Off the Wire

Off The Wire Archive

News items for December 2006

Spam on the rise with new breeds
Researchers say spam has risen significantly in recent months -- by as much as 80 percent. [more]
Friday, 29 December 2006, 12:34 AM CET

Database defense against the dark political arts
This article shows you how to create a real-time monitor for your database so you can be alerted when problems arise, and also provide valuable information to others about the status of the database servers. [more]
Friday, 29 December 2006, 12:17 AM CET

Microsoft: Vista's secure, not perfect
Disclosure of a zero-day vulnerability doesn't alter the claim that Vista is the safest Microsoft operating system so far, says company's security manager. [more]
Friday, 29 December 2006, 12:04 AM CET

Finding software security flaws
Identify security vulnerabilities in your lab not your customer's production environment. [more]
Friday, 29 December 2006, 12:00 AM CET

Congressional aide fired after trying to hire hackers
The press attaché of a Montana Congressman has been left red faced after "hackers" he was trying to hire to change his lowly college grades published his email exchanges instead. [more]
Thursday, 28 December 2006, 4:32 PM CET

Hacker Con submits to spychips
This year's Chaos Communication Congress opens with a unique opportunity - your chance to track the movements of a Wired News' reporter on the scene, as well as nearly a thousand other visitors to the annual hacker convention. [more]
Thursday, 28 December 2006, 11:24 AM CET

HD-DVD Content Protection already hacked?
Ever since the next generation high definition movie formats were announced, consumers have been up in arms about the proposed content protection by Hollywood film studios known as Advanced Access Content System or AACS for short. [more]
Thursday, 28 December 2006, 11:22 AM CET

Stock scammer gets coal for the holidays
The US Securities and Exchange Commission put a suspected Russian brokerage-account thief's money on ice last week, after he allegedly used illicit access to people's online portfolios to drive up stock prices. [more]
Thursday, 28 December 2006, 11:21 AM CET

Microsoft: Botnets top cyber-threat
If there's one thing that Aaron Kornblum would like to quash, it's the botnet armies. [more]
Thursday, 28 December 2006, 12:37 AM CET

Xmas malware frenzy
Hackers are shamelessly exploiting the festive season to spread malware. [more]
Thursday, 28 December 2006, 12:35 AM CET

Vista opens new dawn for security
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world. [more]
Wednesday, 27 December 2006, 10:36 AM CET

Security experts see no letup in 2007
It was the year of computing dangerously, and next year could be worse. [more]
Wednesday, 27 December 2006, 10:33 AM CET

Future-proof your IT security
A new wave of attacks is challenging conventional wisdom about security. [more]
Wednesday, 27 December 2006, 1:18 AM CET

How I nuked mobile spam
Here's how to keep spam off your phone. [more]
Wednesday, 27 December 2006, 12:12 AM CET

Disable your passport's RFID chip
Getting paranoid about strangers slurping up your identity? Here’s what you can do about it. [more]
Wednesday, 27 December 2006, 12:06 AM CET

Data security and terrorism are top two executive concerns
A Harris Interactive study ranks information compromise and terrorism the top executive worries, trumping "traditional concerns" such as product recalls. [more]
Wednesday, 27 December 2006, 12:02 AM CET

Overlay network for security policies
Here a few tips to get around the deployment limitations of IPSec and Internet Key Exchange protocol. [more]
Wednesday, 27 December 2006, 12:00 AM CET

Flaws are detected in Microsoft’s Vista
Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month. [more]
Tuesday, 26 December 2006, 3:26 PM CET

Orwell was right: spy cameras see Britons' every move
Almost 70 years after George Orwell created the all-seeing dictator Big Brother in the novel 1984, Britons are being watched as never before. About 4.2 million spy cameras film each citizen 300 times a day, and police have built the world's largest DNA database. Prime Minister Tony Blair said all Britons should carry biometric identification cards to help fight the war on terror. [more]
Tuesday, 26 December 2006, 8:39 AM CET

Vista security: A close look
In last week's column about Windows users becoming increasingly disenchanted with Microsoft because of security issues, I suggested that the improvements in Windows Vista may have come too late and may not be enough. [more]
Tuesday, 26 December 2006, 8:37 AM CET

Internet scammer faces jail
Femi Ikuopenikan, 35, pleaded guilty to conspiracy to commit wire fraud. [more]
Tuesday, 26 December 2006, 7:21 AM CET

MySpace users big targets for ID thieves
Social networking site becoming place for attacks from predators. [more]
Tuesday, 26 December 2006, 12:03 AM CET

Should your every move in public be recorded and available for review?
The town of Eagleville, Tenn., is not the only small town seeking to install a sophisticated video surveillance system. Since Sept. 11, communities nationwide have increasingly turned to video surveillance cameras as anti-terrorism and crime-fighting tools. [more]
Tuesday, 26 December 2006, 12:00 AM CET

Secure Kerberized authentication on Solaris 10 using IBM AIX 5.3
Set up a Kerberized environment to work with Solaris(TM) 10 and learn how to configure a Key Distribution Center (KDC) on AIX(R) Version 5.3. [more]
Monday, 25 December 2006, 12:03 AM CET

Privacy and patents on '07 Congressional agenda
Changes in party control to reinvigorate old debates. [more]
Monday, 25 December 2006, 12:01 AM CET

Spam: The digital coal in your stocking
Volume's up as the holidays hit high gear. [more]
Friday, 22 December 2006, 11:18 PM CET

Security measures for hiding your identity online
There are a number of ways Sarah can hide her identity when using the Internet. [more]
Friday, 22 December 2006, 9:49 PM CET

Microsoft acknowledges vulnerability in Vista
Exploit code released on Client/Server Runtime Server Subsystem. [more]
Friday, 22 December 2006, 9:47 PM CET

CafePress hit by denial of service attack
Attack is timed to hit site at peak Christmas shopping time. [more]
Friday, 22 December 2006, 3:48 PM CET

Zone-H and Santa's Web site hacked
Heatmiser, Coldmiser, and now we get Malwaremiser. [more]
Friday, 22 December 2006, 11:56 AM CET

Happy holidays for hackers?
IT administrators are harder to reach, and less likely to patch software or issue work-arounds during the holidays. [more]
Friday, 22 December 2006, 1:45 AM CET

Where's the ROI on security hardware?
Every organization sees security as an area where you can never have too much, but the cost of securing the network is effectively money lost. Security comes at a price, but the constant evolution of the threats means that both developers and end users must make major investments to keep pace. [more]
Friday, 22 December 2006, 12:45 AM CET

German virus gang jailed
Perpetrators of 12 million Euro Trojan scheme face four year sentence. [more]
Friday, 22 December 2006, 12:39 AM CET

WHSmith defuses Xmas crackers
WHSmith has decided to clamp down on the unauthorised ownership of explosives by banning anyone under 16 from buying Christmas crackers, The Sun reports. [more]
Friday, 22 December 2006, 12:23 AM CET

US plans broadband safety network
US politicians have proposed a national wireless broadband network for use by emergency services at times of crisis. [more]
Friday, 22 December 2006, 12:03 AM CET

Spamty Claus is coming to town
Inboxes to be spam-slammed over holiday season. [more]
Thursday, 21 December 2006, 2:13 PM CET

NASD: Morgan Stanley falsely said it lost e-mails
Firm said e-mails were destroyed on 9/11. [more]
Thursday, 21 December 2006, 12:02 PM CET

Media takes on AT&T in spy case
News organizations will argue Thursday that documents under seal in a high-profile lawsuit against AT&T for its alleged participation in warrantless surveillance of Americans' phone calls and e-mails should be made public. [more]
Thursday, 21 December 2006, 1:40 AM CET

Resolutions for a safe 2007
While artificial intelligence has come a long way, computer users are still the ones charged with security of their data, networks and computers. [more]
Thursday, 21 December 2006, 1:09 AM CET

Top tips on destroying data on your hard drives
Reformatting a drive or deleting its partition doesn't truly erase its files. [more]
Thursday, 21 December 2006, 1:00 AM CET

Banks reject Lords’ call to disclose security details
Apacs says disclosure will not improve situation. [more]
Thursday, 21 December 2006, 12:27 AM CET

Singapore teen convicted of tapping wireless
Teen pleads guilty to tapping into neighbor’s wireless Internet network. [more]
Thursday, 21 December 2006, 12:21 AM CET

BOFH 'tried to bobbytrap' drug firm database
A former sys admin at Medco Health Solutions, one of the US's prescription drug management firms, has been charged over a failed attempt to to destroy its systems using a "logic bomb" computer virus. [more]
Thursday, 21 December 2006, 12:14 AM CET

Sony settles lawsuit from rootkit fiasco
Music CD malware case continues to haunt record label. [more]
Wednesday, 20 December 2006, 12:40 AM CET

Microsoft releases APIs for Vista security
Microsoft yesterday released its first draft of PatchGuard APIs. [more]
Wednesday, 20 December 2006, 12:33 AM CET

Skype falls victim to Trojan attack
An attack that penetrated the Skype instant messaging service was originally identified as a worm, but it is actually a Trojan horse, according to WebSense, the security research firm that discovered the malware. [more]
Wednesday, 20 December 2006, 12:12 AM CET

Carriers tell IBM security matters
More than half of the top-tier carriers attending a recent carrier summit hosted by IBM Internet Security Systems said their security concerns are strong enough to impede their rollout of new IP-based services and the completion of their triple-play strategies for voice, video and data services. [more]
Wednesday, 20 December 2006, 12:03 AM CET

UK ditches single ID database
The UK government has ditched plans to put all our identities on one big database, saying that sticking with existing systems will help cut fraud and save money. [more]
Wednesday, 20 December 2006, 12:00 AM CET

Rethink on ID card computer plan
The government has abandoned plans to build a new computer system as part of the national identity cards scheme. [more]
Tuesday, 19 December 2006, 3:14 PM CET

Windows Vista: New take on security
Microsoft has tried to make Vista as secure as possible, but a new user mindset is needed. [more]
Tuesday, 19 December 2006, 3:14 PM CET

Demonstrating the consequences of XSS vulnerabilities
High risk vulnerabilities such as SQL Injection can be easily demonstrated by security analysts to developers or business executives. [more]
Tuesday, 19 December 2006, 11:00 AM CET

Vista zero-day exploit for sale?
Trend Micro spots post on hacker forum; 0day not cheap. [more]
Tuesday, 19 December 2006, 12:06 AM CET

Various ways of detecting rootkits in GNU/Linux
Consider this scenario: your machine running GNU/Linux has been penetrated by a hacker without your knowledge and he has swapped the passwd program which you use to change the user password with one of his own. [more]
Tuesday, 19 December 2006, 12:03 AM CET

PHP security under scrutiny
Perhaps PHP should stand for Pretty Hard to Protect: A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based Web applications. [more]
Tuesday, 19 December 2006, 12:00 AM CET

High-rise security is 'balancing act'
Electronic ID cards, surveillance cameras and metal detectors are fixtures in high-rise office buildings, but experts say with thousands whizzing through the revolving doors each day, it's impossible to guarantee workers' safety. [more]
Monday, 18 December 2006, 4:04 PM CET

Universities vulnerable to ID thieves
UCLA, Georgetown, Ohio, Alaska, Texas among targets this year. [more]
Monday, 18 December 2006, 4:04 PM CET

Anti-spam tech reborn as web activist tool
The people behind Blue Security, the anti-spam firm brought down by a rogue spammer earlier this year, have launched a new social action firm. [more]
Monday, 18 December 2006, 4:03 PM CET

Free Software Foundation attacks Vista
'Bad Vista' campaign plans to stage 'unusual actions'. [more]
Monday, 18 December 2006, 1:30 PM CET

iPod add-on 'fails' privacy test
Joggers using the iPod Sport kit to keep fit are putting their personal privacy at risk, warn scientists. [more]
Monday, 18 December 2006, 1:22 PM CET

HP will tighten security in HP-UX
Network breaches drive company to deliver free OS upgrade. [more]
Monday, 18 December 2006, 10:33 AM CET

How not to use cookies
Within one week's time, we stumbled across two different sites using cookies the wrong way. While the attack vectors were a bit different, both sites trusted the cookie data to secure their users’ accounts. [more]
Monday, 18 December 2006, 10:31 AM CET

Hacker sues bank for his time
A man who admitted hacking into the Reserve Bank's telephone system now wants $7500 from the organisation for using his information to upgrade its security. [more]
Monday, 18 December 2006, 1:00 AM CET

Boeing fires employee whose laptop was stolen
The Boeing Co. said Thursday it has fired the employee whose laptop was stolen with personal information about nearly 400,000 retired and current company workers. [more]
Monday, 18 December 2006, 12:32 AM CET

Cybersecurity group questions VA legislation
CSIA wants a bill that would require agencies and companies to take reasonable security measures to protect data. [more]
Monday, 18 December 2006, 12:27 AM CET

Security options proliferate for mobile phones
Early next year, Citibank will test a program to let consumers check balances, pay bills, transfer funds and search for a nearby ATM from cell phones. [more]
Monday, 18 December 2006, 12:21 AM CET

ePassports 'at risk' from cloning
The ePassport is one of the many measures pursued by the United States and governments internationally after the horror of 11 September. [more]
Monday, 18 December 2006, 12:15 AM CET

YouTube deadline looms on Japan copyright concerns
YouTube has yet to answer a complaint regarding copyright infringement. [more]
Monday, 18 December 2006, 12:09 AM CET

Counties work to hide personal data
On Oct. 10, Florida's Orange County Comptroller's office completed an 18-month project designed to remove personally identifiable information from images of official records posted on its Web site. [more]
Monday, 18 December 2006, 12:03 AM CET

Targeted security attacks on the rise
Corporate and industrial espionage attacks are on the rise using targeted trojans intended to steal intellectual property and confidential information, according to the 2006 Annual MessageLabs Intelligence Report. [more]
Friday, 15 December 2006, 12:40 PM CET

Ransom-mail: all your e-mails are belong to us
Internet security company Websense has an interesting writeup about a unique form of cyber extortion that we can probably expect to see more of in the future, wherein attackers hold their victims' Web mail messages and contact lists for ransom. [more]
Friday, 15 December 2006, 3:30 AM CET

Engineer indicted in espionage case
Former Chinese national allegedly tried to sell tech abroad. [more]
Friday, 15 December 2006, 3:09 AM CET

ID theft poses challenge to immigration officials
The latest roundup of illegal immigrants raises new questions about a link between illegal immigration and the growing problem of identity theft. [more]
Friday, 15 December 2006, 3:00 AM CET

Identity theft counter tops 100,000,000
Watchdog group calls for stighter legislation, oversight and higher fines. [more]
Friday, 15 December 2006, 2:45 AM CET

Microsoft expands benefits for security partners
Software giant says it will offer higher financial payouts to members of its Security Software Advisor program. [more]
Friday, 15 December 2006, 2:00 AM CET

Rule-based access control
Although Web servers can perform user authentication and coarse-grained authorization checking for applications, developers of Web services and service-oriented architectures (SOAs) often must write custom code to restrict access to certain features of their system, or customize the behavior or appearance, based on the identity of a user. [more]
Friday, 15 December 2006, 1:36 AM CET

Travel groups blast risk assessment program
Seven major U.S. and foreign travel industry associations urged the government to suspend a computerized system for assessing international travelers as potential terrorists. [more]
Friday, 15 December 2006, 1:25 AM CET

Visa USA adds financial incentives, fines to PCI program
New carrot-and-stick approach aims for better compliance. [more]
Friday, 15 December 2006, 1:21 AM CET

Shielding web services from attack
A common reason for vulnerabilities in Web services is the belief that security is the other guy's responsibility, says Paul Henry, vice president of technology evangelism at Secure Computing. "Unfortunately, you'll have a team that's working on the front-end software, and a separate team on the back end," he explains. [more]
Friday, 15 December 2006, 12:45 AM CET

Security awareness training does not have to be hard
Security awareness training is is arguably the most important part of a successful security program. [more]
Friday, 15 December 2006, 12:36 AM CET

"Logic bomb" backfires on hacker
A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer "logic bomb" on company networks and betting its stock would go down. [more]
Friday, 15 December 2006, 12:15 AM CET

Global firms reach compliance breaking point
Too few security experts to implement compliance projects. [more]
Friday, 15 December 2006, 12:06 AM CET

What's in a certification?
Some programs mean much, much more than others. [more]
Friday, 15 December 2006, 12:03 AM CET

Introduction to NIS, the Network Information Service
NIS, released by Sun in the 1980s, was the first "prime time" administrative database. [more]
Friday, 15 December 2006, 12:00 AM CET

Botox and IT security – is it too late for you?
Years of abuse and misuse of privileges by staff, particularly in IT eventually catches up with you and it’s impossible to hide the tell tale signs of wear and tear, particularly when it comes to controlling access to sensitive business assets. And the result is that eventually if you don’t take steps to control things you will be caught out. Like a bad nose job, or the untrimmed nostril, you will get caught out. [more]
Thursday, 14 December 2006, 12:22 PM CET

MySpace passwords aren't so dumb
How good are the passwords people are choosing to protect their computers and online accounts? [more]
Thursday, 14 December 2006, 12:08 PM CET

Online banking fraud 'up 8,000%'
The UK has seen an 8,000% increase in fake internet banking scams in the past two years, the government's financial watchdog has warned. [more]
Thursday, 14 December 2006, 10:45 AM CET

Combating satellite terrorism, DIY style
As the Bush administration warns about threats from terrorists and other nations against U.S. satellites, PM offers a window into an Air Force program that's protecting our military satellites (and their vulnerabilities) with store-bought gear and old-fashioned sleuthing. [more]
Thursday, 14 December 2006, 10:44 AM CET

Configuration: the forgotten side of security
When the average computer user thinks about security, they usually think about reactive measures like anti-virus programs or security patches -- responses to a specific threat. [more]
Thursday, 14 December 2006, 10:43 AM CET

Third exploit for Word released
Proof of concept code posted Tuesday on the Web site for all hackers to see. [more]
Thursday, 14 December 2006, 10:29 AM CET

Vista hardware security gets PC maker go-ahead
Microsoft and PC makers to add extra security for Vista at the BIOS level. [more]
Thursday, 14 December 2006, 10:28 AM CET

Spammer slammer targets politics
The brains behind a doomed antispam service are turning their technology into an online swarming tool for activists, hoping to subject politicians and government agencies to the kind of mass pressure Blue Frog once inflicted on spammers. [more]
Thursday, 14 December 2006, 10:28 AM CET

Effective counterterrorism and the limited role of predictive data mining
Though data mining has many valuable uses, it is not well suited to the terrorist discovery problem. [more]
Thursday, 14 December 2006, 12:33 AM CET

Boeing laptop stolen - 382,000 IDs lost
A laptop with personal information on hundreds of thousands of Boeing Co. employees was stolen earlier this month, and the aerospace company will inform those potentially affected by the theft in a company e-mail today. [more]
Thursday, 14 December 2006, 12:27 AM CET

Russian expert: Terrorists may try cyberattacks
Energy grid one possible target for Chechen separatists. [more]
Thursday, 14 December 2006, 12:21 AM CET

Homeland Security wants more ID theft power
Chertoff: Laws prevented feds from catching illegal meat packers sooner. [more]
Thursday, 14 December 2006, 12:18 AM CET

Microsoft tweaks Windows XP wireless security
Microsoft last month quietly issued a long-overdue update to fix a simple yet potentially dangerous security weakness in the way embedded wireless cards work on Windows XP laptops. [more]
Thursday, 14 December 2006, 12:12 AM CET

East European ID theft scam gang jailed
The leader of one of the world's most prolific ID theft gangs was sentenced to six years imprisonment at a hearing in London's Harrow Crown Court on Wednesday. [more]
Thursday, 14 December 2006, 12:06 AM CET

Botnets pose growing online threat
Report shows botnet threat is growing. [more]
Thursday, 14 December 2006, 12:02 AM CET

EU abandons plans to overhaul copyright levies
Intense lobbying from France leads European Commission to shelve its reform plans. [more]
Thursday, 14 December 2006, 12:00 AM CET

PCI Data Security Standard calls for next-generation network security
With the increased use of credit cards comes the increased risk of fraud through credit card information theft and misuse. Stolen credit card data now has a monetary value on the street, and determined thieves have capitalized on failures to protect the data networks of businesses that process credit card transactions. [more]
Wednesday, 13 December 2006, 4:55 PM CET

Why spam won't go away
Spam is filling up the Internet, and it's not going away anytime soon. [more]
Wednesday, 13 December 2006, 11:27 AM CET

Microsoft's monthly patch release plugs 11 security holes
Microsoft released software updates to fix at least 11 security holes in various versions of its Windows operating system and other products. [more]
Wednesday, 13 December 2006, 11:24 AM CET

The Pirate Bay bans ISP in protest move
Swedish website The Pirate Bay (TPB) has decided to block the Swedish ISP Perspektiv Broadband’s users from accessing the TPB’s website. The move comes in response to ISP Perspektiv’s decision to block its users from accessing the Russian website, [more]
Wednesday, 13 December 2006, 10:56 AM CET

The many facets of Linux security
As we've seen in the last several days, there's a lot going on in the Linux community with regards to security. [more]
Wednesday, 13 December 2006, 10:54 AM CET

Inside a cyber-crook's Xmas wish list
Some items are more valuable than others, according to Raimund Genes, CTO of net security firm Trend Micro, which has compiled what it reckons an average cyber crook’s Christmas list might look like. [more]
Wednesday, 13 December 2006, 10:52 AM CET

'Rock Phish' blamed for surge in attacks
Group describes as 'sort of the Keyser Söze of phishing'. [more]
Wednesday, 13 December 2006, 10:48 AM CET

Startup makes spammers pay
If you've ever wished you could bill spammers for the time spent reading and deleting unsolicited e-mail pitches, your day has come. [more]
Wednesday, 13 December 2006, 10:47 AM CET

Expert warns on wireless security in Asia
The fast growth in wireless Internet use throughout Asia leaves users vulnerable to data theft over unsecured networks and lost or stolen mobile devices, a security expert warned Tuesday. [more]
Wednesday, 13 December 2006, 10:46 AM CET

New PCs ripe for Christmas hackers
'A PC is for life' warns Government's Get Safe Online campaign. [more]
Tuesday, 12 December 2006, 2:24 PM CET

PCI Security Standards Council: building trust
The newly formed PCI Security Standards Council will go a long way to further the industry's awareness of credit card security, and help to make an excellent program even better. [more]
Tuesday, 12 December 2006, 2:22 PM CET

European spam demands lack bite
Defeating spam requires actions not words. [more]
Tuesday, 12 December 2006, 2:21 PM CET

ifconfig - dissected and demystified
ifconfig - the ubiquitous command bundled with any Unix/Linux OS is used to setup any/all the network interfaces such as ethernet, wireless, modem and so on that are connected to your computer. [more]
Tuesday, 12 December 2006, 11:33 AM CET

WiMAX security issues
What are the possible security risks associated with deploying and using WiMAX? [more]
Tuesday, 12 December 2006, 11:28 AM CET

QuickTime flaw could go beyond MySpace
The QuickTime security hole that enabled a phishing worm to attack users of social networking site MySpace is leaving more users and websites vulnerable than was first thought. [more]
Tuesday, 12 December 2006, 11:27 AM CET

UCLA probes computer security breach
Officials at the University of California Los Angeles alerted about 800,000 current and former students, faculty and staff on Tuesday that their names and certain personal information were exposed after a hacker broke into a campus computer system. [more]
Tuesday, 12 December 2006, 11:26 AM CET

Online shoppers need to be more secure
Secure shopping websites have made it much more attractive for consumers to spend billions of pounds on the web. [more]
Tuesday, 12 December 2006, 11:26 AM CET

Congress outlaws pretexting
A law passed late last week—right before the 109th Congress wrapped up its final session—will outlaw pretexting, the practice of obtaining someone else's phone records without their permission. [more]
Tuesday, 12 December 2006, 1:39 AM CET

SELinux: Comprehensive security at the price of usability
Operating system security revolves around controlling access. Linux distributions subscribe to the Discretionary Access Control (DAC) mechanism that lets resource owners decide who gets to access the resource and how. [more]
Tuesday, 12 December 2006, 12:15 AM CET

The root of all terror
Jim O’Brien, the director of the Office of Emergency Management and Homeland Security in Clark County, Nev., has discovered another hard-to-fathom DHS notion: a mathematical value purporting to represent the square root of terrorist intent. [more]
Tuesday, 12 December 2006, 12:12 AM CET

Cybercriminals targeting small businesses
According to the new study by the Small Business Technology Institute, approximately 70 percent of small businesses consider information security a high priority. [more]
Tuesday, 12 December 2006, 12:03 AM CET

U.S. Veterans Affairs CIO: We're more secure
The U.S. Department of Veterans Affairs (VA) is "pretty confident" the agency will not have another large data breach like the one in May that could have exposed the personal records of 26.5 million military veterans and family members, the agency's chief information officer said Monday. [more]
Tuesday, 12 December 2006, 12:00 AM CET

Analysis of the technical Mujahid
Last week, the mainstream media was abuzz with the release of the first jihadist e-zine discussing hacking, information hiding, of course in between the lines of radical propaganda, whereas no one was providing more information on the exact nature of the articles, but the SITE institute. [more]
Monday, 11 December 2006, 3:28 PM CET

Microsoft's new identity: secure OS vendor?
The impressive security improvements in Vista make it a tough OS to hack. [more]
Monday, 11 December 2006, 3:19 PM CET

Internet criminals to step up "cyberwar"
Computer hackers will open a new front in the multi-billion pound "cyberwar" in 2007, targeting mobile phones, instant messaging and community websites such as MySpace, security experts predict. [more]
Monday, 11 December 2006, 3:14 PM CET

Hackers work around Vista's activation feature
Spoofed software activates corporate edition of new OS, pirates claim. [more]
Monday, 11 December 2006, 3:13 PM CET

E-Gold gets tough on crime
The founder of PayPal competitor e-gold has grown tired of the government characterizing his business as a haven for money launderers, terrorists, child pornographers and credit card thieves. [more]
Monday, 11 December 2006, 3:06 PM CET

Hackers recruit kids 'KGB-style'
British teenagers are being actively approached by hackers to launch the next generation of cyber attacks. [more]
Monday, 11 December 2006, 3:05 PM CET

Data encryption no longer enigma, says IDC
Data encryption is set to go main stream as governments and industry organizations hope to stem the flow of lost, stolen, or misused information hemorrhaging from today's enterprises, according to a multi-client study conducted by IDC. [more]
Monday, 11 December 2006, 3:03 PM CET

Trojan targets unpatched Word flaw (again)
The latest vulnerability in Microsoft's ubiquitous Office application software follows the discovery of a similar - also unpatched - memory corruption bug in Word last week. [more]
Monday, 11 December 2006, 3:02 PM CET

How Microsoft fights off 100,000 attacks per month
Microsoft may be the biggest target out there for hackers. Here's what the company does to protect itself from the continuous onslaught of probes and intrusion attempts. [more]
Friday, 8 December 2006, 12:10 PM CET

Winkler: Nike + iPod 'vulnerability' blown out of proportion
When CNN started covering the "vulnerability" of Nike + iPod Sport Kits, I knew it was a slow news day. [more]
Friday, 8 December 2006, 5:09 AM CET

HP pays $14.5m to end 'spy' probe
Hewlett-Packard has agreed to pay $14.5m (£7.4m) to settle a civil lawsuit over its much-criticised investigation into a boardroom leak.
Friday, 8 December 2006, 4:06 AM CET

Microsoft readies Windows, Visual Studio security fixes
No fix for a widely publicized flaw in Word. [more]
Friday, 8 December 2006, 4:00 AM CET

Incident response tools
Incident-response tools are becoming increasingly important as new regulations and legislation stipulate disclosure after security breaches. These advancements in memory-dump analysis can help you find a wealth of evidence in both civil and criminal investigations. [more]
Friday, 8 December 2006, 3:12 AM CET

The truth about patching
As arguments continue to rage about whether an agent-based or agentless patching technique is more effective, see which side you're on after we dispel five common myths. [more]
Friday, 8 December 2006, 3:03 AM CET

Making a distribution secure
There's more to a Linux distro than assembling applications and making sure everything works. [more]
Friday, 8 December 2006, 2:36 AM CET

StopBadware names MP3 site 'worst of the bad'
Two consumer protection groups are asking the U.S. Federal Trade Commission (FTC) to investigate, a Web site that distributes software that can be used to search for digital music on the Web. [more]
Friday, 8 December 2006, 2:21 AM CET

US outlines privacy safeguards – and reveals plans to mine personal data
The US Government signalled some willingness this week to address concerns over citizens' privacy, but also launched a scheme which will analyse secret airline passenger risk profiles and keep them for 40 years. [more]
Friday, 8 December 2006, 2:09 AM CET

TSA now investigating boarding pass hacker
On Wednesday afternoon, Soghoian received a letter from the TSA informing him that the agency is conducting its own investigation into the allegation that he "attempted to circumvent an established civil aviation security program established in the Transportation Security Regulations." [more]
Friday, 8 December 2006, 1:21 AM CET

DHS passenger scoring illegal?
The Identity Project, founded by online rights pioneer John Gilmore, filed official objections to the Automated Targeting System, or ATS, on Monday, calling the program clearly illegal. [more]
Friday, 8 December 2006, 12:45 AM CET

Banks lobby government on smartcard
An alliance of banks and electronic payment firms has begun publicly lobbying the federal government to deliver its $1.1 billion human services smartcard over private networks with the claim it would cost $500 million to replicate existing systems. [more]
Friday, 8 December 2006, 12:36 AM CET

Call for more secure credit card transactions
The widespread use of credit cards for virtually all of our financial transactions has increased exponentially with the rapid adoption of e-commerce throughout the worldwide economy. [more]
Friday, 8 December 2006, 12:30 AM CET

Firms improve IT failure plans
But survey says companies cannot afford to be complacent. [more]
Friday, 8 December 2006, 12:03 AM CET

The hot spot security fable
There are instances in which hackers can grab a user's personal data. With the phishing scheme Evil Twin, for example, a fake hot spot poses as a legitimate one. Once a user logs onto the bogus site, sensitive data, such as credit card numbers or bank account information, is intercepted. [more]
Friday, 8 December 2006, 12:00 AM CET

Sailor sentenced to 12 years for espionage
Navy petty officer stole military laptop, peddled contents to other nations. [more]
Thursday, 7 December 2006, 3:09 AM CET

Copyright pirates face crackdown
Copyright criminals must face far tougher regulation to protect the entertainment industry, a report says. [more]
Thursday, 7 December 2006, 2:54 AM CET

Yahoo Music continues DRM-free download experiment
Another single released as service tiptoes along. [more]
Thursday, 7 December 2006, 2:41 AM CET

Test reveals that free firewalls outclass paid-for ones
Free firewalls are better than their paid-for cousins. That is the surprising conclusion of a test of desktop firewalls by security researchers. [more]
Thursday, 7 December 2006, 2:21 AM CET

Introduction to the Windows Management Instrumentation Command-line (WMIC)
It’s quite possible you’ve never heard of the WMIC, but this well kept secret command-line tool is immensely powerful for gathering information from Windows-based systems. Because it can be used both locally and over the network and is installed by default on most Windows-based systems since Windows 2000, it’s exceedingly useful for both penetration testing and forensics tasks. [more]
Thursday, 7 December 2006, 2:09 AM CET

Researchers spot first mobile spyware
Researchers with McAfee claim to have found a first spyware application that targets the Symbian operating system for mobile phones. [more]
Thursday, 7 December 2006, 2:09 AM CET

Microsoft: attacks targeting unpatched Word flaw
Microsoft warned on Tuesday that has received reports of online criminals attacking a previously undocumented (and unpatched) security hole in various versions of its Microsoft Word application. [more]
Thursday, 7 December 2006, 1:38 AM CET

Heathrow begins biometric trials
Passengers at Heathrow airport are being invited to sign up for a trial of the most advanced passenger screening equipment in the world. [more]
Thursday, 7 December 2006, 1:06 AM CET

Judge: Microsoft tech docs back on track
'My only wish is that it had been done earlier,' Kollar-Kotelly says. [more]
Thursday, 7 December 2006, 12:53 AM CET

EC renews its attack on spam
Countries urged to strengthen defences against spam and malware as tougher laws are planned. [more]
Thursday, 7 December 2006, 12:38 AM CET

Xmas bargains prioritised over web security
Websense announced the results of its first European study of online Christmas shopping behaviour. [more]
Thursday, 7 December 2006, 12:09 AM CET

Malware enters new phase
Malicious code makes a new turn as profit-driven gangs take over from hobbyists. [more]
Thursday, 7 December 2006, 12:02 AM CET

Concerns raised over funding for FBI's Sentinel project
But FBI insists case management project is on budget and on schedule. [more]
Thursday, 7 December 2006, 12:00 AM CET

Encryption vital to stem 'haemorrhaging' data
Technology expanding to become a viable option for combating emerging threats. [more]
Wednesday, 6 December 2006, 1:07 PM CET

E-mail content security: filtering out the hype
Corporate email is at risk - vulnerable to external attack from viruses, spam, spyware and phishing technologies. And vulnerable to abuse from within, which could result in: acceptable use policies being compromised; regulatory compliance violations; and/or confidential corporate data being leaked externally. [more]
Wednesday, 6 December 2006, 12:44 AM CET

Hackers hit Naval War College computer network
Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's Web site. [more]
Wednesday, 6 December 2006, 12:12 AM CET

Security concerns hamper mobile content
Three-fifths of content providers wary of delivering content online. [more]
Wednesday, 6 December 2006, 12:03 AM CET

Malware wars: are hackers on top?
The money made from malware is eclipsing the revenue of anti-virus vendors, a leading net security vendor claims. [more]
Wednesday, 6 December 2006, 12:00 AM CET

Locking down Ubuntu
Security is an important issue in computing. Unfortunately, many computers allow a cracker to gain access to them and retrieve sensitive information, or just make life hard. [more]
Tuesday, 5 December 2006, 10:25 AM CET

Bastille: rated security with education
Bastille is a program for improving system security on Debian, Fedora, Gentoo, Mandriva, Red Hat Enterprise Linux, and SUSE. [more]
Tuesday, 5 December 2006, 10:21 AM CET

Consumers warned about no-swipe credit cards
Sen. Schumer calls for regulation, higher encryption standards. [more]
Tuesday, 5 December 2006, 2:11 AM CET

Improve LAMP security with Apache Proxy's directive (mod_proxy)
In this article, Nick Maynard outlines a method for you to improve the security of a LAMP setup by using Apache's mod_proxy module. This article is specific to Linux; however, you can also apply some of the principles to other operating systems. [more]
Tuesday, 5 December 2006, 12:40 AM CET

Washington gets $1M settlement in first spyware case
The company and president will pay $725,000 in legal fees and $200,000 in penalties, and reimburse the state's customers $75,000. [more]
Tuesday, 5 December 2006, 12:30 AM CET

Architecting for data security
IT pros must understand and address the liability associated with granting unfettered access to sensitive data. We explore methods for safeguarding private information while keeping it usable for applications. [more]
Tuesday, 5 December 2006, 12:19 AM CET

MySpace shuts down user profiles due to worm infection
A worm directed victims to a phishing site where they were asked to type in their user name and password, a security firm said. [more]
Tuesday, 5 December 2006, 12:18 AM CET

Simple firewall configuration using NetFilter/iptables
Most major Linux distributions, SuSE ones included, feature some user interface for firewall configuration. [more]
Tuesday, 5 December 2006, 12:07 AM CET

Q&A: Responsible disclosure of vendor flaws and what it means
H.D. Moore talks about the Metasploit Project and its effects on software security. [more]
Tuesday, 5 December 2006, 12:02 AM CET

Reducing the employee risk
Protecting information is 90 percent about education and user awareness. [more]
Tuesday, 5 December 2006, 12:00 AM CET

The basics of how digital forensics tools work
There are two primary categories of digital forensics tools, those that acquire evidence (data), and those that analyze the evidence. [more]
Monday, 4 December 2006, 2:41 PM CET

Attackers target Russian hosting firm
At least 470 Valuehost sites carrying malware scripts. [more]
Monday, 4 December 2006, 10:50 AM CET

Creating a declarative security model for RCP apps
Thick client-based business applications require rigid security regulations where different classes of users receive a predetermined set of access rights. [more]
Monday, 4 December 2006, 2:08 AM CET

Microsoft security alert
The surge in critical updates that Microsoft has been issuing shows no sign of weakening. [more]
Monday, 4 December 2006, 1:35 AM CET

Security expert taps VoIP as new malware target
VoIP is a relatively new field, which makes it difficult to keep up with attackers and fight malware, says security expert. [more]
Monday, 4 December 2006, 1:27 AM CET

Tension between security vendors, bug hunters continues to simmer
At issue is recent criticism of Oracle's security practices. [more]
Monday, 4 December 2006, 1:21 AM CET

UN highlights risk to online privacy
Computer users who type in the same username and password for multiple sites - such as online banks, travel agencies and booksellers - are at serious risk from identity thieves, a United Nations agency has said. [more]
Monday, 4 December 2006, 1:09 AM CET

Windows Vista crack is actually a trojan
Malware makers are starting to take advantage of the number of users searching for cracks for the pirated copies of Vista floating around. [more]
Monday, 4 December 2006, 1:03 AM CET

Encrypt devices using dm-crypt and LUKS
This article describes in short how to encrypt a device with one of the most contemporary methods, using dm-crypt and LUKS. [more]
Monday, 4 December 2006, 1:00 AM CET

Hackers' 2007 targets: video-sharing, mobile devices
Security risks grow even greater as technologies and mediums converge - such as video-sharing over mobile devices. [more]
Monday, 4 December 2006, 12:50 AM CET

Introducing stealth malware taxonomy
At the beginning of this year, at Black Hat Federal Conference, I proposed a simple taxonomy that could be used to classify stealth malware according to how it interacts with the operating system. Since that time I have often referred to this classification as I think it is very useful in designing system integrity verification tools and talking about malware in general. Now I decided to explain this classification a bit more as well as extend it of a new type of malware - the type III malware. [more]
Monday, 4 December 2006, 12:30 AM CET

25 ways to secure your VoIP network
A VoIP network is susceptible to the usual attacks that plague all data networks: viruses, spam, phishing, hacking attempts, intrusions, mismanaged identities, DoS attacks, lost and stolen data, voice injections, data sniffing, hijacked calls, etc. [more]
Monday, 4 December 2006, 12:12 AM CET

Stolen laptops illustrate need to secure remote data
The recent loss of laptops from Nationwide Building Society that contained customer information, and from LogicaCMG that held Metropolitan Police payroll information has again highlighted the importance of securing remote data. [more]
Monday, 4 December 2006, 12:08 AM CET

How vulnerable is the ATM system?
Researchers have revealed that our PIN's aren't nearly as sacrosanct as banks and credit card companies would have us believe while they're in ATMs. [more]
Monday, 4 December 2006, 12:02 AM CET

Who needs encryption?
This post is not about encryption being a useless technique; it is just about it not being a solution for certain problems and definitely not being a general solution for any problem. [more]
Monday, 4 December 2006, 12:00 AM CET

Indicted: Romanian hacked U.S. computers
A Romanian national was indicted on charges of hacking into more than 150 U.S. government computers, causing disruptions that cost NASA, the Energy Department and the Navy nearly $1.5 million. [more]
Friday, 1 December 2006, 2:57 PM CET

Brits caught in spam wars cross fire
Cyber criminals are using British PCs to flood the world with spam, according to new figures. [more]
Friday, 1 December 2006, 2:27 PM CET

Virtual concerns
The promise - and threat - of virtualization looms on the horizon; will you be ready for its security challenges? [more]
Friday, 1 December 2006, 1:52 PM CET

Security in Microsoft Vista? It could happen
Microsoft claims, "Windows Vista is engineered to be the most secure version of Windows yet." [more]
Friday, 1 December 2006, 12:15 PM CET

Hackers 'salivating' for Vista
Security experts brace for viruses in Microsoft's Windows Vista. [more]
Friday, 1 December 2006, 2:59 AM CET

Piracy ring hits Symantec, slows Veritas license rollout
IT managers are angered by slow technical support. [more]
Friday, 1 December 2006, 1:39 AM CET

Myth-busting AJAX (in)security
The hype surrounding AJAX and security risks is hard to miss. [more]
Friday, 1 December 2006, 1:30 AM CET

Network attack disables naval war college
Computer and e-mail systems are off-line at the Naval War College following a network intrusion Nov. 15. [more]
Friday, 1 December 2006, 1:27 AM CET

US warns of possible Qaeda financial cyber attack
The U.S. government has warned U.S. private financial services of an al Qaeda call for a cyber attack against U.S. online stock trading and banking Web sites beginning Friday [more]
Friday, 1 December 2006, 1:11 AM CET

ATM system called unsafe
A U.S. Secret Service memo obtained by indicates that organized criminals are systematically attempting to subvert the ATM system and unscramble encrypted PIN codes. [more]
Friday, 1 December 2006, 12:58 AM CET

HP faces expanded civil lawsuit in spying case
A shareholder suit now includes charges of insider trading. [more]
Friday, 1 December 2006, 12:57 AM CET

Personal data at risk after recent robbery
Thieves stole computers containing information on nearly 11,400 customers. [more]
Friday, 1 December 2006, 12:51 AM CET

My data, your machine
A new attack against implementations of the popular RSA encryption scheme demonstrates how hard it is to protect information when someone else has control of the computer on which it resides. [more]
Friday, 1 December 2006, 12:36 AM CET

The Registered Traveler Program is fake security
The Registered Traveler program, which was just cleared for deployment the nation's airports, has nothing to do with security and is simply a way to pay $100 to cut to the front of the line. [more]
Friday, 1 December 2006, 12:24 AM CET

Could existing malware infect Vista?
One security firm says Vista is vulnerable to current threats; another isn't so sure. [more]
Friday, 1 December 2006, 12:18 AM CET

Experts find path around Internet firewalls
Canadian university researchers have developed software that will let users hop over governments' Internet firewalls, raising the prospect of unfettered Internet access in countries that have long tried to control how residents use the Web. [more]
Friday, 1 December 2006, 12:14 AM CET

Lose your laptop (but not your mind)
A little foresight can keep your organzation from major mayhem. [more]
Friday, 1 December 2006, 12:12 AM CET

Firms at risk from Web 2.0 sites
User generated content could contain malicious code, say experts. [more]
Friday, 1 December 2006, 12:09 AM CET

Pancakes not worth personal info
For years, privacy advocates have lamented the fact that consumers are willing to turn over their personal information for just about anything. Well, it seems that many Average Joes draw the line at pancakes. [more]
Friday, 1 December 2006, 12:03 AM CET

The importance of logs (and looking at them)
There may not be anything more boring in security than reviewing log files, but there also may not be much that is more important. [more]
Friday, 1 December 2006, 12:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th