, 26 November 2003, 11:49 AM CET


Simulated terrorist cyberattack exposes problems
It simulated physical and computer attacks on banks, power companies, and the oil and gas industry. [more]
Wednesday, 26 November 2003, 11:40 AM CET


U.S. funds study of tech monocultures
The National Science Foundation has granted $750,000 to two universities to study how diversifying information systems and software could help fend off future cyberattacks. [more]
Wednesday, 26 November 2003, 11:36 AM CET


WEP gives false sense of security
"Security is still a concern but it's getting smaller. Most people realise that enterprise Wi-Fi can be done securely. The biggest danger isn't enterprise deployment, but deployment by an end user," says Neil Rickard, research director at Gartner. [more]
Wednesday, 26 November 2003, 11:35 AM CET


Security makeover for ICF, Windows Server 2003
Under its new 'secure the perimeter' initiative, Microsoft plans to introduce a major tweak to the way Windows Server 2003 connects to remote systems and a makeover to the Internet Connection Firewall integrated into Windows XP. [more]
Wednesday, 26 November 2003, 11:29 AM CET


The top 10 Internet security screw ups
With over 10 years of experience of defending against Internet security threats, Tom Salkield, Managing Director of NetConnect, lists his current top ten Internet security screw ups. [more]
Tuesday, 25 November 2003, 3:27 PM CET


Criminals with a Microsoft touch
Turgeman, who teaches in Tel Aviv University's sociology department, had interviewed the hackers for her doctoral dissertation. The subject: how hackers, or computer criminals, perceive themselves. [more]
Tuesday, 25 November 2003, 1:50 PM CET


Programmer charged with making violent "spam rage" threats
A 44-year-old Silicon Valley programmer has been charged with threatening to maim and even kill employees of a Canadian Internet-advertising agency that he believed had repeatedly sent him spam. [more]
Tuesday, 25 November 2003, 1:15 PM CET


For security ask yourself...what would Microsoft do?
Despite taking a beating in the press and from customers for security holes in its products, decision makers at Microsoft appear to think the company still has something to teach the world about computer security. [more]
Tuesday, 25 November 2003, 12:44 PM CET


Panther server - a look at the server admin tool
What follows is a look at the new GUI, with screenshots and explanations of what I believe are the best new features. [more]
Tuesday, 25 November 2003, 12:41 PM CET


Nachi worm infected Diebold ATMs
Windows-based cash machines suffer from the same security holes as servers and desktops. [more]
Tuesday, 25 November 2003, 12:40 PM CET


Staff warned as bosses begin to adopt Big Brother tactics
Office staff are being urged to be vigilant amid claims that company bosses are launching covert surveillance operations to spy on them at work. [more]
Tuesday, 25 November 2003, 12:35 PM CET


DVD Jon breaks ITunes security
The man responsible for writing software that allowed people to circumvent copyright technology on DVDs has posted software on the Internet that may allow devotees of Apple Computer's new ITunes online music store to break digital rights management technology that protects files downloaded from that service. [more]
Tuesday, 25 November 2003, 12:34 PM CET


Security: It's all or nothing
Security concerns about the vulnerability of technology now command attention at the highest levels of government on both sides of the Atlantic. [more]
Tuesday, 25 November 2003, 12:30 PM CET


Half of companies surveyed suffered security breach
Nearly half of the nation's fastest-growing companies suffered a recent breach in information security, according to a survey released Monday by consulting giant PricewaterhouseCoopers. [more]
Tuesday, 25 November 2003, 12:30 PM CET


$100,000 bounty offered for stolen PC
Wells Fargo said on Friday it had offered a $100,000 reward for information leading to the arrest and conviction of the burglar who stole a bank consultant's computer that had sensitive customer information on it. [more]
Tuesday, 25 November 2003, 12:28 PM CET


Review - Secrets of Computer Espionage
Despite the title that may lead you to believe this is a manual used in the National Security Agency (NSA), this is actually a book for anyone worried about the security of their information. If you're into computer forensics, administering a network or just a concerned home user, you'll find interesting material for yourself in this book. [more]
Monday, 24 November 2003, 6:45 PM CET


HNS Newsletter issue 189 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 24 November 2003, 6:45 PM CET


Hackers live by their own code
What would strike most folks in corporate America as bad manners or worse may be considered the height of courtesy in hackerdom. [more]
Monday, 24 November 2003, 3:11 PM CET


The other side of security data
Another day, and yet another report that warns the Internet generation that the dark elements of cyberspace are out to get them. [more]
Monday, 24 November 2003, 3:11 PM CET


Security at Microsoft
This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. [more]
Monday, 24 November 2003, 3:05 PM CET


EU hi-tech crime agency created
The European Union is setting up an agency to co-ordinate work to combat the rising tide of cybercrime. [more]
Monday, 24 November 2003, 3:00 PM CET


Microsoft’s security starts to show
The drive for better security has to start somewhere, and it has. [more]
Monday, 24 November 2003, 2:59 PM CET


Microsoft to revamp windows security
The software giant is planning a number of changes that will make the Windows client and server platforms more secure. [more]
Monday, 24 November 2003, 1:36 PM CET


How much is a hacker's head worth?
On the positive side, if virus writers continue to brag about their exploits, as they are notorious for doing, Microsoft's reward could encourage "witnesses" to come forward. On the other hand, the bounty could drive malware creators further underground. [more]
Monday, 24 November 2003, 1:35 PM CET


Dutch blogsites fight cyberwar against spammer
Dutch blogsites Retecool.com, Volkomenkut.com and Bastard-inc.com got a taste of their own medicine last Friday after they declared cyberwar on US spam firm Customerblast.com. [more]
Monday, 24 November 2003, 1:30 PM CET


Weak monitoring lets hackers run riot
Computer forensics expert says IT administrators must do better. [more]
Monday, 24 November 2003, 1:24 PM CET


Exploit code on trial
Security researchers and vendors ponder the ethics of releasing proof-of-concept code for software vulnerabilities. [more]
Monday, 24 November 2003, 1:14 PM CET


Debian Project machines have been compromised
Some Debian servers were found to have been compromised on November 20th. The archive was not affected by this compromise. [more]
Saturday, 22 November 2003, 12:06 AM CET


Why bother virus scanning?
I have always thought the idea of scanning for viruses to be flawed, well certainly as a security measure. Yet nearly all of you reading this article will be relying on just that technology to protect your networks, PCs and laptops. [more]
Friday, 21 November 2003, 4:26 PM CET


Radio tags spark privacy worries
The use of radio tags on consumer products should be put on hold, say privacy campaigners. [more]
Friday, 21 November 2003, 2:46 PM CET


Security is about more than an image problem
Microsoft's latest hacker bounty won't solve the problem - it'll only divert public attention away from the core security problem that users face. [more]
Friday, 21 November 2003, 2:36 PM CET


Six face sentencing for Internet ID theft and fraud
A London court will hear today that six fraudsters used the Internet to obtain false identities and con Lloyds TSB out of £300,000. [more]
Friday, 21 November 2003, 2:26 PM CET


Galvanising physical security with IT
Cingulum Security Services has teamed with Internet Solutions (IS) to take on-site CCTV recording and physical guarding into the realm of "more secure" IT. [more]
Friday, 21 November 2003, 2:23 PM CET


The future of open source in security
This year we held our 2nd Annual Open Source Symposium and it certainly fit the bill as a wide variety of topics were presented from security to higher education theory. [more]
Friday, 21 November 2003, 1:15 PM CET


Hacker life doesn't last forever
In 2 1/2 years in the late 1990s, Breuninger hacked into dozens of computer systems. He peeked at the payroll of a nearby Taco Bell, left messages supporting Jesse Ventura on Web sites and stole thousands of Internet e-mail accounts and passwords. [more]
Friday, 21 November 2003, 1:13 PM CET


Taking scammers for a ride
A scam-baiter has plenty of interesting tales to tell as he takes would-be scammers for a ride. [more]
Friday, 21 November 2003, 1:09 PM CET


Cybercrime sweep nets 125 arrests
Attorney General John Ashcroft said Thursday that 125 suspects have been arrested in a crackdown on Internet crimes ranging from hacking to fraud to selling stolen goods. [more]
Friday, 21 November 2003, 1:05 PM CET


"Phishing" identity theft is gaining popularity
Most of us know by now not to give out our passwords, ATM PINs, or other secret information when requested by e-mail. But an increasing number of people are giving out that information, even those of us who should know better. [more]
Friday, 21 November 2003, 12:53 PM CET


HP eyes security, SMB spaces
Security projects currently in the hopper include moving VPN technology to 802.11 wireless networks. [more]
Friday, 21 November 2003, 12:50 PM CET


Biometrics are the future, say aviation security experts
Biometric identification methods such as fingerprints and digital photographs are tomorrow's technology to ensure security of civil aviation, participants of a conference said. [more]
Thursday, 20 November 2003, 5:08 PM CET


CA offers free antivirus, firewall software
Computer Associates International Inc. (CA) will give away its consumer antivirus and firewall software product with a year's subscription to virus signature updates. [more]
Thursday, 20 November 2003, 5:00 PM CET


Sandia Labs studies phony computer network for hackers
Instead of merely fending off thousands of daily computer attacks, federal researchers are trying a new tack: Create a meaningless digital universe to bog down hackers and study their tactics. [more]
Thursday, 20 November 2003, 4:57 PM CET


Setting up server tools for spam- and virus-free mail
After a week of email nearly free of spam and viruses, the time and effort it took to configure a Linux mail server with SpamAssassin, MIMEDefang, and sendmail seem well worth the trouble. [more]
Thursday, 20 November 2003, 4:56 PM CET


Hackers did not cause blackout - report
There is no evidence that the blackout that struck the northeastern United States and southern Canada on August 14 was caused by hackers, but the power grid's reliance on the Internet makes it vulnerable to potentially devastating online attacks. [more]
Thursday, 20 November 2003, 4:50 PM CET


CodeFellas - a mafia hacker tells his story
Smart mobs? Fuhgeddaboutit. Not till they hired me. Now they're getting a secure P2P bet-processing system. A mafia hacker tells his story to Wired magazine's Simson Garfinkel. [more]
Thursday, 20 November 2003, 4:45 PM CET


Cisco security initiative
In an unusual alliance among staunch competitors, Cisco Systems will collaborate with three of the largest computer security firms to fight virus and worm attacks. [more]
Thursday, 20 November 2003, 4:40 PM CET


Home user security: your first defense
The swiss cheese approach to applying security patches that are required to keep desktop computers safe and useable just doesn't work for the average home user. A firewall should now be a home user's first line of defense. [more]
Thursday, 20 November 2003, 4:38 PM CET


Apple security patches posted
Apple has released security updates for Mac OS X Panther 10.3.1 client and server systems and Mac OS X Jaguar 10.2.8 client and server operating systems. [more]
Thursday, 20 November 2003, 4:37 PM CET


Symantec CEO urges shift in security tactics
Comdex: John Thompson warns that unless the security industry changes its focus, technology could become a liability. [more]
Thursday, 20 November 2003, 4:26 PM CET


Germany touts high-security phone
A German company launched a new mobile handset on Tuesday targeted at business executives that secures that lines are free from eavesdroppers, sparking criticism that it could also make criminals harder to catch. [more]
Wednesday, 19 November 2003, 1:16 PM CET


SOAP Web services attacks
This whitepaper discusses various types of attacks based on the SOAP implementation of Web services over HTTP and describes how you can shield your applications from these assaults. [more]
Wednesday, 19 November 2003, 11:50 AM CET


Red Hat offers new security course
Red Hat Tuesday said it is offering a new training course, designed to improve the security skills of users. [more]
Wednesday, 19 November 2003, 11:46 AM CET


No easy solution to spyware
Congress would be better off protecting individuals against online surveillance than trying to legislate spyware that monitors their online activity, a policy group says. [more]
Wednesday, 19 November 2003, 11:44 AM CET


The economics of spam
Spammers can make lucrative living even though only 50 in every million people respond to unsolicited commercial email. [more]
Wednesday, 19 November 2003, 11:38 AM CET


Cisco, antivirus companies team to battle worms
Cisco announced licensing agreements with three leading antivirus software companies and a new program that it said will protect computer networks from worms and viruses. [more]
Wednesday, 19 November 2003, 11:37 AM CET


Security researcher calls for vulnerability trade association
The idea for the organization came from Thor Larholm, a senior security researcher at PivX Solutions Inc. Larholm is well-known in security circles for his research, particularly on Internet Explorer. [more]
Wednesday, 19 November 2003, 11:36 AM CET


Bush pushes for cybercrime treaty
President Bush has asked the U.S. Senate to ratify the first international cybercrime treaty. [more]
Wednesday, 19 November 2003, 11:29 AM CET


Worms of the future: trying to exorcise the worst
This is a research paper on the security (or lack of) within computer systems and ways of improvement with respect to mobile and hostile code such as worms. [more]
Tuesday, 18 November 2003, 9:15 AM CET


Blogs get a security boost
Two new applications offer more tools for creating Web logs. [more]
Tuesday, 18 November 2003, 9:09 AM CET


Automating rsync with a simple expect script
This short article provides an example script that uses Expect to automate a series of rsync operations using an ssh tunnel. [more]
Tuesday, 18 November 2003, 9:07 AM CET


Wi-Fi starts leaping security barriers
As it proves its worth at work, companies are buying new products and services that help remove the worry of open access. [more]
Tuesday, 18 November 2003, 9:05 AM CET


Pickpockets turn to technology
A potential loophole in security for Bluetooth phones, which could see strangers hacking into your address books, has been uncovered. [more]
Tuesday, 18 November 2003, 8:56 AM CET


E-mail worm masquerades as PayPal message
An e-mail worm is posing as a message from online payment company PayPal in an effort to harvest credit card numbers and account passwords. [more]
Tuesday, 18 November 2003, 8:54 AM CET


The firewall and the wandering workers
Corporations that have strong firewall defenses didn't take long to figure out that their greatest threat was from employees who log on to their networks from outside the building. [more]
Tuesday, 18 November 2003, 8:53 AM CET


Oracle row level security: part 2
This paper explores the row level security feature added to Oracle 8i and above, and provides examples. [more]
Tuesday, 18 November 2003, 8:51 AM CET


Lack of web security will limit trading partnerships
Organisations planning to deploy business-to-business web services in the next three years should limit their number of trading partners because of immature security products and standards. [more]
Tuesday, 18 November 2003, 8:48 AM CET


Flooding from the underground - a global threat
When Khaled Mardam-Bey developed an IRC client for the Windows platform, I doubt he envisaged mIRC becoming the basis for the control of an immeasurable number of compromised machines in bot-nets. Khaled has the original authors of the Global-Threat bot to thank for that. [more]
Monday, 17 November 2003, 5:05 PM CET


HNS Newsletter issue 188 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 17 November 2003, 5:04 PM CET


Security considerations when migrating from Unix to Linux
The Linux server market is expected to grow by 35% from last year, according to research firm IDC. Many of these Linux systems are replacing Unix in corporations looking to reduce IT costs. However, at the same time, there are more attacks on Linux than ever before. [more]
Monday, 17 November 2003, 7:07 AM CET


Hacking: potentially a new kind of war in the Middle East
Security for companies’ IT systems is a growth market as firms move to protect themselves from costly phenomenon. [more]
Monday, 17 November 2003, 7:03 AM CET


New system halts malware
A computer scientist at Washington University in St. Louis has developed technology to stop malicious software - malware - such as viruses and worms long before it has a chance to reach computers in the home and office. [more]
Monday, 17 November 2003, 7:01 AM CET


Desktop security: A contrarian view
Rather than a perimeter defense around a trusted host, I keep tight control of the host itself, and make sure there is nothing worth stealing. I don't recommend this approach to others. It goes against best practices. It may be more lucky than effective. But it has two huge virtues. It's simple and I'm in control. [more]
Monday, 17 November 2003, 7:00 AM CET


Security: More than just technology
You have to design for good security, not just load a new program. [more]
Monday, 17 November 2003, 6:57 AM CET


Keeping watch for interstellar computer viruses
Microsoft may have to fork up big bounty bucks trying to unearth future hackers, particularly when they are light years away on distant worlds. [more]
Monday, 17 November 2003, 6:53 AM CET


Gates addresses spam, security flaws at Comdex
Addressing a more button-down crowd than in past years, Microsoft Chairman Bill Gates attempted Sunday to usher in a new era of computing he dubbed "seamless computing." [more]
Monday, 17 November 2003, 6:49 AM CET


How to floss your security system
Patch management is a little like flossing your teeth. Everyone knows they're supposed to do it, but most of us still don't. [more]
Monday, 17 November 2003, 6:48 AM CET


It wasn't me, it was the Trojan horse
Three U.K residents have been acquitted after saying a Trojan horse caused their computers to commit crimes. Robert bets we'll soon see creative defenses for tech-related crimes in the U.S. as well. [more]
Monday, 17 November 2003, 6:46 AM CET


Encryption revolution: the tantalizing promise of 'unbreakable' codes
Code-makers could be on the verge of winning their ancient arms race with code-breakers. [more]
Monday, 17 November 2003, 6:44 AM CET


Review - Windows XP Hacks
This is probably the single most valuable book about Windows XP you'll ever come across. If you're a complete novice to this version of Windows, you'll have to get more reading material aimed at new users first, but once you get a grip on the basics, this book will open a whole new world of possibilities. [more]
Friday, 14 November 2003, 4:03 PM CET


Are you being watched online?
Here’s a sobering thought: While you’re looking at your computer, it may be looking back at you. There is easy-to-get, even free, software that lets anybody spy on you, anytime you are on your computer. [more]
Friday, 14 November 2003, 12:39 PM CET


First look at SBS 2003 security
Meeting the goals of the Trustworthy Computing initiative. [more]
Friday, 14 November 2003, 12:18 PM CET


Blackmail latest scam for hackers
The rapid growth of broadband home computer connections may be inadvertently fueling what police suspect could be the start of a new crime wave - cyber-blackmail. [more]
Friday, 14 November 2003, 12:17 PM CET


Strong holiday e-commerce forecast tempered by security fears
BSA vice president Bob Kruger said his organization will work with the Better Business Bureau to help educate consumers about ways to protect themselves as they shop online. [more]
Friday, 14 November 2003, 12:13 PM CET


Cisco launches new 'g' wireless devices
Cisco Systems Inc. introduced a lineup of new products during its wireless LAN (WLAN) advanced technology event in San Jose, California, on Wednesday which, according to one customer, are necessary for running today's businesses. [more]
Friday, 14 November 2003, 12:11 PM CET


Cracking the hacker underground
Computer hacking communities and their tools are not hard to find on the net. [more]
Friday, 14 November 2003, 11:45 AM CET


Al-Jazeera hacker sentenced
A Los Angeles-area man has been fined and sentenced to community service for hacking into the Web site of satellite TV network Al-Jazeera during the U.S.-led war in Iraq and rerouting visitors to a page featuring an American flag and the motto "let freedom ring." [more]
Friday, 14 November 2003, 11:44 AM CET


GameSpy warns security researcher
Online-gaming service provider GameSpy Industries acknowledged this week that it had sent an Italian hacker a cease-and-desist letter requesting that he remove advisories and utilities that highlight vulnerabilities in the company's products. [more]
Friday, 14 November 2003, 11:41 AM CET


New Windows worm on the way?
With the posting Wednesday of proof-of-concept exploit code for one of the newly discovered vulnerabilities in Windows, the familiar chain of events that often leads to the release of a worm has begun. [more]
Friday, 14 November 2003, 11:40 AM CET


Will security fallout dull Microsoft lonestar's shine?
Chairman Bill Gates will be walking a fine line, come Comdex 2003. Security can't play second fiddle to the latest Tablet advances this year. [more]
Friday, 14 November 2003, 11:31 AM CET


