Off the Wire

Off The Wire Archive

News items for November 2006

Nike + iPod = surveillance
If you enhance your workout with the new Nike+ iPod Sport Kit, you may be making yourself a surveillance target. [more]
Thursday, 30 November 2006, 11:13 AM CET


2007 to bring video viruses
McAfee publishes 10 security predictions for next year. [more]
Thursday, 30 November 2006, 11:12 AM CET


VoIP Security ‘Best Practices' project
With VoIP security concerns getting plenty of airplay in the media over the past month or so, it's good time for the VOIPSA "VoIP Security Best Practices" project to get underway. [more]
Thursday, 30 November 2006, 11:11 AM CET


Oracle develops standards for identity security
Oracle has dubbed the project the Identity Governance Framework. [more]
Thursday, 30 November 2006, 1:38 AM CET


Microsoft to roll out new version of WGA
The main change in WGA Notifications is a new category of results for PCs with Windows installations of questionable validity. [more]
Thursday, 30 November 2006, 12:52 AM CET


Internet Archive helps secure exemption to the Digital Millennium Copyright Act
Thanks to the hard work of two great law school students of Peter Jaszi of American University, Jieun Kim and Doug Agopsowicz, the Internet Archive and other libraries may continue to preserve software and video game titles without fear of going to jail. [more]
Thursday, 30 November 2006, 12:45 AM CET


Patient data exposed in two separate security breaches
Personal information on more than 45,000 people is at risk. [more]
Thursday, 30 November 2006, 12:37 AM CET


Spyware Slayer penalized for breach of spyware and consumer-protection laws
The sellers of the Spyware Slayer antispyware program have agreed to pay $300,000 in fines to settle charges that they violated Washington State spyware and consumer protection laws. [more]
Thursday, 30 November 2006, 12:09 AM CET


The devil's guide to Windows Vista security
Jonathan Hassell explains how to fly with all the safeties off. [more]
Thursday, 30 November 2006, 12:01 AM CET


Oracle launches identity governance project
IGF aims for consistent identity data across applications. [more]
Thursday, 30 November 2006, 12:00 AM CET


What are the most common causes of security breaches?
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved yet ‘cool’ application on the network. The situation isn’t helped by the myths that surround spyware. [more]
Wednesday, 29 November 2006, 11:23 PM CET


RFID security for developer dummies
We've been hearing about RFID for a while (see the RFID Gazette, for example, here). The technology is genuinely useful as it solves an identification problem faster than other methods. [more]
Wednesday, 29 November 2006, 3:31 PM CET


E-passports security? Depends on the country
U.K., Germany report cracks; New Zealand steady; U.S. goes boom. [more]
Wednesday, 29 November 2006, 11:23 AM CET


Postfix and Postgrey: a proactive approach to spam filtering
Greylisting is yet another way for preventing your mailbox getting full of spam. A famous spam fighter software is spamassassin which filter emails. Greylisting won't replace such softwares but it will behave as a powerful proactive barrier which will reduce the amount of spam getting through your mail server. [more]
Wednesday, 29 November 2006, 11:05 AM CET


DoJ to review domestic surveillance
With January approaching, bringing foul weather and a Democratic majority to Capitol Hill, the President has abandoned one of his cute little dodges that had shut down Congressional inquiries into the NSA's mass wiretap scandal. [more]
Wednesday, 29 November 2006, 10:50 AM CET


Researcher cancels Oracle zero-day bug exposure campaign
Criticised initiatives abandoned. [more]
Wednesday, 29 November 2006, 10:45 AM CET


Supreme court signals change in U.S. patent protection rules
Microsoft and Cisco are among those seeking a change. [more]
Wednesday, 29 November 2006, 1:42 AM CET


Analyst reviews 25 years of network security
Like many industry analysts, Gartner's John Pescatore got his start working hands-on with technology. [more]
Wednesday, 29 November 2006, 1:10 AM CET


Boarding pass hacker not prosecuted
A graduate student security researcher will not be prosecuted by FBI for his fake boarding pass generator, which was shut down by the government in October following a prominent Congressman's call for his arrest. [more]
Wednesday, 29 November 2006, 12:31 AM CET


Apple patches 31 security holes
Apple released software updates to fix at least 31 separate security flaws in computers powered by different versions of its Mac OS X operating systems. [more]
Wednesday, 29 November 2006, 12:27 AM CET


PKI will grow, but policy problems remain
Once-hot identity tech poised for resurgence, greater complexity. [more]
Wednesday, 29 November 2006, 12:03 AM CET


Solving the productivity vs. security dilemma
When we’re away from the office, we’re at our most vulnerable point with respect to viruses and malware. [more]
Wednesday, 29 November 2006, 12:00 AM CET


MasterCard push new smartcard
MasterCard has rolled out a global dual-interface (contact and contactless) smartcard for the Asia Pacific, Middle Eastern and African (APEMA) markets named the MasterCard PayPass M/Chip 4 Combi Card. [more]
Tuesday, 28 November 2006, 3:28 PM CET


How to fake fingerprints
One should rely on well tested forensic research methods which are explained in this article. [more]
Tuesday, 28 November 2006, 9:10 AM CET


Spam rates rise; will legal tactics improve?
The European Commission has urged its member states to beef up their efforts to cut spam, spyware and malicious software, after research showed that up to 85 percent of all e-mail received in the European Union is unsolicited. [more]
Tuesday, 28 November 2006, 9:06 AM CET


A hard lesson in privacy
Scott Granneman looks at a hard lesson in personal privacy and security through the lens of a very public and well-known female television show host in Europe. [more]
Tuesday, 28 November 2006, 12:42 AM CET


Fingerprint checks at airports mooted
Airline passengers are to face routine fingerprinting, with the Government already involved in talks with the aviation industry over the installation of scanners at airports. [more]
Tuesday, 28 November 2006, 12:06 AM CET


Oracle database vulnerable to new attack class
Dangling cursor snarfing attacks could expose confidential information. [more]
Tuesday, 28 November 2006, 12:00 AM CET


Most surfers still ignoring IT security
Insecurity through ignorance. [more]
Monday, 27 November 2006, 5:22 PM CET


Fan hacks Linkin Park singer cell data, threatens wife
A woman is accused of using a computer at a national laboratory to hack into a cell phone company's Web site to get a number for Chester Bennington, lead singer of the Grammy-winning rock group Linkin Park. [more]
Monday, 27 November 2006, 5:20 PM CET


Brussels declares war on spyware and spam
All spams must be of regulation size and weight. [more]
Monday, 27 November 2006, 5:18 PM CET


(IN)SECURE Magazine issue 9 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read an interview with the Skype CSO, learn about AJAX fingerprinting and filtering, find out if portable storage solutions compromise business security, and much more. Grab your copy today! [more]
Monday, 27 November 2006, 3:40 PM CET


EMC: Vendor cooperation key to data security
Harmony on security policy key to data security. [more]
Monday, 27 November 2006, 3:24 PM CET


Data agency broke privacy laws
Gave personal data to U.S. authorities for use in anti-terror investigations. [more]
Monday, 27 November 2006, 3:21 PM CET


Scanning your network for copyrighted material
Nessus includes three plugins to look for systems containing movies and music files being served through web servers, ftp servers and SMB shares. This blog entry will discuss why this is something you might want to look for, how these plugins work and how you can use the Security Center to analyze these results. [more]
Monday, 27 November 2006, 3:14 PM CET


The economics of cybercrime
Looking at cost trade-offs between help-desk support and investments in antispyware may be a valuable study for someone who is responsible for the help desk. [more]
Monday, 27 November 2006, 1:50 PM CET


Security: Is technology saint or sinner?
The latest problem to be thrown at us, on top of war, global warming, disease etc, is that we are "sleepwalking into a surveillance society". [more]
Monday, 27 November 2006, 1:49 PM CET


Patch those wireless drivers
Exploitable laptops, access points, wireless cards, and more are sitting ducks for hackers -- here's why you should worry. [more]
Monday, 27 November 2006, 12:01 AM CET


Mobile VPN is a better choice than an SSL VPN
Mobile workers face unique challenges and need a VPN designed to address them. SSL VPNs work well for remote workers but take a back seat in mobile and wireless environments. [more]
Monday, 27 November 2006, 12:00 AM CET


New rules allow cell-phone hack
The U.S. Copyright Office says it should be legal for you to crack lockout codes that keep you from porting your cell-phone to another carrier. And retro-gamers will be able to crack copy protection on abandoned titles -- for "archival" purposes. [more]
Friday, 24 November 2006, 12:44 AM CET


'Evil twin' Wi-Fi hacks target the rich
Hackers after high net worth individuals in wireless scam. [more]
Friday, 24 November 2006, 12:38 AM CET


Pushing the security agenda
Ben Fathi, corporate vice president of Microsoft's security technology unit, leads Microsoft's efforts to provide customers with a more secure platform. [more]
Friday, 24 November 2006, 12:36 AM CET


RSA crypto attack poses threat to DRM
Security researchers have developed a new approach to breaking the RSA algorithm that creates new problems for the development of effective rights management software. [more]
Friday, 24 November 2006, 12:34 AM CET


Compiling and Using ClusterSSH on Mac OS X
ClusterSSH is a small Perl/TK utility that controls a number of xterm windows via a single graphical console window to allow commands to be interactively run on multiple servers over an ssh connection. [more]
Thursday, 23 November 2006, 11:10 AM CET


New developments in NSA wiretap litigation
On Friday, Chief Judge Vaughn Walker rejected the DOJ's motion to have all 48 of the pending NSA-related lawsuits against various telecoms and cable companies combined into one suit and then dismissed under the "state secrets" privilege. [more]
Thursday, 23 November 2006, 12:15 AM CET


Public lacks confidence in online security
Just half (50 per cent) of the UK population have ever shopped on-line and 43 per cent of us are put off shopping or banking online by security concerns. [more]
Thursday, 23 November 2006, 12:12 AM CET


Legal actions filed against 97 Hotmail, MSN troublemakers
Microsoft Corp. has initiated 97 lawsuits throughout Europe and the Middle East during its eight-month investigation into fraudulent Web pages, with another 32 criminal complaints filed in cooperation with local authorities, the company said Wednesday. [more]
Thursday, 23 November 2006, 12:09 AM CET


Hard-working chips may reveal encryption keys
Details of a possible weakness in the way modern microchips process cryptographic information have been published by an international team of researchers. [more]
Thursday, 23 November 2006, 12:06 AM CET


Spyware firms pay token fines to FTC
Two alleged spyware operations have settled lawsuits brought by the US Federal Trade Commission. [more]
Thursday, 23 November 2006, 12:02 AM CET


Motorists to give fingerprints
Drivers who get stopped by the police could have their fingerprints taken at the roadside, under a new plan to help officers check people's identities. [more]
Thursday, 23 November 2006, 12:00 AM CET


Secure caller ID for VoIP
Session Initiation Protocol is used widely for the setup, teardown and management of VoIP calls. [more]
Wednesday, 22 November 2006, 12:51 PM CET


Why administrative passwords will never be like nuclear missile launchers
During the past few months many people have lamented that Windows lacks a nuclear missile style control option for administrator passwords. [more]
Wednesday, 22 November 2006, 9:33 AM CET


Postfix and Spamassassin: how to filter spam
Nowadays, networks are overwhelmed by SPAM mail, fortunately, there is a way to filter them with software such as spamassassin. [more]
Wednesday, 22 November 2006, 9:31 AM CET


System Administration Toolkit: problems and pitfalls
Avoid common pitfalls and traps to help keep your systems running smoothly. [more]
Wednesday, 22 November 2006, 9:30 AM CET


Using the Internet - anonymously
The Tor network is an intriguing concept: build a bunch of servers around the Internet to route traffic through so that your connections can’t be traced. Why would you want to do that? [more]
Wednesday, 22 November 2006, 9:29 AM CET


CIS finds flaws in Firefox 2.0 password manager
Chapin Information Services (CIS) has discovered a new flaw in the Mozilla Firefox web browser that exposes saved passwords to clever attackers. [more]
Wednesday, 22 November 2006, 9:27 AM CET


