Off the Wire

Off The Wire Archive

News items for February 2004

Video Interview with Jon Callas - PGP Corporation
In this video Mr. Callas discusses the importance of encryption in the overall security architecture, what he would like to see done in the field of cryptography as well as PGP Corporation. [more]
Friday, 27 February 2004, 3:02 PM CET


Linux and agent capabilities added to HFNetChkPro
HFNetChkPro will now give network administrators the option to roll out patches via agents for customer applications that require them. A separate version will allow those running Red Hat Linux to scan the network for Linux operating system vulnerabilities, identify machines to be patched, and automatically roll out and validate patches. [more]
Friday, 27 February 2004, 1:38 PM CET


Tools secure thin clients
Thin clients from Neoware are set to get a security boost. [more]
Friday, 27 February 2004, 12:57 PM CET


Hackers gain free access to MSN Premium
Programmers in China have exploited a security hole in Microsoft's MSN Explorer software to win free access to paid services. [more]
Friday, 27 February 2004, 12:54 PM CET


Alleged WebTV 911 hacker charged with cyberterrorism
Louisiana man is charged under the USA PATRIOT Act for sending out a malicious script that made set-top boxes call the police. [more]
Friday, 27 February 2004, 12:53 PM CET


Building secure enterprise WLANs
It is possible to build a secure wireless LAN. Not easy, but possible. [more]
Friday, 27 February 2004, 12:46 PM CET


Federal IT-security standards
In an effort to beef up the security of government systems, the U.S. Office of Management and Budget announced last month that 18 agencies must comply with federal IT-security standards before they receive funding for upgrades. [more]
Friday, 27 February 2004, 12:44 PM CET


Is Microsoft ignoring the biggest source of security threats?
What do the insiders do that constitutes a security incident? They steal, alter or corrupt information assets. [more]
Friday, 27 February 2004, 1:51 AM CET


Piracy on wireless Internet raises legal challenges
As the recording industry pursues illegal music traders, how does it prove who was actually doing the stealing? [more]
Friday, 27 February 2004, 1:44 AM CET


Assigning passwords to computer history
Many companies produce biometric technologies, but they've been slow to catch on. Businesses and government agencies use them in high-security areas, but the relatively high cost of the systems have kept them out of common use. Passwords are cheap; biometrics requires scanning equipment. [more]
Friday, 27 February 2004, 1:40 AM CET


Anti-spam solutions and security
This article is the first of a two-part series that discusses the security issues of spam as well as several current anti-spam methodologies. [more]
Friday, 27 February 2004, 1:29 AM CET


F-Secure mass-mails worm to UK clients
F-Secure apologises for sending customers Netsky.B via mailing list. [more]
Friday, 27 February 2004, 1:25 AM CET


New spam filters cut the noise
Two developers of open-source antispam software say their programs can block 99.97 percent of incoming spam - better than what commercial products can do. [more]
Thursday, 26 February 2004, 6:15 PM CET


CIA to issue cyberterror intelligence estimate
The first-of-its-kind estimate will detail threats to and vulnerabilities of critical infrastructures. [more]
Thursday, 26 February 2004, 6:10 PM CET


Careful wireless communication
Mass wireless communication has changed the world and will continue to do so in the future. But it also opens up a range of security problems that many people simply do not understand. [more]
Thursday, 26 February 2004, 6:06 PM CET


Use lessons from the common to defeat computer viruses
David Perry, director of global education at security software supplier Trend Micro, thinks the analogy between biological and computer viruses breaks down. "A biological virus mutates by itself, but a computer virus does not have that ability," he told TechNewsWorld. [more]
Thursday, 26 February 2004, 6:04 PM CET


SMEs the weakest link on security
Small firms' insufficient measures could provide back door to corporate IT networks. [more]
Thursday, 26 February 2004, 6:02 PM CET


Virus variants spread
MyDoom and Netsky have been altered to attack vulnerable users. [more]
Thursday, 26 February 2004, 6:00 PM CET


Hackers exploit Windows patches
Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts. [more]
Thursday, 26 February 2004, 5:59 PM CET


Military certifies biometric profile
Officials at the Defense Department's Biometrics Management Office announced that the National Information Assurance Partnership has certified the first of five planned biometric protection profiles for DOD and other government agencies. [more]
Thursday, 26 February 2004, 5:58 PM CET


IDS response bolstered with computer forensics
EnCase Enterprise Edition is for computer investigators and information security professionals who need to investigate computer breaches and other incidents throughout the enterprise. [more]
Thursday, 26 February 2004, 2:49 PM CET


Homeland insecurity starts at home
The IT industry needs to stop worrying about who's behind cyber attacks and focus on making security technology easier to use and software more reliable, a senior White House security advisor told delegates at the RSA Conference today. [more]
Thursday, 26 February 2004, 11:26 AM CET


A security primer for Mac OS X
In this article, the author takes a hands-on approach to what I call "security through common sense," the basic security steps that every single Mac user should take. [more]
Thursday, 26 February 2004, 11:23 AM CET


Microsoft confident bounties will nab virus writers
A trio of bounties Microsoft Corp. placed on the heads of virus writers has generated a variety of investigative leads, but still no arrests, a top security official from the software giant said on Tuesday. [more]
Wednesday, 25 February 2004, 6:10 PM CET


Government moves toward standards for unified security
Agencies are slowly developing standards and common practices for integrating security—both for physical and information needs—across agencies. [more]
Wednesday, 25 February 2004, 6:03 PM CET


Much ado about patching
Top security officers warned on Tuesday that patching software flaws is still far too difficult, with many companies left vulnerable because they are lagging behind on applying critical updates. [more]
Wednesday, 25 February 2004, 11:36 AM CET


Trusted Solaris has secure future, Sun says
Sun will continue to offer the Trusted Solaris version of its operating system as a separate product, a company official said Tuesday, trying to clear up any confusion that Sun may have caused in the marketplace. [more]
Wednesday, 25 February 2004, 3:04 AM CET


New I.T. may balance security, privacy
User-friendly, automated software may help antiterrorism surveillance and individual privacy co-exist, claims a Carnegie-Mellon University computer-science professor. [more]
Wednesday, 25 February 2004, 2:25 AM CET


AMD hardens network security with new Alchemy chip
Aberdeen Group research director Eric Hemmendinger told TechNewsWorld that the goal of both network and compute-side hardware security products, which have yet to be widely deployed, is speed. [more]
Wednesday, 25 February 2004, 2:06 AM CET


Is security getting any easier?
Although governments and companies appear to be making significant headway on many security problems, don't expect headaches like spam to disappear anytime soon, according to security experts. [more]
Wednesday, 25 February 2004, 1:59 AM CET


Gates speaks about security efforts at the RSA Conference
Gates said that he believes Microsoft has made a lot of progress in the last two years and that with the right tools and processes things will be even better. He also provided his view of the spam problem and the release of the Windows XP Service Pack 2. [more]
Wednesday, 25 February 2004, 1:57 AM CET


IBM ThinkPad T41p with the embedded security subsystem
In the event that the Thinkpad T41p receives a sharp blow or accidentally is dropped, IBM claims that its active-protection system can provide up to four times the impact protection than notebooks without this innovation. [more]
Wednesday, 25 February 2004, 1:42 AM CET


Is open-source examined for security more than closed-source?
The usually simmering open source vs. closed source debate boiled over recently following the leak of Windows source code on the Internet. And it boiled over here too. [more]
Wednesday, 25 February 2004, 1:11 AM CET


Linux gets security boost from NSA
Most stories about government deployments of Linux involve a distributor helping various federal and municipal agencies install the open source operating system. But in this case, a federal agency is helping Linux. [more]
Wednesday, 25 February 2004, 1:09 AM CET


RSA Security and Microsoft bring strong authentication to Windows
The new RSA SecurID for Microsoft Windows solution is designed to help Microsoft enterprise customers ensure that valuable desktop and network resources are accessible only by authorized users, while simultaneously delivering a simplified and consistent user login experience. [more]
Wednesday, 25 February 2004, 12:05 AM CET


Information security is about people
Information security is not just about expensive firewalls and intrusion detection systems. It's not only about technology - it's also about people and policies. [more]
Tuesday, 24 February 2004, 8:20 PM CET


Configure Web logs in Apache
While most of this piece discusses configuration options for any operating system Apache supports, some of the content will be Unix/Linux (*nix) specific, which now includes Macintosh OS X and its underlying Unix kernel. [more]
Tuesday, 24 February 2004, 8:18 PM CET


Microsoft pledges to change patch practices
Software company wants to make life easier for customers. [more]
Tuesday, 24 February 2004, 8:08 PM CET


Cyber-crime law to be strengthened
Police to be granted more powers in wake of record UK losses from internet fraud. [more]
Tuesday, 24 February 2004, 8:05 PM CET


HNS Coverage from the RSA Conference 2004 USA
The 13th annual RSA Conference started in San Francisco. HNS is at the conference and this is the place you can look for the news on product releases as well as other happenings. [more]
Tuesday, 24 February 2004, 12:07 PM CET


Hacker sentenced to prison for one year
Former ViewSonic employee had pleaded guilty to accessing a protected computer and causing damage. [more]
Tuesday, 24 February 2004, 10:53 AM CET


Company gets $400,000 to develop trap for computer worms
The Government has poured $400,000 into an Auckland company's research and development of software that will detect and stop computer worms within minutes after the start of an attack. [more]
Tuesday, 24 February 2004, 10:51 AM CET


Japanese bank uses biometrics
Bank of Tokyo-Mitsubishi, one of Japan's top four banks, said it will introduce a new biometric security system for cash machines which can identify customers from the pattern of veins in their hands. [more]
Tuesday, 24 February 2004, 1:37 AM CET


Enterprise security spend set to double
Increased demand for mobile access and the need for businesses to retain key personnel through more flexible working practices will see enterprise investment in SSL VPNS rise from $120 million in 2003 to just over $1 billion in 2007. [more]
Tuesday, 24 February 2004, 1:27 AM CET


Chips to ease Microsoft's big security nightmare
Chip makers are planning a new generation of microprocessors that should plug the gaps that led Microsoft to issue a "critical security alert" last week. [more]
Tuesday, 24 February 2004, 1:24 AM CET


How long must you wait for an anti-virus fix?
Imagine that your office building was on fire, and you called the fire department, only to be told, "Please wait there while we invent a new method to fight the kind of fire you have." [more]
Tuesday, 24 February 2004, 1:21 AM CET


Microsoft security CD will be a 'one-off'
News last week that Microsoft was readying a CD containing all its security patches to be distributed free to anyone that requests it has provoked a flurry of interest from consumers, particularly those without broadband pipes capable of downloading sizeable patches. [more]
Tuesday, 24 February 2004, 1:19 AM CET


Video interview with Victor Chang - RSA Security Inc.
In this video Mr. Chang discusses the implementation of security for web services, various wireless security issues, the RSA Developer Central website as well as the state of information security in general. [more]
Monday, 23 February 2004, 10:37 PM CET


Demo 2004 reflects IT security concerns
Document security and guarding applications rule show. [more]
Monday, 23 February 2004, 8:48 PM CET


Developer exams spotlight security
Microsoft plans to beta test two new security-related developer exams April 21 through May 4. [more]
Monday, 23 February 2004, 8:47 PM CET


Mainsoft put in spotlight over leaked source code
Mainsoft used to be one of hundreds of small, private technology companies working in relative anonymity across Silicon Valley. Until last week. [more]
Monday, 23 February 2004, 5:26 PM CET


Top net villains and heroes named
Britain's net industry has named internet domain giant Verisign as its villain of the year. [more]
Monday, 23 February 2004, 5:22 PM CET


FBI approves anti-piracy CD, DVD labels
The FBI said it is giving Hollywood film studios, music companies and software makers permission to use its name and logo on their DVDs, CDs and other digital media in hopes the labels will deter illegal copies. [more]
Monday, 23 February 2004, 10:11 AM CET


Interview with Vincenzo Ciaglia, founder of Netwosix
In this article, a brief introduction of Netwosix is given and the project founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux distribution for system administrators and advanced users. [more]
Monday, 23 February 2004, 3:36 AM CET


Trojans as spam robots: the evidence
German magazine c't says it has evidence that virus writers are selling the IP addresses of PCs infected with Trojans to spammers. [more]
Monday, 23 February 2004, 3:34 AM CET


U.S. info-sharing program draws fire
Critics take aim at a Department of Homeland Security vulnerability-sharing program that keeps security holes secret from the public. [more]
Monday, 23 February 2004, 3:33 AM CET


SSL vs. IPsec: which is right for your VPN?
Both solutions have their pros and cons, so selecting the best one for your needs can be confusing. Before deciding which one is right for your organization, it’s important to understand how both technologies work to secure a VPN. [more]
Monday, 23 February 2004, 3:30 AM CET


World of the virus writers
He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism. [more]
Monday, 23 February 2004, 3:21 AM CET


Outsourcing: danger to privacy
Companies are shipping a lot of sensitive information about Americans overseas for processing by foreign clerks. Now, some lawmakers want safeguards from the companies to prevent misuse of the data. [more]
Friday, 20 February 2004, 3:40 PM CET


US security arm makes bid for private sector data
The US Department of Homeland Security has unveiled a programme designed to persuade the private sector to share security information with the government. [more]
Friday, 20 February 2004, 3:36 PM CET


Serious Linux security holes uncovered and patched
Several security vulnerabilities in the Linux kernel were uncovered on Wednesday by a Polish security group. [more]
Friday, 20 February 2004, 5:40 AM CET


Beta of MS Virtual Server 2004 includes improved security
Microsoft on Wednesday announced it has sent out to more than 15,000 testers the first beta of its Virtual Server 2004 , which features a number of new capabilities including improved security. [more]
Friday, 20 February 2004, 3:38 AM CET


Sort out your Wi-Fi policy or face the consequences
With Wi-Fi shaping up as the next must-have technology for business people out of the office, experts are warning that companies must get their wireless policies and security straight - or face the consequences. [more]
Friday, 20 February 2004, 2:40 AM CET


New tools help users manage security events
The torrent of data generated by the myriad security devices needed to protect enterprise networks is creating demand for security event management software capable of mining the data for meaningful information. [more]
Friday, 20 February 2004, 2:31 AM CET


Crypto chip choices confound PC makers
As PC makers gear up to build desktops with hardware security, they face tough choices about how to implement a small but significant cryptography chip crucial to their architecture. [more]
Friday, 20 February 2004, 2:30 AM CET


Why security's no longer IT's ugly stepsister
If you listen to the strategies of networking vendors like 3Com, Enterasys Networks, Extreme Networks or Nortel Networks, you can see the formation of a definite trend: Networking and security are moving closer together. [more]
Friday, 20 February 2004, 2:26 AM CET


Microsoft borrows from RIAA's playbook
Whatever the implications of the leaked code, Microsoft wants to stem the tide of downloaders. However, the company might be well-advised to tread cautiously. While sending letters to legitimate business users likely will keep them from using the source code, such an offensive could spur on many others. [more]
Friday, 20 February 2004, 2:23 AM CET


Bugwatch: the aftermath of Valentine's Day
Greg Olson, executive vice president of Sendmail, explains the challenges that come with handling Valentine's Day spam. [more]
Friday, 20 February 2004, 2:16 AM CET


Information security and negligence
This article defines at what point, risk management becomes negligence and provides a step by step process or "Blue print" for attorneys to attack a corporate enterprise via a negligence lawsuit, both criminal and/or civil. [more]
Thursday, 19 February 2004, 2:20 PM CET


While Microsoft weakness is patched, other worms turn
Security analysts say hackers are having a harder time than expected coming up with a workable exploit against the Microsoft ASN.1, giving administrators valuable time to patch their systems. [more]
Thursday, 19 February 2004, 12:59 PM CET


Analyzing malware
Malware is a set of instructions that run on your computer and make your system do something that an attacker wants it to do. [more]
Thursday, 19 February 2004, 12:53 PM CET


Cyber-age goodfellas
The government claims that a pair of wiseguys aligned with the late John Gotti's Gambino crime family, working with veteran advertising hucksters and sophisticated publishing executives, took in more than $400 million over a five-year period in the late 1990s in twin scams involving the Internet and telephone services. [more]
Thursday, 19 February 2004, 12:39 PM CET


Catching the computer virus
Businesses, like people, are developing an immunity to the viruses going around, says Simon Moores. [more]
Thursday, 19 February 2004, 12:32 PM CET


Communications processor is faster and more secure
The addition of an integrated hardware accelerated Internet protocol security engine to the RC32365 Interprise integrated communications processor results boosts its frequency performance by 20%. [more]
Thursday, 19 February 2004, 12:30 PM CET


Military automates security reviews of its Web sites
Ottawa-based Coast Software Inc. today announced that it has struck a deal with the Pentagon to provide the military with its Web Quality Central software to automatically scrub Defense Department Web sites for sensitive operational information and ensure adherence to privacy policies. [more]
Thursday, 19 February 2004, 12:24 AM CET


A quick look at the Win2k source
A quick, superficial look at the style and content of the leaked Windows 2000 source. [more]
Thursday, 19 February 2004, 12:21 AM CET


Microsoft's shared-source defeats Trustworthy Computing
Microsoft's security is in part a function of keeping its source code out of the wrong hands. [more]
Thursday, 19 February 2004, 12:14 AM CET


Second NetSky worm on the loose
The second version of a two-day-old virus, NetSky, has started spreading more successfully than its parent, antivirus researchers said on Wednesday. [more]
Thursday, 19 February 2004, 12:13 AM CET


Code leak flaw may exist, admits Microsoft
Vulnerability turns up in IE 5 - but patches only fix version 6. [more]
Thursday, 19 February 2004, 12:12 AM CET


Smart card designers need security tools
As new consumer appliances designed to access content or services emerge, and with them demand to incorporate more security functions, it's becoming crucial for chip designers to provide simulation tools to evaluate chips at the design level for possible leakage of confidential information, experts here said. [more]
Wednesday, 18 February 2004, 5:17 PM CET


New service promises no more web or IM viruses
An IT security company has launched in the UK, claiming that its outsourced security service can protect enterprises from the threat of web and IM-borne viruses. [more]
Wednesday, 18 February 2004, 4:53 PM CET


At the front in the virus wars
When a new piece of malicious code rears its ugly head, antivirus researchers spring into action. They've been a bit busy lately. [more]
Wednesday, 18 February 2004, 1:53 PM CET


lock_unlock - creating and removing a lock file
Michael Wang shows us how to correctly create and remove lock files using his lock_unlock function. [more]
Wednesday, 18 February 2004, 11:46 AM CET


Top 3 security problems remain despite increased spending
Companies turn to managed Service providers for help; desktops dominate security budgets as patches average $234 per machine. [more]
Wednesday, 18 February 2004, 11:44 AM CET


No coffee, but here's another Bagle
A variant of the mass-mailing Bagle virus started spreading Tuesday, as U.S. businesses returned from the long weekend. [more]
Wednesday, 18 February 2004, 11:43 AM CET


Video Interview with Andy Cole - Swivel Secure
In this video Andy Cole discusses the current state of information security in the world, the biggest security issues as well as the work of Swivel Secure. [more]
Wednesday, 18 February 2004, 10:51 AM CET


Review of Fedora Core 2 test 1
With Fedora Core 2, Red Hat catches up with Debian and Gentoo by shipping SELinux (Security-Enhanced Linux). [more]
Wednesday, 18 February 2004, 10:35 AM CET


Interview with Bruce Schneier
Bruce Schneier, who literally wrote the book on cryptography, talks with Senior Editor Scott Berinato about his holistic view of security, both physical and technical. [more]
Wednesday, 18 February 2004, 10:26 AM CET


Cisco unveils PoE product line
"PoE is an important standard that will open up the market for network-attached devices," says Cisco's Steven Shalita. One of the important applications for PoE is that it allows an enterprise to hook up wireless and IP telephony gear more easily and cost-effectively. [more]
Wednesday, 18 February 2004, 10:23 AM CET


Spam keeps cookin' despite new laws
A U.S. Justice Department prosecutor warned Tuesday that a new spam law's criminal sanctions likely will not stem the flow of bulk solicitations that are flooding into e-mail in-boxes. [more]
Wednesday, 18 February 2004, 10:21 AM CET


Firm hunts for Nimda-like worms in Web traffic
London-based security outfit ScanSafe today launched a Net-based filtering service designed to counter Web-borne viruses and malicious code. [more]
Tuesday, 17 February 2004, 2:13 PM CET


3Com unveils pervasive network security strategy
In a move designed to enhance network security for its small, medium and large enterprise customers, 3Com Corporation will begin overlaying key security technologies into the hardware, software and operational components that define the network. [more]
Tuesday, 17 February 2004, 2:03 PM CET


Q&A with homeland security's Amit Yoran
A public-private partnership is crucial to improving IT security, says Amit Yoran, head of Homeland Security's National Cyber Security Division. [more]
Tuesday, 17 February 2004, 2:01 PM CET


Exploit based on leaked Windows code released
A vulnerability in Internet Explorer 5 is the first to surface from last week's source code spill. [more]
Tuesday, 17 February 2004, 1:51 PM CET


Sun gives glimpse of revised Solaris TCP/IP stack
Sun Microsystems' new Software Express program is alive and kicking with the company delivering a rewritten TCP/IP stack for Solaris that is meant to prepare customers for faster networking technology. [more]
Tuesday, 17 February 2004, 1:50 PM CET


Using GnuPG
Learn how to work with GnuPG by reading this article by Sandro Mangovski in the Linux Gazette. [more]
Tuesday, 17 February 2004, 1:47 PM CET


Tripwire on your Fedora box
Tripwire is an Intrusion Detection System. This can be used to alert users whenever their system is compromised. Tripwire detects and reports changes in system files. [more]
Tuesday, 17 February 2004, 1:12 PM CET


Cisco develops WLAN security protocol
Cisco Systems Inc. has developed a new wireless LAN security protocol designed to defeat brute force dictionary attacks that capture a user's passwords. [more]
Tuesday, 17 February 2004, 1:11 PM CET


Bluetooth phone hacking tools 'spreading quickly'
MP calls for manufacturers to fix the problem. [more]
Tuesday, 17 February 2004, 1:09 PM CET


Are your enterprise business applications secure?
When technology vendors talk about security, you are most likely to be in a discussion about protecting investments in technology systems - preventing unauthorised access through attacks or locking down systems to prevent employees tampering with business information systems. [more]
Tuesday, 17 February 2004, 1:02 PM CET


The anti-virus industry scam
One has to wonder how the anti-virus industry sleeps well at night. On one hand, it purports to serve the world by defending our computers and networks from any number of electronic critters and malicious code. On the other hand, sometimes its "cure" is worse than the problem its companies and products allegedly treat. [more]
Monday, 16 February 2004, 5:59 PM CET


Open source is fertile ground for foul play
The nature of open source makes security problems an inevitable concern. There are a handful of ways that malicious code can make its way into open source and avoid detection during security testing, making government adoption of open source particularly worrisome. [more]
Monday, 16 February 2004, 5:24 PM CET


Red Hat unveils Linux security upgrades
Vendor's enterprise OS to support Security-Enhanced Linux. [more]
Monday, 16 February 2004, 5:21 PM CET


Warning of gestating worm
A new mass-mailing worm is preparing to spread, according to monitoring firm MessageLabs. [more]
Monday, 16 February 2004, 5:20 PM CET


Wireless honeypot trickery
This paper will introduce honeypots as a countermeasure for attacks on wireless environments using WiFi-related technologies. They can be used to identify and defeat unsuspecting blackhat attackers. [more]
Monday, 16 February 2004, 5:16 PM CET


Use mod_ssl to configure Apache keys and certificates
If you've got an Apache server running and you're going to deploy Web applications that require high-level security such as financial transactions or private messaging, you will want to encrypt most of the traffic and establish key-driven authentication in both directions. [more]
Monday, 16 February 2004, 5:12 PM CET


Critics punch at touch-screen voting security
Cathy Cox looks at a Diebold AccuVote TS machine and sees the future of voting. [more]
Monday, 16 February 2004, 4:58 PM CET


Dan Geer: global software security at risk
Dan Geer lost his job but gained his audience. The very idea that got the computer-security expert fired has sparked serious debate in information technology. [more]
Monday, 16 February 2004, 4:52 PM CET


Hackers break in to state computer server
Hackers broke into a state agency's server containing the sensitive personal information of people who work as nannies, butlers, and gardeners, and those who employ them. [more]
Monday, 16 February 2004, 4:51 PM CET


Hackers targeted ahead of Athens Olympics
Olympic security experts are working on ways to prevent computer hackers from infiltrating or attacking electronic equipment that will be used during the Aug. 13-29 games, it was reported Tuesday. [more]
Monday, 16 February 2004, 4:49 PM CET


PC security kit achieves certification
PointSec for PC meets Common Criteria guidelines for government use. [more]
Monday, 16 February 2004, 4:44 PM CET


Shielding enterprises from internet-based security threats
GRIC Communications has introduced “Total Security Protection”, reportedly the industry’s most comprehensive and integrated policy-based security system for remote access. [more]
Monday, 16 February 2004, 4:44 PM CET


Cliff Stanford charged with hacking Redbus
Redbus Interhouse founder Cliff Stanford was today charged with conspiracy to blackmail and computer crime offences by officers of the UK's National Hi-Tech Crime Unit. [more]
Friday, 13 February 2004, 7:35 PM CET


Windows code leak 'not a security threat'
Security experts say Microsoft's embarrassing Windows 2000 source code leak is unlikely to have given hackers more ammunition. [more]
Friday, 13 February 2004, 7:27 PM CET


IBM centralizes security for the zSeries mainframe
Continuing its broad strategy of infrastructure simplification, IBM Thursday introduced new security features for its latest mainframe operating system software to help centralize control of an environment that requires several tiers of security. [more]
Friday, 13 February 2004, 7:26 PM CET


Security-enhanced Linux provides a locked down OS
Don't be naive enough to think that because you run Linux you won't be a target for hackers. If you rely on Linux for hosting or transmitting sensitive data, you should check out Security-Enhanced Linux, created by the U.S. NSA and available for free. [more]
Friday, 13 February 2004, 7:25 PM CET


IBM, Cisco partner on security technology
Computer maker IBM and Cisco Systems said Friday that they would tailor their security technology for computers and communications networks to work better together. [more]
Friday, 13 February 2004, 7:22 PM CET


DDoS attacks go through the roof
The growing prevalence of criminally motivated DDoS attacks calls for a fundamental rethink in how enterprises approach security. [more]
Thursday, 12 February 2004, 6:10 PM CET


Spam and viruses - the emergence of convergence
The line between spammers and virus writers is becoming increasingly blurred. [more]
Thursday, 12 February 2004, 6:10 PM CET


MyDoom author may be covering tracks
A worm that started spreading on Sunday places the source code for the original MyDoom virus on victims' hard drives, an action equivalent to planting evidence, antivirus experts said Tuesday. [more]
Thursday, 12 February 2004, 10:54 AM CET


Wireless security video feature
In this video Johan Custers, Director of European Operations at Funk Software, discusses the biggest security issues affecting wireless networks today, various methods for securing public wireless networks, he offers tips for home users that want to achieve a satisfactory level of security for their private wireless networks, etc. [more]
Thursday, 12 February 2004, 10:48 AM CET


The past is present in the present password
The cardinal rule of password creation is skirting the obvious: No names of children or pets, no street addresses or car names. The ideal password is a random combination of letters and numbers, unfathomable to a potential intruder. [more]
Thursday, 12 February 2004, 10:42 AM CET


Privacy is in the House
The House is considering a bill that would require government agencies to explain how citizens' privacy might be affected by new regulations. After years of erosion, privacy may again be in fashion in D.C. [more]
Thursday, 12 February 2004, 10:40 AM CET


Microsoft lauds IE as 'the most secure browser'
Internet Explorer is now just about the most secure browser available, says Microsoft - because so many security holes have been filled. [more]
Thursday, 12 February 2004, 10:37 AM CET


UK.gov announces hi-tech elite police squad
The Home Office has announced a new team of specialist investigators that will take on the challenge of dealing with organised crime in a digital world. [more]
Wednesday, 11 February 2004, 11:07 AM CET


Sun secures Solaris with kernel rewrite
In an effort to batten down its operating system, Sun Microsystems Inc. this week will unveil a sweeping set of security enhancements to Solaris, as well as new managed security services. [more]
Wednesday, 11 February 2004, 11:05 AM CET


Securing Intranets with IPCop
IPCop is an ideal, low-budget solution for intranets that require comprehensive network security. [more]
Wednesday, 11 February 2004, 11:02 AM CET


Firewalling HTTP traffic using reverse Squid proxy
This article describes the case in which the Web server is on the local network and the client is connecting from the Internet. In other words, Squid is acting as a reverse proxy. [more]
Wednesday, 11 February 2004, 10:37 AM CET


Safely creating temporary files in shell scripts
This paper discusses how a programmer can write shell scripts that securely create temporary files in world/group writable directories. [more]
Wednesday, 11 February 2004, 10:26 AM CET


VeriSign works to ID kid surfers
VeriSign plans to unveil on Wednesday a digital identity program for school-age children, which it says will bolster online safety for the growing number of young Web surfers. [more]
Wednesday, 11 February 2004, 10:02 AM CET


Programmer creates mask for file-sharers
Wyatt Wasicek was so outraged by the recording industry's legal assault on users of free music-downloading sites that he decided to ride to the rescue. He created a program called AnonX that masks the Internet address of people who use file-sharing programs such as Kazaa. [more]
Wednesday, 11 February 2004, 9:59 AM CET


Microsoft uncovers critical Windows security hole
Microsoft on Tuesday warned of a serious security vulnerability in all of the current versions of Windows that not only allows an attacker to run code on vulnerable machines, but also enables him to install software and change and delete data. [more]
Wednesday, 11 February 2004, 9:54 AM CET


Review - Securing Wireless LANs
In "Securing Wireless LANs", the author brings a number of especially technical themes and transforms them into an easily readable material for all types of readers. [more]
Tuesday, 10 February 2004, 1:10 PM CET


Online search engines lift cover of privacy
Sitting at his laptop, Chris O'Ferrell types a few words into the Google search engine and up pops a link to what appears to be a military document listing suspected Taliban and al Qaeda members, date of birth, place of birth, passport numbers and national identification numbers. [more]
Tuesday, 10 February 2004, 12:47 PM CET


Review: Fortigate enterprise security appliance
The rack-mountable FortiGate-3600 does a good job providing enterprises with the six elements most vital for network security: firewall, anti-virus, VPN, intrusion detection, content filtering and traffic management. [more]
Tuesday, 10 February 2004, 12:42 PM CET


The first fallout from Cybergate
Did Republican staffers commit a crime by clicking on the "My Network Places" icon to access Democratic memos? [more]
Tuesday, 10 February 2004, 12:37 PM CET


Con artists go 'phishing' for personal information
Last month, thousands of Internet users got an urgent message: Update your bank account information now or your federal deposit insurance may lapse. [more]
Tuesday, 10 February 2004, 11:34 AM CET


Network security specialists seek seamless defense
Day and night, the war of attrition rages in the beleaguered world of network security. Defenders throw up firewalls, download patches, and scramble to fend off the hundreds of thousands of attempted intrusions into worldwide enterprise data. [more]
Tuesday, 10 February 2004, 11:29 AM CET


Viruses target MyDoom infections
Two worms are attacking PCs already infected with the MyDoom virus. [more]
Tuesday, 10 February 2004, 11:26 AM CET


Securing a wireless network
Make sure contracts with Wi-Fi suppliers and users limit your liability. [more]
Tuesday, 10 February 2004, 4:48 AM CET


Linux security on the ropes
Veteran programmers have brought lifetimes of experience to Linux's development, including an awareness of the "gotchas" of OS security, says Paula Hunter, OSDL business-development director. "There are people who are working on [Linux] projects that probably have children that work at Microsoft." [more]
Tuesday, 10 February 2004, 4:46 AM CET


How Microsoft botched another security patch
Will Microsoft ever learn? Just last week it quietly released another Internet Explorer fix--and caused headaches for both developers and end users. [more]
Tuesday, 10 February 2004, 4:45 AM CET


VeriSign says online fraud growing fast
A report released Monday by VeriSign, the company that maintains the Internet's .com and .net domain registry, indicates that attempted site hacks, online fraud and identity theft are growing rapidly, as e-commerce proliferates. [more]
Tuesday, 10 February 2004, 4:43 AM CET


SSL VPNs - you can't afford to ignore them
In this opinion piece, Calum Macleod explains what the manager should look for when deciding whether he/she should choose an SSL VPN over an IPsec VPN. [more]
Tuesday, 10 February 2004, 1:42 AM CET


Juniper's $4B buy signals security push
In a blockbuster telecom equipment deal underlining the growing importance of network security, Juniper Networks will buy NetScreen Technologies for $4 billion in stock. [more]
Monday, 9 February 2004, 8:53 PM CET


The virus underground
NYT has profiled several young computer virus writers around the world. A young Austrian wrote a Batch Trojan Generator which has simple options for constructing your next virus: fomat drive C? Overwrite every file? [more]
Monday, 9 February 2004, 8:51 PM CET


E-voting systems face security questions
A number of recent studies have raised questions about the security and reliability of electronic-voting machines that a growing number of cities, counties, and states are deploying. [more]
Monday, 9 February 2004, 8:48 PM CET


Internet Industry Association funds anti-virus website
Australia's ISPs have called on local internet users to better protect themselves from viruses and worms, setting up a website that lets users download trial versions of anti-virus software. [more]
Monday, 9 February 2004, 8:47 PM CET


Nokia admits multiple Bluetooth security holes
Nokia has admitted that a number of its Bluetooth handsets are vulnerable to bluesnarfing - in which data can be stolen from a phone without the owner's knowledge. [more]
Monday, 9 February 2004, 8:46 PM CET


South Korean companies fined $55,000 for sending spam
The South Korean Fair Trade Commission has fined 25 companies for sending unsolicited commercial messages via email and mobile phones. [more]
Monday, 9 February 2004, 8:45 PM CET


FBI asks computer shops to help fight cybercrime
Agents with the Federal Bureau of Investigation's Cyber Crime Squad have been approaching O'ahu computer-repair specialists, network consultants and software developers and asking them to report any overtly criminal activity they find in customers' computers. [more]
Friday, 6 February 2004, 12:06 PM CET


ASP authentication using XOR encryption
This article explains how to control application access by validating the user's login and password against a SQL 2000 database. [more]
Friday, 6 February 2004, 12:05 PM CET


Protecting home computers - a site with bite
Although many are quick to accuse Microsoft of being at the heart of the computer security problem, the company has provided a decent solution for nontechnical users who want to secure their PCs. [more]
Friday, 6 February 2004, 11:19 AM CET


Cable modem hackers conquer the co-ax
A cunning international group of renegade coders raise cable modem hacking to a whole new level by tinkering with firmware. But all members really want is a steady job. [more]
Friday, 6 February 2004, 11:15 AM CET


EU acts to improve protection of citizens with security research
The European Commission has presented the key elements for a test phase or "Preparatory Action" on security research. [more]
Friday, 6 February 2004, 10:05 AM CET


Pentagon scraps Net voting plan
The U.S. Department of Defense on Thursday backed off plans for a large-scale test of a voting system designed to let Americans who are overseas cast ballots in the coming election over the Internet. [more]
Friday, 6 February 2004, 8:17 AM CET


OMB: cybersecurity first
With a push for agencies to secure existing systems before investing more dollars, the administration has outlined the information technology money available for security for 18 agencies. [more]
Friday, 6 February 2004, 8:14 AM CET


Using a layered security approach to achieve network integrity
It's becoming increasingly clear that the current model for network security -- defend the perimeter and patch, patch, patch -- has some serious shortcomings. [more]
Friday, 6 February 2004, 8:12 AM CET


Windows XP's big security fix
Our test drive suggests that Service Pack 2 is a keeper--assuming no incompatibilities. [more]
Friday, 6 February 2004, 8:08 AM CET


Linux group releases enterprise guidelines
Open Source Development Labs, one of the main groups promoting the business use of open-source software, released its standards for using Linux in enterprise applications. [more]
Friday, 6 February 2004, 8:05 AM CET


Wi-Fi Alliance announces WPA certified products
After almost a year of testing, Wi-Fi Alliance announced a list of 175 wireless products, that received the long awaited Wi-Fi Protected Access (WPA) certification. [more]
Thursday, 5 February 2004, 3:15 PM CET


Automating security with GNU cfengine
A sysadmin tool for automating changes across many machines, recording update information and making them all safer. [more]
Thursday, 5 February 2004, 1:46 PM CET


Good spam: bad spam
The world+dog is ganging up against spam with the US and UK governments and the European Commission this week all urging multinational co-operation and action in the fight against spam. [more]
Thursday, 5 February 2004, 1:28 PM CET


FinCEN name used in scam
In recent weeks, electronic con artists representing themselves as federal officials have used public concern about terrorism to mislead naive e-mail users into divulging personal banking information online. [more]
Thursday, 5 February 2004, 12:24 PM CET


Why Sardonix failed
The DARPA-funded security auditing project was done in by its own obscurity, and some misconceptions about what security researchers really want. [more]
Thursday, 5 February 2004, 12:06 PM CET


Spyware cures may cause more harm than good
Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. [more]
Thursday, 5 February 2004, 12:04 PM CET


How to make spam unstoppable
Good news for spammers, the smart filtering software used to catch spam can be beaten. [more]
Thursday, 5 February 2004, 12:03 PM CET


Check Point warns of firewall flaws
Two flaws in Check Point Software's flagship firewall software could allow an attacker to crash or compromise its firewall products, the company said Wednesday. [more]
Thursday, 5 February 2004, 10:36 AM CET


Countering buffer overflows
This article discusses the top vulnerability in Linux/UNIX systems: buffer overflows. [more]
Thursday, 5 February 2004, 10:34 AM CET


IE security patch nixes some apps
Some Web developers are complaining that an Internet Explorer patch that's meant to foil Net scams is disabling some applications that didn't put a premium on security. [more]
Thursday, 5 February 2004, 10:32 AM CET


Web applications wide open to hackers
Over 90 per cent of online apps not secured against common cracking techniques. [more]
Thursday, 5 February 2004, 10:31 AM CET


EC draws line in spam sand
The EC is calling for greater international co-operation in combating spam. [more]
Wednesday, 4 February 2004, 4:07 PM CET


Tackling the secure web mail challenge
There is a trend in the secure Web mail technology sector toward use of appliances that not only provide Web mail protection, but also serve other e-mail infrastructure security objectives. This approach simplifies management but requires internal knowledge of how to handle Web mail security. [more]
Wednesday, 4 February 2004, 4:04 PM CET


New security features for Windows
Improved Service Packs for Server 2003 and XP to be released this year. [more]
Wednesday, 4 February 2004, 1:35 PM CET


Interview with Douglas Dormer - Black Dragon Software
In this video interview, the President of Black Dragon Software discusses his company, enterprise risk management and more. Watch it in Windows Media or Real Media. [more]
Wednesday, 4 February 2004, 1:30 PM CET


IT regulations may weaken security
New rules may force companies to adapt networks to comply with legislation. [more]
Wednesday, 4 February 2004, 1:06 PM CET


Payback time for spammers
The notion of eliminating spam by charging people to send you email is often scoffed at but, as the spam deluge worsens, the idea continues to resurface. [more]
Wednesday, 4 February 2004, 12:19 PM CET


Heckenkamp pleads guilty
Accused eBay, Qualcomm hacker wasn't framed after all. [more]
Wednesday, 4 February 2004, 12:15 PM CET


Review: Red Hat Enterprise Linux 3
According to Joe, you will find the same old Linux inside, but this latest offering from Red Hat reflects a new approach to the market and a steady commitment to strategic engineering improvements. [more]
Wednesday, 4 February 2004, 12:13 PM CET


Nessus, part 3: analysing reports
This article will endeavor to explain a Nessus report and how to analyze it. [more]
Wednesday, 4 February 2004, 12:06 PM CET


Review: Smoothwall Express 2.0 Final
Smoothwall is a very slick and easy way to setup a firewall/nat/dhcp server (and more) at home or in a small office very quickly even on old computer equipment. [more]
Wednesday, 4 February 2004, 12:02 PM CET


Microsoft site appears to weather worm attack
Microsoft Corp. appeared to have survived the worst the MyDoom worm could throw at it Tuesday. [more]
Wednesday, 4 February 2004, 11:59 AM CET


Mydoom.A: timeline of an epidemic
Mydoom.A is the fastest spreading malicious code in history, causing the greatest epidemic ever seen. In fact, 1 in 4 e-mails in circulation -a total of more than 8 million- have been infected by this worm. To help users better understand the situation, Panda Software has published a timeline of the Mydoom.A epidemic since it first appeared. [more]
Tuesday, 3 February 2004, 11:04 AM CET


Microsoft - faith no more
Microsoft can end the scourge of e-mail viruses by ending its support for old software, and the clueless users who refuse to upgrade. [more]
Tuesday, 3 February 2004, 10:58 AM CET


Organizing for security in an outsourced environment
As organizations continue to look toward outsourcing IT functions, the implications on the information security organization must be managed effectively. [more]
Tuesday, 3 February 2004, 10:55 AM CET


Microsoft should weather zombie PC attack
The computer virus MyDoom.B is programmed to launch an attack against Microsoft's website, www.microsoft.com, on Tuesday, but anti-virus experts believe it has infected too few computers to cause any major disruption. [more]
Tuesday, 3 February 2004, 10:52 AM CET


Bush budget sweeps in tech, cybercrime
President George W. Bush on Monday proposed a $2.4 trillion federal budget that boosts spending on information technology and on computer crime investigation. [more]
Tuesday, 3 February 2004, 10:46 AM CET


Weapons lab hacker escapes jail
A British schoolboy hacker has narrowly escaped jail after sparking a nuclear panic by keying into a top secret American weapons laboratory. [more]
Tuesday, 3 February 2004, 10:45 AM CET


Review - Introduction to UNIX and Linux
In this book John Muster will teach you how to use UNIX and Linux through clear presentation of the concepts. The subjects covered in each chapter are organized in a way the reader can quickly find learning objectives, skills-check sections, hands-on tutorial, fundamental skill-building exercises, illustrations and figures, chapter self-tests, end-of-chapter summaries, quizzes, and projects. [more]
Monday, 2 February 2004, 1:08 PM CET


11 elements of a successful managed security partnership
Selecting a Managed Security Service Provider is one of the most important decisions a security team will make. Choosing the right partner will often determine the success or failure of the initiative. The following information highlights the most important factors to look for when evaluating a MSSP. [more]
Monday, 2 February 2004, 1:08 PM CET


HNS Newsletter issue 198 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 2 February 2004, 11:04 AM CET


MS drop authentication technique to foil phishing
Microsoft has outlined plans to make phishing attacks more difficult by dropping support for a common Web authentication method. [more]
Monday, 2 February 2004, 10:34 AM CET


Tracking down a worm's source
The MyDoom worm has had me in a defensive crouch all week long. I'm concerned about is whether my private, home address will get "outed" by MyDoom as it was by SoBig. [more]
Monday, 2 February 2004, 10:30 AM CET


Why Bill Gates' antispam plan won't work
Microsoft's chairman has an idea for stopping spam: Make commercial e-mailers pay us to accept their messages. I think his scheme is foredoomed to failure--and I have a better idea. [more]
Monday, 2 February 2004, 10:26 AM CET


MyDoom: How it became the fastest worm ever
MyDoom spread more quickly than any virus or worm in history. But, says Robert, it did so by employing years-old techniques--which means we have only each other to blame for the outbreak. [more]
Monday, 2 February 2004, 10:24 AM CET


Tech job outlook: sizing up security
Are enterprise-security jobs the safe haven that I.T. professionals are seeking? Not necessarily. The current I.T. job market is about as safe as the corporate network -- it needs constant attention and monitoring, and even then it may not be out of harm's way. [more]
Monday, 2 February 2004, 10:22 AM CET


DARPA-funded Linux security hub withers
Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. [more]
Monday, 2 February 2004, 10:19 AM CET


New DHS cyber alert system under fire
Critics cite a lack of coordination between the agency and the private sector. [more]
Monday, 2 February 2004, 10:16 AM CET


SCO removes entry for its site from DNS
The systems administrator at The SCO Group has apparently done the public spirited thing by taking the entry for www.sco.com out of the public DNS in order to keep the denial of service traffic off the net, the security and web services company Netcraft says. [more]
Monday, 2 February 2004, 10:15 AM CET


IT losing ground in virus battle
After years of success deploying more effective and smarter defenses, anti-virus researchers contacted last week in the wake of the MyDoom outbreak acknowledged for one of the first times that the battle may be getting away from them. [more]
Monday, 2 February 2004, 10:09 AM CET


Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //