Off the Wire

Off The Wire Archive

News items for November 2004

Sun stamps on Java bug
Company claims successful fix for JVM Run Time Environment flaw. [more]
Tuesday, 30 November 2004, 4:45 PM CET

Anti-hacker tool kit, second edition
This book is a comprehensive guide through the field of security tools that provides advice on how to use them. The authors cover tools for auditing and prevention, detection of incidents, investigation, response and remediation. [more]
Tuesday, 30 November 2004, 9:42 AM CET

Unprotected PCs can be hijacked in minutes
Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. [more]
Tuesday, 30 November 2004, 8:40 AM CET

Guarding the grid
Security issues around grid computing are not new or different, but they grow with the grid. [more]
Tuesday, 30 November 2004, 8:38 AM CET

Lessons on the ISA stateful application layer inspection firewall
Check out this article for details on how the ISA firewall's Firewall client application is a critical components of the ISA firewall's comprehensive defense in depth scheme. [more]
Tuesday, 30 November 2004, 8:32 AM CET

Wi-Fi Planet highlights multichannel access points
Performance gain is the target of most Wi-Fi equipment unveiled at the conference. [more]
Tuesday, 30 November 2004, 8:29 AM CET

Windows SP2 security compromised
A security researcher claims to have crafted a simpler version of an exploit that could compromise a Windows system patched with SP2. [more]
Tuesday, 30 November 2004, 8:27 AM CET

Antivirus makers eying growth, changing pricing
McAfee and Symantec are aiming for the old razor-razor blade model, that is, the companies sell you a suite (the razor) and once you are hooked into it they live on the renewals (the blades). [more]
Tuesday, 30 November 2004, 8:25 AM CET

ID cards spread biometrics
Govt backing of ID cards could encourage enterprises. [more]
Monday, 29 November 2004, 3:41 PM CET

Why "identity" is central to IT security
The increasing demand from our users to provide ‘Anywhere Access’ to our most sensitive business systems; allowing them to connect from any computing device across any public Internet or wireless link, is forcing us to take an entirely new approach to securing our networks and data. [more]
Monday, 29 November 2004, 3:38 PM CET

Seeds of disaster
Internet Explorer's problems can be traced to Microsoft's shortsightedness during the browser wars of the 1990s. Is the company sowing tomorrow's security woes today? [more]
Monday, 29 November 2004, 2:28 PM CET

Kazaa encourages piracy, court told
The developers of file-swapping technology Kazaa produced the biggest music piracy system ever seen, the Federal Court has been told. [more]
Monday, 29 November 2004, 2:26 PM CET

Passport privacy protection? Nope
The Bush administration opposes security measures recommended by privacy advocates for new microchip-equipped passports, saying it's concerned for the safety of American travelers. Critics say the chips are good for identity thieves and government snoops. [more]
Monday, 29 November 2004, 2:25 PM CET

Phishers tapping botnets to automate attacks
Computer criminals are making phishing more potent by automating attacks. [more]
Monday, 29 November 2004, 2:01 PM CET

The cost of virus protection rises
Symantec, McAfee hope raising virus-definition fees will move users to suites. [more]
Monday, 29 November 2004, 1:54 PM CET

The solution to many logins and passwords
Remembering all the logins and passwords to all the services and systems you've got access to is pretty hard to do nowadays. [more]
Monday, 29 November 2004, 1:52 PM CET

SCO hacked over Thanksgiving holiday
The SCO website appears to have been hacked over the Thanksgiving holiday weekend. [more]
Monday, 29 November 2004, 1:50 PM CET

Virus protection is easier than you think
Simple rules can deal with most threats without the need for AV products. [more]
Monday, 29 November 2004, 1:48 PM CET

What you should know about firewalls
It's 2 a.m. Do you know what your PC is doing? If not, you're probably not running a firewall to protect your system from hackers and malcontents. [more]
Monday, 29 November 2004, 1:41 PM CET

Simplifying security
Several wireless LAN vendors are preparing new management software to help ease the process of securing a wireless network. [more]
Monday, 29 November 2004, 1:40 PM CET

Security suite guards Linux clients
Pointsec is to ship a Linux version of its disk encryption tools. [more]
Monday, 29 November 2004, 1:38 PM CET

Because of security concerns Finland warns against using IE 6.0
Finnish authorities have warned computer users against using Microsoft's Internet Explorer 6.0 as it has a "serious" security flaw that compromises computer systems. [more]
Friday, 26 November 2004, 8:23 AM CET

Using events-per-second as a factor in selecting SEM tools
Events Per Second, or EPS, as it is commonly referred to in the world of network security, is a measurement that is used to convey how fast a network generates data from its security devices and/or how fast an SEM product can correlate data from those devices. [more]
Friday, 26 November 2004, 8:22 AM CET

iptables: Creating an open source firewall
With ever-present threats from online attackers and script kiddies, administrators need a firewall on the border of any network. A Linux box can make a particularly effective and capable firewall at a fraction of the cost of a Cisco or Check Point system. [more]
Thursday, 25 November 2004, 10:02 AM CET

How to hacker-proof your Wi-Fi network
How do you keep your office building safe from data theft? [more]
Thursday, 25 November 2004, 12:32 AM CET

Five steps to better Internet security
Taming the Internet may be an impossible dream, but with proper planning and good advice, you can better protect your company from its less appealing characteristics. [more]
Thursday, 25 November 2004, 12:29 AM CET

Who profits from security holes?
How much junk can get installed on a user's PC by merely visiting a single site? [more]
Thursday, 25 November 2004, 12:25 AM CET

Security tips for online shoppers
Fraudsters may be licking their chops over nefarious plots to scam online holiday shoppers, but good old common sense can be an effective security shield against their ploys, researchers say. [more]
Thursday, 25 November 2004, 12:19 AM CET

Scope on Application Vulnerability Description Language
The Application Vulnerability Description Language (AVDL) is a rather new security interoperability standard within the Organization for the Advancement of Structured Information Standards (OASIS). Caleb Sima, SPI Dynamics CTO, talks to Help Net Security about this interesting web application security topic. [more]
Thursday, 25 November 2004, 12:18 AM CET

Microsoft offers to replace fake copies of Windows XP
Pilot program aims to track down and replace counterfeit versions of the operating system. [more]
Thursday, 25 November 2004, 12:15 AM CET

The hidden hazards of passwords
As passwords change hands or remain unchanged, the likelihood of a security breach increases. [more]
Thursday, 25 November 2004, 12:07 AM CET

Career database 'wide open' to hijacking
An on-line database containing the career and contact details of over 22 million business people can be edited by anyone. [more]
Thursday, 25 November 2004, 12:01 AM CET

Sun vulnerable with Java security hole
Sun Microsystems has disclosed a serious vulnerability in the Java Plug-in technology within the SDK and the Java Run-time Environment that allows attackers to bypass the Java sandbox and Java applet security. [more]
Thursday, 25 November 2004, 12:00 AM CET

Intrusion detection systems
This article introduces Snort, a flexible tool that can be used for packet sniffing, packet logging, or network intrusion detection. [more]
Wednesday, 24 November 2004, 1:48 PM CET

FBI serves subpoenas on Nmap creator
The FBI has been seeking information from the creator of the network security scanner, Nmap, about a particular attacker who they think may have visited the nmap site at a given time. [more]
Wednesday, 24 November 2004, 1:18 PM CET

Citrix buys up secure remote access firm
Citrix Systems is buying Net6, a privately owned maker of SSL VPN technology, for $50m in cash. [more]
Wednesday, 24 November 2004, 1:07 PM CET

SSH and ssh-agent
This article discusses how to take SSH Identity/Pubkey trust relationships to the next level, by using ssh-agent as a keymaster to manage a user's authentication needs automatically. [more]
Wednesday, 24 November 2004, 1:05 AM CET

Tasin worms ate my Windows files
Newly intercepted mutants spreading rapidly. [more]
Wednesday, 24 November 2004, 1:02 AM CET

WinAmp blows another security fuse
For those enterprise IT managers who've been eagerly anticipating the next major WinAmp security flaw, the wait is over. [more]
Wednesday, 24 November 2004, 1:01 AM CET

Global IT security market forecast to near $13B
Yankee Group expects more security features to become commoditized and move to the network to improve scalability of deployment and cut the cost of ownership. [more]
Wednesday, 24 November 2004, 1:00 AM CET

Yahoo aims crypto app at spam
Yahoo rolled out new artillery in the war on spam, arming its online E-mail service with cryptographic technology that can make it harder for junk E-mailers to hide their identities. [more]
Wednesday, 24 November 2004, 12:59 AM CET

Phishing leaps fivefold as banks fall prey to attacks
Fraudsters looking forward to a very merry Christmas. [more]
Tuesday, 23 November 2004, 2:00 PM CET

U.S. security critic sues Japan for censorship
A U.S. computer security expert is suing the Japanese government for violation of his freedom of speech, alleging that officals censored him at a recent computer security conference. [more]
Tuesday, 23 November 2004, 8:41 AM CET

Bofra exploit tied to 'massive botnet'
The attack on ad-serving company Falk that redirected some Reg readers on Saturday towards a site running malicious code may be part of a much bigger attack. [more]
Tuesday, 23 November 2004, 8:38 AM CET

Security: the hierarchy of needs for today's CIO
Corporate antivirus software? Check. Strong firewalls? Check. Now what? Just as with the famous hierarchy of needs for human psychology, security needs go from basic to complex. [more]
Tuesday, 23 November 2004, 8:36 AM CET

Ten questions to ask about application security systems
This article offers this checklist of questions to ask when evaluating application security products. [more]
Tuesday, 23 November 2004, 8:33 AM CET

Seven ways to foil ID thieves
Don't let unauthorized charges on your credit cards knock the stuffing out of Santa this year. [more]
Tuesday, 23 November 2004, 8:29 AM CET

Hackers could target printers for network attacks
Printers can be hacked and used to launch denial of service attacks or compromise employee details over the web, said a security expert last week. [more]
Tuesday, 23 November 2004, 8:21 AM CET

Java virus jumps out of sandbox
Security researchers are calling attention to what they called a "fairly significant" vulnerability in Sun Microsystems' Java virtual machine that gives crackers access to a user's files. [more]
Tuesday, 23 November 2004, 8:19 AM CET

Security software turns its attention to the dangers within
Technology can safeguard your firm from employee activity. [more]
Tuesday, 23 November 2004, 8:17 AM CET

Tiny storage could mean big security headaches
Although the small USB devices don't pose a new threat--data theft, after all, has always been a problem--they should put the security issue squarely on the radar. [more]
Tuesday, 23 November 2004, 8:15 AM CET

Googgun's security products aimed at corporate clients
Googgun, which only has three full-time employees and five contract employees, began as a consultancy, but gradually evolved into an R&D hub that develops information security products. [more]
Tuesday, 23 November 2004, 8:08 AM CET

Get ready for biometric security in the workplace
UK companies are anticipating the introduction of biometric technology to increase workplace security. [more]
Monday, 22 November 2004, 11:33 AM CET

Telecommuters seen as weakest link in network security
A recent survey by WatchGuard Technologies of its own customer base of businesses with 1,000 or fewer employees found that 25% of IT administrators believe that remote workers present the biggest security challenge in their organizations. [more]
Monday, 22 November 2004, 9:56 AM CET

Stopping spammers in their tracks
Spam is not harmless. The motivation for spammers is generally either fraud. [more]
Monday, 22 November 2004, 9:48 AM CET

Bill Gates is right?
Bill Gates is right about one thing: asking people to use a two-factor form of authentication would go a long way toward alleviating a lot of the password problems that plague computer security today. [more]
Monday, 22 November 2004, 9:44 AM CET

Beat spam using hashcash
Wouldn't you like to charge spammers for the privilege of cluttering up your inbox? Then charge them in cash -- hashcash, that is. Hashcash stamps can prevent e-mail spam, keep spam off of Wikis, and more. [more]
Monday, 22 November 2004, 1:57 AM CET

Regular change of passwords keeps sneaky crackers guessing
I'm starting a new tradition this Thanksgiving that I hope will enable me to give thanks each year that my personal information is secure: I'm changing all of my passwords, and you should, too. [more]
Monday, 22 November 2004, 1:49 AM CET

The spyware threat and how to deal with it
Latest-generation spyware is becoming increasingly malicious, hijacking users’ browsers and snooping for personal details. This article looks at why spyware has become a problem, and what can be done about it. [more]
Monday, 22 November 2004, 12:22 AM CET

Secure authentication features in Windows XP
In this book chapter, you'll learn the specifics of authentication under Windows XP: the process of verifying the identity of the user attempting to access a computer or other network resource. [more]
Monday, 22 November 2004, 12:17 AM CET

Is your site under attack?
Brute force attacks, such as DDoS attacks, are obvious -- the level of traffic to your server is suddenly greatly increased, which should set off the alarms you already have in place. The more subtle attacks are not intended (necessarily) to interfere with people accessing your site; they are designed to take it over. [more]
Monday, 22 November 2004, 12:16 AM CET

Judge dismisses keylogger case
A federal judge in Los Angeles has dismissed charges against a California man who used a keystroke logger to spy on his employer, ruling that use of such a device does not violate federal wiretap law. [more]
Monday, 22 November 2004, 12:15 AM CET

Privacy advocates fret over electronic passports
The United States hasn't issued any microchip-equipped passports yet, but as the Department of State tests different prototypes, the international standards for the passports are under fire from privacy advocates who worry the technology won't protect travelers from identity thieves. [more]
Monday, 22 November 2004, 12:14 AM CET

E-mail gains new armor against spam, virus attacks
IronPort, MailFrontier, Symantec unleash security offerings. [more]
Monday, 22 November 2004, 12:13 AM CET

How to develop .NET security code as a non-admin
This chapter will help you develop security code for the .NET Windows environment, even if you don't have administrative privileges. Included are helpful hints for developing code when you don't have access to user profiles. [more]
Monday, 22 November 2004, 12:10 AM CET

Configuring Trend Micro CSM for SSL with ISA Server 2000
This article alerts you to some of the pitfalls, point you to some great community resources, and show how to configure ISA to allow SSL communications on the 4343 port for CSM. [more]
Friday, 19 November 2004, 6:57 PM CET

Security training needs complete overhaul
Qualifications 'no indication of true knowledge', claims Doctor of Intrusion Detection and Prevention. [more]
Friday, 19 November 2004, 2:55 PM CET

Complacent UK corporates 'easy meat' for crooks
British businesses are too complacent over IT security and risk becoming easy targets for fraudsters and other would-be cyber criminals, the British Computer Society warns. [more]
Friday, 19 November 2004, 2:52 PM CET

End of NT 4 support good news for hackers
Migration nightmare ahead as software giant axes support. [more]
Friday, 19 November 2004, 2:51 PM CET

Lashings of seasonal spam
Many users may find their inboxes uncomfortably full come Christmas day. [more]
Friday, 19 November 2004, 11:17 AM CET

Security must be key part of outsourcing
Third-party suppliers must not be forgotten when it comes to IT security. [more]
Friday, 19 November 2004, 9:48 AM CET

Detecting rootkits and Kernel-level compromises in Linux
This article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected. [more]
Friday, 19 November 2004, 9:15 AM CET

Managed security
A managed security services provider (MSSP) can help shoulder the burden of monitoring and managing perimeter security. Here, one MSSP shares its experiences in protecting its clients' front lines. [more]
Friday, 19 November 2004, 9:08 AM CET

Oracle moves to quarterly security-patch cycle
Oracle's new quarterly security-patch schedule departs from its monthly schedule, which Microsoft also uses. [more]
Friday, 19 November 2004, 9:06 AM CET

New security standards to strengthen SCADA
Industrial control systems seen as vulnerable to Internet threats. [more]
Friday, 19 November 2004, 9:05 AM CET

Authentication tools tackle identity theft
Daniel Thomas talks to RSA Security's chief executive about guarding against security threats. [more]
Thursday, 18 November 2004, 5:07 PM CET

Lightweight RFID framework
For those who can't afford or don't need a full implementation of a Radio Frequency Identification (RFID) system, author Chen Junwei provides an overview of a lightweight version that is separate from existing IT and can enhance inventory and access control at relatively low cost and easy maintenance. [more]
Thursday, 18 November 2004, 2:31 PM CET

Strong network security sales driven by fear
Appliances, routers and switches with integrated security selling well. [more]
Thursday, 18 November 2004, 2:29 PM CET

The dual firewall approach
Firewalls must inspect at the application layer to address today's threat. [more]
Thursday, 18 November 2004, 2:28 PM CET

XML complexity introduces security risks
XML security isn't all about shady crackers, malicious code and computer crime for profit -- not yet anyway. [more]
Thursday, 18 November 2004, 9:08 AM CET

Petco settles with FTC over cyber security gaffe
It's the fifth time regulators have taken action against a company for failing to protect consumer data -- and the second time the same California coder blew the whistle. [more]
Thursday, 18 November 2004, 9:05 AM CET

Microsoft irked with security firm's IE alert
Security firm Secunia posted a new advisory today warning users about a pair of vulnerabilities in a fully patched version of Microsoft's Windows XP running SP2. [more]
Thursday, 18 November 2004, 9:02 AM CET

Infranet initiative for secure public networks
Juniper Networks has initiated a collaborative industry-wide effort to develop a universal, public, packet-switched network based on IP and MPLS but powerful enough to support all communications applications, securely and reliably anywhere, anytime. [more]
Thursday, 18 November 2004, 9:01 AM CET

New AOL software gives added security
America Online's new 9.0 Security Edition promises to bring you enhanced spam control, instant spyware identification, and even a keychain than locks your AOL account. [more]
Thursday, 18 November 2004, 8:59 AM CET

Windows Mobile Pocket PC Security
Seth Fogie, VP of Dallas-based Airscanner Corporation presents the latest in our series of security audio sessions. Mr. Fogie, an expert in the field of mobile computing security, discusses all the major security issues that are affecting Windows Mobile Pocket PC devices. [more]
Wednesday, 17 November 2004, 3:32 PM CET

US company fined for UK rogue dialler scam
A company based in New York has been fined £100,000 ($185,500) for ripping off UK punters with a premium rate number scam. [more]
Wednesday, 17 November 2004, 2:18 PM CET

WLAN protection efforts will increase adoption
Over 50% of organisations will have WLAN deployments by 2006. [more]
Wednesday, 17 November 2004, 12:51 PM CET

An overview of antispyware tools
Some antispyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors. [more]
Wednesday, 17 November 2004, 12:39 PM CET

Packaging SSH for your needs
This Tech Tip is designed to help you create a widely usable package for SSH. [more]
Wednesday, 17 November 2004, 12:36 PM CET

Security tools - Guidedog and Guarddog
This article discusses two tools: Guidedog and Guarddog. Guidedog is a GUI tool that can be used to set up packet routing/forwarding and IP masquerade (NAT) and port forwarding on a Linux host with iptables. Guarddog is a GUI tool designed to help set up a firewall using iptables and is a great tool to use in conjunction with Guidedog. [more]
Wednesday, 17 November 2004, 12:26 PM CET

The worst case scenario
The fine print in an insurance policy becomes an issue when a bizarre chain of IT disasters leaves a company without a single copy of the source code to its flagship product. [more]
Wednesday, 17 November 2004, 12:24 PM CET

Darwinism meets the virus and worm
Viruses are largely a threat that is contained if one has an anti-virus solution. This begs the question of what then is the next big threat in terms of malware code? The answer to that would be the new, and more lethal worms such as Slammer for one. What would happen though if someone with coding talent were to harness the chaotic world of the worm? [more]
Wednesday, 17 November 2004, 12:22 PM CET

In an Admin's perfect world
Here's a top ten things that would exist or happen in the perfect world of the admin. [more]
Wednesday, 17 November 2004, 12:20 PM CET

Verisign: better hackers behind attack boom
Security events in the third quarter jumped 150 percent over the same period last year. [more]
Wednesday, 17 November 2004, 12:17 PM CET

Business gets the wireless message
But not the security one... [more]
Wednesday, 17 November 2004, 12:17 PM CET

Microsoft talks security, Trustworthy Computing
Scott Charney offers big-picture look at the company's efforts. [more]
Wednesday, 17 November 2004, 12:15 PM CET

Cisco steps up security programmes
Cisco has unveiled two new channel programmes to recognise and reward partners championing the networking giant’s thrust into the IT security arena. [more]
Tuesday, 16 November 2004, 10:07 AM CET

How to protect your project from unwarranted IP attacks
This story examines a specific and well-documented situation in which unfounded accusations were leveled against a free software project, describe the tactics used by such assailants, and explain how to successfully deflect these attacks and diffuse the situation. [more]
Tuesday, 16 November 2004, 9:47 AM CET

Hackers strike at 'soft target' small firms
Financial Services Authority warns SMEs to tighten security. [more]
Tuesday, 16 November 2004, 9:43 AM CET

Aruba to bring WLAN-level security to LANs
Wireless switch specialist Aruba will next year bring to wired networks the same tight security it provides for WLANs in a bid to provide better protection from inside-the-firewall attacks. [more]
Tuesday, 16 November 2004, 9:39 AM CET

Multi-layered security is vital to stop new wave of attacks
Traditional reactionary anti-virus measures are no longer adequate for business. [more]
Tuesday, 16 November 2004, 9:36 AM CET

The beginning of the crypto era
In a move that was totally expected, if a little early, Yahoo has announced that it will put its money where its mouth is and start checking Yahoo Mail with its DomainKeys system. [more]
Tuesday, 16 November 2004, 12:14 AM CET

Security showdown
Four vendors of application-security products have created an alliance to challenge five large security and networking vendors. [more]
Tuesday, 16 November 2004, 12:12 AM CET

Banks face pressure to take action against identity theft
Are they moving fast enough to beat the hackers and phishers? [more]
Tuesday, 16 November 2004, 12:11 AM CET

AMD readies security, virtualization features for 2006
Advanced Micro Devices plans to build security and virtualization features into its server processors by 2006, the company said Friday during its annual analyst event. [more]
Tuesday, 16 November 2004, 12:07 AM CET

RFID's security challenge
No one has complained of a security breach related to an RFID deployment - yet. [more]
Tuesday, 16 November 2004, 12:05 AM CET

Passwords - common attacks and possible solutions
This article will provide you with an overview of how important, yet fragile, passwords security really is; you will be acquainted with different techniques for creating and maintaining passwords, and possible alternative methods for authentication. [more]
Monday, 15 November 2004, 3:32 PM CET

Trio harmonises on security
With the slogan, "Security is everybody's business", Microsoft, Cisco and Dimension Data have just ended a nationwide roadshow, spruiking their message: "we can't do it alone", to corporations. [more]
Monday, 15 November 2004, 3:23 PM CET

US plans wireless network for future wars
The Pentagon, which invented the precursor to the Internet 40 years ago, has laid the first connections for a secure, wireless Information network that proponents say will fundamentally transform warfare, The New York Times has reported. [more]
Monday, 15 November 2004, 2:32 PM CET

Trial shows how spammers operate
As one of the world's most prolific spammers, Jeremy Jaynes pumped out at least 10 million e-mails a day with the help of 16 high-speed lines, the kind of Internet capacity a 1,000-employee company would need. [more]
Monday, 15 November 2004, 2:18 PM CET

The value of bad news - vulnerabilities notification
Federal managers rely on scanners to discover and reduce security risks. [more]
Monday, 15 November 2004, 2:12 PM CET

An encrypted file system on a USB thumbdrive
In this article, I will explain how to set up FreeBSD to use a USB thumbdrive, how to configure and use the Cryptographic File System (CFS), and then for the FreeBSD 5.X users, how to use the brand new Geom Based Disk Encryption system (gbde). [more]
Monday, 15 November 2004, 9:30 AM CET

Adobe improves collaboration and security features in Acrobat 7
Adobe has improved security, collaboration and integration with enterprise software in the new version of the Acrobat document viewer. [more]
Monday, 15 November 2004, 9:28 AM CET

Next-gen networks need next-gen security
Hot new networking technologies like VoIP, WLANs, and Voice over WLAN are just as vulnerable as older network technologies. What are networking vendors doing to secure them? [more]
Monday, 15 November 2004, 9:25 AM CET

Security pros bemoan need for tactical focus
Operational and tactical considerations continue to dominate the IT security agenda, despite a growing need for more strategic approaches to data protection, said attendees at the Computer Security Institute's annual conference here this week. [more]
Monday, 15 November 2004, 9:24 AM CET

IT managers have false sense of security
Corporate IT managers are a bit bi-polar when it comes to network security, said a survey released this week at the Computer Security Institute's annual conference in Washington, D.C. [more]
Monday, 15 November 2004, 9:23 AM CET

Hackers sharpening their byte
It's not just computers and IT systems that are getting faster by the nanosecond, says a leading information security expert. [more]
Friday, 12 November 2004, 8:42 AM CET

E-Mail authentication will not end spam
For consumers and businesses increasingly shaken by the growing onslaught of unwanted e-mail and the computer viruses and other nefarious hacking spam can bring, any hope for quick relief was soundly dashed yesterday during a government-hosted gathering of technology experts. [more]
Friday, 12 November 2004, 8:41 AM CET

Red Hat targets security with Fedora Core 3
Red Hat Inc's Fedora Project community has introduced version 3 of the Fedora Core Linux operating system, including changes to the SELinux policy that enables users to target the most vulnerable programs. [more]
Friday, 12 November 2004, 8:37 AM CET

How to clean a computer virus from your PC
There's no shortage on advice of how to avoid catching a computer virus. But when it comes to advice about disinfecting contaminated PCs advice is thin on the ground. [more]
Friday, 12 November 2004, 8:35 AM CET

Researcher issues own patch for IE flaw
A German researcher has released an unofficial patch to fix the FRAME/IFRAME vulnerability in Internet Explorer, exploits for which were released on public mailing lists last week. [more]
Friday, 12 November 2004, 8:32 AM CET

New MyDoom attacks may signal 'Zero Day'
Latest version of worm occurs just as PC vulnerability is discovered. [more]
Friday, 12 November 2004, 8:31 AM CET

Windows Server 'R2' details begin to leak
'R2' still has yet to go to beta, but Microsoft is well on its way to finalizing the product due to ship in the latter half of 2005, according to sources. [more]
Friday, 12 November 2004, 8:28 AM CET

US, India launch security partnership
The United States and India agreed in talks to launch a new phase in cyber security co-operation, including scientific exchanges, officials said. [more]
Friday, 12 November 2004, 8:27 AM CET

Defendant: Microsoft source code sale was a setup
A 27-year-old Connecticut man facing felony economic espionage charges for allegedly selling a copy of Microsoft's leaked source code for $20 says he's being singled out only because the software giant and law enforcement officials can't find the people who stole the code in the first place. [more]
Friday, 12 November 2004, 8:26 AM CET

Ten SP2 flaws leave XP users open to hackers
Millions at risk from 'silent and remote' attacks, claims security firm. [more]
Friday, 12 November 2004, 12:26 AM CET

Microsoft issues only one fix in monthly security update
However, Internet Explorer vulnerability make force additional patch. [more]
Friday, 12 November 2004, 12:23 AM CET

IBM Canada pumps cash into security services
In an effort to establish a Canadian front on the international fight to secure corporate IT infrastructure, IBM Canada announced a US$33.5 million investment over five years in its Canadian security practice and the creation of a security operations center (SOC). [more]
Friday, 12 November 2004, 12:22 AM CET

Security basics - beating hackers, pirates and thieves
Internet pirates are looting bank accounts, stealing medical research and business secrets and taking over computers for malicious uses. Luckily, there are a few ways to thwart these evil-doers, and we'll offer a few in this article. [more]
Thursday, 11 November 2004, 9:49 AM CET

I.T. security workforce to nearly double by 2008
The key to a successful security strategy is involvement. It appears the enterprises that remain free of viruses, break-ins and thefts will be those that refrain from throwing money or software at problems, and instead bring people in to respond to the shifting sands of I.T. hazards. [more]
Thursday, 11 November 2004, 9:35 AM CET

Banks prepare for ATM cyber crime
An international group of law enforcement and financial industry associations hopes to prevent a new type of bank robbery before it gets off the ground: cyber attacks against automated teller machines. [more]
Thursday, 11 November 2004, 9:34 AM CET

Cyber crime tools could serve terrorists: FBI
The hacking and identity theft tools now earning big money for mainly eastern European organised crime could be used by terrorists to attack the US, an FBI official claims. [more]
Thursday, 11 November 2004, 12:11 AM CET

Antivirus subscription prices climb
Troublesome Trojan horses, virulent worms, nasty viruses--sometimes it may seem like the Internet exists just to let the bad guys attack your PC. [more]
Thursday, 11 November 2004, 12:11 AM CET

Protect your organization's sites with a leak-proof security policy
Every organization requires some type of a network site security policy that will protect the organization's valuable assets -- everything from systems to data. [more]
Thursday, 11 November 2004, 12:07 AM CET

Microsoft flaw leaves PCs open to phishing
ISA Server 2000 and Proxy Server 2.0 affected by internet spoofing scam. [more]
Thursday, 11 November 2004, 12:06 AM CET

Trojan horse targets mobile phones
A new Trojan horse sends unauthorized spam to mobile phones via SMS. Called Troj/Delf-HA by security firm Sophos, the malware has only infected a few users of a Russian wireless network, but Sophos warns that similar attacks may occur elsewhere. [more]
Thursday, 11 November 2004, 12:04 AM CET

DHS plots security database
The Homeland Security Department is developing a single security clearance database that will include state, local and private-sector officials who will be authorized to gain access to a secure facility or classified information. [more]
Thursday, 11 November 2004, 12:03 AM CET

Juniper looks toward future, eyes integrated security
Fresh off record third-quarter growth, Juniper Networks outlined its strategy for the next 12 months, including plans to move to integrated security and to secure the Infranet, a profitable public IP network. [more]
Thursday, 11 November 2004, 12:02 AM CET

Cryptography research expands into Europe
Recognizing the strategic significance of Europe in driving the deployment of smart cards, Cryptography Research announced it has set up operations in the UK to provide enhanced support for European licensees of its recently launched DPA Countermeasures Licensing Program. [more]
Wednesday, 10 November 2004, 7:01 PM CET

Admiral calls for improved protection for classified data
Defense Department officials need a better way to compartmentalize classified information as part of an information assurance program that also embodies information sharing, the deputy commander of the U.S. Pacific Command said. [more]
Wednesday, 10 November 2004, 7:00 PM CET

Spammers take aim at Christmas
Study reveals junk mail tactics becoming ever more sophisticated. [more]
Wednesday, 10 November 2004, 6:58 PM CET

Bofra worm sets trap for unwary
A new family of worms which uses an unpatched vulnerability in Internet Explorer is spreading widely across the net. [more]
Wednesday, 10 November 2004, 6:58 PM CET

Firms warn of new Mydoom worm
Anti-virus software maker McAfee Inc. is warning about a new version of the Mydoom worm that infects computers of people who click on a link in e-mail they receive. [more]
Wednesday, 10 November 2004, 12:08 AM CET

Security group sets baseline standard for firewalls
Four security software rivals are have teamed up to set a baseline standard for application security firewalls, challenging others in the industry to join them. [more]
Wednesday, 10 November 2004, 12:07 AM CET

Security company defends Linux-is-vulnerable survey
A UK security company has published an open letter following a furore in the Linux camp after a study claimed that nearly two thirds of successful Internet-based attacks occurred on the open source operating system. [more]
Wednesday, 10 November 2004, 12:06 AM CET

Nokia beefs up SSL VPN
New Secure Connector feature gives remote users secure network-level access, including access to business applications, data, and network services. [more]
Wednesday, 10 November 2004, 12:05 AM CET

Boom times ahead for IT security profession
Boom times are ahead for security pros. The information security workforce will expand by an estimated 13.7 per cent annually to reach 2.1m workers by 2008. Approximately 680,000 of this expanded workforce will work in Europe. [more]
Wednesday, 10 November 2004, 12:05 AM CET

Security breached again at US giants
Two major US corporates have suffered apparent security breaches embarrassingly similar to incidents earlier this year. [more]
Tuesday, 9 November 2004, 11:24 AM CET

Building a LAMP server w/ LDAP authentication
This tutorial is designed to guide you through the initial steps of setting up an Apache, MySQL, and PHP server on Linux which will utilize an external LDAP server for authenticating users. [more]
Tuesday, 9 November 2004, 11:13 AM CET

Enforcement, not flawlessness, key to security
Surviving a security audit requires good policies, procedures and practices — and auditors look unfavorably on federal agencies with policy and procedural deficiencies, a security compliance official said today at a conference in Washington, D.C. [more]
Tuesday, 9 November 2004, 11:01 AM CET

An IT manager's insight into securing removable media
Removable media devices are here to stay. Their ease of use and low cost have made them ubiquitous in the work environment – but at what price? In this article we look at the pros and cons of removable media, and the steps IT managers can take to mitigate the security risks associated with them. [more]
Tuesday, 9 November 2004, 10:41 AM CET

Security stats sobering as CSI show opens
Survey finds that 81 percent of companies say attacks on their network are increasing. [more]
Tuesday, 9 November 2004, 10:28 AM CET

Czech virus writer joins anti-virus firm
Benny, one-time member of the 29A virus writing group, has begun work as the main developer of Zoner Anti-Virus (ZAV), according to an entry on his home page. [more]
Tuesday, 9 November 2004, 10:12 AM CET

Demand for IT security pros growing fast
Government regulations and dynamic threats driving need for qualified staff. [more]
Tuesday, 9 November 2004, 10:11 AM CET

Report: a misplaced sense of security?
Despite feeling safer now than a year ago, 20 percent of businesses in a network security survey of 300 IT staffers in companies with more than $30 million in annual revenues admitted to unauthorized breaches into their company networks. [more]
Tuesday, 9 November 2004, 10:06 AM CET

Encryption gets personal
Identity-based encryption avoids the need for a public key infrastructure. [more]
Monday, 8 November 2004, 12:17 PM CET

Finding your weakest link
The Interceptors find public- and private-sector wireless vulnerabilities. [more]
Monday, 8 November 2004, 12:16 PM CET

Experts debunk Linux security criticisms
Linux experts slam a report naming the OS as a favorite hacker target, citing methodology flaws and "suspicious" conclusions. [more]
Monday, 8 November 2004, 12:13 PM CET

Online fraud tutorials... from the Secret Service?
U.S. law enforcement closed down the thriving criminal marketplace last week, but left its database of forbidden knowledge open to the public. [more]
Monday, 8 November 2004, 12:12 PM CET

Phishers adopt scam tricks from virus writers
You know all about phishing scams, right? [more]
Monday, 8 November 2004, 12:11 PM CET

Sourcefire - the open source answer to network security
In the past couple of years, technologies such as intrusion detection and protection systems have become mainstream tools in the corporate security arsenal. But many feel less than satisfied with the performance of some of these technologies. [more]
Monday, 8 November 2004, 12:10 PM CET

Alleged DDoS kingpin joins most wanted list
The feds turn up the heat on a corporate executive who went on the lam after being charged with paying hackers to take down the competition. [more]
Monday, 8 November 2004, 12:09 PM CET

Not a patch on the new breed of cyber-criminal
Whatever the reason for a malicious cyber-attack, whether it be for financial gain, espionage or just for the sheer hell of it, companies must protect against unwarranted incursion into their system. [more]
Monday, 8 November 2004, 11:00 AM CET

Secure Windows Server 2003 Active Directory
Make Active Directory more secure under Windows Server 2003. [more]
Friday, 5 November 2004, 10:28 AM CET

Good Samaritan breaks up ID gang
A good Samaritan who handed a lost CD wallet into his local police station helped cyber plods crack what they are calling Australia's largest identity fraud ring. [more]
Friday, 5 November 2004, 10:22 AM CET

Phishers adopt scam tricks from virus writers
Dangerous new ways to try to steal your money are in progress. [more]
Friday, 5 November 2004, 10:19 AM CET

Microsoft ends exclusive patch peeks
Microsoft plans to open up who gets a sneak peek at its security bulletins. [more]
Friday, 5 November 2004, 10:13 AM CET

Advanced features of netfilter/iptables
Iptables has many hidden gems that can allow you do things with your firewall that you might never have even imagined. [more]
Friday, 5 November 2004, 10:12 AM CET

Security improvements urged to boost e-commerce
"There are three factors holding consumers back from using the Internet for e-commerce: it's scary, it's hard to use, and it is confusing and chaotic." RSA Security chief executive Arthur Coviello said. [more]
Friday, 5 November 2004, 10:11 AM CET

TCP/IP checksum vectorization using AltiVec, part 1
This two-part article demonstrates the kinds of performance gains AltiVec can produce on the TCP/IP checksum, or on code similar to it. [more]
Friday, 5 November 2004, 10:03 AM CET

RSA Conference Europe 2004 showcase video
Here's a showcase of the RSA Conference Europe 2004 in Barcelona. The video is 3:44 minutes in length, available in Windows Media 9 256K (6.9 MB) and 64K (1.7 MB). [more]
Thursday, 4 November 2004, 4:07 PM CET

Suspected hacker faces four counts of fraud
Former UT student allegedly stole personal information. [more]
Thursday, 4 November 2004, 9:26 AM CET

Stamping out spam
It clutters your e-mail, slows your PC, and worse - but plenty of weapons can combat spam. Here's how to choose the best one for you. [more]
Thursday, 4 November 2004, 9:25 AM CET

New phishing scam even more insidious
Fraudsters have developed a potent new computer program that steals Internet banking customers' details by duping them into opening up a bogus e-mail, a British security firm said Wednesday. [more]
Thursday, 4 November 2004, 9:22 AM CET

Making secure remote backups with Rsync
Backups are more important than ever these days, as our digital information collections expand. Many Linux users know rsync as a file transfer utility, but rsync can also be an efficient tool for automating remote backups of your Linux, Windows, and even Mac OS X systems. [more]
Thursday, 4 November 2004, 9:20 AM CET

Network security gets physical
When you hear about convergence, it's usually in reference to the union of voice and data networks. But the security sector is about to witness its own version of this phenomenon as more customers begin to demand ways to make their networks and physical security systems work better together. [more]
Thursday, 4 November 2004, 9:18 AM CET

Two found guilty in spam case
A man and his sister, who sent unsolicited junk email to millions of America Online customers, have been convicted in the first felony prosecution of distributors of spam in the US. [more]
Thursday, 4 November 2004, 9:14 AM CET

A spyware mystery: who's behind it?
In less than two years, CoolWebSearch has become the bane of the computing industry. [more]
Thursday, 4 November 2004, 9:11 AM CET

Using netstat for surveillance and troubleshooting
Keep an eye on your Linux systems. [more]
Thursday, 4 November 2004, 9:09 AM CET

RFID rights
The rush by Wal-Mart and other companies to put radio frequency identification devices in their goods could imperil consumer privacy. [more]
Thursday, 4 November 2004, 9:07 AM CET

Cisco firewall source code is for sale
A group describing itself as the Source Code Club (SCC) has offered to sell source code for Cisco's Pix proprietary security firewall software to any taker for $24,000. [more]
Thursday, 4 November 2004, 8:51 AM CET

Installing and securing VoIP with Linux
We have been using Linux for years as firewalls and we knew there had to be a low cost open source solution to fulfill the requirements, and that's when we found 'Asterisk' - a full blown Linux based PBX system meeting all the requirements of voice mail, conference calling, caller ID, call parking, music on hold, PBX to PBX dialing and much more. [more]
Thursday, 4 November 2004, 8:50 AM CET

SSH user identities
This article shows how to improve SSH security using public key authentication instead of, or in addition to, password authentication. [more]
Thursday, 4 November 2004, 8:47 AM CET

Online payment firm in DDoS drama
Online payments processing firm Protx is continuing to fight a sustained internet attack which has severely impacting its services for the fourth successive day. [more]
Thursday, 4 November 2004, 8:43 AM CET

WiFi security concerns easing
For corporate deployment of WiFi networks, security has been the biggest hurdle to overcome and one of WiFi's biggest cons. Today, all that has changed. [more]
Thursday, 4 November 2004, 8:40 AM CET

NSA gives security guidance for Mac OS X
The National Security Agency has posted a 109-page document on its Web site telling agencies how to securely install and use Apple Computer Inc.’s Mac OS X Version 10.3.x operating system, code-named Panther. [more]
Thursday, 4 November 2004, 8:35 AM CET

Days in the life of a security penetration tester
Foreign hackers, weak passwords, backdoors and buffer overflows - just another day at the office for a penetration tester. Here's a look at a typical few days' testing work at my company, and what all companies can learn from the results. [more]
Wednesday, 3 November 2004, 12:40 PM CET

Anti-spyware programs clean but don't disinfect
Though less than a year old, the PC took more than five minutes to start up and never shut down without stalling on error messages. [more]
Wednesday, 3 November 2004, 12:36 PM CET

Review: SUSE Linux Enterprise Server 9
SUSE Linux Enterprise Server 9 represents a significant step forward for GUI-based enterprise server operating systems. [more]
Wednesday, 3 November 2004, 12:34 PM CET

WLAN users still worried about security
Although potential wireless network users are being deterred by concerns about network security, companies continue to adopt the technology for data and voice. [more]
Wednesday, 3 November 2004, 12:31 PM CET

Silicon builds stronger security
There's a clear need for better PC security - and purpose-built chips could help. [more]
Wednesday, 3 November 2004, 12:30 PM CET

IE falters, Mozilla gains amid security fears
Although Microsoft still dominates the Web browser space, Internet Explorer continues to lose market share to open-source rival Mozilla due to security concerns. [more]
Wednesday, 3 November 2004, 12:22 PM CET

Nokia adds RFID to latest handsets
Near Field Communication shell system offers touch-based interactions. [more]
Wednesday, 3 November 2004, 12:22 PM CET

IE exploits top web security threat list
Internet Explorer exploits posed the fastest growing web security threat to enterprises in the last quarter, according to web security services firm ScanSafe. [more]
Wednesday, 3 November 2004, 12:19 PM CET

Security software support seen passing $800 million mark
U.S. security software support services are expected to grow from $551 million in 2003 to $808 million in 2008, an IDC report released Monday says. [more]
Wednesday, 3 November 2004, 12:17 PM CET

Face-to-face for 20MByte chip card security control
Infineon claims the world's first chip card security controller using the innovative face-to-face technology, offering 1MByte of memory capacity, manufactured in a 130nm process technology. [more]
Wednesday, 3 November 2004, 12:14 PM CET

Online identity theft: many medicines, no cure
Technologies emerge to address growing problems. [more]
Tuesday, 2 November 2004, 7:19 AM CET

Phishing for savvy users
Recent "phishing" episodes are still often overlooked by tech-savvy users, but a lesson in history shows how entire nations have been fooled. [more]
Tuesday, 2 November 2004, 7:17 AM CET

Limit user freedom to improve IT security
IT departments need to lock down their users' PC configurations, Gartner research vice-president Brian Gammage has warned. [more]
Tuesday, 2 November 2004, 7:16 AM CET

First automated password entry application for USB drives
Siber Systems announced it has shifted the power of computer password and digital identity storage/management to a truly portable, increasingly popular, and previously unexpected platform -- the USB drive. [more]
Tuesday, 2 November 2004, 7:15 AM CET

Security and integration burden AS400 managers
Single sign-on, security, heavy workload and constantly changing technical and business requirements are among the issues that keep members of the IBM mid-range systems user group Common UK awake at night. [more]
Tuesday, 2 November 2004, 7:12 AM CET

Know your enemy: learning about security threats 2/e
We all know that attackers are becoming more sophisticated and many times the security community has a hard time catching up. Honeynets are making the knowledge gap smaller and this book is what you need if you're deploying a honeynet, this is essential reading. [more]
Tuesday, 2 November 2004, 12:12 AM CET

AOL joins industry anti-spam, anti-virus group
America Online said it has joined the Messaging Anti-Abuse Working Group, which was formed last December by a group of communications and technology companies to fight spam, viruses and other online attacks and nuisances. [more]
Tuesday, 2 November 2004, 12:05 AM CET

The rise of security threats
The current security threats to business IT infrastructures have increased dramatically. Most notable are the rising number of viruses and similar malicious programs that threaten serious financial loss. [more]
Monday, 1 November 2004, 2:47 PM CET

Business frets over wireless security
There is no question that a number of the new mobile solutions that are being developed could help many business processes function more efficiently. [more]
Monday, 1 November 2004, 2:06 PM CET

Laptop users cited as high security threat
Europe-wide survey finds 'massive ignorance' over spyware. [more]
Monday, 1 November 2004, 2:05 PM CET

Bagle virus takes aim at Microsoft
While only 120 computers in Australia were hit on the weekend by the latest variant of the Bagle virus (W32/Bagle-AU-Sophos), antivirus providers are warning that it is particularly nasty. [more]
Monday, 1 November 2004, 11:11 AM CET

The case for secure strategies
A comprehensive security strategy aims at leveraging the best information security practices to improve business performance. [more]
Monday, 1 November 2004, 11:10 AM CET

Concerns over Windows cashpoints
Cash machine networks could soon be more susceptible to computer viruses, a security firm has warned. [more]
Monday, 1 November 2004, 1:57 AM CET

The basics of DNSSEC
The DNS is one of the building blocks of the modern Internet. It's showing its age, though; it comes from a time when trust was the default. Now it's time to move to more secure approaches. [more]
Monday, 1 November 2004, 1:52 AM CET

Simpler ID management readied by Microsoft
Portal-like interface to be featured. [more]
Monday, 1 November 2004, 12:30 AM CET

Common sense about passwords
Passwords are a pain, but new thinking about passwords and some new tools make it possible to make passwords easier to manage and more effective. [more]
Monday, 1 November 2004, 12:25 AM CET

Spyware: users say yes to it
Tagalong software, generally known as spyware, is an especially tricky security threat because user carelessness is nearly always to blame. [more]
Monday, 1 November 2004, 12:23 AM CET

The great 'standalone' ID card swindle
The Home Office pulled off quite a coup last week. It contrived to duck or ignore a series of criticisms of its ID card scheme, and announced minor changes which in some cases could actually be seen as strengthening it. [more]
Monday, 1 November 2004, 12:22 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th