Microsoft beats Oracle in security showdown
The internet age outpaces database vendor's security practices. [more]
Wednesday, 22 November 2006, 9:25 AM CET


Old cell phones attract hackers
Software can easily resurrect erased data, creating risk of security breach by ID thieves. [more]
Wednesday, 22 November 2006, 9:24 AM CET


AV software now a subscription situation
Annual charges now a usual thing, but unsubscribing's a bear. [more]
Wednesday, 22 November 2006, 2:03 AM CET


Trouble in homicide: a network detective story
The Chief didn't trust our in-house IT department, so he hired an expert. Some expert! [more]
Wednesday, 22 November 2006, 1:30 AM CET


Skinny tablet PCs pack Core Duo, security
Fujitsu claims this new pair of slate-style tablet PCs to be the first to offer the latest Intel Core Duo processors. [more]
Wednesday, 22 November 2006, 1:18 AM CET


How to foil wiretaps at home
Think the Feds might be jacked into your home line? Well, there’s no need to skulk down to the corner pay phone to conduct your business. [more]
Wednesday, 22 November 2006, 1:12 AM CET


Measuring backup health
If you can't measure it, you can't manage it. Some may argue that there are exceptions to this truism, but backup/recovery is not one of them. [more]
Wednesday, 22 November 2006, 12:48 AM CET


Court ruling protects ISPs from libel lawsuits
Following a four-week trial, the ACLU won a challenge to an Internet censorship law. [more]
Wednesday, 22 November 2006, 12:42 AM CET


How to bridge networks with OpenVPN
OpenVPN is an easy-to-use open source VPN software based on SSL that offers cross-platform interoperability. [more]
Wednesday, 22 November 2006, 12:30 AM CET


Exploit released for unpatched Mac OS X bug
On Monday, the project's curator released instructions for targeting a serious flaw in the way Mac OS X systems processes certain types of files. [more]
Wednesday, 22 November 2006, 12:21 AM CET


Vista's EULA product activation worries
Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice. [more]
Wednesday, 22 November 2006, 12:12 AM CET


Tips for keeping your laptop safe
Be careful when logging online in a wireless hot spot - such as in a hotel, cafe or airport lounge - as you may not be logging onto a valid wireless network. [more]
Wednesday, 22 November 2006, 12:10 AM CET


Security and PCI compliance
Payment Card Industry Data Security Standard (PCI DSS) compliance is not a destination. [more]
Wednesday, 22 November 2006, 12:05 AM CET


Citibank debuts biometric pay system
Citibank lets credit-card holders make payments using their fingerprints instead of credit cards. [more]
Wednesday, 22 November 2006, 12:00 AM CET


7 steps to securing USB drives
Even when used with the best intentions, the data stored on USB drives is generally not covered by routine company procedures, such as backup, encryption, or asset management. How can companies keep track of the data coming in or leaving the company via these devices? Keeping company data secure has become a significant challenge for any corporate IT department. [more]
Tuesday, 21 November 2006, 3:04 PM CET


Having a NAC for network security
Although NAC may be a young and not yet fully defined technology, it can deliver value in the right circumstances. [more]
Tuesday, 21 November 2006, 11:17 AM CET


Hackers - Xbox 360 1:0
A group of coders has cracked the first part of Microsoft's anti piracy measures for the Xbox 360. How long till the rest is hacked? [more]
Tuesday, 21 November 2006, 11:16 AM CET


Study shows antiphishing toolbars are ineffective
Most of the toolbars suffered to varying degrees from false positives. [more]
Tuesday, 21 November 2006, 1:11 AM CET


Analysis: physical/logical security convergence
Physical and logical security staffs, both tasked with protecting enterprise assets, are seeing increased technology and budgetary overlaps. [more]
Tuesday, 21 November 2006, 12:18 AM CET


Mounting a remote filesystem with sshfs
I recently had need (actually, more of a want thing) to mount a remote server from my laptop. [more]
Tuesday, 21 November 2006, 12:12 AM CET


Malaysian government portal used in PayPal phishing scam
A medical transcription company's computers were also used. [more]
Tuesday, 21 November 2006, 12:06 AM CET


Bank-card PINs 'wide open' to insider attack
Security researchers have highlighted how corrupt bank insiders might be able to obtain bank card PINs using as little as one or two guesses. [more]
Tuesday, 21 November 2006, 12:01 AM CET


Adware maker caught cheating on legal settlement
Zango fails to properly disclose its adware application to users. [more]
Tuesday, 21 November 2006, 12:00 AM CET


'Worm' attacks Second Life world
Virtual world Second Life had to close its doors for a short time on Sunday after a worm attack called grey goo. [more]
Monday, 20 November 2006, 2:36 PM CET


Experts warn of surge in zero-day flaws
Security experts at the Sans Institute warned last week of a major surge in zero-day flaws as part of its 2006 update to the Top 20 Internet Security Attack Targets list. [more]
Monday, 20 November 2006, 2:20 PM CET


It's time for a global privacy agreement
Whenever I’ve mentioned to chief privacy officers the idea of having a single set of privacy rules for their companies to abide by worldwide, their response has been unanimous: Bring it on. [more]
Monday, 20 November 2006, 8:53 AM CET


PCI cards the next haven for rootkits?
Security researcher John Heasman released a paper this week describing a way to hide malicious code on graphics and network cards in such a way as to avoid detection and survive a full re-installation of the operating system. [more]
Monday, 20 November 2006, 12:40 AM CET


Researchers claim chip security flaw
Researchers have discovered a fundamental flaw in microprocessor technology that could allow hackers to obtain computer users' information, a French newspaper has reported. [more]
Monday, 20 November 2006, 12:30 AM CET


Egypt detains blogger in random security check
Egyptian police detained an opposition blogger in a chance security check on Sunday, a human rights group said. [more]
Monday, 20 November 2006, 12:25 AM CET


'Blagging' info thieves fined £14,800
A married couple has been convicted of stealing and selling personal data and has been ordered to pay £14,800 in fines and costs. Between them the pair were convicted of 25 cases of illegally obtaining and selling information. [more]
Monday, 20 November 2006, 12:21 AM CET


Image spam rates quintuple in 2006
Overall junk e-mail up nearly 100% [more]
Monday, 20 November 2006, 12:15 AM CET


NSA case becomes lawyer junket
The class-action lawsuits accuse BellSouth, Cingular Wireless, Sprint, MCI, Verizon, AT&T and even cable provider Comcast of violating various privacy and fair business laws. [more]
Monday, 20 November 2006, 12:12 AM CET


Gonzales assails court rulings on wiretapping
Attorney General Alberto Gonzales contended Saturday that some critics of the Bush administration’s warrantless surveillance program were defining freedom in a way that poses a “grave threat” to U.S. security. [more]
Monday, 20 November 2006, 12:03 AM CET


Man used MP3 player to hack ATMs
A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. Maxwell Parsons, 41, spent £200,000 of other people's money after using the machine to read card details. [more]
Monday, 20 November 2006, 12:01 AM CET


Are passwords obsolete?
Fully a third of our users write down their passwords instead of remembering them. That’s according to a recent study of 325 enterprise users, conducted by Nucleus Research and KnowledgeStorm. [more]
Monday, 20 November 2006, 12:00 AM CET


Vista security: Microsoft vs. anti-virus firms
We’ve been hearing a lot about the complaints from the security firms with regard to Microsoft’s new Vista operating system. [more]
Friday, 17 November 2006, 6:28 PM CET


New British passport cracked
Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes? [more]
Friday, 17 November 2006, 4:15 PM CET


Polite hackers kick it in Korea
The first international hacker conference held in this most wired of nations would never be confused with its Western forebears. [more]
Friday, 17 November 2006, 4:13 PM CET


CDP: Great for corruption, not disaster recovery
Ups, downs of continuous data protection. [more]
Friday, 17 November 2006, 11:33 AM CET


Create a backup of all the packages you have installed using apt-get
AptonCD allows one to create a CD image (ISO) of all the packages downloaded via apt-get or even the packages in a given repository. [more]
Friday, 17 November 2006, 10:12 AM CET


Companies are not spending their security dollars wisely
Recent research conducted by analyst firm Forrester Research indicates that organizations are spending millions on security, but not in the areas where the risk is greatest. [more]
Friday, 17 November 2006, 12:30 AM CET


Guidance Software settles with FTC over data compromise
Four people have been arrested in Spain over their suspected involvement in linked credit card theft and virus writing offences. [more]
Friday, 17 November 2006, 12:27 AM CET


Hoffacker charged with hacking system
Prosecutors have alleged that Stevan Hoffacker hacked into a company's e-mail network. [more]
Friday, 17 November 2006, 12:19 AM CET


More secure VPN clients for handsets
Mobile devices are getting better security options, with the announcement of two new client-side virtual private network (VPN) tools for secure communications within corporate infrastructures. [more]
Friday, 17 November 2006, 12:06 AM CET


IT director charged with hacking former employer
A former Source Media Inc. executive was charged with hacking into the company's computer system three years after he was dismissed, and tipping off employees whose jobs were in jeopardy, prosecutors said Wednesday. [more]
Friday, 17 November 2006, 12:02 AM CET


NYPD busts big online gambling ring
Though the shuttered gambling ring relied on a Web site, it was different from the online betting operations targeted by recent federal legislation. [more]
Friday, 17 November 2006, 12:00 AM CET


Forefront client security out and about
Third-party anti-virus vendors are peeved at Vista - and it’s not about the OS's architecture. [more]
Thursday, 16 November 2006, 1:54 PM CET


Malware goes to the movies
Online attackers have started to experiment with embedding malicious code or links to such code in different video formats. [more]
Thursday, 16 November 2006, 1:53 PM CET


VoIP makes list of Top 20 Internet attack targets
As the technology has grown in popularity over the past few years, VoIP attacks have multiplied exponentially. [more]
Thursday, 16 November 2006, 10:54 AM CET


Proving a negative
Don't believe the happy hype when data breaches are revealed. [more]
Thursday, 16 November 2006, 10:52 AM CET


Former HP chairman pleads not guilty
Patricia Dunn maintains that she didn't know about illegal investigation methods in spying scandal. [more]
Thursday, 16 November 2006, 10:50 AM CET


Broadcom flaw spawns wireless risk
Security researchers have discovered a vulnerability in Broadcom wireless device drivers. [more]
Thursday, 16 November 2006, 12:21 AM CET


Fraud fears lead Michigan banks to reissue thousands of cards
A security breach at a gas station chain may be to blame for the compromise. [more]
Thursday, 16 November 2006, 12:15 AM CET


New Specter NSA bill: November surprise?
The outgoing chairman of the Senate Judiciary committee, Senator Arlen Specter (R-Pa.), introduced a new spying bill on Tuesday that would increase the number of personnel involved in issuing warrants. [more]
Thursday, 16 November 2006, 12:01 AM CET


Windows Mobile security software attains FIPS validation
Trust Digital says its mobile security software has received FIPS 140-2 validation from the U.S. National Institute of Standards and Technology (NIST) for Windows Mobile 5.0. [more]
Thursday, 16 November 2006, 12:00 AM CET


U.S. intelligence unveils spy version of Wikipedia
The U.S. intelligence community on Tuesday unveiled its own secretive version of Wikipedia, saying the popular online encyclopedia format known for its openness is key to the future of American espionage. [more]
Wednesday, 15 November 2006, 3:02 PM CET


Pirated Vista may be useless, Microsoft says
Microsoft Corp. said supposedly pirated copies of its new Vista OS "will be of limited value" to those who use them. [more]
Wednesday, 15 November 2006, 11:55 AM CET


Companies getting clued up about info security
Firms are more aware of how information security can affect business, with a rising number integrating information security with their risk management processes, according to an Ernst & Young survey. [more]
Wednesday, 15 November 2006, 11:33 AM CET


Top 10 data disasters revealed
Hard drives kept in dirty socks and the dangers of oiling your PC feature in a top 10 list of data disasters. [more]
Wednesday, 15 November 2006, 11:22 AM CET


Kevin Mitnick's security advice
Protecting yourself is very challenging in the hostile environment of the internet. [more]
Wednesday, 15 November 2006, 9:06 AM CET


Foiling hackers with NAC: first, know what you have
Increasingly, hackers have infiltrated "protected" enterprise networks. One NAC provider says the key to maximizing your protection is to know what’s on your network. [more]
Wednesday, 15 November 2006, 1:25 AM CET


Under the thumb?
Hiring a car can now mean leaving a fingerprint. And check-out staff are scanning the customers as well as the shopping. Biometrics are entering every day life. [more]
Wednesday, 15 November 2006, 1:03 AM CET


New security products shun problem Web sites
Software, browser updates incorporate tougher 'anti-phishing' measures. [more]
Wednesday, 15 November 2006, 12:58 AM CET


Microsoft offers patches for seven 'critical' flaws
Public exploits for some of them are already circulating. [more]
Wednesday, 15 November 2006, 12:50 AM CET


Con man offers advice on avoiding identity theft
Frank Abagnale, whose exploits were immortalized in the movie 'Catch Me If You Can,' lectured on security measures at FAU in Boca Raton. [more]
Wednesday, 15 November 2006, 12:39 AM CET


OpenSSH server ported to Windows CE
The OpenSSH server has been ported to Windows CE, enabling secure remote access to a Windows CE device using the SSH protocol. [more]
Wednesday, 15 November 2006, 12:34 AM CET


Which is safer: Internet Explorer 7 or Firefox 2.0?
Internet Explorer 7 and Firefox 2.0 have built-in antiphishing features designed to alert you when you've hit a fraudulent site. [more]
Wednesday, 15 November 2006, 12:21 AM CET


Meet the world's most prolific spammers
Spamhaus has published a revised list of the world's 10 worst spammers. According to the anti-spam organisation, 200 professional spam gangs are responsible for 80% of the high volume of junk mail pumped onto the Internet every day. [more]
Wednesday, 15 November 2006, 12:06 AM CET


Microsoft moves corporate antivirus client into beta
Forefront Client Security to compete with McAfee and Symantec. [more]
Wednesday, 15 November 2006, 12:03 AM CET


Hackers steal data from Landis lab
A hacker stole data from computers at the French anti-doping lab where tests are being challenged by American cyclist Floyd Landis, police said Tuesday. [more]
Tuesday, 14 November 2006, 3:54 PM CET


Mutate, fragment, hide: The new hacker mantra
Hackers working for criminal gain are using increasingly sophisticated methods to ensure that the malware they develop is hard to detect and remove from infected systems, security researchers warned at this week's Computer Security Institute (CSI) trade show in Orlando. [more]
Tuesday, 14 November 2006, 12:46 AM CET


Court shuts down alleged spyware operation
ERG Ventures and an affiliate accused of tricking customers into downloading spyware. [more]
Tuesday, 14 November 2006, 12:23 AM CET


Wi-Fi hardware holed by security flaw
Windows computers are open to direct attack from a hole in the widely-used Broadcom Wi-Fi driver, security researchers have warned. [more]
Tuesday, 14 November 2006, 12:09 AM CET


Allchin backs away from Vista anti-virus claims
Outgoing Windows development chief Jim Allchin has apologised for the confusion he created in comments taken to mean Vista was so secure it might be possible to run the software without any anti-virus installed. [more]
Tuesday, 14 November 2006, 12:03 AM CET


Government IT leaders feeling more secure
But they're worried about funding, says survey. [more]
Tuesday, 14 November 2006, 12:00 AM CET


Hackers target online brokerages
Thieves attempt to make unauthorised trades worth millions of dollars. [more]
Monday, 13 November 2006, 4:00 PM CET


T'is the season to be ripped off...
Online fraudsters are gearing up for the massive increase in consumer online shopping due to take place over the festive season. [more]
Monday, 13 November 2006, 11:29 AM CET


Top 10 signs you have an insecure web app
I often surf the web and see blatant design errors that make me shake my head. Without even investigating the security of a site, I know without a doubt that the site will be chock full of vulnerabilities. [more]
Monday, 13 November 2006, 11:23 AM CET


How to avoid getting ransom notes
I suppose it shouldn’t come as any surprise that cybercriminals are demanding ransom... [more]
Monday, 13 November 2006, 11:18 AM CET


ISPs 'should be responsible' for hacker attacks
ISPs should be made legally liable for the damage caused by DoS attacks carried out via their networks, a leading internet lawyer says. [more]
Monday, 13 November 2006, 12:53 AM CET


Hands on: a hard look at Windows Vista
Now that it's gold, here's an inside look at the best and the worst of Windows Vista. [more]
Monday, 13 November 2006, 12:48 AM CET


UK bans denial of service attacks
A law was passed last week that makes it an offence to launch a denial of service attack in the UK, punishable by up to ten years in prison. [more]
Monday, 13 November 2006, 12:45 AM CET


Storing and protecting data
Most organisations recognise that they cannot simply continue to store and then blindly manage data of all types on primary storage. That data which has immediate relevance to active business processes merits a place on high-performance/high-availability primary storage. It also warrants special attention with frequent or continuous data protection and business continuance processes. [more]
Monday, 13 November 2006, 12:39 AM CET


Successful alternatives to password authentication?
Have any of you successfully deployed a key, token, or biometric-based access control for Windows machines to replace (or enhance) the typical login/logout authentication process (even image-recognition schemes would be considered)? [more]
Monday, 13 November 2006, 12:33 AM CET


Singapore teen faces 3 years' jail for tapping into another's wireless Internet
A Singapore teenager has been charged with tapping into someone else's wireless Internet connection, a crime that carries a penalty of up to three years in jail. [more]
Monday, 13 November 2006, 12:12 AM CET


Catching up with cybercriminals
No approach to fighting cybercrime is complete without careful consideration of technology. No one should underestimate the technical capabilities of today's cybercriminals. So new technology must be developed to go beyond rapid response, to anticipating and heading off new cybercrime techniques. [more]
Monday, 13 November 2006, 12:07 AM CET


Evidence dynamics
There are two things that responders are facing more and more, and those are (a) an increase in the sophistication and volume of cybercrime, and (b) an increase in instances in which systems cannot be taken down, requiring live response and/or live acquisition. [more]
Monday, 13 November 2006, 12:05 AM CET


Exploit targets widely deployed wireless flaw
A security researcher has released a set of instructions for exploiting a security flaw in the wireless Internet devices built into millions of new laptops from HP, Dell, Gateway and other computer makers. [more]
Monday, 13 November 2006, 12:00 AM CET


A look inside the security development lifecycle at Microsoft
The goals of the Security Development Lifecycle (SDL), now embraced by Microsoft, are twofold: to reduce the number of security-related design and coding defects, and to reduce the severity of any defects that are left. [more]
Friday, 10 November 2006, 7:16 PM CET


Hacker goes to prison for Trojan blackmail
A hacker who used a Trojan horse program to take control of computers belonging to adolescent girls in the U.K. and Canada was sentenced to 10 years in prison on Thursday; prosecutors in London said. [more]
Friday, 10 November 2006, 6:09 PM CET


Using PVS to detect corporate policy violations
Most companies have some sort of policy in place which defines network or computer activities which are considered 'Acceptable computer usage'. Such policies are often difficult to enforce. [more]
Friday, 10 November 2006, 6:07 PM CET


Microsoft co-president suggests Vista won't need antivirus
Allchin's statement came in response to a question about his relative level of confidence that Vista would be more secure than Windows XP SP2. [more]
Friday, 10 November 2006, 2:07 PM CET


Password-cracking contest results
Are long, noncomplex passwords harder to crack than short, complex passwords? These results lean toward yes. [more]
Friday, 10 November 2006, 2:04 PM CET


Online scams target the wealthy
High-income earners are being preferentially targeted by online "phishing" scams, research has shown. [more]
Friday, 10 November 2006, 1:53 PM CET


Top 10 Ajax security holes and driving factors
With Web 2.0, a lot of the logic is shifting to the client-side. This may expose the entire application to some serious threats. The urge for data integration from multiple parties and untrusted sources can increase the overall risk factor as well: XSS, XSRF, cross-domain issues and serialization on the client-side and insecure Web services, XML-RPC and REST access on the server-side. [more]
Friday, 10 November 2006, 11:20 AM CET


Industry lines up behind enhanced SSL standard
IE7 prepares to flip switch on Extended Validation SSL certificates in January. [more]
Friday, 10 November 2006, 12:34 AM CET


Intel drafts privacy license for mobile device software
Consumer-friendly policy requires good behavior from developers. [more]
Friday, 10 November 2006, 12:15 AM CET


Secure Kerberized authentication on Solaris 10 using IBM AIX version 5.3
Set up a Kerberized environment to work with Solaris(TM) 10 and learn how to configure a Key Distribution Center (KDC) on AIX(R) Version 5.3. [more]
Friday, 10 November 2006, 12:03 AM CET


Microsoft releases Sony rootkit hunter's tools
Four months after Russinovich hire, it's hosting blog, freeware. [more]
Friday, 10 November 2006, 12:00 AM CET


How many wireless vulnerabilities are really out there?
You hear a lot about wireless security threats, but do you know how many there really are? Or what kinds of vulnerabilities exist? Or what exactly "wirless phishing" means? [more]
Thursday, 9 November 2006, 4:21 PM CET


Gartner: Consumers to lose $2.8 billion to phishers in 2006
Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining ground in their efforts to defraud U.S. consumers, according to the Gartner research firm. [more]
Thursday, 9 November 2006, 3:13 PM CET


IT industry core to global e-crime battle
Criminal gangs from Russia, Ukraine and Romania are making millions from cybercrime. [more]
Thursday, 9 November 2006, 3:08 PM CET


Windows Vista security guide
This guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory directory service.
[more]
Thursday, 9 November 2006, 10:15 AM CET


Google accidentally sends out Kama Sutra worm
Google Inc. accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday. [more]
Thursday, 9 November 2006, 9:59 AM CET


Attack of the perv trackers
If the creepy guy next door suddenly stops wearing shorts, he may have an eye in the sky to blame. [more]
Thursday, 9 November 2006, 9:54 AM CET


Why management doesn't get IT security
At the request of the Department of Homeland Security, a group called The Conference Board completed a study about senior management and their perceptions of IT security. The results aren't very surprising. [more]
Thursday, 9 November 2006, 12:06 AM CET


'Supercerts' aim to highlight legit web sites
Over the past couple of years, dozens of companies have rolled out technologies designed to help computer users and companies better spot "phishing" scams -- Web sites that try to trick people into giving away financial and personal data. [more]
Thursday, 9 November 2006, 12:03 AM CET


Online banking fraud dramatically jumps in UK
Phishing scams mainly responsible for 55 percent increase. [more]
Thursday, 9 November 2006, 12:00 AM CET


Spammer can't have accuser's hard drive
Parties have reached a settlement in Joel Hodgell vs. EFinancial LLC, an anti-spam case in which I got involved because after Joel sued the defendant over spams he had received, the defendant asked the judge to make Joel turn over a copy of his hard drive. [more]
Wednesday, 8 November 2006, 5:42 PM CET


Dating site hacker avoids jail
A Nottinghamshire man who attacked the web site of London dating agency loveandfriends.com has avoided imprisonment. [more]
Wednesday, 8 November 2006, 4:39 PM CET


The emerging threat of cell phone spam
As with their wired counterparts, mobile carriers use network security measures to foil spammers. "They are always refortifying their firewalls to respond to the newest spam threats," said Joe Farren, a spokesperson for CTIA-The Wireless Association. [more]
Wednesday, 8 November 2006, 4:26 PM CET


Watchdog groups report e-voting problems
Problems with voting machines across the U.S. are being reported to watchdog groups, including significant problems of votes being incorrectly recorded Tuesday. [more]
Wednesday, 8 November 2006, 3:22 PM CET


PHREL beats back DNS server attacks
Running a public name server on the Internet today can be challenging, when it's exposed to a neverending flood of attacks against it. [more]
Wednesday, 8 November 2006, 3:21 PM CET


Security software moves toward blocking sites
For years, computer security software lurked in the background and tried to stop viruses and other malicious programs as they attack your computer. Newer products are trying to keep users from reaching Web sites before the programs can even launch an attack, essentially stopping threats at the source. [more]
Wednesday, 8 November 2006, 1:10 AM CET


Attackers end-run around IE security
The dependence of Internet Explorer on other Windows components has allowed online attackers to work around the shored-up security of Microsoft's latest browser. [more]
Wednesday, 8 November 2006, 1:05 AM CET


FTC settles with e-mail marketer
Yesmail will pay a $50,717 civil fine. [more]
Wednesday, 8 November 2006, 12:56 AM CET


Inside the hacker's profiling project
Imagine being able to preview an attacker's next move based on the traces left on compromised machines. [more]
Wednesday, 8 November 2006, 12:50 AM CET


IBM enters video surveillance software market
IBM has started selling security software that analyzes data from video surveillance cameras in real time, generating instant alerts of potential security breeches. [more]
Wednesday, 8 November 2006, 12:21 AM CET


The security snooze button
The other day, I read a comment in an article that said something like, “this latest break-in should serve as a wake-up call to the banks.” [more]
Wednesday, 8 November 2006, 12:09 AM CET


US calls for global data law
US privacy officials have made advances to Richard Thomas, Britain's information commissioner, about formulating an international data protection law for the era of globalisation. [more]
Wednesday, 8 November 2006, 12:03 AM CET


Piracy stats don't add up
Piracy statistics are labelled "self-serving hyperbole" in a draft government report. [more]
Wednesday, 8 November 2006, 12:00 AM CET


Advanced Host Intrusion Prevention with CSA
Cisco Security Agent software protects server and desktop computing systems by identifying threats and preventing malicious behavior. It mitigates new and evolving threats without requiring reconfigurations or emergency patch updates, providing robust protection with reduced operational costs. This book covers the means of maximizing endpoint security by using Cisco Security Agent. [more]
Tuesday, 7 November 2006, 8:34 PM CET


Security must focus on desktop policy
The challenge of controlling security threats triggered by users in the workplace shows no sign of abating, new research commissioned by Check Point Software Technologies suggests. [more]
Tuesday, 7 November 2006, 2:20 PM CET


UK credit card fraud down to £209.3m
Card fraud losses fell by 5 per cent in first six months of 2006, according to the latest figures from banking association APACS. [more]
Tuesday, 7 November 2006, 12:18 PM CET


Mental health trust introduces two-factor security
South London and Maudsley NHS Trust uses tokens to protect patient records. [more]
Tuesday, 7 November 2006, 12:17 PM CET


How much can a LAN switch protect your network?
Call it NAC (Cisco’s Network Admission Control) or, well, NAC (network access control), or even NAP (Microsoft’s Network Access Protection). Any way you refer to it, these schemes for shutting out unwanted users at the LAN switch port level are among the most buzzed about network technologies. [more]
Tuesday, 7 November 2006, 10:57 AM CET


US hosts a quarter of all phishing sites
US and South Korea exposed as biggest culprits. [more]
Tuesday, 7 November 2006, 10:49 AM CET


Windows hit by "extremely critical" 0-day vulnerability
Vulnerability in XMLHTTP 4.0 ActiveX control opens the door to attackers. [more]
Tuesday, 7 November 2006, 12:34 AM CET


About misguided advice regarding wireless networks
It follows the news that the music industry has dropped a lawsuit against Tammie Marson of Palm Desert, California. [more]
Tuesday, 7 November 2006, 12:24 AM CET


Full-disk encryption suites
One stolen laptop loaded with sensitive information could sink your business. [more]
Tuesday, 7 November 2006, 12:01 AM CET


'Nasa hackers' detained in Chile
The men are accused of breaching more than 8,000 websites, including that of US space agency Nasa. [more]
Tuesday, 7 November 2006, 12:00 AM CET


How well do you know your network?
"When we said 'we have a product we're using to monitor you' we saw events drop by 90%," says Tony Spinelli, senior vice president of information security at Equifax. "If you communicate it in the right way and are a little more honest and open by saying 'here's what we're doing and here's why' I think it helps to change user behavior." [more]
Monday, 6 November 2006, 9:36 PM CET


Zango fined $3m for illegal adware installations
FTC sets new rules for adware downloads. [more]
Monday, 6 November 2006, 1:54 PM CET


'Hacking' doesn't crack the code
Something -- maybe a lot of things -- is wrong with how America conducts its elections. [more]
Monday, 6 November 2006, 1:54 PM CET


WAN acceleration: best practices for preserving security
As more and more enterprises undergo server centralization projects, new products will be introduced to improve network and application performance. By following basic security precautions, enterprises can ensure that these performance improvements do not come at the expense of data security. [more]
Monday, 6 November 2006, 11:54 AM CET


Tracking outgoing data for intellectual property
It's obvious how to search fixed data formats when I'm monitoring for content going in and out of my network, but how do I track for things that are more random in nature such as intellectual property? [more]
Monday, 6 November 2006, 11:46 AM CET


Antiphishing fighters take on malware
The volunteers behind the Phishing Incident Reporting and Termination Squad (PIRT) have started a new project to crack down on malware. [more]
Monday, 6 November 2006, 10:29 AM CET


How to restore trust at the ballot box
Problems with high-tech machines have some voters feeling left out. [more]
Monday, 6 November 2006, 12:12 AM CET


Chicago area cops arrest 12 in credit card fraud scheme
Workers at seven motel chains, including Holiday Inn and Ramada, implicated. [more]
Monday, 6 November 2006, 12:06 AM CET


Scammers use Wikipedia to distribute virus
If Web 2.0 is built on trust, that may also be its downfall. [more]
Monday, 6 November 2006, 12:03 AM CET


A quantum leap in data encryption
Startup Magiq Technologies thinks it's got a sure way to keep data from prying eyes, using Heisenberg's Uncertainty Principle. [more]
Monday, 6 November 2006, 12:00 AM CET


Security threat changing, says Symantec CEO
The threat posed to computer users and companies by hackers is shifting from attacks on the computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors. [more]
Friday, 3 November 2006, 4:14 PM CET


Spying Apache server activity and performance with mod_status
mod_status provides information on your apache server activity and performance. [more]
Friday, 3 November 2006, 10:50 AM CET


Technology's threat to national security
This threat of hostiles sabotaging networks or opening secret back doors for spying is what motivated the U.S.-China Economic and Security Review Commission in April to recommend a change in how the State Dept. used some of the PCs it bought from Lenovo Group. [more]
Friday, 3 November 2006, 12:42 AM CET


Quantum attacks worry computer scientists
In the weird world of quantum computing, the state of computer systems networked together is so fragile that a read access to a single quantum bit, or qubit, on one machine would require a network-wide reset. [more]
Friday, 3 November 2006, 12:30 AM CET


Spammers gear up for pre-Christmas blitz
Security report reveals sophisticated online tricks. [more]
Friday, 3 November 2006, 12:25 AM CET


Turn off ActiveX for security
The library is installed by way of Visual Studio 2005, so it may only be present in development systems, and may therefore limit the scope of possible victims of an exploit. Microsoft, however, believes such an exploit may be in progress. [more]
Friday, 3 November 2006, 12:21 AM CET


Tips for securing the mobile enterprise
Today’s mobile work habits raise a number of difficult problems for IT departments: How do you protect systems that are often not in the office on a controlled network? [more]
Friday, 3 November 2006, 12:15 AM CET


Pressure forces Microsoft to change Vista licensing
Enthusiast uproar forces rethink of restrictive policy. [more]
Friday, 3 November 2006, 12:12 AM CET


Diebold slams HBO "Hacking Democracy" documentary
A campaign by Diebold to torpedo a TV documentary investigating its controversial e-voting machines looks set to backfire. [more]
Friday, 3 November 2006, 12:01 AM CET


U.S. adds wiki to spy arsenal
The U.S. intelligence community on Tuesday unveiled its own secretive version of Wikipedia, saying the popular online encyclopedia format known for its openness is key to the future of American espionage. [more]
Thursday, 2 November 2006, 11:13 AM CET


Spammers go island hopping to bypass filter
Anti-spam researchers at security company McAfee have discovered a new spamming trend nicknamed 'spam island-hopping'. [more]
Thursday, 2 November 2006, 11:12 AM CET


StopSpamAlliance joins organizations, many letters
Spam faces a new foe with the formation of an international group to exchange tactics and legal information. [more]
Thursday, 2 November 2006, 1:36 AM CET


Pro PHP security - preventing SQL injection
In this article, we will provide you with the security background every web developer needs, along with PHP-specific knowledge and code that you can use to protect the integrity of your own applications. [more]
Thursday, 2 November 2006, 1:21 AM CET


Microsoft scrambling to patch exploit
Microsoft Security announced it has been alerted to proof-of-concept code that may already have been referenced in the creation of a malicious exploit. [more]
Thursday, 2 November 2006, 1:15 AM CET


Hackers threat to Wi-Fi users
Companies and home computer users with wi-fi technology are as vulnerable to kerbside hackers as if they let them into their office with free access to confidential files, research shows. [more]
Thursday, 2 November 2006, 1:03 AM CET


MasterCard tackles PIN-based debit card fraud
MasterCard Worldwide will introduce in the first quarter of 2007 a new service to help banks and other card issuers detect and stop PIN-based debit card fraud in real time. [more]
Thursday, 2 November 2006, 12:54 AM CET


From cradle to grave, your files available to a cast of thousands
Millions of patients' details are already being uploaded on to the database that is the world's biggest civilian IT project. [more]
Thursday, 2 November 2006, 12:45 AM CET


Trusted Computing for Mac OS X
The purpose of this document is to discuss a specific piece of hardware found in certain Apple computer models: the Trusted Platform Module (TPM). [more]
Thursday, 2 November 2006, 12:33 AM CET


Hackers break into water system network
Pennsylvania breach occurred via compromised laptop. [more]
Thursday, 2 November 2006, 12:18 AM CET


Bomb blows out PayPal window
An explosive device blew out a thick, plate-glass window Tuesday evening at the Silicon Valley headquarters of PayPal, the online payments unit of eBay. [more]
Thursday, 2 November 2006, 12:12 AM CET


Windows Firewall exploit overhyped
The release of an exploit that means a hacker, who happens to be on the same local area network, can knock over Windows Firewall on machines running XP has created a lot of publicity, despite being not much of a threat. [more]
Thursday, 2 November 2006, 12:06 AM CET


Apple flaw kicks off second month of bugs
Security researchers published on Wednesday the details of a flaw in Apple's Airport wireless driver, kicking off a plan to release a software bug in the core system code, or kernel, of major operating systems every day throughout the month of November. [more]
Thursday, 2 November 2006, 12:03 AM CET


Microsoft takes aim at eBay pirates
Matt Lundy, a senior attorney with Microsoft's antipiracy group, said Microsoft works with auction sites including eBay to remove listings for software it believes is pirated, and only takes legal action if the merchants continue to sell the software after that. [more]
Wednesday, 1 November 2006, 12:21 AM CET


US ID thieves target kids
US-based identity thieves are using the details of children to conduct fraudulent trades, according to New York Senator Hillary Rodham Clinton who reckons up to 400,000 kids may become victims of identity theft, AP reports. [more]
Wednesday, 1 November 2006, 12:15 AM CET


Vulnerabilities in Firefox 2.0, IE 7.0, Drupal, and Yahoo! Messenger
A flaw exists in Mozilla Firefox 2.0 that could allow an intruder to crash the browser and potentially execute arbitrary code. [more]
Wednesday, 1 November 2006, 12:09 AM CET


OMB reports hinder security improvements, experts say
The expense of completing mandatory reports on the federal government’s cybersecurity efforts is siphoning hundreds of millions of dollars that would otherwise go to securing computer systems, some experts say. [more]
Wednesday, 1 November 2006, 12:05 AM CET


Domain resale market a 'haven' for phishers
Domain names likely to appeal to fraudsters are up for grabs on domain resale sites. [more]
Wednesday, 1 November 2006, 12:02 AM CET


Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //