Off the Wire

Off The Wire Archive

News items for December 2005

Microsoft promises to patch worsening zero-day flaw
As bleaker details emerged Thursday about the threat posed by a zero-day vulnerability in Windows, Microsoft said it would produce a patch for the flaw but declined to put the fix on a timetable. [more]
Friday, 30 December 2005, 1:49 AM CET

Several new Trojans attack via the extremely critical WMF vulnerability
The WMF vulnerability is present in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 with Service Pack 0 and Service Pack 1. [more]
Friday, 30 December 2005, 1:49 AM CET

AOL names top spam subjects for 2005
The year in spam includes "Donald Trump" in the top 10. [more]
Friday, 30 December 2005, 1:48 AM CET

Settlement proposed in Sony BMG case
The attorneys in a New York class action lawsuit filed against Sony BMG and its two copy-protection software providers, SunnComm and First 4 Internet, proposed a settlement on Wednesday requiring--among other stipulations--cash payments to plaintiffs and consumer-friendly changes to copyright holders' anti-piracy initiatives. [more]
Friday, 30 December 2005, 1:47 AM CET

IT threats in 2006
The year that is just coming to an end has marked a turning point with respect to Internet threats. The last 12 months have been notable for the absence of the kind of massive virus epidemics caused by malicious code such as LoveLetter, Sasser or Blaster... [more]
Friday, 30 December 2005, 1:46 AM CET

Beware post-holiday phishing
Consumers should be especially watchful for bogus "get out of debt" phishing pitches, a security firm warned. [more]
Friday, 30 December 2005, 1:46 AM CET

Understanding digital certificates and SSL
Moving your business online provides the convenience and accessibility your customers and partners demand, learn how to use SSL digital certificates to gain customer trust and potentially increase revenue by adding more online services. [more]
Friday, 30 December 2005, 1:45 AM CET

Hackers rebel against spy cams
When the Austrian government passed a law this year allowing police to install closed-circuit surveillance cameras in public spaces without a court order, the Austrian civil liberties group Quintessenz vowed to watch the watchers. [more]
Thursday, 29 December 2005, 1:56 PM CET

Windows 0-day exploit found on Web
A previously unknown vulnerability in the Microsoft Windows graphics rendering engine is being exploited by several malicious Web sites to infect visitors' systems, security experts said on Wednesday. [more]
Thursday, 29 December 2005, 11:17 AM CET

Man admits to eBay DDoS attack
An Oregon man has pleaded guilty to launching a DDoS attack against eBay that caused at least $5,000 in damages, US authorities said this week. [more]
Thursday, 29 December 2005, 11:14 AM CET

Vista's metadata poses security risk, analysts say
Microsoft could have used some form of digital-rights-management technology to control who sees metadata, Gartner analysts said. Instead, the company chose not to use any, meaning that unsophisticated users can inadvertently disclose private information while using Vista's search tool. [more]
Wednesday, 28 December 2005, 7:46 AM CET

Criminals target viruses for cash
At first glance 2005 looks like it was a quiet year for computer security because there were far fewer serious Windows virus outbreaks than in 2004. [more]
Wednesday, 28 December 2005, 7:44 AM CET

Deadly Windows security mistakes
In this webcast, information security expert Kevin Beaver, CISSP, will outline various security omissions in Windows-based networks that can have a serious impact on your organization. [more]
Wednesday, 28 December 2005, 7:44 AM CET

Businessman wins e-mail spam case
A Channel Island businessman has won damages from a company which sent him internet e-mail spam. [more]
Tuesday, 27 December 2005, 7:10 PM CET

Viruses may prove dangerous to smart phones
Even with more secure operating systems, viruses will not become extinct. [more]
Tuesday, 27 December 2005, 7:03 PM CET

Rootkits, cybercrime and OneCare
The year 2005 in net security will likely be remembered as the year of the Sony rootkit DRM controversy. In other ways the last 12 months continued the trend of profit becoming a primary driver for the creation of computer viruses. [more]
Tuesday, 27 December 2005, 7:02 PM CET

New trojan steals online banking passwords
This new Trojan combines social engineering distribution through Messenger, and uses the techniques of spyware and phishing. [more]
Tuesday, 27 December 2005, 6:52 PM CET

Junking the junk: staying ahead of spam attacks
The numbers speak for themselves: in 2005, junk mail accounted for nearly 60 percent of all emails, up from just 10 per cent in 2001. And this growth looks set to continue. Read on to learn more about the problem as well as the ten tips that will help you reduce spam. [more]
Monday, 26 December 2005, 2:49 PM CET

Bandwidth monitoring with iptables
Linux has a number of useful bandwidth monitoring and management programs. A quick search on for bandwidth returns a number of applications. However, if all you need is a basic overview of your total bandwidth usage, iptables is all you really need -- and it's already installed if you're using a Linux distribution based on the 2.4.x or 2.6.x kernels. [more]
Monday, 26 December 2005, 2:41 PM CET

Security trends: follow the money
Fortune, not only fame, motivates hackers as services battle cybercrime. [more]
Monday, 26 December 2005, 2:29 PM CET

Windows Server 2003 authentication: under the hood
This webcast focuses on the nuts and bolts of the Kerberos authentication protocol: the basic protocol exchanges, the protocol's strengths and its operation in a single- and multi-domain environment. [more]
Monday, 26 December 2005, 2:29 PM CET

Data security movement backburnered by lawmakers
Despite a year's worth of highly publicized security breaches and a lot of talk in Congress this summer on ways to protect consumers, there's been too little done to protect U.S. consumers' data, said Gartner research director Avivah Litan. [more]
Friday, 23 December 2005, 11:40 PM CET

Top 7 PHP security blunders
This article details many of the common PHP programming mistakes that can result in security holes. [more]
Friday, 23 December 2005, 11:38 PM CET

Security checks in
N airport security "checkpoint of the future" that lets travellers leave shoes on feet, keys in pockets and laptop computers in carry-on bags has been shown off in San Francisco.
Friday, 23 December 2005, 12:48 PM CET

Encryption: a nice idea that few want to implement?
Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2% of companies responding to our survey say their organizations have an enterprisewide encryption plan. [more]
Friday, 23 December 2005, 3:42 AM CET

Google plugs security holes in Web site
Flaws would have exposed users to phishing scams. [more]
Friday, 23 December 2005, 12:09 AM CET

Tracked by cellphone
We know that technology can be used to track people's location via a cellphone, but how difficult is it for law enforcement to get a court order and do this legally? [more]
Friday, 23 December 2005, 12:08 AM CET

Four security resolutions for the new year
I always know what my first New Year’s resolution is going to be, because it’s the same every year: lose weight. Chances are, you have the same one. But by the time the Super Bowl happens, and you eat seven thousand calories on that one day, you’ll have already have given up on that resolution. [more]
Friday, 23 December 2005, 12:08 AM CET

Real world security threats: the anatomy of a hack
In this on-demand video demonstration and companion guide, watch as a hacker takes complete control of a mobile endpoint system without the proper security protection, and is able to attack and gain access to the mobile endpoint. [more]
Friday, 23 December 2005, 12:03 AM CET

How to manage security halfway around the world
Different cultures. Unstable political environments. Language barriers. CSOs in global companies face many a challenge as they try to manage security in far-flung locations. One of the biggest challenges? [more]
Thursday, 22 December 2005, 5:48 PM CET

Ford computer with employee data stolen
The data includes Social Security numbers; a letter has been sent to employees urging them to take steps to safeguard their personal information. [more]
Thursday, 22 December 2005, 5:46 PM CET

Nessus 3.0: the end of the age of open-source innocence?
"Here's the danger we are running into," said Alan Shimel, Chief Strategy Officer for StillSecure. "People contribute resources to these communities, whether it be time, money, or code. When they see everything they give converted for the commercial success of an individual rather than as a community as a whole, how long do you think they are going to want to keep giving?" [more]
Thursday, 22 December 2005, 5:41 PM CET

Serious flaw reported in Symantec antivirus software
Attackers could gain control of systems by using heap overflows. [more]
Thursday, 22 December 2005, 4:10 AM CET

Number of virus threats continues to rise
Medical-related spam, which claims to assist in sexual performance or weight loss, will remain the most dominant type of spam next year, said Sophos managing director Charles Cousins. Other categories of spam expected to rise next year are stock-related spam and pitches for adult content. [more]
Thursday, 22 December 2005, 3:49 AM CET

Quantum cryptography: when your link has to be really secure
QC (quantum cryptography) uses a string of individual photons and their quantum states as the bases of a link in which physicist Werner Heisenberg's often-cited, often-misunderstood uncertainty principle defeats any eavesdropper. [more]
Thursday, 22 December 2005, 3:40 AM CET

Choosing the right EAP type for wireless LAN security
To ensure the security of a WLAN, its connection with wireless client devices must be authenticated and encrypted, this is accomplished via encryption protocols such as WPA, WPA2 and WEP in addition to the 802.1x authentication protocol. [more]
Thursday, 22 December 2005, 3:26 AM CET

Hi-tech security systems tested on London rail
Body Imaging scanners or sophisticated CCTV which can automatically spot suspicious behaviour could be introduced on parts of the rail and Tube networks to combat the threat of suicide terrorists. [more]
Thursday, 22 December 2005, 3:21 AM CET

EU data to be stored for two years
European telecoms companies and ISPs will have to keep their data stored for two years to meet security regulations after EU politicians and legislators voted for the increase in data retention. [more]
Thursday, 22 December 2005, 3:16 AM CET

Looking back at computer security in 2005
This article presents a view on some of the biggest events of 2005 with comments by Bruce Schneier, Howard Schmidt, Dr. Gerhard Eschelbeck, Mikko H. Hyppönen, Ira Winkler and Fyodor. [more]
Wednesday, 21 December 2005, 7:55 PM CET

US 'winning war' on e-mail spam
The number of unsolicited e-mails received in the US appears to be falling thanks to new laws and better technology, a government report says. [more]
Wednesday, 21 December 2005, 3:06 AM CET

Santa worm on MSN, AOL, ICQ, & Yahoo plants rootkit
A new worm posing as a come-on to a Santa Claus site is traveling across all the major instant messaging networks, a security firm warned Tuesday, and when recipients visit the bogus site, they're infected with a file hidden from sight by a rootkit. [more]
Wednesday, 21 December 2005, 3:03 AM CET

Sunbelt completes Kerio Firewall buy
Sunbelt Software on Tuesday completed its acquisition of Kerio's desktop and server firewall products, a move which will save the popular free Kerio Personal Firewall from its planned retirement. In addition, Sunbelt is lowering the price of the full version to $19.95. [more]
Wednesday, 21 December 2005, 2:49 AM CET

Security: forensic tools in court
An interesting question comes to mind when you use as many open source forensic and security tools as I do — if I ever go to court over this case, will my tools be considered valid? [more]
Wednesday, 21 December 2005, 2:41 AM CET

Oracle turns to Fortify to secure source code
Oracle to use startups tools to find problems in database and middleware. [more]
Wednesday, 21 December 2005, 2:29 AM CET

FTC: Computer users seeing less spam
Agency cites CAN-SPAM Act as reason for reduction in unsolicited e-mail. [more]
Wednesday, 21 December 2005, 2:17 AM CET

Rootkit guru: antivirus makes me do it
Smart computer users know that once a computer is infected by a rootkit, it's changed forever. And as Windows rootkits go, Hacker Defender is among the most dangerous. The author of Hacker Defender, holy_father, explains why he does what he does, and what you can do to detect his rootkit. [more]
Wednesday, 21 December 2005, 1:07 AM CET

Building the perfect SSL VPN
Picking and choosing features from among the top tested products. [more]
Wednesday, 21 December 2005, 12:46 AM CET

Computer forensics firm Guidance hacked
Computer forensics firm Guidance Software has itself become the subject of a hack attack, prompting warnings to its clients in law enforcement and computer security that their financial details may have been exposed. [more]
Wednesday, 21 December 2005, 12:32 AM CET

Sober worm prompts net perv confession
A child porn suspect turned himself in to the police after mistaking an email generated by a prolific internet worm for an official notice he was under investigation. [more]
Wednesday, 21 December 2005, 12:22 AM CET

Authentication angst
Minor glitches dog vendor implementations of RADIUS and LDAP-based authentication ties. [more]
Wednesday, 21 December 2005, 12:10 AM CET

Open source application school: security administration tools
Find out about Snort and other enterprise-ready open source security applications in this Webcast. Expert speaker Bernard Golden offers a guide to choosing and using security management and administration applications. [more]
Wednesday, 21 December 2005, 12:04 AM CET

Mobile security threats to rise in 2006
martphone users beware - mobile malware is set to triple in the coming year, according to security experts. [more]
Tuesday, 20 December 2005, 2:55 PM CET

Oracle fortifies application security at the source
Oracle had previously relied on source-code analysis tools developed in-house but decided to work with a third party. [more]
Tuesday, 20 December 2005, 2:55 PM CET

Selling people information about themselves
The online security of a popular game maker was compromised last week, with hackers demanding an undisclosed sum to prevent data exposure. White Wolf Publishing posted a statement on their website indicating they had no intent of paying the hackers. [more]
Tuesday, 20 December 2005, 3:50 AM CET

Chile and Peru fight merciless hacker war
Official websites hit as fish crisis escalates. [more]
Tuesday, 20 December 2005, 3:48 AM CET

Microsoft releases security focused Vista preview
December CTP offers security, portability and performance enhancements. [more]
Tuesday, 20 December 2005, 3:28 AM CET

