Off the Wire

Off The Wire Archive

News items for December 2004

Phel Trojan horse attacks on Windows XP
It can affect systems, even if the latest XP service pack has been installed. [more]
Friday, 31 December 2004, 3:36 PM CET

Linux, security skills projected hot skills for 2005
Security, Web services and Linux jobs continue to dominate the IT help wanted ads and are projected to remain among the hottest skill and certification areas in 2005. [more]
Friday, 31 December 2004, 9:18 AM CET

Using SIM software to deal with security overload
George Washington had some excellent advice on the topic of security: ''Offensive operations, often times, are the surest, if not the only means of defense.'' [more]
Friday, 31 December 2004, 9:15 AM CET

Video interview with Howard Schmidt, CSO of eBay
In this video Mr. Schmidt talks about the state of computer security in general and offers his insight on what we can expect in 2005. Furthermore he discusses the problem of identity theft, offers advice that can help users not to become victims of phishing, gives his opinion on the challenges a CSO faces when managing security in a large company like eBay, and more. [more]
Wednesday, 29 December 2004, 9:01 PM CET

2004 was good and bad for IT security
A look back at the year in security. [more]
Wednesday, 29 December 2004, 2:51 PM CET

Year in review 2004: virus wars
Over the past twelve months the struggle between the software industry and the creators of malware has flared into a war in which the end-user suffers most, without really understanding what's going on. [more]
Wednesday, 29 December 2004, 2:21 PM CET

Microsoft chastises security groups
As Microsoft continued to investigate three recently reported vulnerabilities in multiple versions of its Windows operating system Tuesday, it delivered a message to security groups anxious to publicly report bad news: It does more harm than good. [more]
Wednesday, 29 December 2004, 12:03 AM CET

Scientists close to network that defies hackers
Scientists have taken what they say is a big step towards an intrinsically secure computer network which banks and other institutions could use to transmit data without risk of hacking. [more]
Tuesday, 28 December 2004, 9:34 AM CET

My favorite tips for Windows XP SP2
Rolling out XP SP2 in the enterprise is no small task. Whether you have 5, 50, or 500 machines, you could spend a lot of time just running the setup program. To speed the job, use the power of Group Policy to deploy SP2 to your users. [more]
Tuesday, 28 December 2004, 9:16 AM CET

Phishing hooks Wi-Fi networks
Customers need to set up password protection to lock nearby computers out of their networks. Most don't. How bad is the situation? Ryan Crum, Wi-Fi expert at financial services firm PwC, walked from the Boston Common to Kenmore Square a while ago and detected 286 Wi-Fi networks. Just 20 were password-protected. [more]
Tuesday, 28 December 2004, 1:44 AM CET

FBI spearheading anticrime initiative against phishing
Other industry groups have focused on identifying phishing Web sites and sharing case information. Digital PhishNet, however, is the first group to focus on aiding criminal law enforcement and assisting in catching and prosecuting those responsible for committing crimes against consumers through phishing. [more]
Tuesday, 28 December 2004, 1:12 AM CET

Officials unseal piracy records
An Iowa City man who admitted to pirating copyrighted software then distributing it online is personally responsible for as much as $200,000 in losses to the industry, according to federal records unsealed Thursday. [more]
Tuesday, 28 December 2004, 1:06 AM CET

Biometrics by fire
From iris scans to fingerprints, three DHS pilot programs have created a high-profile test bed for biometrics technology. [more]
Tuesday, 28 December 2004, 1:01 AM CET

CAN-SPAM not seen to be effective
Some anti-spam activists claim that the law has actually aided spammers rather than victims. [more]
Tuesday, 28 December 2004, 12:53 AM CET

Secure programmer: call components safely
How you handle calls and returns is as important as which components you call. [more]
Tuesday, 28 December 2004, 12:52 AM CET

Astaro updates Linux-based network security
The OS provides antispam, firewall and other protections. [more]
Tuesday, 28 December 2004, 12:47 AM CET

Spam punishment doesn't fit the crime
I hate spam as much as the next person, but recent decisions by courts in Iowa and Virginia demonstrate how fear of technology (and justifiable annoyance) can force the legal system to impose fines and sentences that are grossly disproportionate to the harm caused by spammers. [more]
Monday, 27 December 2004, 6:23 PM CET

Santy.E worm poses threat to sites badly coded in PHP
The latest version of the Santy worm poses an elevated risk to many Web sites built using the PHP scripting language, and protection of those sites may involve individually recoding them, security experts warned over the weekend. [more]
Monday, 27 December 2004, 4:12 PM CET

Biometric sensors keep finger on security
Biometrics authentication technology should be a promising means to confirm a cardholder's authenticity. With a Linux-based radio frequency (RF) personalizer that reads and writes in memory, the administrator can set various parameters of the smart security controller, such as real-time clock, personal identification number (PIN) option, alarm options and reader delays. [more]
Monday, 27 December 2004, 2:53 PM CET

New year resolutions: computer security
It’s that time of the year again when we all reflect on the year gone by and consider what lies ahead. Here's an overview of what happened and some resolutions that could make 2005 way better in terms of computer security. [more]
Monday, 27 December 2004, 2:50 PM CET

2004: good and bad for security
From a sharp increase in phishing scams to high-profile arrests, here's what made news this year. [more]
Monday, 27 December 2004, 10:42 AM CET

Windows XP Service Pack 2: the inside story
In early December, Paul Thurrott sat down with Todd, Ryan Burkhardt, and Jon Murchinson to discuss XP SP2 and the virtual team that made it happen. Here is their story. [more]
Monday, 27 December 2004, 10:04 AM CET

Shadow software attack
In this paper, I'm going to demonstrate the fact that a shadow software attack is still possible. [more]
Monday, 27 December 2004, 10:01 AM CET

Hacker lingo guides teaching users about threats
Phreaks, spoofers and spammers want to invade your home computer, and the tricks of their trade include airsnarfs, wabbits and fork bombs. [more]
Monday, 27 December 2004, 9:33 AM CET

Remove EFS from Win2K/XP clients to avoid security breaches
Learn the steps necessary for removing EFS from Win2K/XP clients. [more]
Monday, 27 December 2004, 9:32 AM CET

Exploits for Windows flaws released
A Chinese group claims it has found four vulnerabilities in Microsoft's Windows operating system and has posted details about the same to a public mailing list. [more]
Monday, 27 December 2004, 8:26 AM CET

Hacking around the Christmas tree
The holidays are ripe for hackers, spammers and spies who go after personal information from holiday shoppers and write special programs to infect new computers when they first go online. [more]
Monday, 27 December 2004, 8:24 AM CET

How ITIL can improve information security
This article provides an overview of ITIL, a management-level set of best practices and guidelines for an integrated and process-based approach to IT and security. [more]
Thursday, 23 December 2004, 2:37 PM CET

Security vendors facing the big squeeze
Convergence of networking and security threatens standalone players. [more]
Thursday, 23 December 2004, 2:24 PM CET

Who opens e-mail spam?
Canadians admit to being stressed by spam e-mails, but can't resist responding to the junk. [more]
Thursday, 23 December 2004, 9:35 AM CET

Groups fight Internet wiretap push
Industry and advocacy groups challenge the FBI to prove it's having problems spying on broadband and VoIP users. [more]
Thursday, 23 December 2004, 9:32 AM CET

Wireless in paradise: wardriving Maui
The laptop sitting on the center console continuously pinging at the networks being discovered. “Man, there’s a lot of wireless around here,” I said. [more]
Wednesday, 22 December 2004, 7:01 PM CET

Security risks in the wireless computing environment
This article addresses the most significant security risks in the wireless computing environment. The purpose of the article is to introduce in a centralized fashion the scope of the problem and the most significant talking points on the issue of wireless security and to summarize where the industry is in addressing these problems and where it is going. [more]
Wednesday, 22 December 2004, 6:00 PM CET

Configuring the ISA firewall as an inbound filtering SMTP relay
While the ISA firewall’s SMTP Message Screener isn’t a full-fledged spam whacking and e-mail anti-virus solution, it can perform some initial processing on incoming messages, which takes some heat off your dedicated e-mail scrubbing devices. This article shows you how to make it happen. [more]
Wednesday, 22 December 2004, 4:10 PM CET

Security starts from the inside out
It's been argued that the greatest vulnerability for an organization arises from security breaches perpetrated by insiders. [more]
Wednesday, 22 December 2004, 1:29 PM CET

Buyers ignore unsolicited email risk
Hard as it may be to believe, much of the spam delivered through cyber space is welcome. [more]
Wednesday, 22 December 2004, 11:21 AM CET

Feds limited on digital signatures
Federal officials received a reminder this week not to deviate from a list of acceptable vendors when buying digital signature services. [more]
Wednesday, 22 December 2004, 11:17 AM CET

Another Symbian Trojan masquerades as game
A new and malicious trojan aimed at users of smartphones based on the Symbian OS has been found, according to an anti-virus firm. [more]
Wednesday, 22 December 2004, 11:17 AM CET

Data security summary of 2004
Mikko Hypponen, Director of Anti-Virus Research at F-Secure, presents HNS visitors with an overview of data security in 2004. The audio concentrates on viruses, worms, phishing, DDoS botnets, spamming, phone malware and other infamous topics that were in the spotlight throughout the year. [more]
Tuesday, 21 December 2004, 3:42 PM CET

Hack a bike
The "Call a Bike" system of the german railway company "Deutsche Bahn" offers bikes for self-hire. Sophisticated technology enables customers to rent a bike using their mobile phone. "Hack a Bike" uses advanced reengineering to turn the system upside down. [more]
Tuesday, 21 December 2004, 2:30 PM CET

Tivoli tightens aim at security threats
IBM unleashed new network-protecting automated features in its Tivoli management line Tuesday, just days after the mega-merger of security software provider Symantec and storage play Veritas. [more]
Tuesday, 21 December 2004, 2:27 PM CET

Security holes that run deep
How a seemingly simply Microsoft bug betrayed its author's disdain for a wide range of secure coding principles. [more]
Tuesday, 21 December 2004, 11:38 AM CET

Centralizing clearances
The intelligence reform bill puts all federal security clearances under one agency that would develop a national database for them. [more]
Tuesday, 21 December 2004, 11:30 AM CET

Are security vendors tricking XP SP2?
Windows Security Center may not know when your antivirus definitions are out of date. [more]
Tuesday, 21 December 2004, 10:26 AM CET

Frank Abagnale: catch him if you can
Frank Abagnale, a former conman whose crimes inspired the memoir and movie "Catch Me If You Can," says he's quitting security-related speaking engagements in the wake of challenges to his credentials by industry leaders. [more]
Tuesday, 21 December 2004, 8:54 AM CET

Mobile spam outnumbers desktop's
The number of unwanted text messages and phone calls via mobile phone surpasses that of desktop spam mail by a big margin, according to the Korea Information Security Agency (KISA). [more]
Tuesday, 21 December 2004, 8:52 AM CET

Microsoft's Hotmail ditches McAfee
Under an agreement with Microsoft announced on Monday, Trend Micro will provide antivirus technology to some 187 million Hotmail accounts worldwide. McAfee's technology had been used to scan Hotmail's attachments and e-mails; no reason was provided for the change. [more]
Tuesday, 21 December 2004, 8:06 AM CET

Spam in the wild, the sequel
How big can a test get? We found out with our latest in-depth look at the anti-spam industry. Spam is still a huge problem, and there is an equally large market opportunity to fix it. [more]
Tuesday, 21 December 2004, 8:01 AM CET

Cisco's partners plan security-product blitz in 2005
More than a dozen vendors are expected to roll out products in the first quarter of next year that work with Cisco Systems' Network Admission Control program, which is designed to ensure that computing devices meet security policies and standards before they're granted access to a network. [more]
Tuesday, 21 December 2004, 7:59 AM CET

Fee or free in fighting viruses?
When AOL started offering free McAfee antivirus protection to its members this fall, it added one more question to the already confusing chore of shopping for antivirus software. [more]
Monday, 20 December 2004, 4:28 PM CET

Why your data is at risk
Randy Nash discusses various methods by which critical data may be attacked. He compares the risks to data as it traverses a network (data on the wire) with attacks directed at a data repository (data at rest). [more]
Monday, 20 December 2004, 3:52 PM CET

Microsoft fixes 'critical' XP firewall issue
Some XP users who installed Service Pack 2 were exposed to the problem. [more]
Monday, 20 December 2004, 2:59 PM CET

What's phishing? How to be safe?
Phishing means sending an e-mail that falsely claims to be from a particular enterprise (like your bank) and asking for sensitive financial information. [more]
Monday, 20 December 2004, 2:56 PM CET

A 12-step plan for file server security
Securely bringing a Windows file server on the network may not sound difficult. But when it's running Windows Server 2003, there's a lot you need to know to do it right. [more]
Monday, 20 December 2004, 2:53 PM CET

Network sniffers: is open source right for you?
There are commercial-grade sniffers available from manufacturers such as Fluke, Network General, and others. While these hardware tools can provide a much deeper level of analysis, you can build an inexpensive network sniffer using open source software and a low-end Intel PC. This chapter reviews several open source Ethernet sniffers. [more]
Monday, 20 December 2004, 2:50 PM CET

Surveillance in the Net's dark alleys
The indictment early this month of Mark Robert Walker by a federal grand jury in Texas might have seemed a coup for the U.S. government in its efforts to police terrorist communications online. [more]
Monday, 20 December 2004, 2:48 PM CET

Linux in Government: security enhanced Linux
An interview with Bill McCarty, author of a new book on SELinux, about the potential SELinux holds for secure computing. [more]
Monday, 20 December 2004, 2:47 PM CET

IBM considers offering PC security at your fingertips
IBM Corp. has been showing off an intriguing fingerprinting security feature on its ThinkPad T42 notebooks that could become standard equipment on laptops if it catches on. [more]
Monday, 20 December 2004, 2:46 PM CET

Adding permissions using SELinux
As an SELinux administrator, one of the most frequent SELinux policy customizations you're likely to perform is adding permissions to coax the security engine into accepting an operation. [more]
Monday, 20 December 2004, 2:29 PM CET

Spammers ordered to pay $1 billion
A federal judge has awarded an Internet service provider more than $1 billion in what is believed to be the largest judgment ever against spammers. [more]
Monday, 20 December 2004, 2:13 PM CET

Security vendors facing the big squeeze
Figures on the past quarter's enterprise security market show the extent to which security and networking are mixing, to the disadvantage of companies producing traditional standalone security devices. [more]
Monday, 20 December 2004, 2:06 PM CET

Zero viruses in 2005?
It's the time of year to reflect on the good security choices you've made over the year, the defense-in-depth strategy that you've decided to follow, and plan for your response to future threats and virus outbreaks. [more]
Friday, 17 December 2004, 1:50 PM CET

Unite your Linux and Active Directory authentication
Authentication is easily one of the most critical services provided by your network infrastructure. It is the gatekeeper for every resource on your network. [more]
Friday, 17 December 2004, 1:49 PM CET

Survivor's guide to 2005: security
The best way to safeguard your network is with centralized management and multilayered protection. But how much of the P.R. you read is hype? Learn to tell the marketing babble from the truth. [more]
Friday, 17 December 2004, 1:43 PM CET

I.T. security a people problem
The key to a successful security strategy is involvement. It appears the enterprises that remain free of viruses, break-ins and thefts will be those that refrain from throwing money or software at problems, and instead bring people in to respond to the shifting sands of I.T. hazards. [more]
Friday, 17 December 2004, 1:33 PM CET

SP2 firewall could share settings with the whole internet
Microsoft has released an update to Windows XP to fix a potentially serious configuration problem in the firewall that ships as part of Windows XP Service Pack 2 (SP2). [more]
Friday, 17 December 2004, 1:32 PM CET

Military taps NSA for security help
National Security Agency officials will lead the Defense Department's efforts to better protect the military's data and systems, the DOD deputy chief information officer said this week. [more]
Friday, 17 December 2004, 1:30 PM CET

UK spammer charged with further offences
More charges keep UK spammer in jail. [more]
Thursday, 16 December 2004, 6:05 PM CET

Microsoft buys Giant to attack spyware
Microsoft today announced that it will beef up Windows security after buying Giant Company Software, a developer of anti-spyware and internet security offerings. [more]
Thursday, 16 December 2004, 5:37 PM CET

Christmas card virus hits one in 10 emails
Zafi-D spreading rapidly around the world. [more]
Thursday, 16 December 2004, 4:18 PM CET

Xandros Desktop OS 3.0 review
LinuxLinks decided to put the Deluxe version through its paces. So, what do you get in this distro? [more]
Thursday, 16 December 2004, 12:18 PM CET

Phishing sites on the rise
The number of phishing sites reported to the Anti-Phishing Working Group has risen by 28 percent each month from July to November this year, the group says in its latest Phishing Attack Trends Report. [more]
Thursday, 16 December 2004, 10:23 AM CET

Merry virus to you
Security firms are reporting the spread of two holiday-themed viruses. Zafi.D and Atak.age use Christmas greetings and promises of an electronic holiday card to lure users to open malicious files. Zafi.D is circulating in multiple languages. [more]
Thursday, 16 December 2004, 10:00 AM CET

Bush prepares for shutdown of GPS network in national crisis
President Bush has ordered plans for temporarily disabling the U.S. network of global positioning satellites during a national crisis to prevent terrorists from using the navigational technology, the White House said Wednesday. [more]
Thursday, 16 December 2004, 9:59 AM CET

Lowe's Hardware hacker gets nine years
One of three Michigan men who hacked into the national computer system of Lowe's hardware stores and tried to steal customers' credit card information was sentenced Wednesday to nine years in federal prison. [more]
Thursday, 16 December 2004, 9:58 AM CET

SAP offers automated security-check service
The service, conducted remotely and without consultants, will check customers' SAP applications for security vulnerabilities. [more]
Thursday, 16 December 2004, 9:57 AM CET

Vincenzo Ciaglia speaks security 2004
Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux security. [more]
Thursday, 16 December 2004, 9:55 AM CET

Video interview with George P. Japak, Vice President of ICSA Labs
In this video Mr. Japak talks about the importance of product certification, the full disclosure of vulnerabilities, how ICSA Labs approaches product testing, how they determine the severity of a vulnerability, and much more. [more]
Wednesday, 15 December 2004, 3:30 PM CET

Cryptography Research wants piracy speed bump on HD DVDs
The Content Scrambling System of the DVD has come in for a lot of criticism over the years, as piracy has become relatively rampant. [more]
Wednesday, 15 December 2004, 1:06 PM CET

Air Force seeks cyberwar edge
Air Force officials plan to award contracts worth up to $25 million for computer warfare technologies, according to a solicitation issued today. [more]
Wednesday, 15 December 2004, 1:04 PM CET

Linux Bangalore/2004: hackers galore
Linux Bangalore/2004, India's biggest tech-fest for free and open source software was held in Bangalore, the country's IT hub, last week. [more]
Wednesday, 15 December 2004, 1:00 PM CET

Microsoft fixes three flaws in XP SP2
Microsoft has released five security advisories for the month. [more]
Wednesday, 15 December 2004, 6:21 AM CET

Linux: fewer bugs than rivals
Linux advocates have long insisted that open-source development results in better and more secure software. Now they have statistics to back up their claims. [more]
Wednesday, 15 December 2004, 6:20 AM CET

WEP: dead again, part 1
This article is the first of a two-part series that looks at the new generation of WEP cracking tools for WiFi networks, which offer dramatically faster speeds for penetration testers over the previous generation of tools. [more]
Wednesday, 15 December 2004, 6:19 AM CET

Web server security issues and Front Page server extensions
What are the risks associated with FrontPage and what can you do about them? What are the recommended best practices for securing FP Web sites? [more]
Wednesday, 15 December 2004, 6:17 AM CET

Hollywood to sue server operators behind BitTorrent, eDonkey
The U.S. film industry is preparing to sue computer server operators in the United States and Europe who help relay digitized movie files across online file-sharing networks, a source familiar with the movie studios' plans said Tuesday. [more]
Wednesday, 15 December 2004, 6:11 AM CET

Gait advances in emerging biometrics
Retinal scans, finger printing or facial recognition get most of the publicity but researchers across the world are quietly labouring away at alternative types of biometrics. [more]
Tuesday, 14 December 2004, 5:27 PM CET

Beware of Christmas PCs bearing viruses
Shop-bought computers often unpatched and vulnerable to malicious code. [more]
Tuesday, 14 December 2004, 3:08 PM CET

A bouncer for your PC
AntiHook is an Australian-developed desktop intrusion detection and prevention application that protects threats, blocking any suspicious activity rather than pattern matching or waiting to be given a list of threats. [more]
Tuesday, 14 December 2004, 3:07 PM CET

Government calls for tighter home PC security
Home Office internet crime report outlines major threats. [more]
Tuesday, 14 December 2004, 2:45 PM CET

Mobile processors gain chipset-level security
The Discretix CryptoCell security platform has been selected to be included in the entire range of Renesas' SH-Mobile processors. [more]
Tuesday, 14 December 2004, 2:44 PM CET

Microsoft hits security milestone
Microsoft has released Windows Server 2003 Service Pack 1 (SP1), the next milestone in its Trustworthy Computing initiative. [more]
Tuesday, 14 December 2004, 6:10 AM CET

Online extortion works
Online extortion is quietly affecting thousands of businesses, for a very simple reason: it works. The big question then becomes, how will you and your company decide to respond? [more]
Tuesday, 14 December 2004, 6:10 AM CET

Secure storage starts to become higher priority
As deployment of IP storage networks grows, so do the risks. [more]
Tuesday, 14 December 2004, 6:08 AM CET

How to get a job as a Linux administrator
If you ask Scot Melland, it's a good time to be a Linux professional. [more]
Tuesday, 14 December 2004, 6:04 AM CET

Group polishes guidelines on HIPAA security rules
A working group made up of members from three organizations plans this month to release guidelines for complying with the data security requirements of the Health Insurance Portability and Accountability Act (HIPAA). [more]
Tuesday, 14 December 2004, 5:56 AM CET

Securing wireless e-records
Few understand how tough it can be to lock down wireless networks better than Stephen Lewack, director of technical services and communications at Columbus Regional Healthcare System. [more]
Monday, 13 December 2004, 5:05 PM CET

Adaptive and behavioral approach to new threats
To really understand what is going on in your network, you must do more than deploy security devices, you must also monitor your security situation on a constant basis. Intrusion detection monitoring is a major trend in the security industry. [more]
Monday, 13 December 2004, 4:44 PM CET

Attackers deface Croatian ski champ's web site
Serb hackers apparently attacked the official Web site of Croatian Alpine skiing champion Janica Kostelic on Monday, replacing her picture with that of a bearded Serb World War II fascist leader. [more]
Monday, 13 December 2004, 3:48 PM CET

Troubleshooting SMTP server publishing rules
In this article we’ll take a look at one approach to troubleshooting SMTP Server Publishing Rules. [more]
Monday, 13 December 2004, 3:42 PM CET

Still no cybersecurity czar
DHS officials opposed to idea, but proposal likely to surface again. [more]
Monday, 13 December 2004, 11:33 AM CET

Two converging worlds: cyber and physical security
Push for standards, guidelines will help industry, government. [more]
Monday, 13 December 2004, 10:56 AM CET

Roadshows warn of IT security risks in deploying VoIP
A series of roadshows has highlighted the growing security threat to IP telephony systems and the need to protect voice over IP deployments. [more]
Monday, 13 December 2004, 10:52 AM CET

Police given computer spy powers
Federal and state police now have the power to use computer spyware to gather evidence in a broad range of investigations after legal changes last week. [more]
Monday, 13 December 2004, 6:04 AM CET

Longhorn Server to have one version for many roles
Users can configure the OS to specific tasks. [more]
Monday, 13 December 2004, 6:01 AM CET

Information security: a legal perspective
Security is one of the biggest concerns that affects the world today, not only in the actual world but in the context of the electronic format and the information stored therein. [more]
Monday, 13 December 2004, 5:55 AM CET

E-voting still expensive, fraught with security issues
Unlike the U.S. willingness to adopt the latest technology, Canada "is not quite there," explained Hollins, who's based in Pickering, Ontario. "We don't put as much emphasis on voting technology. I think it becomes a bit of a cost issue. We don't have as frequent elections in Canada." [more]
Monday, 13 December 2004, 5:51 AM CET

Secure Elements adds automated remediation to Cisco program
Secure Elements announced its participation in the Network Admission Control (NAC) program, an industry-wide effort led by Cisco Systems. [more]
Monday, 13 December 2004, 5:49 AM CET

Banking group warns of Christmas phishing spree
Online banking customers at greater risk than ever. [more]
Friday, 10 December 2004, 3:14 PM CET

Adware - is this software on your hard drive?
How one of the Internet’s largest and most secretive adware companies really operates. With new regulations coming, will it really reform? [more]
Friday, 10 December 2004, 8:20 AM CET

10 commandments of security for small business
Small to medium-sized businesses rank office computer security among their biggest concerns, according to a recent survey by the Information Technology Solution Providers Alliance (ITSPA). [more]
Friday, 10 December 2004, 8:16 AM CET

Identity theft: it's personal
The latest news on identity theft is chilling. In 2002, nearly 10 million Americans fell victim to a crime that is cold, calculated, and ultimately personal. [more]
Friday, 10 December 2004, 8:14 AM CET

Many wireless home networks skip security
Chris Hurley is a man with a mission. He wants you to know how to steer clear of people like him. People with his equipment, anyway. [more]
Friday, 10 December 2004, 8:12 AM CET

Spamsters jam inbox with prayer mails
Internet users praying for salvation from junk mail face a new torment -- "spiritual spam." [more]
Friday, 10 December 2004, 8:10 AM CET

Is it time to start encrypting your e-mail?
Longing for a little privacy? Thinking it might be time to start encrypting your e-mail? This article looks at the pros and cons, examines e-mail encryption technologies, and provides some tips for getting the most out of e-mail encryption. [more]
Friday, 10 December 2004, 8:07 AM CET

Virus attacks prompt Linux switch
Faced with a growing number of viruses hitting his network, small businessman Ralph Piche decided to switch to a Linux-based operating system for his desktop, rather than upgrade to the latest Windows offering. [more]
Friday, 10 December 2004, 8:02 AM CET

Cyber security’s Cassandra syndrome
A proposal to create a senior-level cyber security position at the Department of Homeland Security is killed at the eleventh hour. Why is this issue such a problem for the Bush administration? [more]
Friday, 10 December 2004, 7:56 AM CET

ISC launches programme for security best practice
Value added reseller, ISC, has launched what it cliams is the first all-in-one programme to enable small to medium-sized businesses to introduce information and network security best practice. [more]
Friday, 10 December 2004, 7:55 AM CET

Web stats firm in flap over 'packet sniffing"
A leading internet statistics company says claims on its own website that it used potentially illegal packet-sniffing hardware to harvest information was a mistake. [more]
Friday, 10 December 2004, 7:52 AM CET

Repurposing servers on the fly with SCPM
The main production Web server which hosts the main homepage for your site has a catastrophic failure. What do you do? [more]
Friday, 10 December 2004, 7:48 AM CET

Microsoft readies Windows Server 2003 R2 beta
Interim release aims to fill the gap between Windows Server 2003 and Windows Server Longhorn, due in 2007. [more]
Friday, 10 December 2004, 7:46 AM CET

Security amendment approved
A measure that would make cybersecurity an integral part of information technology acquisition plans survived as part of legislation passed by Congress this week. [more]
Friday, 10 December 2004, 7:40 AM CET

The strange death of the mass mailing virus
Mass mailing viruses will go the way of macro viruses and become much rarer next year. Viruses such as Sober and MyDoom are simply not as effective as they used to be. [more]
Thursday, 9 December 2004, 1:53 PM CET

Password overload syndrome
It’s all come down to the fact that we all have too many pin numbers and passwords to remember. Have you ever taken the time to count up how many you use in the course of a day? Have you ever sat in-front of your screen and your mind has gone absolutely blank? [more]
Thursday, 9 December 2004, 11:58 AM CET

The 12 thefts of Christmas
The 12 ways thieves might steal your identity this holiday and how you can Grinch them. [more]
Thursday, 9 December 2004, 11:49 AM CET

Recent developments in SELinux Kernel performance
This article covers some recent changes in the SELinux kernel code. [more]
Thursday, 9 December 2004, 11:48 AM CET

What price privacy?
Tucked away in this week's $388 billion spending bill is a rule that could put a privacy officer in every federal agency, no matter what its function. [more]
Thursday, 9 December 2004, 11:46 AM CET

Lycos goes straight
After a week of well-deserved criticism, Lycos is abandoning its scheme to launch denial-of-service attacks against spammy websites. Did the company reform in time to avoid criminal prosecution? [more]
Thursday, 9 December 2004, 11:43 AM CET

Air Force wants faster patching
Air Force officials will meet next week to discuss broadening their information assurance efforts to include speeding the service's software-patching process. [more]
Thursday, 9 December 2004, 11:38 AM CET

Ex-U.S. Cyber Security Chief sees curb on phishing
A former White House Web security chief predicted on Wednesday that technology companies and law enforcers could soon stamp out most Internet "phishing" scams that aim to trick people into giving away personal and financial information. [more]
Thursday, 9 December 2004, 11:29 AM CET

Sun readying its ray for security
Sun CEO Scott McNealy is hoping people are fed up enough with viruses, security updates and computer crashes to consider his Sun Ray vision as an alternative. [more]
Thursday, 9 December 2004, 11:26 AM CET

War of the worms: Netsky-P tops this year's list
Sophos has released a report revealing the hardest hitting viruses of 2004. In a year which saw a 51.8% increase in the number of new viruses, the Netsky-P worm has accounted for almost a quarter of all incidents reported. [more]
Wednesday, 8 December 2004, 3:40 PM CET

Sprint sued over alleged vice hacks
A Las Vegas adult entertainment operator sues his local telephone company in federal court for $30 million, resurrecting a claim that phone hackers crippled his business. [more]
Wednesday, 8 December 2004, 10:24 AM CET

SmoothWall Express Firewall (2.0) review
Which firewall is best for you? How about a free system that runs well on older hardware, uses a graphical configuration system, and is easy to install and configure? If that sounds like your cup of tea, then let's take a look at Smoothwall Express 2.0. [more]
Wednesday, 8 December 2004, 8:51 AM CET

Netscape prototype browser more secure, says analyst
"I would gauge privacy and security as a little better with the Netscape prototype than other current browsers," Jupiter analyst Joe Wilcox said. [more]
Wednesday, 8 December 2004, 8:41 AM CET

Reform bill weak on privacy
Civil liberties activists say Congress should slow down and not centralize surveillance powers without providing adequate safeguards. [more]
Wednesday, 8 December 2004, 8:39 AM CET

Windows Server 2003 hardening list (part 1)
In this article, we will cover the most common issues that you will need to look over to make certain that your Windows Server 2003 is completely locked down from attack. [more]
Wednesday, 8 December 2004, 8:23 AM CET

What are the real vulnerabilities of Linux?
So what are the real vulnerabilities of the Linux operating system? A few experts weighed in for NewsForge. [more]
Wednesday, 8 December 2004, 8:17 AM CET

Examing the New Network+ certification
This article compares the old (2001) version of the exam to the new one and also shows where you can find information on the new topics that you should know to prepare for this test. [more]
Wednesday, 8 December 2004, 8:15 AM CET

Cyber detective links up crimes
Many more crimes might be solved if detectives were able to compare the records for cases with all the files on past crimes. [more]
Wednesday, 8 December 2004, 8:12 AM CET

The threats to come
As security pros protect their applications and networks from today's most common attacks, hackers are preparing to wage new wars. [more]
Wednesday, 8 December 2004, 8:09 AM CET

Creating and configuring ISA firewall networks (2004)
If you've managed an ISA 2000 firewall, the networking model used in the new ISA firewall (ISA Server 2004) will likely send you for a loop. Check out this article for details on getting started right. [more]
Wednesday, 8 December 2004, 8:05 AM CET

Making your PC secure online, part two
In Part One, we showed how to adjust your network settings for better security. Now we'll look at free and commercial add-on products and services that do even more. [more]
Wednesday, 8 December 2004, 8:01 AM CET

Nortel makes security push
Symantec joins for strategic relationship. [more]
Wednesday, 8 December 2004, 7:59 AM CET

New RSA Sign-on Manager goes for two-factor ID
Consistent treatment of user authentication across applications and automated procedures for lost passwords are two of the big attractions of RSA Security's new Sign-On Manager. [more]
Tuesday, 7 December 2004, 2:17 PM CET

Wi-Fi detection and analysis tool hits market
"As Wi-Fi users become accustomed to using high-speed Internet access when and where they need it, versatile tools for finding accessible Wi-Fi networks become essential," Canary Wireless co-founder Benjamin Kern said. [more]
Tuesday, 7 December 2004, 8:38 AM CET

With threat of cybercrime looming, FBI's office takes aim
FBI statistics show the scope of what's at stake for cybercriminals and terrorists. [more]
Tuesday, 7 December 2004, 8:36 AM CET

Detecting complex viruses
The purpose of this paper is to examine the difficulties of detecting complex viruses, including polymorphic, metamorphic and entry-point obscuring viruses. Whether or not an anti-virus (AV) technology can detect these viruses can be a useful metric to consider when evaluating AV products. [more]
Tuesday, 7 December 2004, 8:25 AM CET

Security sells
Some companies are so serious about security, they try to make it part of their corporate image. [more]
Tuesday, 7 December 2004, 8:18 AM CET

Human factor is key to wireless security
As increasing numbers of firms allow at least some of their staff to use wireless devices, it is important to educate the end-users and set up stringent security policies. [more]
Tuesday, 7 December 2004, 8:12 AM CET

Consumers reportedly dissatisfied with online security
Passwords are not enough, study says. [more]
Tuesday, 7 December 2004, 8:11 AM CET

2004: the year of phishing
MessageLabs' was picking up 250,000 phishing e-mails a month at the start of 2004, according to its annual roundup. By October, the number had risen to nearly five million. Spammers were increasingly busy, with nearly three out of every four e-mails sent in 2004 identified as spam. [more]
Tuesday, 7 December 2004, 8:09 AM CET

Industrial strength security?
Commercial operating systems and IP networks are just two points of vulnerability that worry security experts about critical industrial information systems. [more]
Tuesday, 7 December 2004, 8:08 AM CET

SP5 U-turn hits Windows 2000
Microsoft has confirmed that the security features of Windows 2000 will not be brought into line with XP SP2. [more]
Monday, 6 December 2004, 2:37 PM CET

Social engineering meets the bot (part 3) - all is revealed
In the final installment of this article series we get to see the trojan operate at the packet level itself. No matter how clever the exploit, or trojan it must still dial home as it were. It will do so at the packet level, which we will examine. [more]
Monday, 6 December 2004, 2:36 PM CET

Sarbanes-Oxley: an opportunity for security professionals
Sarbanes-Oxley (SOX) is not just another regulation security professionals have to contend with in your already very busy lives. Instead, SOX should be viewed as opportunity for security teams to demonstrate your value as a key enabler of creating a sound business environment at the highest levels within your organizations. [more]
Monday, 6 December 2004, 2:27 PM CET

Cash crisis aids e-criminals
Poor reporting of e-crime is leading to inadequate budgets for law enforcement. [more]
Monday, 6 December 2004, 1:01 PM CET

High-school drop-out to become Homeland Security Czar
President George W. Bush has nominated former New York City Police Commissioner Bernard Kerik to replace Tom Ridge as Homeland Security Secretary, marking a significant departure from his tendency to choose educated, Patrician types for his Cabinet. [more]
Monday, 6 December 2004, 12:45 PM CET

Optimizing the Solaris Network Cache and Accelerator
This document is a brief how-to for using the Solaris Network Cache and Accelerator (SNCA). [more]
Monday, 6 December 2004, 12:33 PM CET

Spyware on my machine? So what?
There's a reason why so many PCs are infected with spyware and adware: Users seem to have stopped caring about having online privacy. Many are saying spyware is a small price to pay for free applications. [more]
Monday, 6 December 2004, 12:30 PM CET

Mobile phones: an ear full of worms
They're coming to mobile phones -- those nasty viruses, worms and Trojan Horses that have, on more than one occasion, crippled PCs. No doubt about that. The question is: Will they be as bad? [more]
Monday, 6 December 2004, 12:29 PM CET

Security concerns still plague wireless take-up
Wireless has many benefits, provided companies minimise the risks and rein in ad hoc networks. [more]
Monday, 6 December 2004, 12:28 PM CET

CLI Magic: passwd and passwords
I don't want to disturb your GUI-induced nap, but for your own good -- and for the security of your system -- you need to be concerned about two things: learning how to use the passwd command and learning how to create strong passwords. [more]
Monday, 6 December 2004, 12:21 PM CET

Networks taught self-defence in the face of security threats
Believing that security is fundamental to business processes and ultimately to business success, Cisco Systems is moving toward the fourth generation of router-service evolution by making its vision of a “self-defending network” a reality. [more]
Monday, 6 December 2004, 12:20 PM CET

Government tightens desktop data security
Despite the considerable amount of money and effort already spent on protecting sensitive U.S. government data, the threats keep getting more sophisticated and the stakes higher. [more]
Monday, 6 December 2004, 12:18 PM CET

Lycos screen saver attacks spammers
At the risk of breaching Internet civility, Lycos Europe is offering computer-users a weapon against spam-spewing servers: a screen-saver program that automatically hits the offenders with data to slow them down. [more]
Friday, 3 December 2004, 8:45 AM CET

Managers misuse tech to control workers, study says
Using mobile technology to keep tabs on employees is reducing workers' productivity. [more]
Friday, 3 December 2004, 8:36 AM CET

Security issues stain BlackBerry
The routing of traffic through an email server in Canada appears to be a key to security restrictions imposed this month on government use of BlackBerry devices. [more]
Friday, 3 December 2004, 8:35 AM CET

IT outsourcing and information security
A U.S. company announced last month that an insider at its research and development center in India stole portions of the source code and confidential design documents relating to one of its key products. [more]
Friday, 3 December 2004, 8:29 AM CET

IT security sheriffs to police the web
Parliamentary working group advocates special online constables. [more]
Friday, 3 December 2004, 8:28 AM CET

Private sector gets security check
The federal Government has kicked off a plan to stress-test the nation's private-sector IT infrastructure, part of its $50million protection program. [more]
Friday, 3 December 2004, 8:27 AM CET

Berkeley hack sparks legislative backlash
An intrusion into a university research computer housing information on 1.4 million people leads to a proposed law that would cut researchers off from sensitive data. Opponents say important work would be hobbled in the process. [more]
Friday, 3 December 2004, 8:26 AM CET

Microsoft sues seven spammers
Emails in violation of the 'brown paper wrapper' rule. [more]
Friday, 3 December 2004, 8:24 AM CET

Make for system administrators
Custom software installation is a common task for sysadmins. Compiling the software is often a complex process involving many steps that must be done in the correct order. [more]
Thursday, 2 December 2004, 6:17 AM CET

Microsoft investigates Windows Server flaw
Hole in WINS could allow attacker to gain complete control over systems running Windows Server. [more]
Thursday, 2 December 2004, 6:15 AM CET

Interview with Robert Graham, Chief Scientist for ISS
The Chief Scientist for ISS, Graham shares with Network Computing Asia his views on intrusion detection and prevention, and why ISS continues to be a force to reckon with. [more]
Thursday, 2 December 2004, 6:12 AM CET

Closed source hardware
Trust with hardware vendors for open source systems is becoming a one-way street, where in exchange for support they offer a closed source binary solution with no provision to audit security. [more]
Thursday, 2 December 2004, 6:10 AM CET

Corporate computers plagued by spyware
Corporate desktops pack almost as much spying software as do consumers' machines, according to a US anti-spyware vendor. [more]
Thursday, 2 December 2004, 6:08 AM CET

Computer security key to keeping attackers at bay
In an age of lightening-fast technology, information is accessible to almost anyone with curiosity and an Internet connection. [more]
Thursday, 2 December 2004, 6:02 AM CET

User knowledge key to good security
Computer Security Day, created in 1988, focuses on reminding users to protect their computers and business-critical information and raise awareness computer-related security issues. [more]
Thursday, 2 December 2004, 5:54 AM CET

Security on the go
Now that work is just a verb, not a place, are all your security assumptions wrong? [more]
Thursday, 2 December 2004, 5:53 AM CET

Security vendor shuts down phishing attacks against banks
Cyota's FraudAction shuts down many phishing sites in less than five hours. [more]
Thursday, 2 December 2004, 5:52 AM CET

Five tips for boosting wireless security
I was at a friend's new office, helping her set up her new wireless access point. It was a small office, so one Wi-Fi device would suffice, but as it would be in the immediate vicinity of many other offices I knew security would be important. [more]
Thursday, 2 December 2004, 5:51 AM CET

Urban myths giving ICSTIS a headache
Hoax emails cause chaos. [more]
Wednesday, 1 December 2004, 5:00 PM CET

Two thirds of all PCs infected with spyware
Epidemic costing millions as malicious software runs riot. [more]
Wednesday, 1 December 2004, 3:17 PM CET

HP to release Virus Throttler for Windows in 2005
HP is planning to build virus-throttling technology into ProLiant servers and ProCurve switches starting in early 2005, an HP executive said today. [more]
Wednesday, 1 December 2004, 2:38 PM CET

Why you should take information security seriously
The most valuable sources of information are those that are seen to be inherently reliable and easy to access. [more]
Wednesday, 1 December 2004, 1:49 PM CET

Sober virus crashes November party
Old favourites still top of the virus pops. [more]
Wednesday, 1 December 2004, 1:45 PM CET

Stressing security training
Teaching basic computer security has become an essential part of training government employees. [more]
Wednesday, 1 December 2004, 1:45 PM CET

Windows XP Embedded SP2 goes gold
Microsoft's Mobile and Embedded Devices Group has released the final version of Windows XP Embedded with Service Pack 2. [more]
Wednesday, 1 December 2004, 10:16 AM CET

WLAN security market heats up with product launches
Highwall Technologies and AirTight Networks both release tools for securing Wi-Fi networks. [more]
Wednesday, 1 December 2004, 10:14 AM CET

HP fine-tunes security management
OpenView Select Federation focuses on identity. [more]
Wednesday, 1 December 2004, 6:14 AM CET

Cambridge police nab UK spammer
Cambridgeshire police arrest UK spammer and charge him with threats to kill. [more]
Wednesday, 1 December 2004, 12:41 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Aug 28th