Off The Wire Archive

News items for November 2005

Security: forensic CDs
Last month, I wrote about Auditor, a comprehensive bootable CD for pentesters. After I wrote that column, I started to think about the many forensic CDs that I have used in the past and how handy they were when I needed them. So I decided that I need to highlight some of these tools as well (and then I promise to get off the topic of bootable CDs for a while!). [more]
Wednesday, 30 November 2005, 3:43 PM CET

Security expert: more sophisticated attacks likely
Terroists groups and criminal organizations are possible perpetrators. [more]
Wednesday, 30 November 2005, 11:40 AM CET

Sony, Panasonic, others set RFID consortium
Group work for a year on guidelines covering the use of RFID tags. [more]
Wednesday, 30 November 2005, 11:37 AM CET

Regaining control
Securing endpoint systems by locking them down using complex software brings back memories of another era, where business computers were once used for business applications only - and businesses retained control over their assets and data. [more]
Wednesday, 30 November 2005, 3:21 AM CET

Hitachi fingers vein recognition for authentication
First laptop with build in vein scanner. [more]
Wednesday, 30 November 2005, 2:14 AM CET

Storage vendor IO Data ships drives with Trojan
The infected hard drives are available on the Japanese market only. The vendor won't supply users with a tool to remove the malware but instead is advising customers to use their own security application or a 30-day free trial version. [more]
Wednesday, 30 November 2005, 1:54 AM CET

Mac OS X security under scrutiny
Flaw finders and hackers have taken a shine to Apple's polished operating system, but some say that recent security problems are more than just skin deep. [more]
Wednesday, 30 November 2005, 1:39 AM CET

Key strategies and trends for building highly secure government networks
In this webcast Robert Whiteley and Margaret E. Grayson will explore the key challenges facing government agencies and the solutions they are using to secure their network communications and information access. [more]
Wednesday, 30 November 2005, 1:19 AM CET

ISPs filtering out spam, says FTC
Users should mask their emails more. [more]
Tuesday, 29 November 2005, 3:51 PM CET

Securing Linux production systems
This article is a practical step-by-step guide for securing Linux production systems. It discusses basic Linux security requirements for systems that need to pass various audits in an enterprise environment. [more]
Tuesday, 29 November 2005, 3:05 PM CET

The five security 'musts' you can't ignore
These are just the first things you must do. [more]
Tuesday, 29 November 2005, 3:02 PM CET

Piracy cuts deep
I wonder whether the media has finally bought into the hype generated by the pirates, that software theft is good for vendors because it expands the potential market for the purloined product and software that enhances it. [more]
Tuesday, 29 November 2005, 3:00 PM CET

Major financial leak threatens stock traders
Online trading company Scottrade has warned its customers that data thieves compromised the systems of its electronic checking provider last month, resulting in a major leak of personal information. [more]
Tuesday, 29 November 2005, 2:58 PM CET

Qmail Toaster makes mail server setup easy
A mail server is an essential part of any organization's IT infrastructure, but installing and maintaining a mail server is not always easy, and it's often difficult for small organizations to pay an expert to set up a mail server. Fortunately, Qmail Toaster can simplify the task enormously. [more]
Tuesday, 29 November 2005, 2:55 PM CET

Microsoft Office Live Meeting 2005 security guide
Some meetings contain confidential material and therefore require special attention with regard to who can access the meeting and how to safeguard the meeting content. [more]
Tuesday, 29 November 2005, 2:53 PM CET

Exploit code unleashed for Windows DoS flaw
Exploit code is circulating on the internet that can take advantage of a critical Windows security vulnerability disclosed by Microsoft last month. [more]
Tuesday, 29 November 2005, 2:47 PM CET

Hacked server exposes brokerage customers' data
Online brokerage Scottrade says a server compromise at a service provider may have exposed the financial details of its customers, including banking account information and Social Security numbers. [more]
Tuesday, 29 November 2005, 2:46 PM CET

HP takes on network security challenge
HP's work on open-standards infrastructure components is laudable, and it truly seems to have a desire to wrestle this access control beast on behalf of network admins everywhere. If HP succeeds, the results should be outstanding. [more]
Tuesday, 29 November 2005, 2:44 PM CET

Locking down your web applications
In this final Web Security School webcast, Mike Cobb, Managing Director of Cobweb Applications Ltd. and author of IIS Security, looks at how the actual content of your Web site can open holes in its defenses. [more]
Tuesday, 29 November 2005, 2:40 PM CET

Shopping online for the holidays: twelve tips to protect yourself
The National Consumers League, the Better Business Bureau and the National Cyber Security Alliance offer key advice to ensure you have a safe online shopping experience, so that your gift-giving is a joyous occasion, not an opportunity for cyber thieves. [more]
Monday, 28 November 2005, 6:37 PM CET

Simplifying backups
Most computer users don't make use of a system backup tool until after they suffer the misfortunes of a hard drive crash without one. [more]
Monday, 28 November 2005, 6:25 PM CET

Kazaa to install anti-piracy tool
The Kazaa file-sharing network will soon change its core software in an attempt to cut music piracy. [more]
Monday, 28 November 2005, 6:14 PM CET

Hacking 101: becoming productive quickly in the UNIX world
This document gives the reader a tour of what the UNIX development environment has to offer. [more]
Monday, 28 November 2005, 11:14 AM CET

New path of attack
Just when patching showed progress against the worst security threats, cybercriminals shift their focus. [more]
Monday, 28 November 2005, 10:25 AM CET

Blocking Skype using Squid and OpenBSD
This article describes a process that will enable you to effectively block Skype on your network. [more]
Monday, 28 November 2005, 10:16 AM CET

Keeping a finger on security
Whether someone is who he or she says they are can't always be taken at face value. But now, the use of biometric technology - once prohibitive in costs - is becoming increasingly more accurate, detailed and affordable. It's also a developing as a business niche in the Tampa Bay area. [more]
Monday, 28 November 2005, 8:47 AM CET

Sober worm's still with us
A new variation of the long-running Sober worm last week was using extremely effective scare tactics to trick users into infecting their PCs, including posing as messages from the FBI and the CIA. [more]
Monday, 28 November 2005, 8:46 AM CET

Music industry seeks access to private data to fight piracy
Civil rights fears over phone and email records. [more]
Monday, 28 November 2005, 3:06 AM CET

Symantec refuses to sell audit tool outside the US
Return of the crypto wars? [more]
Monday, 28 November 2005, 2:15 AM CET

EU seeks to limit data retention rules to one year
European Parliament wants telcos and ISPs to hold data for one year. [more]
Monday, 28 November 2005, 1:59 AM CET

Applying security to web servers
The famous Top Ten list of security bugs isn't enough. True security means looking deeper into OWASP and WASC. [more]
Monday, 28 November 2005, 1:20 AM CET

US moves forward on data privacy
Draft law heads for full Senate hearing. [more]
Monday, 28 November 2005, 12:55 AM CET

Best practices for securing electronic private health information
With consumer concerns about privacy, information safeguarding, and legislation at an all-time high, hospitals and health care providers must be diligent in protecting patients' and clients' private information. [more]
Monday, 28 November 2005, 12:33 AM CET

Security worries threaten Christmas web spending
BSA predicts trouble ahead. [more]
Monday, 28 November 2005, 12:11 AM CET

Merchants jump on Visa's free security service
Enterprises conducting e-commerce transactions have been quick to take up Visa's free, hosted security auditing service, according to the company. [more]
Friday, 25 November 2005, 9:27 AM CET

Securing databases with cryptography
This article discusses how cryptography can fit into your security profile. After explaining what cryptography is and providing a general idea of how it works, we dig into the various types of cryptographic algorithms and see where the strengths and weaknesses of each lie. [more]
Friday, 25 November 2005, 2:55 AM CET

Sloppy handheld habits continue to plague users
A third of professionals using mobile devices such as PDAs and smartphones are failing to use passwords or any other security protection, and even store their PIN numbers, passwords and other corporate information on the devices. [more]
Friday, 25 November 2005, 2:18 AM CET

UK 'full of fraudsters' - survey
Dishonesty rampant in bogus Britain. [more]
Friday, 25 November 2005, 1:51 AM CET

Using voice verification to securely automate password resets
Attend this webcast session to learn how to reduce the costs, enhance password security, simplify utilizing voice biometrics for end users and improve your password reset solution. [more]
Friday, 25 November 2005, 1:32 AM CET

Sober is biggest worm attack of the year
The Sober worm outbreak that began in earnest Tuesday has been dubbed the world's largest mass-mailed malware attack of 2005 by a Finnish security firm. [more]
Thursday, 24 November 2005, 1:19 PM CET

Google appliances vulnerable
Everyone's favorite technology company was given 60 business days to patch their search appliances. [more]
Thursday, 24 November 2005, 4:16 AM CET

Fear of identity theft is bad for business
Most online shoppers say they will take their business elsewhere if they find out their personal information was compromised, according to a survey of U.S. Internet users. [more]
Thursday, 24 November 2005, 3:51 AM CET

Sony fiasco: More questions than answers
The big story the last few weeks has been the Sony BMG rootkit and in fact, it's the kind of story for which columnists drool: a big company does something unbelievably dumb that violates basic security principles. [more]
Thursday, 24 November 2005, 3:34 AM CET

New Sober worm spoofs FBI, CIA
A fast-spreading variation on the long-running Sober worm is using extremely effective tactics to trick users. [more]
Thursday, 24 November 2005, 3:11 AM CET

Instant messaging the next security risk vector
"Drive-by downloads" still a threat. [more]
Thursday, 24 November 2005, 2:28 AM CET

Opera plugs security holes
Opera Software has issued a security patch to protect its browser users against flaws in Macromedia’s Flash Player. [more]
Thursday, 24 November 2005, 2:12 AM CET

Public divided on ID cards, poll reveals
The public is evenly divided on whether or not identity cards are a good idea, with 50 per cent supporting the introduction, and 48 per cent opposing it, according to a new poll conducted on behalf of campaign group No2ID. [more]
Thursday, 24 November 2005, 2:05 AM CET

Proactive virus strategies
You'll have fewer and less severe problems when you're properly protected from viruses, spyware, adware, and other types of software that can harm your computer. [more]
Thursday, 24 November 2005, 1:47 AM CET

Overcoming those first hurdles when selling a security solution
In the last 14 years the number of global cases that identify corporate board members as being personally responsible for the loss of customer information, customer confidence and so forth have grown considerably. [more]
Thursday, 24 November 2005, 1:09 AM CET

Dark cloud hovers over Black Hat
New corporate ownership won't exempt the bleeding-edge security conference from future Ciscogates, and clashing court decisions leave the outcome up for grabs. [more]
Thursday, 24 November 2005, 12:59 AM CET

The 2005 SANS top 20 Internet security vulnerabilities
This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. Unlike the previous Top-20 lists, this list is not "cumulative" in nature. It only has critical vulnerabilities from the past year and a half or so. [more]
Wednesday, 23 November 2005, 12:08 PM CET

OATH announces 2006 roadmap for open authentication
OATH, the Initiative for Open Authentication, today announced the organization’s 2006 technology roadmap that builds upon the technical framework for open authentication established by the OATH Reference Architecture released earlier this year. [more]
Wednesday, 23 November 2005, 11:59 AM CET

Making your security fit
There is no doubt that network security keeps IT directors awake at night. [more]
Wednesday, 23 November 2005, 11:58 AM CET

Test drive: EnGarde Secure Linux
EnGarde Secure Linux is a server-based distribution developed with security in mind. [more]
Wednesday, 23 November 2005, 11:24 AM CET

Nine principles of security architecture
Security architecture is a new concept to many computer users. Users are aware of security threats such as viruses, worms, spyware, and other malware. Architectural security, though, remains a mystery to most computer users. [more]
Wednesday, 23 November 2005, 8:15 AM CET

Three security perimeters needed for secure wireless
Today’s sophisticated mobile devices can expose the wireless network to the same security vulnerabilities that have plagued conventional wired networks. [more]
Wednesday, 23 November 2005, 8:14 AM CET

Web browser developers work together on security
Core KDE developer George Staikos recently hosted a meeting of the security developers from the leading web browsers. [more]
Wednesday, 23 November 2005, 8:08 AM CET

New Sober worm spoofs FBI, CIA
A new variation of the long-running Sober worm uses extremely effective tactics to trick users into infecting their PCs, security companies said Tuesday, including posing as messages from the FBI and CIA. [more]
Wednesday, 23 November 2005, 8:06 AM CET

Security spending cloaked in compliance
While regulatory compliance is the primary driver of corporate information security projects it is a dangerous strategy that could weaken enterprise defenses, according to Ray Wagner, Gartner's information security and privacy research vice president. [more]
Wednesday, 23 November 2005, 8:04 AM CET

Creating a Linux mail server
Postfix, Procmail, Fetchmail, SpamBayes, Courier-imap, Mutt, SquirrelMail. [more]
Wednesday, 23 November 2005, 7:50 AM CET

Security software rivals chip away at Symantec
Security software maker Symantec Corp.'s rivals are chipping away at its market-leading position as the company deals with the departure of two executives key to its $10.3 billion Veritas Software acquisition, a slowing consumer market, and future price cuts. [more]
Wednesday, 23 November 2005, 2:56 AM CET

How does spyware work?
Spyware has multiple vectors to infecting a computer and a network: direct downloads, attachments, foistware, adware and Web pages, and more. [more]
Wednesday, 23 November 2005, 2:48 AM CET

Secure XML messaging with JMS
This tutorial teaches you how to include support for secure XML messaging over an existing JMS network. [more]
Wednesday, 23 November 2005, 2:31 AM CET

How to lock down enterprise data with infrastructure services
This paper outlines the different strategies for encrypting stored data so you can make the decision that is best to use in each different situation, for each individual field in your data store to be able to practically handle different security and operating requirements. [more]
Tuesday, 22 November 2005, 8:29 PM CET

Cyber attackers found green fields in 2005
Hackers are switching their focus to network devices, backup software. [more]
Tuesday, 22 November 2005, 4:34 PM CET

Privacy group sues Sony for XCP 'damage'
Record label's nightmare worsens as Electronic Frontier Foundation wades in. [more]
Tuesday, 22 November 2005, 4:34 PM CET

Panelists weigh potential RFID security threats
Radio Frequency identification technology is facing network security challenges. That's the consensus from TechBiz Connection panelists participating in a discussion on RFID last week at an industry gathering in Irvine, Calif. [more]
Tuesday, 22 November 2005, 4:33 PM CET

Secure backup and storage using a disk image and an iPod
n case you lose your iPod (or any other external drive for that matter) or it gets stolen your data is in danger. [more]
Tuesday, 22 November 2005, 4:28 PM CET

Security concerns dog U.S. online shoppers says survey
Consumers shopping online fear their personal information will be sold to third party. [more]
Tuesday, 22 November 2005, 4:27 PM CET

Security: freedom to enter but no right to roam
How will ITdirectors in businesses that span European borders adapt as corporate security evolves from a closed fortress approach to an open door policy? [more]
Tuesday, 22 November 2005, 4:26 PM CET

Sober variants continue to spread
Emails carrying malware purport to come from the FBI. [more]
Tuesday, 22 November 2005, 4:25 PM CET

Unpatched Explorer flaw 'extremely critical'
UK company releases proof-of-concept exploit for browser flaw. [more]
Tuesday, 22 November 2005, 11:30 AM CET

Secure remote file management with sshfs
It's a dangerous Internet out there, kids. If you are going to work on remotely connected machines, do it safely. [more]
Tuesday, 22 November 2005, 11:30 AM CET

Don't believe the VoIP security hype
Denial-of-service attacks against VoIP systems are still the biggest security threat, according to experts. Beyond that, other frequently mentioned risks, like eavesdropping and voice spam, are not much more than hype. [more]
Tuesday, 22 November 2005, 11:29 AM CET

Token-based authentication his a success for ETrade
But CIO says firm is still evaluating technologies. [more]
Tuesday, 22 November 2005, 11:28 AM CET

Microsoft rebukes security researcher
Ed Moyle, president of SecurityCurve, told TechNewsWorld that the good news is the vulnerability itself is minimal from a risk perspective. [more]
Tuesday, 22 November 2005, 11:27 AM CET

Juniper, others make security buyouts
Network hardware companies continue to snap up technology they can use to make security a standard feature in the switches and routers that comprise the basic network plumbing inside businesses. [more]
Tuesday, 22 November 2005, 11:22 AM CET

Hackers hitting popular apps
Cyber criminals have shifted targets. Until recently, hackers went after operating systems and Internet services like Web servers and E-mail servers. [more]
Tuesday, 22 November 2005, 11:21 AM CET

Study: security still top IT spending priority
A recent survey of 100 US IT executives predicts that IT spending will decrease slightly in 2006 as more businesses worry about global economic conditions, but security software and enterprise IT upgrades remain top concerns, according to Goldman, Sachs & Co. [more]
Monday, 21 November 2005, 6:40 AM CET

Corporate focus on compliance could hurt security
Companies that make regulatory compliance the sole driver of their information security efforts could be weakening their long-term security posture. [more]
Monday, 21 November 2005, 6:34 AM CET

Google Base launched with security hole
Google has patched a security problem with its Google Base that allowed attackers to steal sensitive information from users of the new content-hosting service. [more]
Monday, 21 November 2005, 6:33 AM CET

Novell attacks Microsoft Linux atudy
Microsoft went on the offensive earlier this week, announcing a study in which Windows Server trounced Novell's SUSE Enterprise Linux in both reliability and ease of use over a period of one year. Novell says the report simply "aims to confuse the market." [more]
Monday, 21 November 2005, 1:48 AM CET

"Wi-Fi Phishing": how to secure your mobile workforce
This white paper will discuss the dangers of wireless devices outside your network, including the rise of the mobile worker at hotspots and hotspot phishing. [more]
Monday, 21 November 2005, 1:26 AM CET

Regulatory compliance beats worms for the first time
Worms and viruses are becoming more pervasive, but surprisingly they are no longer the main concern of IT managers. [more]
Monday, 21 November 2005, 12:40 AM CET

Security considerations during Exchange migration
This paper discusses security concerns to consider when migrating from Exchange 5.5 to Exchange 2003, and ways to minimize their impact. [more]
Monday, 21 November 2005, 12:28 AM CET

Web site operators admit role in phishing ring
Six more people pleaded guilty Thursday to operating a Web site that investigators claimed was one of the largest online centers for trafficking in stolen identity information and credit cards. [more]
Monday, 21 November 2005, 12:20 AM CET

Password-stealing keyloggers skyrocket
Breeding like phishes. [more]
Monday, 21 November 2005, 12:19 AM CET

More questions raised as Sony starts rootkit exchange
Security researchers say there are new problems in the software Sony is giving users. [more]
Monday, 21 November 2005, 12:14 AM CET

CSI in computer forensics gaffe
A team of computer forensic investigators has pointed out that a character in a recent episode of hit TV show CSI failed to follow a basic rule of looking for evidence. [more]
Friday, 18 November 2005, 4:34 PM CET

Hacker-proofing ASP.Net applications
Compuware wisely recommends that source-code analysis be run frequently so that security problems are caught before they are baked into an application. [more]
Friday, 18 November 2005, 4:33 PM CET

Tape encryption devices: host-based vs. appliance
How will you be judged if one of your company's backup tapes falls into the wrong hands? [more]
Friday, 18 November 2005, 4:32 PM CET

Spyware impact on compliance requirements
Spyware is a growing security threat facing today's enterprises, and failure to address this issue may expose the enterprise network to substantial risks of adverse legal action. [more]
Friday, 18 November 2005, 4:31 PM CET

Consumers inclined to switch banks if victimized
"Anybody who has an e-mail account that can be contacted, anybody who has a telephone that can be listened in on, anybody who has a credit card they use in public, in short, anybody in Alabama can become a victim of identity theft," Alabama's Attorney General Troy King said. [more]
Friday, 18 November 2005, 4:30 PM CET

Microsoft partners to beef up antiphishing tools
Microsoft has signed up three companies to add phishing monitoring and detection technology to its antiphishing filter in the MSN Search Toolbarh. [more]
Friday, 18 November 2005, 9:52 AM CET

Spammers pay fines to settle FTC complaint
Defendants sold access to sexually explicit Web sites through unsolicited e-mail, or spam. [more]
Friday, 18 November 2005, 9:33 AM CET

DOD to automate deployment of security patches
The Defense Department recently made it mandatory for computer users to deploy automated security tools across the department to better protect networks from viruses. [more]
Friday, 18 November 2005, 9:29 AM CET

Real story of the rogue Rootkit
Antivirus software makers are nowhere to be found when Sony's CD Trojan horse comes knocking. Mere incompetence can't explain that. [more]
Friday, 18 November 2005, 8:42 AM CET

Ex-MI5 boss, House of Lords give ID cards thumbs down
The House of Lords voted to reject the ID cards bill. [more]
Friday, 18 November 2005, 8:10 AM CET

Microsoft warns of new Windows exploit, no patch available
Microsoft late Wednesday warned Windows users that proof-of-concept code was in circulation that could be remotely and anonymously exploited on Windows 2000 machines. [more]
Friday, 18 November 2005, 7:56 AM CET

How to become an information security professional
Information security professionals may hold a variety of certifications and degrees, but the most popular in recent years is the CISSP. [more]
Friday, 18 November 2005, 7:49 AM CET

Microsoft may look again at virus notification
Customers want more info. [more]
Friday, 18 November 2005, 7:21 AM CET

Security incident response - an overview
This white paper provides highlights and best practices information about computer security incident response, building teams to process security incidents and developing important factors in establishing a security incident response policy. [more]
Friday, 18 November 2005, 6:49 AM CET

Risky employee e-mail habits threaten business
A new survey conducted by Harris Interactive for Fortiva, shows a substantial discrepancy between employees’ perceived and actual risks. [more]
Friday, 18 November 2005, 6:16 AM CET

Users don't trust websites with personal info
Only 16 per cent of people are confident that internet sites will treat their personal information properly, according to a new survey by the Information Commissioner's Office that found widespread concern about data protection laws and practices. [more]
Friday, 18 November 2005, 5:26 AM CET

Smart card to open up computing
Intelligent cards that enable visually impaired people to customise computers and ATMs automatically have been unveiled at a conference in Birmingham. [more]
Friday, 18 November 2005, 5:08 AM CET

Install and use Mac GNU Privacy Guard
Mac GNU Privacy Guard is the Mac OS X port of the popular security utility. This article guides the reader through Mac GNU Privacy Guard installation, as well as its basic functions. [more]
Thursday, 17 November 2005, 12:22 PM CET

Browser hijacking: How to help avoid it and undo damage
Regain control over your online experience. [more]
Thursday, 17 November 2005, 10:26 AM CET

What it takes to secure your data
Before the digitalization of data, encryption was enough to protect vital, private data from prying eyes and malicious intent. [more]
Thursday, 17 November 2005, 10:23 AM CET

Spammer jailed for £1.6m net scam
An internet spammer convicted of running a £1.6m e-mail scam from a bedroom in his father's house has been jailed for six years. [more]
Thursday, 17 November 2005, 10:22 AM CET

CMP buys Black Hat Inc.
Black Hat, Inc., operator of popular conferences related to information security, has been acquired by CMP Media. Jeff Moss, founder and now former owner, will join CMP Media as Director of Black Hat. [more]
Thursday, 17 November 2005, 5:11 AM CET

Counterfeiters caught in a jam
Arizona authorities this week charged suspected members of a criminal ring thought responsible for 10 percent of all fake money in the state after some members sent a printer, jammed with counterfeit bills, out for repair. [more]
Thursday, 17 November 2005, 4:27 AM CET

Speed, security features boost router, switch sales
Sales of enterprise routers and switches grew in the third quarter of 2005, as users sought to install more secure WAN connections and faster, more intelligent LAN pipes. [more]
Thursday, 17 November 2005, 4:17 AM CET

Nagios plug-ins
This article describes a module for handling ranges, adds example code for checking ACPI temperatures on Linux, and includes skeleton Nagios plug-in code that you can adapt for your own needs. [more]
Thursday, 17 November 2005, 3:28 AM CET

Vista security an issue at show
Industry insiders say security in Vista is better, but warn 'nothing is invulnerable'. [more]
Thursday, 17 November 2005, 3:07 AM CET

New Sober worms are being distributed in many formats
PandaLabs has detected the reappearance of the Sober worm in the form of three new variants, Sober.AC, AD and AE, new members of this large family of malicious code that can spread in email messages written in English or German. [more]
Thursday, 17 November 2005, 1:53 AM CET

Using the Metasploit Framework on Mac OS X
One of the best open source and free pen testing applications available on the Internet today is the Metasploit Project. [more]
Thursday, 17 November 2005, 1:16 AM CET

Safeguarding stored data
W. Curtis Preston, the author of "The Storage Security Handbook" and "Unix Backup & Recovery," begins with an overview of security problems that companies are trying to address with encryption and authentication systems. [more]
Thursday, 17 November 2005, 1:02 AM CET

Cell phone could identify its owner by their walk
Whether you stride purposefully or shuffle along, your unique mode of locomotion could soon be used to secure your cell phone against theft and unauthorised use. [more]
Wednesday, 16 November 2005, 2:50 PM CET

Firms admit to mobile security shambles
'Secret' Pins and passwords just a click away. [more]
Wednesday, 16 November 2005, 2:20 PM CET

US wants wiretap ability on Internet calls expanded
U.S. law enforcement authorities want expanded ability to tap any phone call between an Internet phone and a traditional phone if needed for an investigation, according to documents filed this week. [more]
Wednesday, 16 November 2005, 12:43 PM CET

Sony's software removal scheme aggravates security hole
The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. [more]
Wednesday, 16 November 2005, 12:41 PM CET

Home Office issues net child protection guidelines
ISPs take note. [more]
Wednesday, 16 November 2005, 12:38 PM CET

Brushing off the VoIP security scare
With news that the Council of Europe has opted for a switch to VoIP, it seems that the technology is finally beginning to win over admirers in the corridors of power. However, fears over security are still preventing many organisations from taking the plunge. [more]
Wednesday, 16 November 2005, 12:29 PM CET

Beware the perils of being always on
Unsecured wireless networks may be convenient, but they can provide rich pickings for crooks. [more]
Wednesday, 16 November 2005, 12:28 PM CET

Keyloggers jump 65% as info theft goes mainstream
The number of keyloggers unleashed by hackers soared by 65% this year as E-criminals rush to steal identities and information, according to VeriSign iDefense. [more]
Wednesday, 16 November 2005, 12:13 PM CET

Internet security market to reach $58 billion by 2010
The global Internet security market is expected to grow at an annual 16 percent over the next five years to reach $58.1 billion by 2010. [more]
Wednesday, 16 November 2005, 12:02 PM CET

CA debuts desktop password reset tech
CA is pushing forgotten password support onto the desktop with the launch of CA Identity Manager. The technology, which partly stems from CA's recent purchase of security firm Netegrity, is designed to automate the management of user identities and entitlements. [more]
Wednesday, 16 November 2005, 12:01 PM CET

The black book on corporate security
This excerpt is from Chapter 2, "The Information Security Officer: A New Role for a New Threat," from The Black Book on Corporate Security. It was written by Joyce Brocaglia, president and CEO of Alta Associates. [more]
Wednesday, 16 November 2005, 6:13 AM CET

Critical VPN flaw could lead to DoS attacks
"Cisco is extremely good in terms of security; it's one of the best," said Gartner analyst Chris Byrnes. "But any flaws are going to cause worry just because of how many Cisco products are running companies." [more]
Wednesday, 16 November 2005, 5:35 AM CET

19 ways to build physical security into a data center
At information-intensive companies, data centers don't just hold the crown jewels; they are the crown jewels. [more]
Wednesday, 16 November 2005, 5:10 AM CET

Secure remote control for IT support organizations
This white paper addresses concerns regarding security requirements surrounding remote control software. Learning about authentication, authorization and access control, perimeter and administration will alleviate these issues. [more]
Wednesday, 16 November 2005, 4:52 AM CET

Microsoft cleans up Sony's mess
Microsoft said it would remove controversial copy-protection software that CDs from music publisher Sony BMG install on personal computers, deeming it a security risk to PCs running on Windows. [more]
Wednesday, 16 November 2005, 4:01 AM CET

Mac OS/Linux/Windows single sign-on
Centralized authentication greatly simplifies network administration. [more]
Wednesday, 16 November 2005, 3:16 AM CET

Essential Mac OS X Panther Server Administration
It doesn't matter what Operating System you are running on your server, good documentation is always needed. If you think of quality computer books you probably think of O'Reilly first, somehow they always seem to be ahead of the competition. Let's see what value this book brings to Macintosh system administrators. [more]
Tuesday, 15 November 2005, 8:16 PM CET

Enterprises patch 10% faster, but not fast enough
Even though two out of every three machines are vulnerable to one or more critical vulnerabilities, enterprises are managing to patch faster than ever, a researcher said on the eve of his keynote speech at a security conference. [more]
Tuesday, 15 November 2005, 7:26 PM CET

Vendors warn of new Sober variants
Three new variants of the mass-mail Sober worm are making the rounds of the Net. [more]
Tuesday, 15 November 2005, 7:24 PM CET

Wireless e-mail a primary security concern
A recent survey of roughly 600 IT professionals found wireless e-mail is the biggest security concern when a company deploys mobile computing capabilities. [more]
Tuesday, 15 November 2005, 5:34 PM CET

Enhancing kernel security with grsecurity
Is your server as secure as it could be? [more]
Tuesday, 15 November 2005, 5:32 PM CET

Top 10 ways to protect your Linux home system
As a result of articles referring to the threat of Worms and Viruses attacking Linux systems, many new Linux users are in a panic. [more]
Tuesday, 15 November 2005, 5:31 PM CET

ID theft - beware the hype
If some of the numbers being cited about identity theft are to be believed, it's just a matter of time before some unseen cyber-hustler steals your name, empties your bank account and wrecks your financial reputation. You can almost hear the maniacal laughter. [more]
Tuesday, 15 November 2005, 5:30 PM CET

Consumers punish firms over data security breaches
Leaked data leads to lost business. [more]
Tuesday, 15 November 2005, 5:21 PM CET

Virus creators target their work
Computer users could be forgiven for thinking that life online got safer in 2005 thanks to the lack of headline-hitting computer viruses. [more]
Tuesday, 15 November 2005, 5:19 PM CET

Intel pushes virtualisation for security in PCs
Delivering what it says is the first hardware virtualisation support for desktop PCs, Intel has detailed two new Pentium 4 processors, the 662 and 672, aimed at improving business management and bolstering security. [more]
Tuesday, 15 November 2005, 5:18 PM CET

The definitive guide to security inside the perimeter
This 8 chapter eBook is an informative guide that presents an overview of the challenges your organization must face to maintain security inside the perimeter. [more]
Tuesday, 15 November 2005, 5:17 PM CET

ServGate makes net security less expensive
ServGate last week streamlined the pricing of its multi-service security platforms so customers pay a lower flat price for the hardware and security software no matter how many users they support on it. [more]
Monday, 14 November 2005, 6:33 PM CET

More than 100 known mobile malware variants
On previous week, we breached the mental barrier of 100 known variants of Mobile malware. [more]
Monday, 14 November 2005, 3:06 PM CET

Prioritising security in e-commerce
As in the real world, security is also very much an issue in cyberspace. [more]
Monday, 14 November 2005, 2:43 PM CET

'Spyware' vendor bangs copyright shield
RetroCoder, developers of the SpyMon remote monitoring program, is brandishing copyright law in a bid to protect its software from being detected by anti-spyware or anti-virus products. [more]
Monday, 14 November 2005, 2:41 PM CET

CLI magic: netcat
Here then is an introduction to netcat for Linux users who may not be familiar with the "TCP/IP Swiss Army knife." [more]
Monday, 14 November 2005, 1:51 PM CET

Pump-and-dump spam domains go silent after botnet closure
Pump-and-dump spam domains have gone quiet since the closure of a major botnet operation earlier this month. [more]
Monday, 14 November 2005, 12:53 PM CET

It takes a hacker to catch one
As malicious hacking grows, the industry fights back, training future security pros to think like their adversaries. [more]
Monday, 14 November 2005, 12:06 PM CET

Interview with Alf Watt, creator of iStumbler
iStumbler is the leading wireless discovery tool for Mac OS X and in this interview with its creator, Alf Watt, you can read about the project in general, various wireless security issues as well as recent developments that will make iStumbler a paid tool in its Pro version. [more]
Monday, 14 November 2005, 8:26 AM CET

My security. My notebook.
Whether you are a corporate professional, student, or home user, notebook security should be the top-of-mind concern when choosing a notebook. [more]
Monday, 14 November 2005, 8:23 AM CET

Sony stops making anti-piracy CDs
Sony has said it will suspend the production of music CDs with anti-piracy technology which can leave computers vulnerable to viruses. [more]
Monday, 14 November 2005, 8:20 AM CET

Evaluating intrusion prevention systems
IPSs are becoming today's must-have security solution but don't deploy blindly; testing on your network is the key to success. [more]
Monday, 14 November 2005, 8:16 AM CET

Security incident response - an overview
This white paper provides highlights and best practices information about computer security incident response, building teams to process security incidents and developing important factors in establishing a security incident response policy. [more]
Monday, 14 November 2005, 8:15 AM CET

VPNs and Internet connection security
Keep a velvet rope around your data as it travels through the vastness of the internet - Version 1.0.0. [more]
Monday, 14 November 2005, 6:27 AM CET

Reusing existing OpenSSH v4 connections
I've recently learnt of an interesting new features of OpenSSH v4 which allows you to reuse open connections when connecting to the same host more than once. [more]
Monday, 14 November 2005, 6:26 AM CET

Trojan could attack Tuesday's Windows flaw
Malware appears days after Microsoft fix. [more]
Friday, 11 November 2005, 2:21 PM CET

Trojan horse exploits Sony DRM copy protection vulnerability
Experts at SophosLabs, Sophos's global network of virus and spam analysis centres, have detected a new Trojan horse that exploits the controversial Sony DRM (Digital Rights Management) copy protection included on some of the music giant's CDs. [more]
Friday, 11 November 2005, 3:12 AM CET

Dealing with unwelcome visitors
A judge has said that a denial of service attack was not illegal - could a simple notice have made it so? [more]
Friday, 11 November 2005, 2:53 AM CET

Sony DRM rootkit hacked, drawing lawsuits
Rootkit-like copy protection software on some Sony music CDs is drawing lawsuits, and is now a vector for a Windows trojan. [more]
Friday, 11 November 2005, 2:24 AM CET

Cram session 5: Windows firewall
This session get all of the details you need about Windows Firewall, starting with the basics of turning it on, to creating profiles for inside and outside the office to setting up remote administration. [more]
Friday, 11 November 2005, 2:21 AM CET

New center to help intelligence community exploit public information
The Office of the Director of National Intelligence has created a new Open Source Center designed to enhance the intelligence community’s use of publicly available information. [more]
Thursday, 10 November 2005, 6:04 PM CET

Email seen as biggest security hole for mobile devices
Email vulnerabilities represent the greatest source of risk for mobile devices, according to a recent survey by Good Technology. [more]
Thursday, 10 November 2005, 3:55 PM CET

First Trojan using Sony DRM has arrived
Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs. [more]
Thursday, 10 November 2005, 2:57 PM CET

Will hackers target copiers?
Any networked office gear can be vulnerable to online attackers, some warn. [more]
Thursday, 10 November 2005, 2:33 PM CET

Email 'get rich quick' scams double in October
Incidence of email "get rich quick" scams more than doubled (albeit from a low base) last month, according to email security firm Clearswift. [more]
Thursday, 10 November 2005, 2:27 PM CET

No fed security laws
Congress isn't likely to pass tough data-security laws any time soon - and that's a good thing, consumer advocates say. [more]
Thursday, 10 November 2005, 2:02 PM CET

Getting tough on data security
Initiatives and products from Atempo, NetApp bring a ray of hope to storage security. [more]
Thursday, 10 November 2005, 1:53 PM CET

Computer Associates blacklists Sony DRM
Computer Associates has officially blacklisted the Sony BMG XCP Technology that the record label bundles with several of its audio CDs. [more]
Thursday, 10 November 2005, 1:52 PM CET

Some Microsoft security updates aren't reaching users
Company unable to deliver patch to users of its Software Update Services. [more]
Thursday, 10 November 2005, 8:13 AM CET

Linux worm overrated
The latest and greatest Linux worm isn't the most elegant or fastest spreading worm, or even one that's difficult to stop, but it still offers a warning for Web developers and administrators everywhere. [more]
Thursday, 10 November 2005, 8:03 AM CET

Liberty Alliance pushes authentication standard
ID-SAFE combination. [more]
Thursday, 10 November 2005, 8:02 AM CET

Sony’s rootkit: First 4 Internet responds
First 4 Internet, the company that implements Sony’s Digital Rights Management (DRM) software that includes a rootkit, has responded to Mark Russinovich. [more]
Thursday, 10 November 2005, 12:10 AM CET

Estate agency cuts spam and viruses
Estate agency Your Move has dramatically reduced the volume of viruses and spam that affect its computer systems. [more]
Wednesday, 9 November 2005, 7:15 PM CET

Mystery over 'hidden booty' in email scam trial
Francis-Macrae takes stand, refuses to spill the beans. [more]
Wednesday, 9 November 2005, 6:31 PM CET

Security will drive Windows-to-Mac switch
As much as Apple would likely enjoy seeing a major spike in Mac buying, it is likely that purchasing will grow only incrementally on the basis of the success of other Apple ventures like the iPod, said IDC analyst Dan Kusnetzky. [more]
Wednesday, 9 November 2005, 5:56 PM CET

Security tester confirms critical QuickTime flaws
Security researcher Piotr Bania has hit back at claims that he exaggerated the severity of flaws that he discovered in Apple's QuickTime media player. [more]
Wednesday, 9 November 2005, 5:55 PM CET

Worm targets Linux systems
Symantec and McAfee have updated their products to provide some protection, but Secunia's Thomas Kristensen noted that because the vulnerability is in the library of many products, users of third-party applications might not know they are at risk. [more]
Wednesday, 9 November 2005, 5:48 PM CET

Home Office "confident" of ID card costs
KPMG report on programme estimates published. [more]
Wednesday, 9 November 2005, 5:27 PM CET

Security concerns over IP convergence
As viruses and malicious software bloom, senior executives across a range of industries see security as their top concern in implementing converged IP networks, according to a joint study released Tuesday by the Economist Intelligence Unit and AT&T. [more]
Wednesday, 9 November 2005, 5:15 PM CET

Bragg gratings are key to encryption
US researchers unveil a new way of keeping optical data networks safe from prying eyes. [more]
Wednesday, 9 November 2005, 4:43 PM CET

Phishers target Google users
Emails have been spammed out directing computer users to a spoofed copy of Google's front page with a large message claiming that they have "won $400". [more]
Wednesday, 9 November 2005, 4:05 PM CET

Automatic graylisting of unwanted software
Maximum security, minimal effort. [more]
Wednesday, 9 November 2005, 3:57 PM CET

Pizza place ponders privacy problem
Internal emails discussing corporate strategy, thousands of customer comments and a list of usernames and passwords were some of the items publicly accessible from the Papa John’s web server yesterday. [more]
Wednesday, 9 November 2005, 11:30 AM CET

Microsoft Patch Tuesday brings only one patch
November's update is much different than last month's update since Microsoft released only one patch today. This month's Security Bulletin affects Microsoft Windows and the highest Maximum Severity rating for this is Critical. [more]
Tuesday, 8 November 2005, 10:08 PM CET

Symbian anti-virus bundled with Symbian trojan
SymbOS/Doomboot.G is a new variant of Doomboot family. [more]
Tuesday, 8 November 2005, 4:04 PM CET

CIOs nervous about IP network security
But concerns are not stopping investment. [more]
Tuesday, 8 November 2005, 1:32 PM CET

The story of PGP: past, present and future
Recently we met with Jon Callas, CTO and CSO of PGP Corporation.

Pretty Good Privacy (PGP) is today's most used crypto software with a lot of history. Presented here is the entire story of PGP in his words that covers everything from the the early days to future plans. [more]
Tuesday, 8 November 2005, 1:14 PM CET

Card fraud grows online
Fraudulent use of credit cards online is increasing because Chip and PIN technology makes other forms of fraud more difficult. [more]
Tuesday, 8 November 2005, 12:13 PM CET

Microsoft pushes for privacy law
Microsoft is leading efforts in the US to introduce a national law to protect consumer privacy, with the introduction of legislation likely in 2006 following heightened consumer concerns about identity theft and online fraud. [more]
Tuesday, 8 November 2005, 11:34 AM CET

Skype under scrutiny for bugs
The recent emergence of two sets of serious security vulnerabilities in Skype, the popular VoIP communications software app, couldn't have come at a worse time for the firm. [more]
Tuesday, 8 November 2005, 6:51 AM CET

Hacking back: cyber counterterrorism
To catch a thief, or in this case a cyberterrorist, you have to think like one. [more]
Tuesday, 8 November 2005, 6:50 AM CET

What makes anyone think IP telephony is secure?
Using VoIP might save a company money, but it could be risky. [more]
Tuesday, 8 November 2005, 6:46 AM CET

Sniffer gets enterprise-scale upgrade
Network General to debut upgrades across its Sniffer product suites to help customers expand use. [more]
Tuesday, 8 November 2005, 6:42 AM CET

Building highly secure government networks
In this webcast Robert Whiteley and Margaret E. Grayson will explore the key challenges facing government agencies and the solutions they are using to secure their network communications and information access. [more]
Tuesday, 8 November 2005, 6:36 AM CET

In defense of Windows
Microsoft took the wraps off the name for its security software aimed at making Windows safer for home and business users and possibly making the company a regular annual subscription revenue in the process. [more]
Tuesday, 8 November 2005, 6:32 AM CET

CLI magic: sudo voodoo
Sudo is a handy little tool that is of value to both system administrators and common folks like us. What does it do? [more]
Monday, 7 November 2005, 4:19 PM CET

Linux worm targets PHP flaw
Virus writers have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP. [more]
Monday, 7 November 2005, 4:13 PM CET

Outsourcing security - a matter of trust
It's odd that in business, most people treat the security of their office differently to the security of their network. [more]
Monday, 7 November 2005, 10:10 AM CET

Secure WiFi client stack supports WPA2, CCX, Linux
Devicescape Software is shipping a cross-platform WiFi stack for wireless consumer and office client devices. [more]
Monday, 7 November 2005, 9:39 AM CET

SGI, Novell attain elevated security certification
Novell's SUSE Linux Enterprise Server 9 has been certified on SGI Altix servers and supercomputers to meet security criteria required by the US Department of Defense and governments throughout the world. [more]
Monday, 7 November 2005, 9:28 AM CET

Microsoft's free web-based virus scanner sends data back to Microsoft
By default the virus scanner transmits information about the PC and its applications to Microsoft. [more]
Monday, 7 November 2005, 4:50 AM CET

Retailers under pressure to tighten security
Privacy concerns and proposed laws governing the use of sensitive personal information are making it more important for retailers to be able to demonstrate due diligence. [more]
Monday, 7 November 2005, 4:40 AM CET

Lavasoft Personal Firewall offers enhanced protection
Lavasoft, the world leading anti-spyware vendor has established a partnership with Agnitum, the leader in security and privacy software for home and office PCs. Lavasoft will integrate Agnitum’s Outpost Firewall Pro engine – re-branded as Lavasoft Personal Firewall. [more]
Monday, 7 November 2005, 4:30 AM CET

Sarbanes-Oxley adds costs but pushes preparation
It's important to ensure that top executives and board members take compliance seriously enough. [more]
Monday, 7 November 2005, 4:27 AM CET

FBI pushing Patriot Act powers
Lawmakers expressed concern Sunday that the FBI was aggressively pushing the powers of the anti-terrorist USA Patriot Act to access private phone and financial records of ordinary people. [more]
Monday, 7 November 2005, 4:12 AM CET

Web applications worms – the next Internet infestation
While organizations rush to develop their security policies and implement even a basic security foundation, the professional hacker continues to find new ways to attack. Their attention has reverted to the application-layer, either shrink-wrapped or custom applications, which is commonly the least protected layer of an organization’s network. [more]
Monday, 7 November 2005, 4:02 AM CET

Readers rate desktop firewalls
Here are your top recommendations for the best desktop firewalls. [more]
Monday, 7 November 2005, 3:46 AM CET

Juniper hires Cisco hacker
It looks like there is life after Black Hat for Michael Lynn, after all. [more]
Monday, 7 November 2005, 3:03 AM CET

Windows rootkits in 2005, part one
In 2005, the bar has been raised in the arena of malicious software. [more]
Monday, 7 November 2005, 2:43 AM CET

Creating and using a self signed SSL certificates in debian
This document covers a very specific, limited purpose, but one that meets a common need: preventing browser, mail, and other clients from complaining about the certificates installed on your server. [more]
Monday, 7 November 2005, 2:29 AM CET

Replacing FTP and Telnet in cross-platform networks
This document is intended for IT professionals who need to secure FTP, Telnet and other system administration connections in heterogeneous environments. [more]
Monday, 7 November 2005, 2:19 AM CET

Security-spooked users slap Sony CD on Amazon
Customers have used Amazon.com's review feature to slam a Sony CD implicated in a security and copy-protection brouhaha, reducing the online retailer's rating for the Van Zant album, "Get Right with the Man," from three-and-a-half stars to just one-and-a-half in the space of a few days. [more]
Monday, 7 November 2005, 2:01 AM CET

Court shock: denial of service attacks not illegal
A judge has ruled that denial of service attacks are not illegal under the UK's outdated Computer Misuse Act. [more]
Friday, 4 November 2005, 7:24 PM CET

Microsoft pushes for federal privacy legislation
Brad Smith, the firm's general counsel, did not endorse a specific bill but said a single national standard is better than the sometimes contradictory patchwork of existing laws around the country. [more]
Friday, 4 November 2005, 7:19 PM CET

Malware now doing the DNS switcheroo
Simple phishing attack avoids the hosts files and instead replaces a victim's DNS servers with the addresses of attacker-controlled servers. [more]
Friday, 4 November 2005, 7:18 PM CET

All-in-one security appliances
An all-in-one security appliance provides protection against a multitude of threats without adding to your device-management burden. Here's how to choose the right model for your organization. [more]
Friday, 4 November 2005, 9:54 AM CET

Microsoft patches break some Web sites
Bulletins removed "unsafe functionality" and change how the browser handles ActiveX controls. [more]
Friday, 4 November 2005, 3:25 AM CET

Sony issues patch as hackers pounce on rootkit
Reacting to criticism of its CD copy protection, Sony on Wednesday posted a patch that reveals files previously hidden by a rootkit. [more]
Friday, 4 November 2005, 3:06 AM CET

Basic iptables
This document will serve as a basic how-to on using iptables. [more]
Friday, 4 November 2005, 2:53 AM CET

Microsoft hails security focus in Web services package
Offering functions with Visual Studio 2005, .Net Framework 2.0. [more]
Friday, 4 November 2005, 2:30 AM CET

Offshoring pushes BS7799 security
Offshoring specialists are using security certification to assure firms that data is safe. [more]
Friday, 4 November 2005, 2:11 AM CET

Harmless Oracle worm raises security fears
Gray Hat hackers have posted proof-of-concept code for a worm designed to spread using vulnerabilities in Oracle's database software. [more]
Friday, 4 November 2005, 1:49 AM CET

Sun revamps disaster recovery offering
Sun Microsystems has revamped its Java Availability Suite (JAS) with the addition of Sun Cluster Geographic Edition. [more]
Friday, 4 November 2005, 1:34 AM CET

What e-mail hackers know that you don't
This document outlines how hackers are exploiting vulnerabilities in e-mail systems, and describes the widely available hacking tools they use. [more]
Friday, 4 November 2005, 1:16 AM CET

Teen hacker escapes punishment
Judgement throws Computer Misuse law into doubt. [more]
Friday, 4 November 2005, 1:05 AM CET

Fatal flaw weakens RFID passports
In 2004, when the U.S. State Department first started talking about embedding RFID chips in passports, the outcry from privacy advocates was huge. [more]
Thursday, 3 November 2005, 3:52 PM CET

Mobile Internet: cheap wins over security
Bengt Nordström of inCode gives his take on how the mobile market is evolving. [more]
Thursday, 3 November 2005, 3:50 PM CET

Black Hat presentation yields another Cisco bug
Cisco has discovered a critical bug in the operating system used to power its routers, the company announced Wednesday. [more]
Thursday, 3 November 2005, 8:49 AM CET

Invasion of the Stock hackers
An alarmed SEC says that teams of thieves are lifting passwords from home PCs - and emptying online brokerage accounts. [more]
Thursday, 3 November 2005, 8:39 AM CET

Microsoft turns bounty hunter to fight IT crime
Microsoft’s chief of security talks about tackling cyber crime. [more]
Thursday, 3 November 2005, 4:03 AM CET

Build extra secure Web applications
Developers constantly fight the problems associated with action and data tampering in Web applications. [more]
Thursday, 3 November 2005, 3:36 AM CET

HSBC readies online user authentication
Banking giant strengthens arsenal against online fraud. [more]
Thursday, 3 November 2005, 3:12 AM CET

Swedish programmer in Greek spam probe protests innocence
Beware of Geeks bearing computers. [more]
Thursday, 3 November 2005, 2:41 AM CET

Managing Samba: Windows network ID basics
Linux administrators are keen to learn how better to manage Samba and how to meet the growing demand of network security and audit-ability. [more]
Thursday, 3 November 2005, 2:28 AM CET

Integrated security defense systems
With the growing need for security and the increased pressures to manage disparate technologies, IT managers are looking for new ways to lessen the burden security measures may make on their day-to-day life. [more]
Thursday, 3 November 2005, 2:25 AM CET

Trying out the new OpenBSD 3.8
OpenBSD, the proactively secure Unix-like operating system, released version 3.8. [more]
Thursday, 3 November 2005, 1:54 AM CET

Oracle worm proof-of-concept
The worm uses the UTL_TCP package to scan for remote Oracle databases on the same local network. [more]
Thursday, 3 November 2005, 1:48 AM CET

Data laws raise security worries
Compliance creates difficulties securing corporate data. [more]
Thursday, 3 November 2005, 1:27 AM CET

Sun asks Java developers to help test security technology
The goal is to find and fix any holes in its new Java Verifier. [more]
Thursday, 3 November 2005, 12:56 AM CET

Tiger's improved firewall (and how to use it)
As with all the major upgrades to OS X, Apple has made much of the many enhancements and new features available in Tiger. [more]
Thursday, 3 November 2005, 12:41 AM CET

Bots in the A/C, spyware in the fridge
Someday, hackers will target the computers in your air conditioner, refrigerator and TV. What can security professionals do about it? [more]
Wednesday, 2 November 2005, 2:37 PM CET

Yet another eBay phish
A new kind of eBay phishing attempt is going around. [more]
Wednesday, 2 November 2005, 2:27 PM CET

Your next IM could be your network's last
A significant rise in instant messaging threats will eventually lead to an automated worm that will strike hundreds of thousands of machines in seconds, IM security firms warn. [more]
Wednesday, 2 November 2005, 1:44 PM CET

Trojan masquerades as bird flu warning
A Trojan pretending to be a briefing on bird flu is doing the rounds. [more]
Wednesday, 2 November 2005, 1:42 PM CET

Secured wireless offers a lot to enterprises
For many small and midsize businesses, every day brings the challenge of competing against the so-called “big boys”: Wal-Mart, K-Mart, Sears, Target, Home Depot. [more]
Wednesday, 2 November 2005, 12:58 PM CET

Vulnerable security algorithms raise concerns
Industry experts agree that the future of two widely used security algorithms is fated, but with no clear alternatives in sight products that rely on them may have to remain "good enough" for some time. [more]
Wednesday, 2 November 2005, 12:06 PM CET

Balancing surveillance
With camera and network surveillance now commonplace, and database abuse continuing to appear, how do we balance the positive side of security along with its potential for abuse? [more]
Wednesday, 2 November 2005, 11:44 AM CET

Jail for eBay phishing fraudster
The leader of an identity fraud gang which stole almost £200,000 has been jailed for four years. [more]
Wednesday, 2 November 2005, 3:36 AM CET

The importance of Web application scanning
Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data. [more]
Wednesday, 2 November 2005, 3:12 AM CET

My sysadmin toolbox
Every administrator has a set of software tools that he just can't live without. [more]
Wednesday, 2 November 2005, 1:58 AM CET

Data security: it's not just for secret agents anymore
Employees are reminded to guard their company's proprietary information, laptop users are warned constantly about the threat of theft and home users are becoming more wary of identity theft. [more]
Wednesday, 2 November 2005, 1:40 AM CET

Latest bot continues to aim for AIM users
The latest variant of SDBot spreads through America Online instant messaging software. [more]
Wednesday, 2 November 2005, 1:38 AM CET

Shout goes out over PHP security bugs
Security researchers have identified numerous new vulnerabilities in PHP - the popular, open source web development environment. [more]
Wednesday, 2 November 2005, 12:58 AM CET

Network monitoring with Cacti
Cacti, a graphing program for network statistics, is designed to be easy for relatively inexperienced systems administrators to use. [more]
Wednesday, 2 November 2005, 12:52 AM CET

Security event management gets specialized
SEM technology is moving beyond log correlation to help architects mitigate attacks, address compliance reporting needs, and monitor critical assets. [more]
Wednesday, 2 November 2005, 12:40 AM CET

Preventing fraud is within our grasp
IPv6 was announced four years ago. Where is it now that it is really needed? asks Keith Humphreys. [more]
Wednesday, 2 November 2005, 12:35 AM CET

Is VoIP ripe for attack?
"As soon as the enterprise opens up VoIP to the Internet, they put a potentially huge security hole in their network," Andrew Graydon, vice president of technology at BorderWare Technologies, says. Essentially the days of closed corporate VoIP systems are over. [more]
Wednesday, 2 November 2005, 12:32 AM CET

The "Sony rootkit" case
There's been some recent developments in digital rights management systems (DRM) that have security implications. Some DRM systems have started to use rootkit technology. [more]
Tuesday, 1 November 2005, 6:36 PM CET

Coordinating access control systems
Integrating physical controls such as door locks with logical access controls like smart cards will improve security and cut costs. [more]
Tuesday, 1 November 2005, 11:12 AM CET

Notebook security a problem on college, corporate campuses
"When you apply these survey results to everyday corporate life, you realize that millions of dollars and the future of these companies are at stake," said Bob Heard, chief executive officer of Credant Technologies, a data encryption technology developer. "Even a single security breach can send stock prices plummeting." [more]
Tuesday, 1 November 2005, 11:10 AM CET

Botnets turning into spyware enemy No. 1
The security industry has had a hard time defining spyware, much less eliminating it. But according to many, there's one type of spyware that's among the most dangerous: the botnet. [more]
Tuesday, 1 November 2005, 12:25 AM CET

WSE 3.0 and secure Web services
Mark Fussell discusses the driving goals for the WSE 3.0 release, how security best practices have been incorporated by introducing "turnkey security scenarios" and the relationship between WSE 3.0 and Windows Communication Foundation (WCF), the future Web Services platform from Microsoft. [more]
Tuesday, 1 November 2005, 12:24 AM CET

Sun to put Java security upgrade to the test
Sun Microsystems is seeking to revamp the way in which security is executed in Java and wants developers to try to break the new paradigm to gauge its effectiveness. [more]
Tuesday, 1 November 2005, 12:16 AM CET

Spotlight

---