Mergers, security shaped networking year
There wasn't a moment's peace in the world of networking in 2005, from big carrier mergers announced early in the year, through a security bombshell and some major high-speed wireless launches. [more]
Tuesday, 20 December 2005, 3:10 AM CET

OpenSSH cutting edge
Federico Biancuzzi interviews OpenSSH developer Damien Miller to discuss features included in the upcoming version 4.3, public key crypto protocols details, timing based attacks and anti-worm measures. [more]
Tuesday, 20 December 2005, 3:07 AM CET

Terror phone clone scam exposed
Affiliates of terrorist organization Hezbollah cloned the mobiles of senior executives of Canadian operator Rogers Communications, including chief exec Ted Rogers. [more]
Tuesday, 20 December 2005, 2:24 AM CET

Use of Wi-Fi up but concerns over hotspot cost and security remain
Sales of Wi-Fi-enabled devices have increased 64% this year and will exceed 120 million units before the year is out, according to research firm In-Stat. But analysts said many organisations are still wary of the technology. [more]
Tuesday, 20 December 2005, 2:01 AM CET

Number of virus threats continues to rise
Medical-related spam, which claims to assist in sexual performance or weight loss, will remain the most dominant type of spam next year, said Sophos managing director Charles Cousins. [more]
Tuesday, 20 December 2005, 1:45 AM CET

Encrypting without secrets
Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. [more]
Tuesday, 20 December 2005, 1:04 AM CET

Securing card data isn't an easy sell
Recent data compromises, such as one involving the Sam's Club wholesale chain, highlight the challenges that credit card companies face in enforcing the security standards that went into effect last July for all businesses processing credit transactions. [more]
Tuesday, 20 December 2005, 12:40 AM CET

UK shelters from smut Trojan blitz
UK businesses were targeted in a blitz of 215,000 emails containing a new Trojan on Monday (19 December), according to email filtering firm BlackSpider Technologies. The malware - called Small-BXP - comes in the payload to a message that poses as a receipt for access to an online porn site. [more]
Tuesday, 20 December 2005, 12:24 AM CET

Security experts urge a 'say yes' mindset
Being an IT security specialist requires a close understanding of business goals, a dose of salesmanship and a willingness to say yes to projects even if it means dealing with new risks, top network security professionals told attendees at last week's inaugural Interop New York. [more]
Tuesday, 20 December 2005, 12:18 AM CET

Best practices for security routing protocols
This document discusses the various threats against routing protocols, including peering disruption and falsifying of routing information, followed by a description of the methods and techniques used to attack a routing system. [more]
Tuesday, 20 December 2005, 12:10 AM CET

Social engineering and other threats to internal security
How does a company protect itself from its own users who intentionally or accidentally can cause serious damage? [more]
Monday, 19 December 2005, 6:51 PM CET

The worst network security horror stories
Think you've had security problems? You aint heard nothing yet. We asked the pros to tell us some of the worst disasters they've faced. Here's what they told us. [more]
Monday, 19 December 2005, 5:27 PM CET

Security-enhanced Linux moving into mainstream
SELinux provides mandatory access control to a wider audience. It helps eliminate O-day attacks.
Monday, 19 December 2005, 5:26 PM CET

Update glitch spins out IE7 beta testers
Last week's update for Internet Explorer has tripped up users testing an early pre-release version of IE7. [more]
Monday, 19 December 2005, 5:23 PM CET

Tips on how to beat online fraudsters
Organized criminal gangs are targeting online consumers with ever more sophisticated blended phishing attacks, some of which even find out details of their interests and use them to generate phishing emails tailored to tempt them into giving away their identities. [more]
Monday, 19 December 2005, 5:23 PM CET

Dasher worm infects 3,000 machines
Dasher worm infects 3,000 machines [more]
Monday, 19 December 2005, 2:10 PM CET

Windows Mobile 2005 security model FAQ
Here are some questions and answers that will point you in the right direction. [more]
Monday, 19 December 2005, 2:09 PM CET

Holes found in PC virus defences
People using Windows computers were unprotected against new viruses for 56 days this year, research shows. [more]
Monday, 19 December 2005, 2:03 PM CET

IT security professionals move on up
Information security professionals are now more highly regarded, and are moving up the corporate ladder towards the board, according to a survey by analyst firm IDC. [more]
Monday, 19 December 2005, 2:02 PM CET

OMG pushes standards for verifying software security
A report released early this month by a task force within the Object Management Group outlines the standards needed to develop a consistent process for verifying the security of software sold to government agencies. [more]
Monday, 19 December 2005, 11:59 AM CET

President Bush, NSA accused of wiretap abuse
In an article published in the New York Times, journalists claim that the National Security Agency (NSA) has and continues to engage in covert, extralegal domestic surveillance of American citizens and foreign nationals. [more]
Monday, 19 December 2005, 11:58 AM CET

RFID poised for investment explosion
Spending expected to skyrocket by 2010. [more]
Monday, 19 December 2005, 11:45 AM CET

Virus fighters can't keep up
At 5:07 p.m. on Dec. 21 a year ago this week, the Santy worm arrived at Kaspersky Lab in Moscow via an E-mail message. [more]
Monday, 19 December 2005, 11:44 AM CET

Researchers: flaw auctions would improve security
The auction may have set a record price for a highlighter pen and an 8-by-11-inch sheet of paper. [more]
Monday, 19 December 2005, 11:42 AM CET

Why email compliance and encryption cannot be ignored
This FREE 90-minute educational Webcast features Paul Stamp, Forrester Research's security expert and global authority on messaging security. [more]
Monday, 19 December 2005, 11:41 AM CET

Industry gives U.S. security efforts Cs and Ds
A group of technology companies released a national agenda for information security this week, rating the current U.S. government's efforts in protecting data and the Internet with a below-average grade. [more]
Monday, 19 December 2005, 11:39 AM CET

P-to-P video and music download security threat
A series of files are being circulated across the Internet at peer-to-peer networks that allegedly contain music and videos, but also include adware in the form of a "toolbar," a security vendor says. [more]
Friday, 16 December 2005, 3:43 PM CET

Honeypots as an early warning system
These sticky traps make a good backup plan for malware detection - and every enterprise should have at least one. [more]
Friday, 16 December 2005, 3:41 PM CET

New malware targets Microsoft users
Two variants of the exploit are now in circulation. [more]
Friday, 16 December 2005, 1:21 PM CET

Web, security, wireless technologies rivet CIOs
A newly released survey of CIOs confirmed that Web issues and security, followed by wireless technologies, have held on to their positions as the leading technologies that concern federal IT professionals. [more]
Friday, 16 December 2005, 1:18 PM CET

The enemy within
Geeks, squatters and saboteurs threaten corporate security. [more]
Friday, 16 December 2005, 3:27 AM CET

Time to come clean about hacking
Companies need to pool information about web-based attacks to keep online buyers safe and spending. [more]
Friday, 16 December 2005, 3:20 AM CET

Mobile devices users need stronger security
Encryption is becoming increasingly important, according to a panel at this week's Interop trade show. [more]
Friday, 16 December 2005, 2:52 AM CET

Windows XP gets security certification
Touting the success of it's new Security Development Lifecycle (SDL) process, Microsoft late Wednesday said Windows Server 2003 and Windows XP SP2 Professional and Embedded have secured the highest Common Criteria security certification from the United States government's National Information Assurance Partnership. [more]
Friday, 16 December 2005, 2:33 AM CET

Survivor's guide to 2006: security
As you prepare for 2006, you need compliance-driven products to ensure your company doesn't become the next security-breach headline. But don't be fooled by all the vendor hype. [more]
Friday, 16 December 2005, 1:19 AM CET

Dutch hacking group cracks Xbox 360
Team PI Coder claims to have penetrated new console's security systems. [more]
Friday, 16 December 2005, 1:12 AM CET

Item-level RFID tagging aims to curtail counterfeiting
Vue Technology and Symbol Technologies Inc. on Wednesday said they will jointly develop and offer an item-level radio frequency identification (RFID) software and hardware package for retailers and manufacturers. [more]
Friday, 16 December 2005, 12:55 AM CET

Totally secure classical communications?
How would you feel if you invested millions of dollars in quantum cryptography, and then learned that you could do the same thing with a few 25-cent Radio Shack components? [more]
Friday, 16 December 2005, 12:46 AM CET

Security status rises
New research from The International Information Security Certification Consortium (ISC2) shows that IT security professionals are boosting their profile in the boardroom. [more]
Friday, 16 December 2005, 12:32 AM CET

Attack of the 'Zombies' (and how to respond)
This webcast reviews next-generation bot features and security-evasion techniques, and explores practical ways for identifying them given their new level of sophistication. [more]
Friday, 16 December 2005, 12:24 AM CET

Mac workstation security: more ways to clamp down on threats
This article offers a look at additional ways to tighten security on workstations, from disabling peer-to-peer sharing to limiting SSH access and securing local NetInfo data. [more]
Thursday, 15 December 2005, 5:48 AM CET

"Dark traffic" zaps 83 percent of e-mail resources
The amount of valid e-mail as a percentage of all incoming traffic has declined sharply since the beginning of the year, a messaging security vendor reported Tuesday, due to a tripling of directory harvest attacks by spammers after addresses. [more]
Thursday, 15 December 2005, 5:47 AM CET

Adobe moving to monthly security patch schedule
Customers have asked for a more predictable schedule. [more]
Thursday, 15 December 2005, 5:46 AM CET

Software 'pirate' pleads guilty to charges
California man faces maximum sentence of 10 years in prison and $500,000 fine. [more]
Thursday, 15 December 2005, 2:02 AM CET

Web service security
This guide provides a scenario-driven approach to demonstrate where different security patterns are successful, combined with a series of decision matrices to assist you in applying your own criteria for using Web service security patterns in your environment. [more]
Thursday, 15 December 2005, 1:40 AM CET

UK shopkeepers beating online fraud
UK retailers are beating the problem of online fraud, according to a new survey. [more]
Thursday, 15 December 2005, 1:13 AM CET

2005: a year of security woes and acquisitions
Computing rounds up the major events of the past year that have shaped the IT industry in the UK, such as growing budgets and government IT projects. [more]
Thursday, 15 December 2005, 1:02 AM CET

Sober worm cracked
Finnish security firm says it has the solution. [more]
Thursday, 15 December 2005, 12:42 AM CET

Browser users urged to patch up
Windows users are being warned about a bug that lets attackers take over a PC via the Internet Explorer browser. [more]
Thursday, 15 December 2005, 12:36 AM CET

Privacy: the devil's playground
The European Parliament adopted new rules drawn up by the European Union to store phone and internet data for up to two years to fight terrorism and other serious crime. [more]
Thursday, 15 December 2005, 12:26 AM CET

Embedded security
This paper examines the benefits that TPM chips bring to security-conscious businesses, and the ways in which this technology can elevate trusted computing to higher levels, enhancing security while simplifying usability. [more]
Thursday, 15 December 2005, 12:04 AM CET

Declaration of rights for administrators and end users
Frustrated with having to deal with unwanted software being installed on her network, an administrator suggests something be done about it. [more]
Wednesday, 14 December 2005, 3:32 PM CET

Confessions of an honest cracker
CyberMage cracks every game he plays. He also pays for every game he cracks. Following his lead could spare honest people a lot of aggravation, he says. [more]
Wednesday, 14 December 2005, 3:20 PM CET

Internet security gone wild
"The real problem is the unspoken and unholy alliance between Microsoft and other vendors not to stomp too hard on cookies so as not to interfere with their customers," said Andrew Jaquith, senior analyst at the Yankee Group. [more]
Wednesday, 14 December 2005, 2:44 PM CET

What's new in ModSecurity
This article describes the most important new features in ModSecurity 1.9. [more]
Wednesday, 14 December 2005, 2:41 PM CET

Security chiefs share pains of being caught in the middle
Corporate security experts face a crisis as they are caught between regulators demanding better accountability for data security and the need to keep businesses up and running with the help of many business partners, an American Express security executive told Interop New York attendees Tuesday. [more]
Wednesday, 14 December 2005, 2:37 PM CET

Security a money-motivated concern in 2005
Hackers working for cash emerged, employing quieter, more precise techniques. [more]
Wednesday, 14 December 2005, 4:19 AM CET

VMware's secure browser appliance
Threats like rootkits, spyware, adware, and viruses are simply cut off. [more]
Wednesday, 14 December 2005, 1:00 AM CET

ID fraudsters target job centre staff
Tax credit portal scam may hit 13,000. [more]
Wednesday, 14 December 2005, 12:32 AM CET

Creating secure wireless access points with OpenBSD and OpenVPN
You know how insecure 802.11x wireless networks are. In this article we'll create an OpenBSD-based secure wireless access point that prevents unauthorized access and encrypts every packet using a VPN tunnel. [more]
Wednesday, 14 December 2005, 12:27 AM CET

Mobile data security boosted by self-destruct texts
A service offering secure self-destruct mobile text messages has been launched in the UK. [more]
Wednesday, 14 December 2005, 12:26 AM CET

Symantec launches security appliances
The Gateway Security 5600's top-of-the-line model features throughput of 3 Gbps and includes connectivity options for fiber and copper Ethernet uplinks. [more]
Wednesday, 14 December 2005, 12:25 AM CET

Researchers crack biometric security with Play-Doh
"We have been saying for a long time that fingerprint readers can be compromised by someone lifting live prints and creating false fingers," said Avivah Litan, a Gartner analyst specializing in security technologies. [more]
Wednesday, 14 December 2005, 12:23 AM CET

Security enhancements in Outlook Web Access 2003
Outlook Web Access 2003 (OWA) is the web client delivered with Microsoft Exchange Server 2003. As well as new end user functionality features OWA 2003 delivers many enhancements that address common security concerns. [more]
Wednesday, 14 December 2005, 12:20 AM CET

Microsoft patch Tuesday brings two bulletins
This month's Bulletins include security updates affecting Microsoft Windows and Microsoft Internet Explorer. [more]
Tuesday, 13 December 2005, 10:33 PM CET

Don't overlook internal e-mail monitoring
Keeping an eye on your people's E-mail can head off security and compliance violations. Here's three ways you can make a difference now. [more]
Tuesday, 13 December 2005, 3:08 PM CET

Hackers break into charity website
Charity Commission issues stark warning of increase in online fraud. [more]
Tuesday, 13 December 2005, 3:07 PM CET

Firms count the cost of security threats
Security threats soared during 2005, along with the risk of financial losses, but a new report shows that companies still aren't heeding the warnings. [more]
Tuesday, 13 December 2005, 3:06 PM CET

Most stolen identities never used
A new study suggests consumers whose credit cards are lost or stolen or whose personal information is accidentally compromised face little risk of becoming victims of identity theft. [more]
Tuesday, 13 December 2005, 1:15 PM CET

E-Mail spills corporate secrets
Six percent of workers admitted that they've E-mailed confidential company information to someone they shouldn't have. [more]
Tuesday, 13 December 2005, 1:13 PM CET

Identity theft fears: underreported or overblown?
For every new incident of identity theft, data loss, or online fraud, it seems as if a study has been commissioned to verify if this is a first-class threat or an exaggerated nuisance. [more]
Tuesday, 13 December 2005, 1:12 PM CET

Consortium takes on security issues
Chief information security officers can have a difficult time fighting for budget dollars, because detailing the business ROI of buying a security product is far different from buying a Web portal. [more]
Tuesday, 13 December 2005, 1:06 PM CET

New attack targets known Mozilla bug
The exploit takes advantage of a known bug in the way that Firefox processes Javascript. [more]
Tuesday, 13 December 2005, 1:03 PM CET

SANS looks to security by degrees
The SANS Institute has decided to go back to school. [more]
Tuesday, 13 December 2005, 1:01 PM CET

Cisco launches practice lab for CCIE
Cisco Systems today announced the launch of the CCIE (Cisco Certified Internetwork Expert) Assessor Lab for Routing and Switching, the first online CCIE practice lab exam offered by Cisco’s certification program. [more]
Tuesday, 13 December 2005, 12:58 PM CET

Story of a dumb patch
This paper is an advisory but mostly it describes a mistake made by Microsoft on patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. [more]
Tuesday, 13 December 2005, 12:57 PM CET

Hacker attacks in US linked to Chinese military
A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute said. [more]
Tuesday, 13 December 2005, 12:55 PM CET

Security assessment: how to crack passwords
One of the key components in performing a security assessment is the acquisition of user account information and cracking of the account password. We show you the some of the tools use to crack these passwords. [more]
Tuesday, 13 December 2005, 12:54 PM CET

Security breach at Sam's Club exposes credit card data
An unspecified number of consumers have been affected by the breach. [more]
Tuesday, 13 December 2005, 12:53 PM CET

Cyberthieves exploit Christmas shipping deadline
E-tailers have circled Tueday on their calendars — and so have cyberthieves. [more]
Tuesday, 13 December 2005, 12:52 PM CET

Securing SQL servers using Group Policy
By implementing company policies and enforcing them through Active Directory and Group Policy, you can literally affect thousands of installations at once and enforce order from chaos. [more]
Tuesday, 13 December 2005, 12:49 PM CET

Port scans don't always precede network hacks
University of Maryland study finds most attacks are made without them. [more]
Monday, 12 December 2005, 6:00 PM CET

A fool's choice: features or security in Web applications
Web applications that give customers, employees, and business partners access to services and information are difficult to secure and increasingly a soft target for hackers, who use a variety of techniques to probe for sensitive data. [more]
Monday, 12 December 2005, 5:45 PM CET

The Firefox hacks you must have
With the release of the new version 1.5 of Firefox, there's never been a better time to download the open-source browser, take it for a drive, kick the tires and see what it can do. [more]
Monday, 12 December 2005, 4:12 PM CET

IT security leaders set for key roles
IT security managers had better get ready to ditch their peripheral, advisory role and get used to being the organisation’s key digital security player. [more]
Monday, 12 December 2005, 4:10 PM CET

Microsoft tightening security defaults in IE 7
Microsoft details changes aimed at reducing users' chances of falling victim to malicious code. [more]
Monday, 12 December 2005, 4:05 PM CET

Two-factor checks give PCs extra security layer
Pointsec Mobile Technologies will today release a new version of its security tool for PCs. [more]
Monday, 12 December 2005, 4:01 PM CET

Small security bug in Firefox, users unscathed
History repeating. [more]
Monday, 12 December 2005, 4:00 PM CET

Online anti-piracy service closes
A company that fought net piracy by adding fake files to file-sharing networks is being closed down. [more]
Monday, 12 December 2005, 3:59 PM CET

Zero day Excel hacker takes on eBay
But vulnerability author says he is still talking with Microsoft. [more]
Monday, 12 December 2005, 2:58 AM CET

Mobility done right - without the risk
Mobility is having a profound impact on productivity within organizations today. In a recent study, workers were found to be 13.4% more productive when using wireless devices. [more]
Monday, 12 December 2005, 2:56 AM CET

Microsoft to beef up Internet Explorer 7 security
In a change that will mean better security mostly for home users, Microsoft is revamping the way that Internet Explorer 7 handles its four security categories. [more]
Friday, 9 December 2005, 10:11 PM CET

Airport passwords leaked onto the Internet
Passwords for restricted areas in 17 airports have been leaked onto the Internet from a Japan Airlines co-pilot's personal computer, the airline said Friday. [more]
Friday, 9 December 2005, 5:12 PM CET

Economics crucial to computer security
Computer security isn't a technological problem -- it's an economic one. [more]
Friday, 9 December 2005, 5:11 PM CET

Worker privacy: you have none
If you have internet access at work, there's a very good chance your employer has a system in place to monitor your online activities. [more]
Friday, 9 December 2005, 1:54 PM CET

Tom Ridge and Bruce Schneier disagree on national ID card
Counterpane CTO Bruce Schneier says ID card is a bad ideah. [more]
Friday, 9 December 2005, 12:31 PM CET

Rootkits making more spyware, adware stick
The sharp rise in rootkits--sneaky software used to conceal malicious code from security programs--is due to spyware and adware purveyors trying to prevent their wares from being easily uninstalled, security experts said Thursday. [more]
Friday, 9 December 2005, 12:30 PM CET

Qualys announces support for vulnerability rating methodology
Qualys announced its vulnerability-management service QualysGuard now supports a rating methodology called Common Vulnerability Scoring System. [more]
Friday, 9 December 2005, 12:29 PM CET

Microsoft plans a critical patch on Tuesday
Patch will come as part of the company's regular monthly patch release cycle. [more]
Friday, 9 December 2005, 12:27 PM CET

Phishing scams get 70% of their targets
The study found nearly three-quarters of those surveyed, 74 percent, use their computers for sensitive transactions such as banking, stock trading or reviewing medical information. That leaves phishers with a good chunk of Internet users to target, Platt said. [more]
Friday, 9 December 2005, 3:12 AM CET

How to reduce credit card fraud
The big daddy of 2005’s many credit card heists was probably the CardSystems breach, which put as many as 40 million credit card numbers at risk. [more]
Friday, 9 December 2005, 3:06 AM CET

Virus onslaught continues apace
Unprecedented rise in attacks during last six months of 2005. [more]
Friday, 9 December 2005, 2:55 AM CET

FBI: Internet terrorism unlikely
Investigators keep a close watch on terror groups' use of computers but have not detected any plans to launch cyber attacks against major public institutions in the United States, FBI assistant director Louis M. Reigel said. [more]
Friday, 9 December 2005, 2:44 AM CET

Smartcard leaders to merge
Smartcard leaders Axalto and Gemplus are to merge, creating a company with an annual revenue of around $2.13 billion (1.8 billion euro). [more]
Friday, 9 December 2005, 2:35 AM CET

AOL reports imperiled user security
"Phishers are getting better at tricking consumers into revealing their bank account and financial information, and most Americans can't tell the difference between real e-mails and the growing flood of scams that lead to fraud and identity theft," said a statement from AOL Senior Vice President and Chief Trust Officer Tatiana Platt. [more]
Friday, 9 December 2005, 2:31 AM CET

When security measures backfire
Tools designed to protect company networks from malware can create their own problems. [more]
Friday, 9 December 2005, 12:49 AM CET

How Sober activates
First Sober variant was found in October 2003. Since then, we've found over 20 different variants. [more]
Friday, 9 December 2005, 12:46 AM CET

ID theft risk lower in large-scale security breaches, study says
Risk found to be higher in smaller incidents of data theft. [more]
Friday, 9 December 2005, 12:43 AM CET

Cisco's Chambers talks about emerging markets, security
'I think the network can change the world,' he says. [more]
Friday, 9 December 2005, 12:41 AM CET

Rootkitters lay in wait for Vista 2006
When Microsoft admits that half of all pre-SP2 Windows XPs and a fifth of post-SP2 XPs are infected with rootkits, you can be fairly certain there's a problem. [more]
Friday, 9 December 2005, 12:39 AM CET

Integrated security defense systems
With the growing need for security and the increased pressures to manage disparate technologies, IT managers are looking for new ways to lessen the burden security measures may make on their day-to-day life. [more]
Friday, 9 December 2005, 12:37 AM CET

Think your PC is safe online? Think again
Study finds 81 percent of home PCs don't have basic security software. [more]
Thursday, 8 December 2005, 5:33 PM CET

Managing security weaknesses no easy task
Vulnerability management starts with tools that assess security in network gear and applications, but it's a road that forks, one way leading to host- or agent-based scanners and the other to network-based or agentless scanners. [more]
Thursday, 8 December 2005, 11:51 AM CET

New Sober worm expected to hit Jan. 5
A new "Sober" worm is set to hit in January in an attack tied to the founding of the Nazi party that could slow the Internet with tens of millions of politically-motivated spam e-mails, security experts said Wednesday. [more]
Thursday, 8 December 2005, 11:46 AM CET

Intel working on rootkit detection techniques
Project attempts to limit memory-resident attacks by detecting changes in application code as they happen. [more]
Thursday, 8 December 2005, 5:06 AM CET

Mutual authentication for web services: a live example
Secure communications among Web services are a must for supply-chain applications. [more]
Thursday, 8 December 2005, 4:40 AM CET

The unspoken taboo – the never expiring password
Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. All applications have got pre-defined passwords that never change. Which means developers, privileged users and hosting third party service providers will all have access to these passwords. [more]
Thursday, 8 December 2005, 4:24 AM CET

Protecting applications from hackers
Tools to examine software vulnerability in the design and testing stages have existed for years, but are now getting easier and more intuitive to use as companies face the evolving landscape of threats. [more]
Thursday, 8 December 2005, 4:22 AM CET

Security experts criticize malware list
Just how useful is the Common Malware Enumeration (CME) initiative debuted by U.S.-CERT this autumn? [more]
Thursday, 8 December 2005, 4:05 AM CET

Symantec warns of '06 security threat
A number of security vendors have published reports or press releases that identify the top security trends for 2006. [more]
Thursday, 8 December 2005, 3:55 AM CET

Security best practices for C++
This topic contains information on recommended security tools and practices. Using these resources and tools doesn't make applications immune from attack, but it makes successful attacks less likely. [more]
Thursday, 8 December 2005, 3:17 AM CET

Eight steps for integrating security into application development
Recent research findings indicate that the application layer is one of the highest-risk areas and where the most potential damage can occur, either through insider targets or lack of protection. [more]
Thursday, 8 December 2005, 3:16 AM CET

Secure DNS faces resistance
The deployment of DNSsec, an enhancement to the domain name system that could protect against certain types of phishing and pharming attacks, is still facing skepticism and resistance from those who would be involved in implementing it. [more]
Thursday, 8 December 2005, 2:48 AM CET

Sony BMG touts MediaMax CD security fix
If it's not one music protection scheme causing Sony trouble, it's another: the company is now urging customers to install a security update to SunComm's MediaMax software. [more]
Thursday, 8 December 2005, 2:30 AM CET

Viruses - wrapping up the year
F-Secure published their year-end summary. [more]
Thursday, 8 December 2005, 2:19 AM CET

Protecting HTTP traffic
Serious concerns are growing around the security threats associated with employees browsing the Internet. Learn why protecting HTTP traffic is integral to your organization's multi-layered security strategy. [more]
Thursday, 8 December 2005, 1:47 AM CET

New breed of malicious IM bots get interactive
The IMlogic Threat Center has issued a warning on a new breed of malicious IM bots which dupe users into activating their IM worm payloads. [more]
Thursday, 8 December 2005, 1:43 AM CET

Sophos says Apple good security choice
Experts at UK security company Sophos suggest Apple might be the best route to security for the masses - that is, until consumers all buy one. [more]
Wednesday, 7 December 2005, 4:14 PM CET

Kodak security CD-R
A simple and cheap way to secure your files. [more]
Wednesday, 7 December 2005, 4:02 PM CET

Face it: privacy is endangered
A new photo-tagging service uses facial-recognition technology to identify the people in your party pix. When similar systems start crawling the web, we'll all be looking for a change of face. [more]
Wednesday, 7 December 2005, 2:55 PM CET

20 ways to secure your Apache configuration
Here are 20 things you can do to make your apache configuration more secure. [more]
Wednesday, 7 December 2005, 2:51 PM CET

So, how common are these rootkits?
Since F-Secure is the first vendor to have a built-in rootkit scanner in its security suite, we are very often asked how many rootkit variants there exist. [more]
Wednesday, 7 December 2005, 2:49 PM CET

Music man cracks DRM schemes
The ongoing saga of Sony BMG's sneaky, lawsuit-inducing copy-protection software opened a new chapter Monday when the music company released an uninstaller program to allow customers to remove the offending code from their PCs. [more]
Wednesday, 7 December 2005, 2:47 PM CET

Firm allegedly hiding Cisco bugs
The computer security researcher who revealed a serious vulnerability in the operating system for Cisco Systems routers this year says he discovered 15 additional flaws in the software that have gone unreported until now, one of which is more serious than the bug he made public last summer. [more]
Wednesday, 7 December 2005, 2:54 AM CET

Spyware busted for charity
Security-conscious internet users can raise money for charity at the same time as ridding their computers of spyware. [more]
Wednesday, 7 December 2005, 2:54 AM CET

Virus writers get in focus
The year has seen the number of new viruses rise by 48 per cent, and more of their authors are engaging in targeted attacks, says Internet security company Sophos. [more]
Wednesday, 7 December 2005, 2:46 AM CET

Windows Server 2003 R2 ready to go
Microsoft released Windows Server 2003 R2 to manufacturing. The updated version of the operating system brings new features and functionality. [more]
Wednesday, 7 December 2005, 2:43 AM CET

Network analyzer tricks for monitoring e-mail traffic
Kevin Beaver in this webcast, outlines how to use a network analyzer (a.k.a. sniffer) on your network to look at your e-mail traffic to really understand what's going on. [more]
Wednesday, 7 December 2005, 2:42 AM CET

Bots doing the mambo
A new bot is spreading in the wild, with attackers looking to compromise vulnerable installations of the popular Mambo open-source content management system. [more]
Tuesday, 6 December 2005, 11:02 PM CET

A gift list from 'Security Claus'
It's the time of year when you need to pick out gifts for your friends, family and co-workers. I thought I would add a little security to your season, and maybe help you choose gifts that are unusual but also useful. So to that end, enjoy! [more]
Tuesday, 6 December 2005, 10:57 PM CET

November breaks all malware records
Trojans overtake email viruses as organised crime gets more involved. [more]
Tuesday, 6 December 2005, 5:54 PM CET

MP3 players could pose a security risk
Mobile security experts have warned about the risks associated with the growing trend to store confidential information on MP3 players. [more]
Tuesday, 6 December 2005, 5:53 PM CET

US call centres slammed for poor security
Greater risk of service disruption, report warns. [more]
Tuesday, 6 December 2005, 5:52 PM CET

Deciphering options for laptop encryption
During the past two weeks, I started up a disk encryption project, one of the technology initiatives under my company's intellectual asset protection program. [more]
Tuesday, 6 December 2005, 12:35 PM CET

Security: have passwords had their day?
Spyware, viruses and attack programs are making it easier to crack passwords. Are they still an acceptable form of security, or is it time they were put out to pasture? [more]
Tuesday, 6 December 2005, 12:33 PM CET

Ebay tricked by phony e-mail
Mistake shows how hard it ihas become to keep track of fraudsters, experts warn. [more]
Tuesday, 6 December 2005, 12:28 PM CET

Combating ID theft: a corporate perspective
The discussion about ID theft is so strongly focused on the consumer that businesses often get left out of the equation or, worse yet, cast into the same lot as the data thieves themselves. [more]
Tuesday, 6 December 2005, 2:14 AM CET

Wireless hackers 101
Attacks on wireless LANs (WLANs) and wireless-enabled laptops are a quick and easy way for hackers to steal data and enter the corporate network. IT departments must have a pre-emptive plan of action to prevent these malicious and illegal attacks, which compromise an organization’s data privacy and can wreak havoc on network infrastructure. [more]
Tuesday, 6 December 2005, 1:52 AM CET

Compliance without compromising security
Attend this webcast to review a comprehensive discussion on meeting your regulatory obligations without sacrificing the overall health of your security posture. [more]
Tuesday, 6 December 2005, 1:21 AM CET

CLI magic: more on SSH
We've covered SSH before in CLI Magic, but this week let's look at some additional SSH features that new users might not be aware of. For the purpose of this article, we'll be looking specifically at OpenSSH, but many of these features apply to other SSH variants as well. [more]
Monday, 5 December 2005, 6:44 PM CET

Network security is in a shaky state
Resourceful I.T. security professionals are getting the job done, but their efforts have been hampered by undersized staffs and underfunded budgets that limit choices ranging from what products they buy to the vendors they work with. [more]
Monday, 5 December 2005, 6:41 PM CET

HNS holiday book giveaway
The holidays are approaching and we are in a giving mood. We've prepared this book giveaway in association with the great folks over at O'Reilly, well known for quality computer books. [more]
Monday, 5 December 2005, 5:18 PM CET

Web application footprinting & assessment with MSN Search tricks
This paper describes some of the queries that can be run against SEARCH.MSN in order to fetch important information that would eventually help in web application assessment. [more]
Monday, 5 December 2005, 5:16 PM CET

Sony rootkit: A black eye for security vendors?
None of the major antispyware or antivirus vendors discovered the malware problem. [more]
Monday, 5 December 2005, 3:06 PM CET

IE bug lets hackers phish with Google Desktop
A bug in Microsoft's Internet Explorer (IE) browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker. [more]
Monday, 5 December 2005, 2:56 PM CET

Why not watermark everything?
For a fee, TiVo Series 2 owners will soon be able to export recorded content to anything that can understand the MPEG-4 format, notably the iPod and the Sony PSP. [more]
Monday, 5 December 2005, 2:55 PM CET

Consumer advocates push for network neutrality
Would Internet users want to pay US$0.05 every time they visit, or any other Web site? [more]
Monday, 5 December 2005, 2:53 PM CET

Web application firewalls take on more heat
Over the next few months Web application firewall vendors Citrix, F5 Networks, Imperva, NetContinuum and Protegrity will add features that let their products take on bigger roles in speeding traffic to server farms and better protecting networked corporate data. [more]
Monday, 5 December 2005, 2:52 PM CET

Network security hardware, software sales hit $1 billion
Worldwide revenues from the sale of network security appliances and software reached $1 billion last quarter, according to a new study from Infonetics Research. [more]
Monday, 5 December 2005, 1:44 PM CET

Gmail virus scanning draws some user complaints
The virus-scanning feature Google added to its Gmail Web mail service this week has generated concern, bewilderment and disappointment among some users. [more]
Monday, 5 December 2005, 1:41 PM CET

Secure coding in C and C++: strings
Strings—such as command-line arguments, environment variables, and console input—are of special concern in secure programming because they comprise most of the data exchanged between an end user and a software system.
Monday, 5 December 2005, 1:38 PM CET

Federal flaw database commits to grading system
A federal database of software vulnerabilities funded by the US Department of Homeland Security has decided on a common method of ranking flaw severity and has assigned scores to the more than 13,000 vulnerabilities currently contained in its database, the group announced last week. [more]
Monday, 5 December 2005, 1:37 PM CET

Managing online threats and fraud
This report details proven best-practices to reduce the impacts of online fraud. Learn insights into tactics fraudsters use to attack customers; which preventive techniques offer the best ROI; and how to preserve consumer trust in your online operations. [more]
Monday, 5 December 2005, 1:36 PM CET

Legal aspects of hacking
This week we will focus on a cyber crime case study and delve deeper to get an understanding of the hacking process, the most common form of computer crime. [more]
Friday, 2 December 2005, 11:13 PM CET

Evading NIDS, revisited
In this article we look at some of the most popular IDS evasion attack techniques. [more]
Friday, 2 December 2005, 11:12 PM CET

Holiday spam could reach one billion emails
Email security vendor MailFrontier is warning that the number of spam and phishing messages could top 1bn this Christmas. [more]
Friday, 2 December 2005, 3:38 AM CET

Google's Gmail gains virus scanning capability
Previously, the company protected Gmail users by blocking messages that carry attachments associated with virus attacks. [more]
Friday, 2 December 2005, 3:03 AM CET

Sober attack biggest virus outbreak ever
E-mail security provider Postini said that it has quarantined more than 218 million Sober-infected messages in the last seven days, more than four times the 50 million-message average that it blocks in most months. [more]
Friday, 2 December 2005, 2:58 AM CET

F-Secure buys network monitoring company
Acquisition of ROMmon gives F-Secure a security device. [more]
Friday, 2 December 2005, 2:41 AM CET

Cisco routers suffer HTTP security flaw
Security researchers have reported a vulnerability in the web server code of Cisco’s main router operating system. [more]
Friday, 2 December 2005, 2:32 AM CET

Spoofing trick foxes wiretaps
Security researchers have discovered a way to trick some wiretap systems used in the US into switching themselves off, while leaving phones still usable. University of Pennsylvania researchers have also discovered it might be possible to falsify a record of numbers dialed recorded by older spy devices. [more]
Friday, 2 December 2005, 2:14 AM CET

Why can't Microsoft just patch everything?
If smaller software companies can patch all of their bugs serious or minor, ZDNet's George Ou asks, why can't Microsoft - with its massive army of programmers and massive budget - patch all of its vulnerabilities? [more]
Friday, 2 December 2005, 1:53 AM CET

Zone Labs sued over spyware classification
Marketing company 180solutions filed a lawsuit against desktop-security firm Zone Labs taking issue with a warning generated by the security firm's personal firewall software, which labels 180solutions advertising client as spyware. [more]
Friday, 2 December 2005, 1:34 AM CET

Open source application school: security administration tools
Find out about Snort and other enterprise-ready open source security applications in this Webcast. Expert speaker Bernard Golden offers a guide to choosing and using security management and administration applications. [more]
Friday, 2 December 2005, 1:04 AM CET

Build a home terabyte backup system using Linux
A terabyte-plus backup and storage system is now an affordable option for Linux users. This article discusses options for building and configuring an inexpensive, expandable, Linux-based backup server. [more]
Thursday, 1 December 2005, 11:18 AM CET

Microsoft asks consumers to test security service
Microsoft has invited consumers to test the latest beta version of its Windows OneCare Live security service. [more]
Thursday, 1 December 2005, 11:16 AM CET

Beginners guide to securing a PC
You´d probably heard this before. Everyone should secure his personal computer. You read stories like this in every other computer mag, your geeky friends probably tell you the same and even name some programs that you should use because they are the best and most secure. [more]
Thursday, 1 December 2005, 11:11 AM CET

Cisco IOS security hole surfaces in Web server code
Security researchers this week said they discovered a hole in the Web server code in Cisco’s IOS software. [more]
Thursday, 1 December 2005, 5:06 AM CET

Why judgment matters in a security professional
The case of Daniel Cuthbert, a.k.a. The Tsunami Hacker, raises a great deal of issues relevant to computing managers. [more]
Thursday, 1 December 2005, 4:24 AM CET

Sony rootkit case - premature victory declaration?
Two weeks ago I declared victory in what the media is now referring to as the “Sony rootkit debacle”, but now I’m wondering if I jumped the gun. [more]
Thursday, 1 December 2005, 4:15 AM CET

Security, compliance prompt CISO focus
Increasingly, corporate security goals aren't about information security but about information assurance, which deals with issues like data availability and integrity, said Jane Scott-Norris, chief information security officer (CISO) at the U.S. Department of State. [more]
Thursday, 1 December 2005, 3:55 AM CET

Phishing IQ test
The astounding response to the first MailFrontier Phishing IQ test, taken by over 225,000 people, successfully raised "phishing" awareness to an all-time high. [more]
Thursday, 1 December 2005, 3:09 AM CET

Concerns raised over Perl security flaw
Vulnerability in scripting language could be exploited to launch a DoS attack. [more]
Thursday, 1 December 2005, 2:46 AM CET

Apple releases patch for 13 security flaws
Apple has warned that the Mac OS X operating system contains 13 security flaws, some of them serious. The company issued a cumulative patch for the bugs today. [more]
Thursday, 1 December 2005, 2:29 AM CET

Tightening security on handheld devices
GoodLink had security capabilities that Research In Motion's (RIM) BlackBerry products didn't have, including compliance with Federal Information Processing Standards, says Michael Johnson, the Industrial Bank's director of information services. [more]
Thursday, 1 December 2005, 2:05 AM CET

Phishing email poses as IRS tax refund
Your check's in our account. [more]
Thursday, 1 December 2005, 1:24 AM CET

N.Y. attorney general investigates Sony's XCP software
Spitzer's office is checking whether Sony has recalled affected music titles. [more]
Thursday, 1 December 2005, 1:03 AM CET

Deadly Windows security mistakes
In this webcast, information security expert Kevin Beaver, CISSP of Principle Logic, will outline various security omissions in Windows-based networks that can have a serious impact on your organization. [more]
Thursday, 1 December 2005, 12:35 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd