Off the Wire

Off The Wire Archive

News items for February 2003

Interview with Eric Greenberg
The author of "Mission-Critical Security Planner: When Hackers Won't Take No for an Answer" speaks about his book and general security issues. [more]
Friday, 28 February 2003, 5:17 PM CET

McAfee preps 'worm-killer' VirusScan
McAfee next week will unveil VirusScan Enterprise 7.0, its first major update to VirusScan in years. [more]
Friday, 28 February 2003, 5:15 PM CET

Hollywood, software fire suits at pirates
Two major trade groups filed on Thursday a slew of civil lawsuits against people they claim were selling pirated copies of films and software via online auction sites. [more]
Friday, 28 February 2003, 5:14 PM CET

UK e-commerce sites: Top 10 flaws
UK customer credit card details and sensitive data is at risk because of simple e-commerce flaws, according to a study. [more]
Friday, 28 February 2003, 3:05 PM CET

Root 101
For many who are accustomed to single-user operating systems the concept of root is an unfamiliar one. This article is intended to help explain what root access is, whether you need it, what you can do with it. [more]
Friday, 28 February 2003, 3:04 PM CET

No need to feel insecure about Zeroconf / Rendezvous security
Jim Banahan describes how he set up a multi-platform networking environment for a local business. [more]
Friday, 28 February 2003, 1:08 PM CET

Identity theft problems in Australia
Within five years automatic teller machines will be scanning eyes before handing out the cash. It is just one of the measures to thwart identity theft, the fastest growing crime in Australia. [more]
Friday, 28 February 2003, 1:05 PM CET

Is vigilante hacking legal?
A legal expert is arguing that those under attack from 'zombie servers' and other Internet nuisances may be able to legally strike back - as long as they are careful. [more]
Friday, 28 February 2003, 1:04 PM CET

Book Review: Cisco Secure Intrusion Detection System
The book offers a comprehensive guide through all the perspectives of planning, deploying and maintaining Cisco Secure IDS. [more]
Thursday, 27 February 2003, 10:57 PM CET

Singapore nets record piracy haul
The police in Singapore uncovered the city-state's biggest-ever cache of pirated goods, which included software, CDs and games. [more]
Thursday, 27 February 2003, 5:03 PM CET

Spy Agencies Tight-Fisted on Data
While the U.S. government fine-tunes its computer networks to better fight terrorism, federal intelligence agencies can't agree on the best way to share crucial information with each other. [more]
Thursday, 27 February 2003, 4:52 PM CET

SSL 'inventor' sues VeriSign and RSA
A retired engineer has claimed he owns the patent for SSL, an authentication standard used by millions of Web sites. [more]
Thursday, 27 February 2003, 4:51 PM CET

ACLU Admits Another Privacy Gaffe
Protecting personal information on the digital frontier remains a tough task, even for the most ardent privacy activists. [more]
Thursday, 27 February 2003, 4:48 PM CET

Secure apps to stop network attacks
When securing your network, don't neglect the applications running on it. These tips will help you secure your network against attacks that exploit application vulnerabilities. [more]
Thursday, 27 February 2003, 1:39 PM CET

'Smart cards' in demand as concerns about security rise
With security tighter than ever, "smart card" IDs are becoming a first line of defense against attackers seeking to penetrate computer networks and office buildings. [more]
Thursday, 27 February 2003, 1:39 PM CET

Interview with Aviel Rubin
The Computer Science Professor at Johns Hopkins University and Technical Director of the JHU Information Security Institute talks about firewalls and computer security in general. [more]
Wednesday, 26 February 2003, 3:13 PM CET

Software Reports the Appearance of Three New Worms
Three worms -Lovgate.A, W32/Tang and Kingpdt- and two Trojans -Nzlog and Aileen- are the subjects of this week's report on malicious code. [more]
Wednesday, 26 February 2003, 3:11 PM CET

Much Ado About Kevin Mitnick
Until Mitnick does something noteworthy with his non-criminal career, let the guy be. He's served his time and has earned the right to be known as something other than a former computer criminal. [more]
Wednesday, 26 February 2003, 1:26 PM CET

U.S. Information Security Law, Part One
This article addresses the legal framework for protection of information systems and the role of information security professionals in the creation of trade secret interests, one type of intellectual property. [more]
Wednesday, 26 February 2003, 1:16 PM CET

Chipping Away at Workers' Privacy
Employers rely more and more on technology - from sensors to cameras to keystroke recorders to GPS - to keep an eye on workers. A new book paints a picture of an increasingly privacy-free workplace. [more]
Wednesday, 26 February 2003, 1:10 PM CET

The Open Road: Alternative Nameservers - PowerDNS
PowerDNS is an authoritative-only nameserver, which means that it will answer queries about zones that it is responsible for, but it won't attempt to find information on another zone/domain. [more]
Wednesday, 26 February 2003, 1:07 PM CET

Securing Windows 2000 Server Documentation
This prescriptive solution is aimed at helping reduce security vulnerabilities and lower the costs of exposure and security management in the Windows 2000 environment. [more]
Tuesday, 25 February 2003, 4:23 PM CET

The New FirewallAnalyzer 3.0 Supports Leading Firewalls
eIQnetworks released version 3.0 of their FirewallAnalyzer. This tool is the industryís first browser-based, cross-platform Firewall/VPN analysis and reporting solution with support for all leading firewalls. [more]
Tuesday, 25 February 2003, 4:23 PM CET

Worm Becomes Part Of The Windows OS
BitDefender released a free removal tool against the worm LovGate (its last version is Win32.LovGate.C@mm), which has widely spread in the wild in the last four days. [more]
Tuesday, 25 February 2003, 4:21 PM CET

Corporate Security
Most businesses use digital technologies to run more efficiently. Unfortunately, these also pose a threat to system integrity with security breaches being reported regularly. [more]
Tuesday, 25 February 2003, 4:19 PM CET

Program Hides Secret Messages in Executables
A new steganography application turns other programs into covert carrier pigeons. [more]
Tuesday, 25 February 2003, 1:36 PM CET

Nessus 2.0.0 stable is out
The free, powerful and easy to use remote security scanner just got better. See what's new in this release. [more]
Tuesday, 25 February 2003, 12:26 PM CET

VPN experts downplay 'splitting' headache
Most say split tunneling does not necessarily undermine security. [more]
Tuesday, 25 February 2003, 12:23 PM CET

Media Gone Mad
Why last week's big Windows security hole is nothing more than technology press hot air. [more]
Tuesday, 25 February 2003, 12:16 PM CET

CIOs debate security, privacy, Linux and outsourcing issues
CIOs from some of the nation's largest companies outlined their fears and hopes about their jobs and about the direction of technology in the year ahead. [more]
Tuesday, 25 February 2003, 12:13 PM CET

Lovegate worm's got a hold on PCs
The mass-mailing worm has infected a moderate number of PCs, installing a back-door that leaves them open to control. [more]
Tuesday, 25 February 2003, 12:12 PM CET

Interview with Cyrus Peikari
The CEO of AirScanner Mobile Security and co-author of "Maximum Wireless Security" talks about wireless security. [more]
Monday, 24 February 2003, 6:50 PM CET

HNS Book Giveaway - Counter Hack
We are giving away 3 copies of "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses" by Ed Skoudis. Want some knowledge? [more]
Monday, 24 February 2003, 6:44 PM CET

HNS Newsletter Issue 150 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by Application Security. Get a FREE sample vulnerability assessment of your database and applications. [more]
Monday, 24 February 2003, 6:24 PM CET

Wi-Fi Security Gets a Boost
802.11i standard will plug security holes, but products may not be available for almost a year. [more]
Monday, 24 February 2003, 6:21 PM CET

HNS Book Giveaway
We gave away 3 copies of "Cisco Secure PIX Firewalls" and 3 copies of "Web Security Field Guide". Are you one of the winners? [more]
Monday, 24 February 2003, 6:04 PM CET

White hat hacking school
After five days learning how to enter networks illicitly, 12 more white-hat hackers have joined the growing ranks of IT experts who think and act as the bad guys do. [more]
Monday, 24 February 2003, 5:43 PM CET

Swiss crack e-mail encryption code
Researchers at a Swiss university have cracked the technology used to keep people from eavesdropping on e-mail sent over the Web, but U.S. experts said that the impact would likely be minimal. [more]
Monday, 24 February 2003, 5:41 PM CET

Citibank gags crypto researchers
The High Court in London has imposed an injunction on Cambridge University security experts who claim to have uncovered serious failings in the system banks use to secure ATM PIN codes. [more]
Monday, 24 February 2003, 4:23 PM CET

Sysadmin Tales of Terror
The biggest challenge a system administrator ever faces is inheriting a networking mess: taking on a new job, or a new client, with a computing infrastructure that has grown without rhyme or reason. [more]
Monday, 24 February 2003, 4:19 PM CET

Book Review: Mission-Critical Security Planner
If you want to do security planning and you don't know where to start, this book is mandatory reading material. It will make your life easier and your system more secure. [more]
Friday, 21 February 2003, 7:29 PM CET

Weekly Virus Report
Three worms -Lovgate.A, W32/Tang and Kingpdt- and two Trojans -Nzlog and Aileen- are the subjects of this report on malicious code. [more]
Friday, 21 February 2003, 7:19 PM CET

Swiss crack email encryption
Researchers have found a way to unlock SSL-encrypted emails, but the real-world impact of their accomplishment is doubtful. [more]
Friday, 21 February 2003, 3:31 PM CET

Secure Chat with YTalk and SSH
Robert Bernier re-introduces the venerable and powerful YTalk and demonstrates how it can be used securely with SSH. [more]
Friday, 21 February 2003, 3:30 PM CET

A user's guide to online security
Computer security used to mean making sure that the door was locked on your way out of the house. Thanks to the internet, security means protecting your computer from electronic assailants as well. [more]
Friday, 21 February 2003, 3:27 PM CET

Lawyers: Hackers sentenced too harshly
A new paper argues that hacking cases should be treated as white-collar fraud, not as terrorism. [more]
Friday, 21 February 2003, 3:26 PM CET

How to get an ATM PIN number in 15 guesses
Cambridge researchers have documented a worrying PIN cracking technique against the hardware security modules commonly used by bank ATM machines. [more]
Friday, 21 February 2003, 3:25 PM CET

Interview with Judy Novak
Judy Novak is the co-author of the acclaimed "Network Intrusion Detection 3/e". Read her opinion on intrusion detection, open source, the disclosure of vulnerabilities and more. [more]
Thursday, 20 February 2003, 6:06 PM CET

First Honeyd Challenge - Test Your Programming Skills
Honeyd is a virtual honeypot running as a small daemon to create virtual hosts on a network. The goal of this challenge is to develop interesting feature additions to Honeyd. [more]
Thursday, 20 February 2003, 6:05 PM CET

DMCA Blocks Tech Progress
Silicon Valley executives and other insiders meet with lawmakers to discuss how the Digital Millennium Copyright Act adversely impacts technology innovation - and what they can do about it. [more]
Thursday, 20 February 2003, 6:02 PM CET

Security: Fighting the enemy within
How do you protect your network against a threat you can't see? New security automation can establish policies, and consistently audit and monitor them for compliance. [more]
Thursday, 20 February 2003, 5:50 PM CET

Root of massive credit card theft found
An attacker who gained access to millions of credit card numbers did it by breaking into a computer system at a company that handles transactions for catalog companies and other direct marketers. [more]
Thursday, 20 February 2003, 5:47 PM CET

Fighting piracy with P2P blocking
For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network. [more]
Thursday, 20 February 2003, 5:46 PM CET

New OpenSSL Security and Bugfix Releases
The OpenSSL announced the release of version 0.9.7a of their open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. [more]
Thursday, 20 February 2003, 4:03 PM CET

Remote Users Are The Weakest Link
Say there's a remote worker who connects to the corporate net through a VPN, and to the Internet via broadband and a Wi-Fi hub. That broadband link could be vulnerable and let someone "piggyback" into the VPN. [more]
Thursday, 20 February 2003, 1:28 AM CET

Book Review - Cisco Secure Virtual Private Networks
This publication is designed to give the readers basic knowledge of planning, administering and maintaining Virtual Private Networks. [more]
Wednesday, 19 February 2003, 7:56 PM CET

Mitsubishi develops one-time password system
Engineers at Mitsubishi have developed a one-time password system for use on mobile Internet services. [more]
Wednesday, 19 February 2003, 4:17 PM CET

Xitami Web Server Review at Unix Review
Xitami highlights a Web-based administrator, the LRWP Protocol, XML, a built-in FTP server, and more. The commercial version, Xitami Pro, supports full SSL layer 2 and 3, and uses OpenSSL source. [more]
Wednesday, 19 February 2003, 4:12 PM CET

Internet fraud expanding, security experts warn
Corporate computer security professionals should be aware that Internet fraud is not only growing in frequency but also expanding in scope. [more]
Wednesday, 19 February 2003, 3:02 PM CET

Russian Major Cellular Company Client Database Stolen
Russian media have caused a commotion regarding the fact that the client base of Russia's largest cellular operator has been stolen. [more]
Wednesday, 19 February 2003, 2:05 PM CET

Real boss tackles online piracy
The online piracy of songs and films can be stopped but just shutting down illegal file-sharing services is not enough, says Rob Glaser, boss of Real Networks. [more]
Wednesday, 19 February 2003, 1:47 PM CET

Cisco expands its line of intrusion-detection tools
Cisco Systems will announce new intrusion-protection software and firewall enhancements, including functionality designed to lower IT staffing costs by reducing false or irrelevant system-intrusion alarms. [more]
Wednesday, 19 February 2003, 1:39 PM CET

Secure MySQL Database Design
This article will discuss various methods to secure databases, specifically one of the most popular freeware databases in use today, MySQL. [more]
Wednesday, 19 February 2003, 1:30 PM CET

Interview with Ed Skoudis, author of "Counter Hack"
Ed Skoudis talks about his book and general security issues and tools. [more]
Tuesday, 18 February 2003, 1:38 PM CET

Hacker accesses 5.6 million credit cards
A hacker has gained access to as many as 5.6 million Visa and MasterCard accounts, the two companies announced. [more]
Tuesday, 18 February 2003, 1:37 PM CET

Creating Your Own CA
Become your own Certificate Authority, and sign your own - or others' - SSL certificates. [more]
Tuesday, 18 February 2003, 1:28 PM CET

Users tout open source security
When the right technology doesn't exist or isn't available at the right price, many large companies get creative and build their own custom systems, such as routers, firewalls or VPN gear. [more]
Tuesday, 18 February 2003, 1:08 AM CET

Police issue virus warning
The National Hi-Tech Crime Unit has warned firms not to become complacent about antivirus protection, despite fewer reported virus infections last year. [more]
Tuesday, 18 February 2003, 12:49 AM CET

Book Review - Maximum Wireless Security
This book aims to give you the knowledge you need to bring maximum security to your network, by teaching you how that security can and will be broken. [more]
Monday, 17 February 2003, 1:26 PM CET

HNS Newsletter Issue 149 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by Application Security. Get a FREE sample vulnerability assessment of your database and applications. [more]
Monday, 17 February 2003, 1:24 PM CET

Kazoa Worm, NTRootkit Tool and Egrof Trojan
This week's report looks at a Trojan calledEgrof, the 'C' variant of the Kazoa worm and the NTRootkit tool, used by attackers to hide their activity on the computers they attack. [more]
Monday, 17 February 2003, 1:23 PM CET

Richard Clarke's Legacy of Miscalculation
The outgoing cybersecurity czar will be remembered for his steadfast belief in the danger of Internet attacks, even while genuine threats developed elsewhere. [more]
Monday, 17 February 2003, 1:22 PM CET aims to demystify security for SMEs
UK online for business has launched a security section on its Web site, designed to help small business keep abreast of the latest Internet threats and how to combat them. [more]
Monday, 17 February 2003, 1:22 PM CET

Even Security Firms at Risk for Break-Ins
Security engineers at Addamark Technologies noticed that someone accessed a confidential, password-protected document on the company's Web server that contained technical product details... [more]
Monday, 17 February 2003, 1:17 PM CET

HNS Book Giveaway
We are giving away 3 copies of "Cisco Secure PIX Firewalls" and 3 copies of "Web Security Field Guide". Want some knowledge? [more]
Monday, 17 February 2003, 3:01 AM CET

How to use a personal DNS for root-server attack isolation
Provided a couple of programmers are correct, what started out as an attempt to provide better DNS server performance on Windows machines may also be one way to reduce DNS security concerns. [more]
Monday, 17 February 2003, 2:40 AM CET

HNS Book Giveaway Winners
Six lucky winners have been chosen, each one gets a book. Are you one of them? [more]
Monday, 17 February 2003, 1:59 AM CET

Book review - Web Security Field Guide
This "Field guide" should be of interest to the novice and inter-mediate readers interested in enchancing the security of their Microsoft based installations. [more]
Friday, 14 February 2003, 2:55 PM CET

Interview with Adam N. Bosnian
Vice President, Sales and Marketing of Elron Software talks about the company, viruses, spam and internet monitoring. [more]
Friday, 14 February 2003, 10:45 AM CET hole leaks personal information
A security flaw on the Web site leaves private information open to harvesting just before Valentine's Day, one of the busiest times of the year for the online florist. [more]
Friday, 14 February 2003, 10:26 AM CET

Red Hat, Oracle to certify Linux for the government
Red Hat and Oracle have teamed to get Linux evaluated under the Common Criteria, a certification that could open doors for the broader use of open-source software by government agencies. [more]
Friday, 14 February 2003, 10:18 AM CET

Computer Worms Turn, But Business Slow To Insure Against Risk
Economist Bob Hartwig once predicted that cyber insurance would grow to $2.5 billion in sales by 2002. Industry officials doubt that actual sales have topped $100 million yet. [more]
Friday, 14 February 2003, 12:51 AM CET

Are You Infected? Detecting Malware Infection
This article discusses how to determine whether or not the system has been infected and offers tips on to manually disinfect the system. [more]
Friday, 14 February 2003, 12:39 AM CET

Some experts say cyberterrorism is very unlikely
For years, government experts have warned a "cyberterrorism" attack could amount to "an electronic Pearl Harbor." Now, a less alarmist viewpoint is emerging from experts who say the comparison is overblown. [more]
Friday, 14 February 2003, 12:37 AM CET

Detecting Server Compromises
How can I determine if my Linux server has been hacked? How can I be sure that I haven't been hacked? Jay Beale responds. [more]
Friday, 14 February 2003, 12:35 AM CET

New celebrity virus: Catherine Zeta-Jones
The popularity of Catherine Zeta-Jones has led to the actress being used as a hook to tempt users into launching a virus on their PCs. [more]
Friday, 14 February 2003, 12:31 AM CET

Government warns 'patriot hackers'
The FBI's National Infrastructure Protection Center warned that growing tensions between the United States and Iraq could lead to an increase in global computer hacking activities on both sides. [more]
Friday, 14 February 2003, 12:30 AM CET

Interview with Martin Croome
The European General Manager of Socket Communications talks about the company and wireless security issues. [more]
Thursday, 13 February 2003, 1:11 PM CET

Mitnick Banned From Security Group
The famous ex-hacker is a member of the world's largest not-for-profit computer security organization... for about two minutes. [more]
Thursday, 13 February 2003, 1:10 PM CET

Web services changes the security game
Peter Judge: People don't want to wait for Web services - so the security industry is going to have to shift a generation pretty quickly. [more]
Thursday, 13 February 2003, 12:50 PM CET

New Linux Support Policies are Ominous
Red Hat and Mandrake are cutting support for older versions of their Linux distributions. The results will be a security nightmare for the Internet. [more]
Thursday, 13 February 2003, 5:44 AM CET

Police recover disk at centre of ID theft flap
A hard drive that contained confidential details about hundreds of thousands of insurance company clients has been recovered by Canadian police. [more]
Thursday, 13 February 2003, 5:43 AM CET

How to tighten the loose security in wireless networks
If proper security precautions are implemented into a wireless deployment at the outset, the risks associated with this enabling technology can be greatly reduced. [more]
Thursday, 13 February 2003, 5:39 AM CET

Spam Offers: Some Legit, Most Not
Ever wonder what happens when you respond to unsolicited e-mail come-ons to make money at home, pump up your manhood or spy on anyone online? Turns out, spam begets spam. And that's usually about it. [more]
Thursday, 13 February 2003, 5:36 AM CET

Interview with Rich Bowen
The co-author of Apache Administrator's Handbook talks about his book and Apache in general. [more]
Wednesday, 12 February 2003, 1:56 PM CET

KaVaDo: New Version of ScanDo Web Application Scanner
ScanDo is a Web application scanner that assesses the entire Web application to identify security loopholes. [more]
Wednesday, 12 February 2003, 1:54 PM CET

One in Every 145 Emails is a Virus
One in every 145 e-mails sent and received by small- to medium-sized enterprises during January 2003 contained a virus, according to VIA NET.WORKS UK, a provider of managed Internet services for business. [more]
Wednesday, 12 February 2003, 1:52 PM CET

Panda Reports the Appearance of a New Worm/Trojan
Panda Software Reports the Appearance of a New Worm/Trojan: Kazoa.C, alias Gool. [more]
Wednesday, 12 February 2003, 1:52 PM CET

Microsoft offers E-mail security newsletter
Microsoft, in an effort to boost security awareness after a recent high-profile breach of its software, said that it would start sending e-mail newsletters to users about computer security threats and issues. [more]
Wednesday, 12 February 2003, 12:36 PM CET

Open and closed security are roughly equivalent
Open and closed approaches to security are basically equivalent, with opening a system up to inspection helps both attackers and defenders. [more]
Wednesday, 12 February 2003, 12:33 PM CET

Cybercrime show tackles terrorism
Amid heightened awareness of terrorism and computer attacks, computer crime professionals gathered at the Foxwoods Resort Casino here this week to hone their cybersleuthing skills at the annual Cybercrime conference. [more]
Wednesday, 12 February 2003, 12:04 PM CET

Forensics on the Windows Platform, Part Two
In this article we will concentrate on the areas of a Windows file system that are likely to be of most interest to forensic investigators and the software tools that can be used to carry out an investigation. [more]
Wednesday, 12 February 2003, 11:29 AM CET

FTP Server Offers Key to the Store
Sloppy practices leave critical user IDs and passwords available for public download. [more]
Wednesday, 12 February 2003, 11:25 AM CET

How we can stop identity theft--for good
This crime will not stop until the government steps in to regulate corporate privacy policies, and companies that handle your personal data are held liable for any abuses carried out by their employees. [more]
Wednesday, 12 February 2003, 11:14 AM CET

Interview with Charles R. Elden
The independent security consultant, former CIA employee and co-author of "Wireless Security and Privacy" talks about wireless security. [more]
Tuesday, 11 February 2003, 4:33 PM CET

NAI Unveils 'InfiniStream Security Forensics' Solution
InfiniStream Security Forensics is a forensics analysis solution that allows enterprise customers worldwide to reconstruct, understand and prevent harmful network activity and security events. [more]
Tuesday, 11 February 2003, 4:31 PM CET

Wireless LAN Security: Risks & Defenses Web Seminar
In this one hour AirDefense web seminar, you should be informed how you can protect your WLANs with a layered security approach. [more]
Tuesday, 11 February 2003, 4:31 PM CET

Go the extra mile - secure Windows admin account
Here's a look at the steps you can take to manage access to the Windows administrator account and improve security of how it's used by IT staff. [more]
Tuesday, 11 February 2003, 4:30 PM CET

Spyware found in 30% of European businesses
Almost one-third of European companies have been infected with spyware applications on their networks, according to research. [more]
Tuesday, 11 February 2003, 3:29 PM CET

HNS Newsletter Issue 148 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by Application Security. Get a FREE sample vulnerability assessment of your database and applications. [more]
Tuesday, 11 February 2003, 3:20 PM CET

How Vulnerable Is the Internet Now?
According to Gartner research director Richard Stiennon, it would not be difficult for an attacker to send spoofed routing tables to poorly configured routers and misdirect traffic across large parts of the Internet. [more]
Tuesday, 11 February 2003, 2:20 PM CET

Secure future for SSL VPNs
Simplifying VPNs by using the browser-based SSL will instigate a fundamental change in the use of VPNs in enterprises, according to research from The Tolly Group. [more]
Tuesday, 11 February 2003, 2:14 PM CET

Interview with David W. Chapman
The President and Principal Consultant for SecureNet Consulting talks about firewalls. [more]
Monday, 10 February 2003, 10:53 PM CET

NetIQ and Cisco Security Web Seminars
If you like to participate in online web seminars, you may find these two interesting: NetIQ's Security Webcast Featuring Kevin Mitnick and Cisco's Enhancing Network Security Monitoring with IDS Technology Webcast. [more]
Monday, 10 February 2003, 5:06 PM CET

Feds Consider Waging Cyber War
The government is studying ways to use cyberattacks against their enemies. [more]
Monday, 10 February 2003, 4:13 PM CET

GSM security flaws exposed
Steve Lord, consultant, X-Force Security Assessment Services for Internet Security Systems, argues that, while some functions of GSM offer impressive levels of security, others should not be trusted. [more]
Monday, 10 February 2003, 4:08 PM CET

HNS Book Giveaway
We are giving away 3 copies of "Firewalls and Internet Security: Repelling the Wily Hacker 2/e" and 3 copies of "Managing Information Security Risks: The OCTAVE Approach". Want some knowledge? [more]
Monday, 10 February 2003, 12:57 PM CET

SunScreen, Part Two: Policies, Rules, and NAT
This article covers some of the rudimentary facilities in SunScreen such as adding and removing rules, setting up a remote management station, and network address translation. [more]
Monday, 10 February 2003, 12:55 PM CET

Backpackers' savings at risk from online banking scam
Attackers are preying on backpackers, using internet cafes to steal thousands of dollars of travellers' savings from online bank accounts. [more]
Monday, 10 February 2003, 12:48 PM CET

How to build a secure WLAN
For real-time communications like Wi-Fi, a comprehensive real-time network protection strategy is required to enable pervasive, widespread deployment. [more]
Monday, 10 February 2003, 12:37 PM CET

HNS Book Giveaway Winners
Three lucky winners have been chosen, each one gets a copy of "Understanding PKI: Concepts, Standards, and Deployment Considerations 2/e". Are you one of them? [more]
Monday, 10 February 2003, 11:50 AM CET

Book Review: Counter Hack
If you're in charge of the security of a network or just a security enthusiast, you'll find this book of great value. [more]
Friday, 7 February 2003, 2:21 PM CET

Student Charged With Hacking and Information Theft
A Boston College student was indicted on charges he penetrated the campus computers, gathered personal information on more than 4,000 people, and stole about $2,000 in goods and services. [more]
Friday, 7 February 2003, 2:20 PM CET

Stalkers Use GPS to Track Victims
Two recent cases in which stalkers used global positioning system receivers to follow their victims' movements spark concern among law enforcement. Meanwhile, police install GPS systems of their own. [more]
Friday, 7 February 2003, 1:53 PM CET

Man Charged with Hacking ViewSonic System
A former employee of ViewSonic Corp. was arrested on Thursday for allegedly hacking into its computer system and destroying data, shutting down a server that was central to the firm's foreign operations. [more]
Friday, 7 February 2003, 1:42 PM CET

The hackers are coming to town
There was a time when the term hacker, even to the generalist, was nothing uncomplimentary. There were people of all ages who had this urge to fiddle with computer hardware or meddle with code. [more]
Friday, 7 February 2003, 1:39 PM CET

Brother, can you spare some privacy?
Companies that wish to display the TRUSTe seal on their Web site will have to demonstrate a higher level of privacy protection. [more]
Friday, 7 February 2003, 1:03 PM CET

ISA to consumers: Think security
A coalition of technology companies and others doing business on the Internet have released a list of nine steps they believe consumers should take to protect themselves. [more]
Friday, 7 February 2003, 12:43 PM CET

Web worm suspects bailed
Two people suspected of creating the TK web worm have been released on bail. [more]
Friday, 7 February 2003, 11:20 AM CET

Book Review: Managing Information Security Risks
This book provides a powerful documentation on CERT/CC's Operationally Critical Threat, Asset, and Vulnerability Evaluation. [more]
Thursday, 6 February 2003, 2:20 PM CET

Interview with Dr. Nicko van Someren, CTO of nCipher
Dr. Nicko van Someren talks about nCipher, XML security, enterprise security and more. [more]
Thursday, 6 February 2003, 1:17 PM CET

Secure Configuration of Servers Stops SQLSlammer and Others
Here are some basic protection measures, with a particular emphasis on those that provide Internet services. [more]
Thursday, 6 February 2003, 1:16 PM CET

India gets its first cyber convict
A 24-year-old engineer from Delhi has earned the dubious distinction of being the first person in India to be convicted for a cyber crime. A city court convicted Asif Azim for using an American citizen's credit card to make an online purchase. [more]
Thursday, 6 February 2003, 1:14 PM CET

The Great IDS Debate
In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis. [more]
Thursday, 6 February 2003, 1:13 PM CET

Online child porn arrests total 1,600
More than 1,600 men have so far been arrested in Operation Ore, the huge UK police investigation into child porn on the internet. [more]
Thursday, 6 February 2003, 1:10 PM CET

Open wireless networks pose dilemma
If you want to know how unsecure today's wireless networks are, just ask the people who make it their mission to locate the access points designated by companies and consumers around the world. [more]
Thursday, 6 February 2003, 1:06 PM CET

Worm spread worldwide in 10 minutes
It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet two weeks ago, making it the fastest-spreading computer infection ever seen. [more]
Thursday, 6 February 2003, 1:02 PM CET

Bush's database faces privacy, not technical, concerns
Bush's plan for a massive antiterrorism database center, could be up and running within months from a technology standpoint, but harder to overcome will be privacy concerns of a non-technical nature. [more]
Thursday, 6 February 2003, 1:01 PM CET

Mac turns security guard
A Mac video motion-detection package has been released as a home-and-office security solution. [more]
Thursday, 6 February 2003, 12:52 PM CET

Interview with Ratmir Timashev, CEO of Aelita Software
Ratmir Timashev talks about his company, backup and recovery problems, as well as general security issues. [more]
Wednesday, 5 February 2003, 4:08 PM CET

Advantages of Block-Based Protocol Analysis for Security Testing
This paper describes a effective method for black-box testing of unknown or arbitrarily complex network protocols for common problems relating to the security of a program or system. [more]
Wednesday, 5 February 2003, 4:04 PM CET

ActiveState PureMessage Tested for UnixReview
PureMessage is a full-featured mail filtering system that can be used as a combination filter/MTA solution or a standalone filter that passes messages on to a MTA for delivery. Here's a test. [more]
Wednesday, 5 February 2003, 3:59 PM CET

The Crypto Gardening Guide and Planting Tips
The intent of this document is to cover some of the real-world constraints for cryptographers, to point out problems that their designs will run into when attempts are made to deploy them. [more]
Wednesday, 5 February 2003, 3:50 PM CET

Secure your DNS - replace BIND
BIND has become the most popular DNS server on the Internet. It is also a favorite attacker target. For organisations that require a more secure DNS infrastructure, the djbdns package may be the answer. [more]
Wednesday, 5 February 2003, 1:10 PM CET

Smallpot: Tracking the Slapper and Scalper Unix Worms
This article will look at the Smallpot Project, a generic honeypot designed to track almost any malware on the Internet, using the Slapper and Scalper worms as a case study. [more]
Wednesday, 5 February 2003, 12:59 PM CET

The Big Lessons of a Little Worm
If Slammer's weekend assault had come just 48 hours later, the end result might have been a virtual Net shutdown. Institutional investors unable to make trades could have lost billions of dollars. [more]
Wednesday, 5 February 2003, 12:55 PM CET

Web services group still seeking security
A group working to ensure the compatibility of Web services software is preparing to tackle its biggest challenge yet: Security. [more]
Wednesday, 5 February 2003, 12:53 PM CET

Responding In Kind
Microsoft Security Response Center revamps its advisory and patch processes. [more]
Wednesday, 5 February 2003, 12:50 PM CET

HNS Book Giveaway - Understanding PKI
We are giving away 3 copies of "Understanding PKI: Concepts, Standards, and Deployment Considerations 2/e" by Carlisle Adams and Steve Lloyd. Want some knowledge? [more]
Tuesday, 4 February 2003, 2:00 PM CET

HNS Book Giveaway Winners
Six lucky winners have been chosen, each one gets a book. Are you one of them? [more]
Tuesday, 4 February 2003, 1:57 PM CET

Webcast - Eliminate the SANS/FBI Top 20 Internet Vulnerabilities
In the following two briefings, Jason Fossen and Hal Pomeranz will provide highlights from their courses that will help you eliminate the SANS/FBI Top 20 vulnerabilities. [more]
Tuesday, 4 February 2003, 1:04 PM CET

Snooping stalled
The U.S. House of Representatives and President Bush should concur with a unanimous Senate vote that struck a blow for the privacy rights of Americans. [more]
Tuesday, 4 February 2003, 1:02 PM CET

Mitigating Voice Telephony Security and Fraud Risks
The trend toward the convergence of telephony and computer systems has exposed voice systems to abusers. IT executives should implement plans that will mitigate the chances of a hacker's success. [more]
Tuesday, 4 February 2003, 11:58 AM CET

Cyber attacks down, but vulns soar
The level of cyber attacks decreased for the first time in the second half of 2002, dropping six per cent. [more]
Tuesday, 4 February 2003, 11:30 AM CET

Securing Systems with chroot
One popular technique crackers use to compromise machines is exploiting buffer overflows. Learn how to minimize the damage by using chroot. [more]
Tuesday, 4 February 2003, 11:27 AM CET

Security strategies: fortress or airport?
CIOs are scratching their heads, trying to figure out if they should adopt fortress-type security systems or move towards a multi-layered security strategy. [more]
Tuesday, 4 February 2003, 11:21 AM CET

Worm turns on The Archers
The BBC has been hit by a virus for the second time in a month. [more]
Tuesday, 4 February 2003, 11:16 AM CET

Interview with Steven Dabbs, CEO & President of ScannerX
We have talked with Steven Dabbs, CEO & President of ScannerX, about automated vulnerability assessment services his company offers and vulnerabilities in general. [more]
Monday, 3 February 2003, 4:36 PM CET

eSecurity: Towards a more secure Internet environment
eSecurity is not only a concern in specialised areas such as aerospace, military applications and banking, but an issue for governments, businesses and consumers alike. [more]
Monday, 3 February 2003, 4:15 PM CET

HNS Newsletter Issue 147 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by ScannerX. [more]
Monday, 3 February 2003, 4:00 PM CET

Secure Linux preparing for industrial control
A version of Linux hardened by the US Government is being proposed for industrial control systems. [more]
Monday, 3 February 2003, 3:27 PM CET

Something Needs to Change
With the Slammer worm network security becomes literally a matter of life and death. Where do we go from here? [more]
Monday, 3 February 2003, 2:48 PM CET

Mobile users face growing virus threat
Virus writers are not yet targeting mobile platforms, but is this the calm before the storm? [more]
Monday, 3 February 2003, 2:46 PM CET

TightVNC: Remote X the secure, fast & easy way
Looking for a software solution to help him access his home desktop remotely, Joe Barr finds more than he'd hoped for in TightVNC. [more]
Monday, 3 February 2003, 11:17 AM CET

Slammer Didn't Hurt, But the Next One Might
Agency says its air traffic control network wasn't compromised by worm's attack on the Internet, but admits it could happen in the future. [more]
Monday, 3 February 2003, 11:12 AM CET

Microsoft security gets an 'F'
"Trustworthy Computing is failing," Russ Cooper of TruSecure Corp. said of the Microsoft initiative. "I gave it a 'D-minus' at the beginning of the year, and now I'd give it an 'F."' [more]
Monday, 3 February 2003, 11:08 AM CET

Should Microsoft pay your security patch costs?
The cost of keeping your network and systems secure should be a shared burden, not just a cost of doing business. [more]
Monday, 3 February 2003, 11:04 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd