Off the Wire

Off The Wire Archive

News items for November 2006

Nike + iPod = surveillance
If you enhance your workout with the new Nike+ iPod Sport Kit, you may be making yourself a surveillance target. [more]
Thursday, 30 November 2006, 11:13 AM CET

2007 to bring video viruses
McAfee publishes 10 security predictions for next year. [more]
Thursday, 30 November 2006, 11:12 AM CET

VoIP Security ‘Best Practices' project
With VoIP security concerns getting plenty of airplay in the media over the past month or so, it's good time for the VOIPSA "VoIP Security Best Practices" project to get underway. [more]
Thursday, 30 November 2006, 11:11 AM CET

Oracle develops standards for identity security
Oracle has dubbed the project the Identity Governance Framework. [more]
Thursday, 30 November 2006, 1:38 AM CET

Microsoft to roll out new version of WGA
The main change in WGA Notifications is a new category of results for PCs with Windows installations of questionable validity. [more]
Thursday, 30 November 2006, 12:52 AM CET

Internet Archive helps secure exemption to the Digital Millennium Copyright Act
Thanks to the hard work of two great law school students of Peter Jaszi of American University, Jieun Kim and Doug Agopsowicz, the Internet Archive and other libraries may continue to preserve software and video game titles without fear of going to jail. [more]
Thursday, 30 November 2006, 12:45 AM CET

Patient data exposed in two separate security breaches
Personal information on more than 45,000 people is at risk. [more]
Thursday, 30 November 2006, 12:37 AM CET

Spyware Slayer penalized for breach of spyware and consumer-protection laws
The sellers of the Spyware Slayer antispyware program have agreed to pay $300,000 in fines to settle charges that they violated Washington State spyware and consumer protection laws. [more]
Thursday, 30 November 2006, 12:09 AM CET

The devil's guide to Windows Vista security
Jonathan Hassell explains how to fly with all the safeties off. [more]
Thursday, 30 November 2006, 12:01 AM CET

Oracle launches identity governance project
IGF aims for consistent identity data across applications. [more]
Thursday, 30 November 2006, 12:00 AM CET

What are the most common causes of security breaches?
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved yet ‘cool’ application on the network. The situation isn’t helped by the myths that surround spyware. [more]
Wednesday, 29 November 2006, 11:23 PM CET

RFID security for developer dummies
We've been hearing about RFID for a while (see the RFID Gazette, for example, here). The technology is genuinely useful as it solves an identification problem faster than other methods. [more]
Wednesday, 29 November 2006, 3:31 PM CET

E-passports security? Depends on the country
U.K., Germany report cracks; New Zealand steady; U.S. goes boom. [more]
Wednesday, 29 November 2006, 11:23 AM CET

Postfix and Postgrey: a proactive approach to spam filtering
Greylisting is yet another way for preventing your mailbox getting full of spam. A famous spam fighter software is spamassassin which filter emails. Greylisting won't replace such softwares but it will behave as a powerful proactive barrier which will reduce the amount of spam getting through your mail server. [more]
Wednesday, 29 November 2006, 11:05 AM CET

DoJ to review domestic surveillance
With January approaching, bringing foul weather and a Democratic majority to Capitol Hill, the President has abandoned one of his cute little dodges that had shut down Congressional inquiries into the NSA's mass wiretap scandal. [more]
Wednesday, 29 November 2006, 10:50 AM CET

Researcher cancels Oracle zero-day bug exposure campaign
Criticised initiatives abandoned. [more]
Wednesday, 29 November 2006, 10:45 AM CET

Supreme court signals change in U.S. patent protection rules
Microsoft and Cisco are among those seeking a change. [more]
Wednesday, 29 November 2006, 1:42 AM CET

Analyst reviews 25 years of network security
Like many industry analysts, Gartner's John Pescatore got his start working hands-on with technology. [more]
Wednesday, 29 November 2006, 1:10 AM CET

Boarding pass hacker not prosecuted
A graduate student security researcher will not be prosecuted by FBI for his fake boarding pass generator, which was shut down by the government in October following a prominent Congressman's call for his arrest. [more]
Wednesday, 29 November 2006, 12:31 AM CET

Apple patches 31 security holes
Apple released software updates to fix at least 31 separate security flaws in computers powered by different versions of its Mac OS X operating systems. [more]
Wednesday, 29 November 2006, 12:27 AM CET

PKI will grow, but policy problems remain
Once-hot identity tech poised for resurgence, greater complexity. [more]
Wednesday, 29 November 2006, 12:03 AM CET

Solving the productivity vs. security dilemma
When we’re away from the office, we’re at our most vulnerable point with respect to viruses and malware. [more]
Wednesday, 29 November 2006, 12:00 AM CET

MasterCard push new smartcard
MasterCard has rolled out a global dual-interface (contact and contactless) smartcard for the Asia Pacific, Middle Eastern and African (APEMA) markets named the MasterCard PayPass M/Chip 4 Combi Card. [more]
Tuesday, 28 November 2006, 3:28 PM CET

How to fake fingerprints
One should rely on well tested forensic research methods which are explained in this article. [more]
Tuesday, 28 November 2006, 9:10 AM CET

Spam rates rise; will legal tactics improve?
The European Commission has urged its member states to beef up their efforts to cut spam, spyware and malicious software, after research showed that up to 85 percent of all e-mail received in the European Union is unsolicited. [more]
Tuesday, 28 November 2006, 9:06 AM CET

A hard lesson in privacy
Scott Granneman looks at a hard lesson in personal privacy and security through the lens of a very public and well-known female television show host in Europe. [more]
Tuesday, 28 November 2006, 12:42 AM CET

Fingerprint checks at airports mooted
Airline passengers are to face routine fingerprinting, with the Government already involved in talks with the aviation industry over the installation of scanners at airports. [more]
Tuesday, 28 November 2006, 12:06 AM CET

Oracle database vulnerable to new attack class
Dangling cursor snarfing attacks could expose confidential information. [more]
Tuesday, 28 November 2006, 12:00 AM CET

Most surfers still ignoring IT security
Insecurity through ignorance. [more]
Monday, 27 November 2006, 5:22 PM CET

Fan hacks Linkin Park singer cell data, threatens wife
A woman is accused of using a computer at a national laboratory to hack into a cell phone company's Web site to get a number for Chester Bennington, lead singer of the Grammy-winning rock group Linkin Park. [more]
Monday, 27 November 2006, 5:20 PM CET

Brussels declares war on spyware and spam
All spams must be of regulation size and weight. [more]
Monday, 27 November 2006, 5:18 PM CET

(IN)SECURE Magazine issue 9 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read an interview with the Skype CSO, learn about AJAX fingerprinting and filtering, find out if portable storage solutions compromise business security, and much more. Grab your copy today! [more]
Monday, 27 November 2006, 3:40 PM CET

EMC: Vendor cooperation key to data security
Harmony on security policy key to data security. [more]
Monday, 27 November 2006, 3:24 PM CET

Data agency broke privacy laws
Gave personal data to U.S. authorities for use in anti-terror investigations. [more]
Monday, 27 November 2006, 3:21 PM CET

Scanning your network for copyrighted material
Nessus includes three plugins to look for systems containing movies and music files being served through web servers, ftp servers and SMB shares. This blog entry will discuss why this is something you might want to look for, how these plugins work and how you can use the Security Center to analyze these results. [more]
Monday, 27 November 2006, 3:14 PM CET

The economics of cybercrime
Looking at cost trade-offs between help-desk support and investments in antispyware may be a valuable study for someone who is responsible for the help desk. [more]
Monday, 27 November 2006, 1:50 PM CET

Security: Is technology saint or sinner?
The latest problem to be thrown at us, on top of war, global warming, disease etc, is that we are "sleepwalking into a surveillance society". [more]
Monday, 27 November 2006, 1:49 PM CET

Patch those wireless drivers
Exploitable laptops, access points, wireless cards, and more are sitting ducks for hackers -- here's why you should worry. [more]
Monday, 27 November 2006, 12:01 AM CET

Mobile VPN is a better choice than an SSL VPN
Mobile workers face unique challenges and need a VPN designed to address them. SSL VPNs work well for remote workers but take a back seat in mobile and wireless environments. [more]
Monday, 27 November 2006, 12:00 AM CET

New rules allow cell-phone hack
The U.S. Copyright Office says it should be legal for you to crack lockout codes that keep you from porting your cell-phone to another carrier. And retro-gamers will be able to crack copy protection on abandoned titles -- for "archival" purposes. [more]
Friday, 24 November 2006, 12:44 AM CET

'Evil twin' Wi-Fi hacks target the rich
Hackers after high net worth individuals in wireless scam. [more]
Friday, 24 November 2006, 12:38 AM CET

Pushing the security agenda
Ben Fathi, corporate vice president of Microsoft's security technology unit, leads Microsoft's efforts to provide customers with a more secure platform. [more]
Friday, 24 November 2006, 12:36 AM CET

RSA crypto attack poses threat to DRM
Security researchers have developed a new approach to breaking the RSA algorithm that creates new problems for the development of effective rights management software. [more]
Friday, 24 November 2006, 12:34 AM CET

Compiling and Using ClusterSSH on Mac OS X
ClusterSSH is a small Perl/TK utility that controls a number of xterm windows via a single graphical console window to allow commands to be interactively run on multiple servers over an ssh connection. [more]
Thursday, 23 November 2006, 11:10 AM CET

New developments in NSA wiretap litigation
On Friday, Chief Judge Vaughn Walker rejected the DOJ's motion to have all 48 of the pending NSA-related lawsuits against various telecoms and cable companies combined into one suit and then dismissed under the "state secrets" privilege. [more]
Thursday, 23 November 2006, 12:15 AM CET

Public lacks confidence in online security
Just half (50 per cent) of the UK population have ever shopped on-line and 43 per cent of us are put off shopping or banking online by security concerns. [more]
Thursday, 23 November 2006, 12:12 AM CET

Legal actions filed against 97 Hotmail, MSN troublemakers
Microsoft Corp. has initiated 97 lawsuits throughout Europe and the Middle East during its eight-month investigation into fraudulent Web pages, with another 32 criminal complaints filed in cooperation with local authorities, the company said Wednesday. [more]
Thursday, 23 November 2006, 12:09 AM CET

Hard-working chips may reveal encryption keys
Details of a possible weakness in the way modern microchips process cryptographic information have been published by an international team of researchers. [more]
Thursday, 23 November 2006, 12:06 AM CET

Spyware firms pay token fines to FTC
Two alleged spyware operations have settled lawsuits brought by the US Federal Trade Commission. [more]
Thursday, 23 November 2006, 12:02 AM CET

Motorists to give fingerprints
Drivers who get stopped by the police could have their fingerprints taken at the roadside, under a new plan to help officers check people's identities. [more]
Thursday, 23 November 2006, 12:00 AM CET

Secure caller ID for VoIP
Session Initiation Protocol is used widely for the setup, teardown and management of VoIP calls. [more]
Wednesday, 22 November 2006, 12:51 PM CET

Why administrative passwords will never be like nuclear missile launchers
During the past few months many people have lamented that Windows lacks a nuclear missile style control option for administrator passwords. [more]
Wednesday, 22 November 2006, 9:33 AM CET

Postfix and Spamassassin: how to filter spam
Nowadays, networks are overwhelmed by SPAM mail, fortunately, there is a way to filter them with software such as spamassassin. [more]
Wednesday, 22 November 2006, 9:31 AM CET

System Administration Toolkit: problems and pitfalls
Avoid common pitfalls and traps to help keep your systems running smoothly. [more]
Wednesday, 22 November 2006, 9:30 AM CET

Using the Internet - anonymously
The Tor network is an intriguing concept: build a bunch of servers around the Internet to route traffic through so that your connections can’t be traced. Why would you want to do that? [more]
Wednesday, 22 November 2006, 9:29 AM CET

CIS finds flaws in Firefox 2.0 password manager
Chapin Information Services (CIS) has discovered a new flaw in the Mozilla Firefox web browser that exposes saved passwords to clever attackers. [more]
Wednesday, 22 November 2006, 9:27 AM CET

Microsoft beats Oracle in security showdown
The internet age outpaces database vendor's security practices. [more]
Wednesday, 22 November 2006, 9:25 AM CET

Old cell phones attract hackers
Software can easily resurrect erased data, creating risk of security breach by ID thieves. [more]
Wednesday, 22 November 2006, 9:24 AM CET

AV software now a subscription situation
Annual charges now a usual thing, but unsubscribing's a bear. [more]
Wednesday, 22 November 2006, 2:03 AM CET

Trouble in homicide: a network detective story
The Chief didn't trust our in-house IT department, so he hired an expert. Some expert! [more]
Wednesday, 22 November 2006, 1:30 AM CET

Skinny tablet PCs pack Core Duo, security
Fujitsu claims this new pair of slate-style tablet PCs to be the first to offer the latest Intel Core Duo processors. [more]
Wednesday, 22 November 2006, 1:18 AM CET

How to foil wiretaps at home
Think the Feds might be jacked into your home line? Well, there’s no need to skulk down to the corner pay phone to conduct your business. [more]
Wednesday, 22 November 2006, 1:12 AM CET

Measuring backup health
If you can't measure it, you can't manage it. Some may argue that there are exceptions to this truism, but backup/recovery is not one of them. [more]
Wednesday, 22 November 2006, 12:48 AM CET

Court ruling protects ISPs from libel lawsuits
Following a four-week trial, the ACLU won a challenge to an Internet censorship law. [more]
Wednesday, 22 November 2006, 12:42 AM CET

How to bridge networks with OpenVPN
OpenVPN is an easy-to-use open source VPN software based on SSL that offers cross-platform interoperability. [more]
Wednesday, 22 November 2006, 12:30 AM CET

Exploit released for unpatched Mac OS X bug
On Monday, the project's curator released instructions for targeting a serious flaw in the way Mac OS X systems processes certain types of files. [more]
Wednesday, 22 November 2006, 12:21 AM CET

Vista's EULA product activation worries
Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice. [more]
Wednesday, 22 November 2006, 12:12 AM CET

Tips for keeping your laptop safe
Be careful when logging online in a wireless hot spot - such as in a hotel, cafe or airport lounge - as you may not be logging onto a valid wireless network. [more]
Wednesday, 22 November 2006, 12:10 AM CET

Security and PCI compliance
Payment Card Industry Data Security Standard (PCI DSS) compliance is not a destination. [more]
Wednesday, 22 November 2006, 12:05 AM CET

Citibank debuts biometric pay system
Citibank lets credit-card holders make payments using their fingerprints instead of credit cards. [more]
Wednesday, 22 November 2006, 12:00 AM CET

7 steps to securing USB drives
Even when used with the best intentions, the data stored on USB drives is generally not covered by routine company procedures, such as backup, encryption, or asset management. How can companies keep track of the data coming in or leaving the company via these devices? Keeping company data secure has become a significant challenge for any corporate IT department. [more]
Tuesday, 21 November 2006, 3:04 PM CET

Having a NAC for network security
Although NAC may be a young and not yet fully defined technology, it can deliver value in the right circumstances. [more]
Tuesday, 21 November 2006, 11:17 AM CET

Hackers - Xbox 360 1:0
A group of coders has cracked the first part of Microsoft's anti piracy measures for the Xbox 360. How long till the rest is hacked? [more]
Tuesday, 21 November 2006, 11:16 AM CET

Study shows antiphishing toolbars are ineffective
Most of the toolbars suffered to varying degrees from false positives. [more]
Tuesday, 21 November 2006, 1:11 AM CET

Analysis: physical/logical security convergence
Physical and logical security staffs, both tasked with protecting enterprise assets, are seeing increased technology and budgetary overlaps. [more]
Tuesday, 21 November 2006, 12:18 AM CET

Mounting a remote filesystem with sshfs
I recently had need (actually, more of a want thing) to mount a remote server from my laptop. [more]
Tuesday, 21 November 2006, 12:12 AM CET

Malaysian government portal used in PayPal phishing scam
A medical transcription company's computers were also used. [more]
Tuesday, 21 November 2006, 12:06 AM CET

Bank-card PINs 'wide open' to insider attack
Security researchers have highlighted how corrupt bank insiders might be able to obtain bank card PINs using as little as one or two guesses. [more]
Tuesday, 21 November 2006, 12:01 AM CET

Adware maker caught cheating on legal settlement
Zango fails to properly disclose its adware application to users. [more]
Tuesday, 21 November 2006, 12:00 AM CET

'Worm' attacks Second Life world
Virtual world Second Life had to close its doors for a short time on Sunday after a worm attack called grey goo. [more]
Monday, 20 November 2006, 2:36 PM CET

Experts warn of surge in zero-day flaws
Security experts at the Sans Institute warned last week of a major surge in zero-day flaws as part of its 2006 update to the Top 20 Internet Security Attack Targets list. [more]
Monday, 20 November 2006, 2:20 PM CET

It's time for a global privacy agreement
Whenever I’ve mentioned to chief privacy officers the idea of having a single set of privacy rules for their companies to abide by worldwide, their response has been unanimous: Bring it on. [more]
Monday, 20 November 2006, 8:53 AM CET

PCI cards the next haven for rootkits?
Security researcher John Heasman released a paper this week describing a way to hide malicious code on graphics and network cards in such a way as to avoid detection and survive a full re-installation of the operating system. [more]
Monday, 20 November 2006, 12:40 AM CET

Researchers claim chip security flaw
Researchers have discovered a fundamental flaw in microprocessor technology that could allow hackers to obtain computer users' information, a French newspaper has reported. [more]
Monday, 20 November 2006, 12:30 AM CET

Egypt detains blogger in random security check
Egyptian police detained an opposition blogger in a chance security check on Sunday, a human rights group said. [more]
Monday, 20 November 2006, 12:25 AM CET

'Blagging' info thieves fined £14,800
A married couple has been convicted of stealing and selling personal data and has been ordered to pay £14,800 in fines and costs. Between them the pair were convicted of 25 cases of illegally obtaining and selling information. [more]
Monday, 20 November 2006, 12:21 AM CET

Image spam rates quintuple in 2006
Overall junk e-mail up nearly 100% [more]
Monday, 20 November 2006, 12:15 AM CET

NSA case becomes lawyer junket
The class-action lawsuits accuse BellSouth, Cingular Wireless, Sprint, MCI, Verizon, AT&T and even cable provider Comcast of violating various privacy and fair business laws. [more]
Monday, 20 November 2006, 12:12 AM CET

Gonzales assails court rulings on wiretapping
Attorney General Alberto Gonzales contended Saturday that some critics of the Bush administration’s warrantless surveillance program were defining freedom in a way that poses a “grave threat” to U.S. security. [more]
Monday, 20 November 2006, 12:03 AM CET

Man used MP3 player to hack ATMs
A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. Maxwell Parsons, 41, spent £200,000 of other people's money after using the machine to read card details. [more]
Monday, 20 November 2006, 12:01 AM CET

Are passwords obsolete?
Fully a third of our users write down their passwords instead of remembering them. That’s according to a recent study of 325 enterprise users, conducted by Nucleus Research and KnowledgeStorm. [more]
Monday, 20 November 2006, 12:00 AM CET

Vista security: Microsoft vs. anti-virus firms
We’ve been hearing a lot about the complaints from the security firms with regard to Microsoft’s new Vista operating system. [more]
Friday, 17 November 2006, 6:28 PM CET

New British passport cracked
Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes? [more]
Friday, 17 November 2006, 4:15 PM CET

Polite hackers kick it in Korea
The first international hacker conference held in this most wired of nations would never be confused with its Western forebears. [more]
Friday, 17 November 2006, 4:13 PM CET

CDP: Great for corruption, not disaster recovery
Ups, downs of continuous data protection. [more]
Friday, 17 November 2006, 11:33 AM CET

Create a backup of all the packages you have installed using apt-get
AptonCD allows one to create a CD image (ISO) of all the packages downloaded via apt-get or even the packages in a given repository. [more]
Friday, 17 November 2006, 10:12 AM CET

Companies are not spending their security dollars wisely
Recent research conducted by analyst firm Forrester Research indicates that organizations are spending millions on security, but not in the areas where the risk is greatest. [more]
Friday, 17 November 2006, 12:30 AM CET

Guidance Software settles with FTC over data compromise
Four people have been arrested in Spain over their suspected involvement in linked credit card theft and virus writing offences. [more]
Friday, 17 November 2006, 12:27 AM CET

Hoffacker charged with hacking system
Prosecutors have alleged that Stevan Hoffacker hacked into a company's e-mail network. [more]
Friday, 17 November 2006, 12:19 AM CET

More secure VPN clients for handsets
Mobile devices are getting better security options, with the announcement of two new client-side virtual private network (VPN) tools for secure communications within corporate infrastructures. [more]
Friday, 17 November 2006, 12:06 AM CET

IT director charged with hacking former employer
A former Source Media Inc. executive was charged with hacking into the company's computer system three years after he was dismissed, and tipping off employees whose jobs were in jeopardy, prosecutors said Wednesday. [more]
Friday, 17 November 2006, 12:02 AM CET

NYPD busts big online gambling ring
Though the shuttered gambling ring relied on a Web site, it was different from the online betting operations targeted by recent federal legislation. [more]
Friday, 17 November 2006, 12:00 AM CET

Forefront client security out and about
Third-party anti-virus vendors are peeved at Vista - and it’s not about the OS's architecture. [more]
Thursday, 16 November 2006, 1:54 PM CET

Malware goes to the movies
Online attackers have started to experiment with embedding malicious code or links to such code in different video formats. [more]
Thursday, 16 November 2006, 1:53 PM CET

VoIP makes list of Top 20 Internet attack targets
As the technology has grown in popularity over the past few years, VoIP attacks have multiplied exponentially. [more]
Thursday, 16 November 2006, 10:54 AM CET

Proving a negative
Don't believe the happy hype when data breaches are revealed. [more]
Thursday, 16 November 2006, 10:52 AM CET

Former HP chairman pleads not guilty
Patricia Dunn maintains that she didn't know about illegal investigation methods in spying scandal. [more]
Thursday, 16 November 2006, 10:50 AM CET

Broadcom flaw spawns wireless risk
Security researchers have discovered a vulnerability in Broadcom wireless device drivers. [more]
Thursday, 16 November 2006, 12:21 AM CET

Fraud fears lead Michigan banks to reissue thousands of cards
A security breach at a gas station chain may be to blame for the compromise. [more]
Thursday, 16 November 2006, 12:15 AM CET

New Specter NSA bill: November surprise?
The outgoing chairman of the Senate Judiciary committee, Senator Arlen Specter (R-Pa.), introduced a new spying bill on Tuesday that would increase the number of personnel involved in issuing warrants. [more]
Thursday, 16 November 2006, 12:01 AM CET

Windows Mobile security software attains FIPS validation
Trust Digital says its mobile security software has received FIPS 140-2 validation from the U.S. National Institute of Standards and Technology (NIST) for Windows Mobile 5.0. [more]
Thursday, 16 November 2006, 12:00 AM CET

U.S. intelligence unveils spy version of Wikipedia
The U.S. intelligence community on Tuesday unveiled its own secretive version of Wikipedia, saying the popular online encyclopedia format known for its openness is key to the future of American espionage. [more]
Wednesday, 15 November 2006, 3:02 PM CET

Pirated Vista may be useless, Microsoft says
Microsoft Corp. said supposedly pirated copies of its new Vista OS "will be of limited value" to those who use them. [more]
Wednesday, 15 November 2006, 11:55 AM CET

Companies getting clued up about info security
Firms are more aware of how information security can affect business, with a rising number integrating information security with their risk management processes, according to an Ernst & Young survey. [more]
Wednesday, 15 November 2006, 11:33 AM CET

Top 10 data disasters revealed
Hard drives kept in dirty socks and the dangers of oiling your PC feature in a top 10 list of data disasters. [more]
Wednesday, 15 November 2006, 11:22 AM CET

Kevin Mitnick's security advice
Protecting yourself is very challenging in the hostile environment of the internet. [more]
Wednesday, 15 November 2006, 9:06 AM CET

Foiling hackers with NAC: first, know what you have
Increasingly, hackers have infiltrated "protected" enterprise networks. One NAC provider says the key to maximizing your protection is to know what’s on your network. [more]
Wednesday, 15 November 2006, 1:25 AM CET

Under the thumb?
Hiring a car can now mean leaving a fingerprint. And check-out staff are scanning the customers as well as the shopping. Biometrics are entering every day life. [more]
Wednesday, 15 November 2006, 1:03 AM CET

New security products shun problem Web sites
Software, browser updates incorporate tougher 'anti-phishing' measures. [more]
Wednesday, 15 November 2006, 12:58 AM CET

Microsoft offers patches for seven 'critical' flaws
Public exploits for some of them are already circulating. [more]
Wednesday, 15 November 2006, 12:50 AM CET

Con man offers advice on avoiding identity theft
Frank Abagnale, whose exploits were immortalized in the movie 'Catch Me If You Can,' lectured on security measures at FAU in Boca Raton. [more]
Wednesday, 15 November 2006, 12:39 AM CET

OpenSSH server ported to Windows CE
The OpenSSH server has been ported to Windows CE, enabling secure remote access to a Windows CE device using the SSH protocol. [more]
Wednesday, 15 November 2006, 12:34 AM CET

Which is safer: Internet Explorer 7 or Firefox 2.0?
Internet Explorer 7 and Firefox 2.0 have built-in antiphishing features designed to alert you when you've hit a fraudulent site. [more]
Wednesday, 15 November 2006, 12:21 AM CET

Meet the world's most prolific spammers
Spamhaus has published a revised list of the world's 10 worst spammers. According to the anti-spam organisation, 200 professional spam gangs are responsible for 80% of the high volume of junk mail pumped onto the Internet every day. [more]
Wednesday, 15 November 2006, 12:06 AM CET

Microsoft moves corporate antivirus client into beta
Forefront Client Security to compete with McAfee and Symantec. [more]
Wednesday, 15 November 2006, 12:03 AM CET

Hackers steal data from Landis lab
A hacker stole data from computers at the French anti-doping lab where tests are being challenged by American cyclist Floyd Landis, police said Tuesday. [more]
Tuesday, 14 November 2006, 3:54 PM CET

Mutate, fragment, hide: The new hacker mantra
Hackers working for criminal gain are using increasingly sophisticated methods to ensure that the malware they develop is hard to detect and remove from infected systems, security researchers warned at this week's Computer Security Institute (CSI) trade show in Orlando. [more]
Tuesday, 14 November 2006, 12:46 AM CET

Court shuts down alleged spyware operation
ERG Ventures and an affiliate accused of tricking customers into downloading spyware. [more]
Tuesday, 14 November 2006, 12:23 AM CET

Wi-Fi hardware holed by security flaw
Windows computers are open to direct attack from a hole in the widely-used Broadcom Wi-Fi driver, security researchers have warned. [more]
Tuesday, 14 November 2006, 12:09 AM CET

Allchin backs away from Vista anti-virus claims
Outgoing Windows development chief Jim Allchin has apologised for the confusion he created in comments taken to mean Vista was so secure it might be possible to run the software without any anti-virus installed. [more]
Tuesday, 14 November 2006, 12:03 AM CET

Government IT leaders feeling more secure
But they're worried about funding, says survey. [more]
Tuesday, 14 November 2006, 12:00 AM CET

Hackers target online brokerages
Thieves attempt to make unauthorised trades worth millions of dollars. [more]
Monday, 13 November 2006, 4:00 PM CET

T'is the season to be ripped off...
Online fraudsters are gearing up for the massive increase in consumer online shopping due to take place over the festive season. [more]
Monday, 13 November 2006, 11:29 AM CET

Top 10 signs you have an insecure web app
I often surf the web and see blatant design errors that make me shake my head. Without even investigating the security of a site, I know without a doubt that the site will be chock full of vulnerabilities. [more]
Monday, 13 November 2006, 11:23 AM CET

How to avoid getting ransom notes
I suppose it shouldn’t come as any surprise that cybercriminals are demanding ransom... [more]
Monday, 13 November 2006, 11:18 AM CET

ISPs 'should be responsible' for hacker attacks
ISPs should be made legally liable for the damage caused by DoS attacks carried out via their networks, a leading internet lawyer says. [more]
Monday, 13 November 2006, 12:53 AM CET

Hands on: a hard look at Windows Vista
Now that it's gold, here's an inside look at the best and the worst of Windows Vista. [more]
Monday, 13 November 2006, 12:48 AM CET

UK bans denial of service attacks
A law was passed last week that makes it an offence to launch a denial of service attack in the UK, punishable by up to ten years in prison. [more]
Monday, 13 November 2006, 12:45 AM CET

Storing and protecting data
Most organisations recognise that they cannot simply continue to store and then blindly manage data of all types on primary storage. That data which has immediate relevance to active business processes merits a place on high-performance/high-availability primary storage. It also warrants special attention with frequent or continuous data protection and business continuance processes. [more]
Monday, 13 November 2006, 12:39 AM CET

Successful alternatives to password authentication?
Have any of you successfully deployed a key, token, or biometric-based access control for Windows machines to replace (or enhance) the typical login/logout authentication process (even image-recognition schemes would be considered)? [more]
Monday, 13 November 2006, 12:33 AM CET

Singapore teen faces 3 years' jail for tapping into another's wireless Internet
A Singapore teenager has been charged with tapping into someone else's wireless Internet connection, a crime that carries a penalty of up to three years in jail. [more]
Monday, 13 November 2006, 12:12 AM CET

Catching up with cybercriminals
No approach to fighting cybercrime is complete without careful consideration of technology. No one should underestimate the technical capabilities of today's cybercriminals. So new technology must be developed to go beyond rapid response, to anticipating and heading off new cybercrime techniques. [more]
Monday, 13 November 2006, 12:07 AM CET

Evidence dynamics
There are two things that responders are facing more and more, and those are (a) an increase in the sophistication and volume of cybercrime, and (b) an increase in instances in which systems cannot be taken down, requiring live response and/or live acquisition. [more]
Monday, 13 November 2006, 12:05 AM CET

Exploit targets widely deployed wireless flaw
A security researcher has released a set of instructions for exploiting a security flaw in the wireless Internet devices built into millions of new laptops from HP, Dell, Gateway and other computer makers. [more]
Monday, 13 November 2006, 12:00 AM CET

A look inside the security development lifecycle at Microsoft
The goals of the Security Development Lifecycle (SDL), now embraced by Microsoft, are twofold: to reduce the number of security-related design and coding defects, and to reduce the severity of any defects that are left. [more]
Friday, 10 November 2006, 7:16 PM CET

Hacker goes to prison for Trojan blackmail
A hacker who used a Trojan horse program to take control of computers belonging to adolescent girls in the U.K. and Canada was sentenced to 10 years in prison on Thursday; prosecutors in London said. [more]
Friday, 10 November 2006, 6:09 PM CET

Using PVS to detect corporate policy violations
Most companies have some sort of policy in place which defines network or computer activities which are considered 'Acceptable computer usage'. Such policies are often difficult to enforce. [more]
Friday, 10 November 2006, 6:07 PM CET

Microsoft co-president suggests Vista won't need antivirus
Allchin's statement came in response to a question about his relative level of confidence that Vista would be more secure than Windows XP SP2. [more]
Friday, 10 November 2006, 2:07 PM CET

Password-cracking contest results
Are long, noncomplex passwords harder to crack than short, complex passwords? These results lean toward yes. [more]
Friday, 10 November 2006, 2:04 PM CET

Online scams target the wealthy
High-income earners are being preferentially targeted by online "phishing" scams, research has shown. [more]
Friday, 10 November 2006, 1:53 PM CET

Top 10 Ajax security holes and driving factors
With Web 2.0, a lot of the logic is shifting to the client-side. This may expose the entire application to some serious threats. The urge for data integration from multiple parties and untrusted sources can increase the overall risk factor as well: XSS, XSRF, cross-domain issues and serialization on the client-side and insecure Web services, XML-RPC and REST access on the server-side. [more]
Friday, 10 November 2006, 11:20 AM CET

Industry lines up behind enhanced SSL standard
IE7 prepares to flip switch on Extended Validation SSL certificates in January. [more]
Friday, 10 November 2006, 12:34 AM CET

Intel drafts privacy license for mobile device software
Consumer-friendly policy requires good behavior from developers. [more]
Friday, 10 November 2006, 12:15 AM CET

Secure Kerberized authentication on Solaris 10 using IBM AIX version 5.3
Set up a Kerberized environment to work with Solaris(TM) 10 and learn how to configure a Key Distribution Center (KDC) on AIX(R) Version 5.3. [more]
Friday, 10 November 2006, 12:03 AM CET

Microsoft releases Sony rootkit hunter's tools
Four months after Russinovich hire, it's hosting blog, freeware. [more]
Friday, 10 November 2006, 12:00 AM CET

How many wireless vulnerabilities are really out there?
You hear a lot about wireless security threats, but do you know how many there really are? Or what kinds of vulnerabilities exist? Or what exactly "wirless phishing" means? [more]
Thursday, 9 November 2006, 4:21 PM CET

Gartner: Consumers to lose $2.8 billion to phishers in 2006
Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining ground in their efforts to defraud U.S. consumers, according to the Gartner research firm. [more]
Thursday, 9 November 2006, 3:13 PM CET

IT industry core to global e-crime battle
Criminal gangs from Russia, Ukraine and Romania are making millions from cybercrime. [more]
Thursday, 9 November 2006, 3:08 PM CET

Windows Vista security guide
This guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory directory service.
Thursday, 9 November 2006, 10:15 AM CET

Google accidentally sends out Kama Sutra worm
Google Inc. accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday. [more]
Thursday, 9 November 2006, 9:59 AM CET

Attack of the perv trackers
If the creepy guy next door suddenly stops wearing shorts, he may have an eye in the sky to blame. [more]
Thursday, 9 November 2006, 9:54 AM CET

Why management doesn't get IT security
At the request of the Department of Homeland Security, a group called The Conference Board completed a study about senior management and their perceptions of IT security. The results aren't very surprising. [more]
Thursday, 9 November 2006, 12:06 AM CET

'Supercerts' aim to highlight legit web sites
Over the past couple of years, dozens of companies have rolled out technologies designed to help computer users and companies better spot "phishing" scams -- Web sites that try to trick people into giving away financial and personal data. [more]
Thursday, 9 November 2006, 12:03 AM CET

Online banking fraud dramatically jumps in UK
Phishing scams mainly responsible for 55 percent increase. [more]
Thursday, 9 November 2006, 12:00 AM CET

Spammer can't have accuser's hard drive
Parties have reached a settlement in Joel Hodgell vs. EFinancial LLC, an anti-spam case in which I got involved because after Joel sued the defendant over spams he had received, the defendant asked the judge to make Joel turn over a copy of his hard drive. [more]
Wednesday, 8 November 2006, 5:42 PM CET

Dating site hacker avoids jail
A Nottinghamshire man who attacked the web site of London dating agency has avoided imprisonment. [more]
Wednesday, 8 November 2006, 4:39 PM CET

The emerging threat of cell phone spam
As with their wired counterparts, mobile carriers use network security measures to foil spammers. "They are always refortifying their firewalls to respond to the newest spam threats," said Joe Farren, a spokesperson for CTIA-The Wireless Association. [more]
Wednesday, 8 November 2006, 4:26 PM CET

Watchdog groups report e-voting problems
Problems with voting machines across the U.S. are being reported to watchdog groups, including significant problems of votes being incorrectly recorded Tuesday. [more]
Wednesday, 8 November 2006, 3:22 PM CET

PHREL beats back DNS server attacks
Running a public name server on the Internet today can be challenging, when it's exposed to a neverending flood of attacks against it. [more]
Wednesday, 8 November 2006, 3:21 PM CET

Security software moves toward blocking sites
For years, computer security software lurked in the background and tried to stop viruses and other malicious programs as they attack your computer. Newer products are trying to keep users from reaching Web sites before the programs can even launch an attack, essentially stopping threats at the source. [more]
Wednesday, 8 November 2006, 1:10 AM CET

Attackers end-run around IE security
The dependence of Internet Explorer on other Windows components has allowed online attackers to work around the shored-up security of Microsoft's latest browser. [more]
Wednesday, 8 November 2006, 1:05 AM CET

FTC settles with e-mail marketer
Yesmail will pay a $50,717 civil fine. [more]
Wednesday, 8 November 2006, 12:56 AM CET

Inside the hacker's profiling project
Imagine being able to preview an attacker's next move based on the traces left on compromised machines. [more]
Wednesday, 8 November 2006, 12:50 AM CET

IBM enters video surveillance software market
IBM has started selling security software that analyzes data from video surveillance cameras in real time, generating instant alerts of potential security breeches. [more]
Wednesday, 8 November 2006, 12:21 AM CET

The security snooze button
The other day, I read a comment in an article that said something like, “this latest break-in should serve as a wake-up call to the banks.” [more]
Wednesday, 8 November 2006, 12:09 AM CET

US calls for global data law
US privacy officials have made advances to Richard Thomas, Britain's information commissioner, about formulating an international data protection law for the era of globalisation. [more]
Wednesday, 8 November 2006, 12:03 AM CET

Piracy stats don't add up
Piracy statistics are labelled "self-serving hyperbole" in a draft government report. [more]
Wednesday, 8 November 2006, 12:00 AM CET

Advanced Host Intrusion Prevention with CSA
Cisco Security Agent software protects server and desktop computing systems by identifying threats and preventing malicious behavior. It mitigates new and evolving threats without requiring reconfigurations or emergency patch updates, providing robust protection with reduced operational costs. This book covers the means of maximizing endpoint security by using Cisco Security Agent. [more]
Tuesday, 7 November 2006, 8:34 PM CET

Security must focus on desktop policy
The challenge of controlling security threats triggered by users in the workplace shows no sign of abating, new research commissioned by Check Point Software Technologies suggests. [more]
Tuesday, 7 November 2006, 2:20 PM CET

UK credit card fraud down to £209.3m
Card fraud losses fell by 5 per cent in first six months of 2006, according to the latest figures from banking association APACS. [more]
Tuesday, 7 November 2006, 12:18 PM CET

Mental health trust introduces two-factor security
South London and Maudsley NHS Trust uses tokens to protect patient records. [more]
Tuesday, 7 November 2006, 12:17 PM CET

How much can a LAN switch protect your network?
Call it NAC (Cisco’s Network Admission Control) or, well, NAC (network access control), or even NAP (Microsoft’s Network Access Protection). Any way you refer to it, these schemes for shutting out unwanted users at the LAN switch port level are among the most buzzed about network technologies. [more]
Tuesday, 7 November 2006, 10:57 AM CET

US hosts a quarter of all phishing sites
US and South Korea exposed as biggest culprits. [more]
Tuesday, 7 November 2006, 10:49 AM CET

Windows hit by "extremely critical" 0-day vulnerability
Vulnerability in XMLHTTP 4.0 ActiveX control opens the door to attackers. [more]
Tuesday, 7 November 2006, 12:34 AM CET

About misguided advice regarding wireless networks
It follows the news that the music industry has dropped a lawsuit against Tammie Marson of Palm Desert, California. [more]
Tuesday, 7 November 2006, 12:24 AM CET

Full-disk encryption suites
One stolen laptop loaded with sensitive information could sink your business. [more]
Tuesday, 7 November 2006, 12:01 AM CET

'Nasa hackers' detained in Chile
The men are accused of breaching more than 8,000 websites, including that of US space agency Nasa. [more]
Tuesday, 7 November 2006, 12:00 AM CET

How well do you know your network?
"When we said 'we have a product we're using to monitor you' we saw events drop by 90%," says Tony Spinelli, senior vice president of information security at Equifax. "If you communicate it in the right way and are a little more honest and open by saying 'here's what we're doing and here's why' I think it helps to change user behavior." [more]
Monday, 6 November 2006, 9:36 PM CET

Zango fined $3m for illegal adware installations
FTC sets new rules for adware downloads. [more]
Monday, 6 November 2006, 1:54 PM CET

'Hacking' doesn't crack the code
Something -- maybe a lot of things -- is wrong with how America conducts its elections. [more]
Monday, 6 November 2006, 1:54 PM CET

WAN acceleration: best practices for preserving security
As more and more enterprises undergo server centralization projects, new products will be introduced to improve network and application performance. By following basic security precautions, enterprises can ensure that these performance improvements do not come at the expense of data security. [more]
Monday, 6 November 2006, 11:54 AM CET

Tracking outgoing data for intellectual property
It's obvious how to search fixed data formats when I'm monitoring for content going in and out of my network, but how do I track for things that are more random in nature such as intellectual property? [more]
Monday, 6 November 2006, 11:46 AM CET

Antiphishing fighters take on malware
The volunteers behind the Phishing Incident Reporting and Termination Squad (PIRT) have started a new project to crack down on malware. [more]
Monday, 6 November 2006, 10:29 AM CET

How to restore trust at the ballot box
Problems with high-tech machines have some voters feeling left out. [more]
Monday, 6 November 2006, 12:12 AM CET

Chicago area cops arrest 12 in credit card fraud scheme
Workers at seven motel chains, including Holiday Inn and Ramada, implicated. [more]
Monday, 6 November 2006, 12:06 AM CET

Scammers use Wikipedia to distribute virus
If Web 2.0 is built on trust, that may also be its downfall. [more]
Monday, 6 November 2006, 12:03 AM CET

A quantum leap in data encryption
Startup Magiq Technologies thinks it's got a sure way to keep data from prying eyes, using Heisenberg's Uncertainty Principle. [more]
Monday, 6 November 2006, 12:00 AM CET

Security threat changing, says Symantec CEO
The threat posed to computer users and companies by hackers is shifting from attacks on the computers to attacks on electronic transactions, according to the head of one of the world's largest security software vendors. [more]
Friday, 3 November 2006, 4:14 PM CET

Spying Apache server activity and performance with mod_status
mod_status provides information on your apache server activity and performance. [more]
Friday, 3 November 2006, 10:50 AM CET

Technology's threat to national security
This threat of hostiles sabotaging networks or opening secret back doors for spying is what motivated the U.S.-China Economic and Security Review Commission in April to recommend a change in how the State Dept. used some of the PCs it bought from Lenovo Group. [more]
Friday, 3 November 2006, 12:42 AM CET

Quantum attacks worry computer scientists
In the weird world of quantum computing, the state of computer systems networked together is so fragile that a read access to a single quantum bit, or qubit, on one machine would require a network-wide reset. [more]
Friday, 3 November 2006, 12:30 AM CET

Spammers gear up for pre-Christmas blitz
Security report reveals sophisticated online tricks. [more]
Friday, 3 November 2006, 12:25 AM CET

Turn off ActiveX for security
The library is installed by way of Visual Studio 2005, so it may only be present in development systems, and may therefore limit the scope of possible victims of an exploit. Microsoft, however, believes such an exploit may be in progress. [more]
Friday, 3 November 2006, 12:21 AM CET

Tips for securing the mobile enterprise
Today’s mobile work habits raise a number of difficult problems for IT departments: How do you protect systems that are often not in the office on a controlled network? [more]
Friday, 3 November 2006, 12:15 AM CET

Pressure forces Microsoft to change Vista licensing
Enthusiast uproar forces rethink of restrictive policy. [more]
Friday, 3 November 2006, 12:12 AM CET

Diebold slams HBO "Hacking Democracy" documentary
A campaign by Diebold to torpedo a TV documentary investigating its controversial e-voting machines looks set to backfire. [more]
Friday, 3 November 2006, 12:01 AM CET

U.S. adds wiki to spy arsenal
The U.S. intelligence community on Tuesday unveiled its own secretive version of Wikipedia, saying the popular online encyclopedia format known for its openness is key to the future of American espionage. [more]
Thursday, 2 November 2006, 11:13 AM CET

Spammers go island hopping to bypass filter
Anti-spam researchers at security company McAfee have discovered a new spamming trend nicknamed 'spam island-hopping'. [more]
Thursday, 2 November 2006, 11:12 AM CET

StopSpamAlliance joins organizations, many letters
Spam faces a new foe with the formation of an international group to exchange tactics and legal information. [more]
Thursday, 2 November 2006, 1:36 AM CET

Pro PHP security - preventing SQL injection
In this article, we will provide you with the security background every web developer needs, along with PHP-specific knowledge and code that you can use to protect the integrity of your own applications. [more]
Thursday, 2 November 2006, 1:21 AM CET

Microsoft scrambling to patch exploit
Microsoft Security announced it has been alerted to proof-of-concept code that may already have been referenced in the creation of a malicious exploit. [more]
Thursday, 2 November 2006, 1:15 AM CET

Hackers threat to Wi-Fi users
Companies and home computer users with wi-fi technology are as vulnerable to kerbside hackers as if they let them into their office with free access to confidential files, research shows. [more]
Thursday, 2 November 2006, 1:03 AM CET

MasterCard tackles PIN-based debit card fraud
MasterCard Worldwide will introduce in the first quarter of 2007 a new service to help banks and other card issuers detect and stop PIN-based debit card fraud in real time. [more]
Thursday, 2 November 2006, 12:54 AM CET

From cradle to grave, your files available to a cast of thousands
Millions of patients' details are already being uploaded on to the database that is the world's biggest civilian IT project. [more]
Thursday, 2 November 2006, 12:45 AM CET

Trusted Computing for Mac OS X
The purpose of this document is to discuss a specific piece of hardware found in certain Apple computer models: the Trusted Platform Module (TPM). [more]
Thursday, 2 November 2006, 12:33 AM CET

Hackers break into water system network
Pennsylvania breach occurred via compromised laptop. [more]
Thursday, 2 November 2006, 12:18 AM CET

Bomb blows out PayPal window
An explosive device blew out a thick, plate-glass window Tuesday evening at the Silicon Valley headquarters of PayPal, the online payments unit of eBay. [more]
Thursday, 2 November 2006, 12:12 AM CET

Windows Firewall exploit overhyped
The release of an exploit that means a hacker, who happens to be on the same local area network, can knock over Windows Firewall on machines running XP has created a lot of publicity, despite being not much of a threat. [more]
Thursday, 2 November 2006, 12:06 AM CET

Apple flaw kicks off second month of bugs
Security researchers published on Wednesday the details of a flaw in Apple's Airport wireless driver, kicking off a plan to release a software bug in the core system code, or kernel, of major operating systems every day throughout the month of November. [more]
Thursday, 2 November 2006, 12:03 AM CET

Microsoft takes aim at eBay pirates
Matt Lundy, a senior attorney with Microsoft's antipiracy group, said Microsoft works with auction sites including eBay to remove listings for software it believes is pirated, and only takes legal action if the merchants continue to sell the software after that. [more]
Wednesday, 1 November 2006, 12:21 AM CET

US ID thieves target kids
US-based identity thieves are using the details of children to conduct fraudulent trades, according to New York Senator Hillary Rodham Clinton who reckons up to 400,000 kids may become victims of identity theft, AP reports. [more]
Wednesday, 1 November 2006, 12:15 AM CET

Vulnerabilities in Firefox 2.0, IE 7.0, Drupal, and Yahoo! Messenger
A flaw exists in Mozilla Firefox 2.0 that could allow an intruder to crash the browser and potentially execute arbitrary code. [more]
Wednesday, 1 November 2006, 12:09 AM CET

OMB reports hinder security improvements, experts say
The expense of completing mandatory reports on the federal government’s cybersecurity efforts is siphoning hundreds of millions of dollars that would otherwise go to securing computer systems, some experts say. [more]
Wednesday, 1 November 2006, 12:05 AM CET

Domain resale market a 'haven' for phishers
Domain names likely to appeal to fraudsters are up for grabs on domain resale sites. [more]
Wednesday, 1 November 2006, 12:02 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st