ATM fraud prevention tips
First National Bank's Card Security Week aims to highlight the predominant fraud issues pertaining to card security. [more]
Thursday, 13 November 2003, 1:28 PM CET


Banking scam revealed
A detailed analysis of the recent "phishing" scam that targeted Citibank customers. This paper describes the use of compromised hosts, Website redirection and the specifics of a unique bulk-mailing tool that has been repeatedly used in the recent rash of financial email scams. [more]
Thursday, 13 November 2003, 1:26 PM CET


Managing user accounts in Lindows
Although Lindows doesn't require user accounts, it's a good idea to create them anyway--here's why and how to do it. [more]
Thursday, 13 November 2003, 1:20 PM CET


Privacy bigger worry than security
Questions of privacy dominated a panel discussion held at the Security Special Interest Group (SSIG) in Cape Town recently, as members of the audience seemed more concerned about protecting personal information than they were about security. [more]
Thursday, 13 November 2003, 1:15 PM CET


Microsoft's new security mojo
Recently, Microsoft announced a program to offer rewards in exchange for information leading to the arrest and conviction of those who exploit its flagship Windows product through viruses, worms, and other forms of malicious code. [more]
Thursday, 13 November 2003, 11:37 AM CET


Is cyberterrorism a phantom menace?
Gartner's information security and risk research director has dismissed cyberterrorism as a "theory." [more]
Thursday, 13 November 2003, 11:29 AM CET


Patching rhythm: start a monthly patch process
On the topic of security alerts and patches, Microsoft Corp. is undoubtedly the 800-pound gorilla. [more]
Thursday, 13 November 2003, 11:17 AM CET


Report warns job seekers to guard privacy
People who look for work on the Internet may be giving away personal information that could compromise their privacy, according to a report released Tuesday. [more]
Thursday, 13 November 2003, 11:15 AM CET


Wireless hacking bust in Michigan
In a rare wireless hacking prosecution, federal officials this week accused two Michigan men of repeatedly cracking the Lowe's chain of home improvement stores' nationwide network from a 1995 Pontiac Grand Prix parked outside a suburban Detroit store. [more]
Thursday, 13 November 2003, 11:14 AM CET


Thought for the day: are your Windows secure?
Companies should worry less about migrating to new operating system and concentrate more on its security. [more]
Thursday, 13 November 2003, 11:10 AM CET


Attacking the DNS protocol
This paper whilst containing nothing new on DNS security brings together in one document many strands of DNS security which has been published and reported in many separate publications before. As such this document intends to act as a single point of reference for DNS security. [more]
Wednesday, 12 November 2003, 2:17 PM CET


Review - Red Hat Linux Pocket Administrator
As it is always with this kind of a pocket reference type of books, you'll either love 'em or hate 'em. They don't hold enough information about the topics they are covering, but on a positive side, they provide a time-saving way to refresh your knowledge on some specific topic. [more]
Wednesday, 12 November 2003, 2:16 PM CET


Keep your security chin up
Agency officials should adopt a positive way of thinking when it comes to addressing system security, according to one expert. [more]
Wednesday, 12 November 2003, 2:15 PM CET


Identity theft hits home
Hartman advises people to check identity online regularly. [more]
Wednesday, 12 November 2003, 2:03 PM CET


Security a risk(y) management issue
“Security is not a technology issue, it is a process issue,” says Meta Group security and risk strategies VP Paul Proctor. [more]
Wednesday, 12 November 2003, 1:52 PM CET


Microsoft releases security updates for November
These new security updates address newly discovered issues in Microsoft Windows, including Internet Explorer. Two of the updates are ranked as "Critical" while one is ranked as "Important" and if you're using the affected software you should install them immediately. [more]
Wednesday, 12 November 2003, 1:49 PM CET


Spam cleaning with the big boys
You think you've got spam problems with a hundred or so spam messages a day? Try being an ISP or a business where on a good day you don't get more than a one hundred thousand spam mails a day. [more]
Wednesday, 12 November 2003, 12:51 PM CET


Secure data exchange on Palm OS 5
This article shows you how to use the Palm OS 5 SSL APIs for secure data communication. [more]
Wednesday, 12 November 2003, 12:48 PM CET


WorldPay recovers from massive attack
WorldPay's systems are back running normally this week following the most serious and sustained Internet attack on a UK business to date. [more]
Wednesday, 12 November 2003, 12:46 PM CET


HP pushes IT management strategy
As part of its "adaptive enterprise" push, Hewlett-Packard on Tuesday announced new services and software for managing information technology operations. [more]
Wednesday, 12 November 2003, 12:45 PM CET


A VA scanner geeks will love
Tenable Network Security's NeVO features impressive vulnerability reports, but lacks administration and management functionality. [more]
Wednesday, 12 November 2003, 12:41 PM CET


Did hackers expose N-Gage games?
Mobile phone giant Nokia is investigating whether hackers managed to disable security that protects its N-Gage cell phone games. [more]
Wednesday, 12 November 2003, 12:32 PM CET


Top security officers form think tank
A group of top security officers from some of the industry's largest companies will announce Wednesday that they are banding together to form a new global security think tank. [more]
Wednesday, 12 November 2003, 12:30 PM CET


The HNS book giveaway winners have been chosen
The winners of the latest HNS Book Giveaway have been chosen and they are listed here, each with the corresponding book. [more]
Tuesday, 11 November 2003, 7:13 PM CET


Web application hacking: exposing your backend
Access to the application must be allowed by firewalls and access control lists, otherwise the application won't work. This inherent trust is precisely what attackers attempt to exploit. [more]
Tuesday, 11 November 2003, 7:10 PM CET


Kansas auditors crack 1,000 passwords
The Kansas Health and Environment Department has serious IT security and disaster recovery problems, the state’s legislative auditor has found. [more]
Tuesday, 11 November 2003, 5:05 PM CET


Experts question Windows patch policy
Microsoft will release a series of security patches after midnight tonight in line with its new policy of releasing patches on a monthly schedule. [more]
Tuesday, 11 November 2003, 3:45 PM CET


The mind of a hacker
Marc Maiffret is a hacker. Maiffret started hacking about six years ago, at age 16, when a friend at school introduced him to computers, and he got hooked on a digital-age narcotic: information. [more]
Tuesday, 11 November 2003, 3:32 PM CET


Singapore clamps down on hackers
Ultra-strict Singapore has passed some of the world's toughest laws against computer hackers and virus writers, allowing police to arrest suspects before they strike, official documents show. [more]
Tuesday, 11 November 2003, 3:09 PM CET


Spam slayer: laws won't solve everything
Feds, states take aim at spam, but legislation won't stop the onslaught. [more]
Tuesday, 11 November 2003, 3:06 PM CET


Microsoft prepares security assault on Linux
Microsoft is preparing a major PR assault over Windows’ perceived security failings in which it will criticise Linux for taking too long to fix bugs, we have learned. [more]
Tuesday, 11 November 2003, 2:59 PM CET


SSL networking heats up
The market is heating up for products that allow secure access to corporate networks based on a widely used browser security technology known as secure sockets layer encryption. [more]
Tuesday, 11 November 2003, 2:58 PM CET


Computer viruses now 20 years old
This week computer viruses celebrate 20 years of causing trouble and strife to all types of computer users. [more]
Tuesday, 11 November 2003, 2:55 PM CET


FBI on look-out for foreign government hackers
How seriously does the U.S. government take computer intrusion? [more]
Tuesday, 11 November 2003, 2:54 PM CET


A peek behind the 'Wallop' firewall
Microsoft Research is looking at how to leverage blogs, RSS feeds, wikis and other social-networking tools. [more]
Tuesday, 11 November 2003, 2:52 PM CET


As the season changes, so does spam
Spammers have begun targetting those who view the Christmas and holiday season as a time for big spending, the content filtering software firm ClearSwift says. [more]
Monday, 10 November 2003, 6:29 PM CET


Crypto system promises security over fiber-optic lines
A quantum-key distribution and encryption system developed by Magiq Technologies Inc. and called the Navajo Security Gateway promises unbreakable encryption over existing fiber-optic lines. [more]
Monday, 10 November 2003, 6:26 PM CET


Nessus scanning on Windows domain
This paper is about using Nessus to scan Windows networks and various scenarios one might encounter. [more]
Monday, 10 November 2003, 6:13 PM CET


HNS Newsletter issue 187 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 10 November 2003, 6:11 PM CET


Paper finds new wireless standard less secure
A new paper by a leading security expert says that the new Wi-Fi Protected Access (WPA) security standard may be less secure, in certain scenarios, than WEP, the wireless standard it was designed to replace. [more]
Monday, 10 November 2003, 2:48 PM CET


Hackers reach Defence files: report
Hackers have reportedly accessed top-secret files inside the Department of Defence. [more]
Monday, 10 November 2003, 2:39 PM CET


Shoppers warned of £110m card not present fraud
The UK's shoppers are being warned to be on their guard after it emerged that Internet fraud is contributing to a £110 million a year racket. [more]
Monday, 10 November 2003, 2:36 PM CET


Oracle row level security: part 1
This paper explores the row level security feature added to Oracle 8i and above, and provides examples. One of the main uses of row level security is to allow all of a company's data to be stored in one database for different departments, or for a hosting company to store data for different companies in one database. [more]
Monday, 10 November 2003, 2:36 PM CET


Researchers to build model of Internet - to destroy it
A team of professors from the University of California-Berkeley and University of Southern California has received a $5.46 million grant to build one of the most realistic models of the Internet - and then wreck it with debilitating hacker attacks. [more]
Monday, 10 November 2003, 2:33 PM CET


The anatomy of cross site scripting
Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities. [more]
Friday, 7 November 2003, 1:34 PM CET


Network pros 'make security happen,' CISO says
Kenneth Tyminski is in an unenviable position. As chief information security officer for Prudential Insurance Company of America, he's the first one likely to receive blame when a network security snafu affects his company's bottom line. [more]
Friday, 7 November 2003, 1:26 PM CET


Virus writers dismiss bounty fund
Virus writers won’t be deterred by Microsoft’s $5 million bounty fund to help capture and convict them. [more]
Friday, 7 November 2003, 1:11 PM CET


OSSI releases eGovernment web services platform
The Open Source Software Institute (OSSI) announced the release and availability of Project Leopard (Phase 1), the core component of its eGovernment web services platform based on LAMP (Linux, Apache, MySQL, PHP/Perl/Python). [more]
Friday, 7 November 2003, 1:02 PM CET


Attempted attack on Linux kernel foiled
An unknown intruder attempted to insert a Trojan horse program into the code of the next version of the Linux kernel, stored at a publicly accessible database. [more]
Friday, 7 November 2003, 12:59 PM CET


WorldPay fights 'massive, orchestrated' attack
WorldPay, the Royal Bank of Scotland's Internet payment transaction outfit, is continuing to fight a sustained Internet attack which has left its services mostly unavailable for a second day. [more]
Friday, 7 November 2003, 12:53 PM CET


Cisco to unveil SSL VPN features
Technology will come free in new VPN offerings. [more]
Friday, 7 November 2003, 12:51 PM CET


Security's brewing mess
What do low-level programming languages have in common with a scalding hot cup of coffee? Nothing that a little Java won't cure. [more]
Friday, 7 November 2003, 12:48 PM CET


Is wireless world a secure one for travelers?
The wireless world is spreading rapidly, offering business travelers equipped with laptops or other devices the chance to connect everywhere from coffee shops to hotel lobbies. [more]
Friday, 7 November 2003, 12:43 PM CET


PC security audits for businesses?
Publicly traded U.S. corporations would have to certify that they have conducted an annual computer security audit, according to a draft of long-awaited legislation the U.S. House of Representatives is preparing. [more]
Friday, 7 November 2003, 12:37 PM CET


Motorola now offers advanced encryption standard
Motorola now offers advanced encryption standard on its Canopy wireless broadband equipment. [more]
Friday, 7 November 2003, 12:33 PM CET


SSL VPN gateways: a new approach to secure remote access
Secure Sockets Layer Virtual Private Networks are quickly gaining popularity as serious contenders in the remote-access marketplace. Analysts predict that products based on SSL VPN technology might even replace IP Security Protocol VPNs as remote–access solutions. [more]
Wednesday, 5 November 2003, 12:18 PM CET


Apple needs more than skin-deep security
If recent events have shown anything, it's that Apple Computer needs to get more serious about handling security issues in Mac OS X. [more]
Wednesday, 5 November 2003, 11:33 AM CET


Startup says quantum crypto is real
Startup MagiQ Technologies is shipping what appears to be the first security system based on quantum cryptography. [more]
Wednesday, 5 November 2003, 11:30 AM CET


Recent vulnerabilities sharpen focus on security
A growing plague of worms, viruses and various computing vulnerabilities has forced security issues to center stage for enterprise IT managers. [more]
Wednesday, 5 November 2003, 11:22 AM CET


What's new in certification?
With the purpose of certification being to verify that an individual has an authenticated level of acumen/proficiency, there is never an end to the stream of new certifications that vendors release or update. This article focuses on new and upcoming certifications. [more]
Wednesday, 5 November 2003, 11:17 AM CET


Microsoft to offer bounty on hackers
Microsoft will announce on Wednesday that it will offer two $250,000 bounties for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus, CNET News.com has learned. [more]
Wednesday, 5 November 2003, 11:16 AM CET


Network security sector analysis
Security issues have reached global proportions, and spending in the sector is rising rapidly. [more]
Wednesday, 5 November 2003, 11:15 AM CET


Microsoft reeducation campaign
Microsoft's best chance for regaining the revenue lost to security concerns isn't in eliminating bugs, it's in teaching customers how to use buggy software. [more]
Wednesday, 5 November 2003, 11:14 AM CET


DDoS attacks still pose threat to Internet
It has been little more than a year since a massive data attack struck the underpinnings of the Internet, and security experts say a more coordinated attempt could do even worse damage. [more]
Wednesday, 5 November 2003, 11:13 AM CET


How secure is your e-mail?
Headlines are flying with stories of incriminating e-mail messages — and the many court cases that have been launched by "discovered" e-mails. [more]
Wednesday, 5 November 2003, 11:12 AM CET


Worms quiet in October
Despite a new virus, Mimail.C, hitting inboxes worldwide over the last few days, the virus chart, detailing the most prevalent viruses during October shows very little variation in the worms which have been plaguing systems for the past few weeks. [more]
Wednesday, 5 November 2003, 11:12 AM CET


Telia blocks spam-sending Zombie PCs
TeliaSonera, the leading telecommunications group in the Nordic and Baltic regions, will start to immediately block Internet traffic to and from computers that send junk email or spam, the company announced yesterday. [more]
Tuesday, 4 November 2003, 6:51 PM CET


The latest top 10 Linux/Unix security holes
How to fix the 10 points where intruders are most likely to gain entry. [more]
Tuesday, 4 November 2003, 6:50 PM CET


Microsoft details new security innovations
Today at RSA Conference 2003, Mike Nash, corporate vice president of the Security Business Unit at Microsoft, detailed a series of new products and programs designed to help customers enhance the security of their computers and networks. [more]
Tuesday, 4 November 2003, 1:09 PM CET


1st European information security awards
The opening day of this year's annual RSA Conference Europe event, hosted a ceremony of announcing the winners of inaugural European Information Security Awards. [more]
Tuesday, 4 November 2003, 1:08 PM CET


RSA Conference 2003 opening with RSA CEO keynote speech
"Despite the great efforts, we have not made sufficient progress to make the Internet a safer place". [more]
Tuesday, 4 November 2003, 1:06 PM CET


Web hoaxes set to increase
Widespread education needed as more consumers are targeted. [more]
Tuesday, 4 November 2003, 10:46 AM CET


Red Hat looks to NSA to bolster Linux security
Red Hat Inc's Enterprise Linux 4 will feature far greater support for security policy and process management, thanks to work emerging from the US Government's National Security Agency, ComputerWire has learned. [more]
Tuesday, 4 November 2003, 10:39 AM CET


Security considerations for layer 3 switches
Not everyone is enamored with the idea of bringing layer 3 intelligence into the wiring closet, says Stan Schatt, a vice president at Forrester Research. Problems include managing complex routing tables, troubleshooting Layer 3 routes, and making virtual LANs work. [more]
Tuesday, 4 November 2003, 10:38 AM CET


Users have set security agenda
When the IT directors of Royal Mail, BP, ICI and other FTSE 100 companies join together to call for a new universal framework for security, IT suppliers should sit up and pay attention. [more]
Tuesday, 4 November 2003, 10:35 AM CET


Secure programmer: validating input
This article shows how to validate input -- one of the first lines of defense in any secure program. [more]
Tuesday, 4 November 2003, 10:34 AM CET


IT security needs a new metaphor
IT security managers are rethinking their approaches to security in large organisations and re-evaluating upcoming threats. [more]
Tuesday, 4 November 2003, 10:33 AM CET


CSI - Cyberterrorism: more sophisticated than past worms
Companies advised to develop deeper understanding of their networks. [more]
Tuesday, 4 November 2003, 10:32 AM CET


Longhorn may pose security concerns
Microsoft is portraying Longhorn, the version of Windows due in about three years, as its most secure operating system ever. [more]
Tuesday, 4 November 2003, 10:30 AM CET


HNS Coverage from RSA Conference 2003 Europe
Now in its fourth successful year, the RSA Conference started today in Amsterdam. We are attending the conference and this is the place you can look for the news on product releases as well as other happenings. [more]
Monday, 3 November 2003, 6:31 PM CET


Review - Real 802.11 Security: Wi-Fi Protected Access and 802.11i
With the development of wireless technology, wireless security issues become more and more important. This book helps you to understand how wireless network security operates and offers you advice for a number of wireless implementation issues you might have to deal with. [more]
Monday, 3 November 2003, 6:29 PM CET


Monitoring network integrity with Nmap
Is your network vulnerable? Can't afford NIDS? Level the playing field with this open-source tool. [more]
Monday, 3 November 2003, 4:10 PM CET


Process, not technology, tightens security
More of a strategic issue than a technological battle, Compsec conference told. [more]
Monday, 3 November 2003, 4:06 PM CET


Brazilian script kiddie arrested in Japan
A Brazilian teenager has been arrested in Japan last Friday on suspicion of membership of an international hacking group. [more]
Monday, 3 November 2003, 4:05 PM CET


New rules cut hackers less slack
As attacks on computers get more sophisticated, more dangerous and more costly, the bad guys responsible rarely do hard time. [more]
Monday, 3 November 2003, 12:37 PM CET


Resist the urge - no more point solutions
Buying the latest tools to secure your assets is not the way forward. A structured plan for your infosec is vital, says Illena Armstrong. [more]
Monday, 3 November 2003, 12:33 PM CET


New worm steals user information
A new Internet worm that steals information from users' computers and attempts to shut down two Web sites is spreading. [more]
Monday, 3 November 2003, 12:30 PM CET


Four ways to secure your company on a shoestring budget
Here are four steps you can take, using zero capital dollars, that will visibly reduce risks and improve your security program. [more]
Monday, 3 November 2003, 10:09 AM CET


Apple plans to remedy Jaguar security issues
Apple Computer said Friday that it plans to issue an update to older versions of Mac OS X to fix security flaws that were patched as part of the new Panther OS. [more]
Monday, 3 November 2003, 9:59 AM CET


HP uses virus code to protect its networks from worms
Hewlett-Packard has demonstrated how computer virus technology can be turned around to protect business networks against hackers and worms. [more]
Monday, 3 November 2003, 9:57 AM CET


Electronic checks: how secure are they?
There's no doubt about it: Computer technology makes life easier for con artists and identity thieves. [more]
Monday, 3 November 2003, 9:56 AM CET


Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //