Off the Wire

Off The Wire Archive

News items for February 2006

Identity theft demystified
Like so many things in today's complex world, taking a broad-brush approach to a difficult topic does a disservice to anyone who needs to know more. In the case of identity theft, that includes just about all of us. One of the primary goals of the ID Theft Prevention Special Interest Group is to provide a forum for frank and open discussion of the topic. [more]
Tuesday, 28 February 2006, 4:33 PM CET

Apache .htaccess tweaking tutorial
In this tutorial we are going to improve our website by tweaking out the .htaccess file. [more]
Tuesday, 28 February 2006, 4:05 PM CET

New virus can pass from PCs to mobile devices
Security group says virus not threatening users yet. [more]
Tuesday, 28 February 2006, 3:32 PM CET

Microsoft Anti-Cross Site Scripting Library 1.0
This page contains the redistributable files for the Microsoft Application Security Anti-Cross Site Scripting Library. [more]
Tuesday, 28 February 2006, 3:31 PM CET

Password-stealing Trojan mass mailed
The worm targets PayPal users, and anyone who opens it risks having their PC kidnapped. [more]
Tuesday, 28 February 2006, 3:22 PM CET

Adware firm 180Solutions admits error
180solutions, the controversial adware marketer admitted last week that it was initially unable to identify the rogue affiliate that was installing its Zango software illegally, and in fact found a pair of sites adding Zango to PCs without users' consent. [more]
Tuesday, 28 February 2006, 3:21 PM CET

eBay disputes report of rampant fraud
If users were being exposed to fraud an undue amount, it would create a drag on eBay's growth and create opportunities for more secure trading platforms to gain a foothold, said Forrester Research Vice President and analyst Carrie Johnson. [more]
Tuesday, 28 February 2006, 3:19 PM CET

New threats outflank IT defenses
Thomas Noonan is president and CEO of Internet Security Systems. In an interview with Computerworld at RSA Conference 2006 here this month, Noonan spoke about what he described as the "continuously" changing security threats faced by corporate users. [more]
Tuesday, 28 February 2006, 3:18 PM CET

Spreading security awareness for OS X
Robert Lemos interviews Kevin Finisterre, founder of security startup Digital Munition, who created the three recent versions of the InqTana worm to raise awareness of security in Apple's OS X. Finisterre discusses his reasons for creating the worms, the problems with Mac OS X security, and why he does not fear prosecution. [more]
Tuesday, 28 February 2006, 3:13 PM CET

Oracle publishes out-of-cycle security fix
A critical security patch to the company's E-Business Suite software has been issued. [more]
Tuesday, 28 February 2006, 3:08 PM CET

Security issues delayed Sun Grid rollout
'Our servers are considered munitions by the federal government,' says Sun's president. [more]
Tuesday, 28 February 2006, 11:38 AM CET

IRS needs to tighten security settings: TIGTA
The IRS has not consistently maintained the security settings it established and deployed under a common operating environment. [more]
Tuesday, 28 February 2006, 11:36 AM CET

Users: PLM apps lack security
The spread of product life-cycle management applications may be slowed by manufacturers' need to safeguard crucial intellectual property. [more]
Tuesday, 28 February 2006, 11:35 AM CET

Viruses plague British businesses
Computer viruses are the single biggest cause of security problems for UK businesses, a survey by the Department of Trade and Industry shows. [more]
Tuesday, 28 February 2006, 11:34 AM CET

Compliance with the payment card industry data security standard
Explains the purpose of the PCI-Data Security Standard, how to define the 12 major requirements of the standard, and how Symantec solutions can help demonstrate compliance with these requirements to satisfy an audit. [more]
Tuesday, 28 February 2006, 11:32 AM CET

Help sought to break final Enigma codes
Scientists are appealing for help to break the last three coded World War Two messages sent by the Germans using the Enigma code. [more]
Monday, 27 February 2006, 7:13 PM CET

Cyberthieves silently copy your passwords as you type
Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information. [more]
Monday, 27 February 2006, 7:12 PM CET

Improved desktop security in 5 steps
Many organizations have the best of intentions when it comes to defending the desktop, however the majority of production hosts still fall short. [more]
Monday, 27 February 2006, 6:03 PM CET

IBM targets the enemies within
Security application knows if users have been good or bad. [more]
Monday, 27 February 2006, 5:27 PM CET

Manage your own identity online
Computer users' identity information is managed online today by several different data collection agencies. But imagine the freedom people would feel changing their address with one keystroke? [more]
Monday, 27 February 2006, 5:15 PM CET

Common insecurity
What do people who renew their driver's licenses, buy hard liquor or donate to a home for elderly and disabled veterans have in common? In New Hampshire, people who did any of those things within the past six months may have had their credit card numbers stolen because of computer security issues. [more]
Monday, 27 February 2006, 5:14 PM CET

FTC settles with CardSystems over data breach
Forced to tighten security measures and undergo audit. [more]
Monday, 27 February 2006, 5:12 PM CET

Hotbar bows to low risk adware label
Symantec secures right to detect and remove adware application. [more]
Monday, 27 February 2006, 5:10 PM CET

Politically motivated attacks soar in 2005
Web server attacks and website defacements rose 16 per cent last year, according to an independent report. Zone-h, the Estonian security firm best known for its defacement archive, recorded 495,000 web attacks globally in 2004, up from 393,000 in 2003. [more]
Monday, 27 February 2006, 5:07 PM CET

Hackers eyeing internet telephony
Messaging security company MessageLabs's Asia-Pacific vice-president James Scollay says the likelihood of increased threats against VoIP networks means MessageLabs will introduce services for net phone management and security later this year or early next year. [more]
Monday, 27 February 2006, 5:07 PM CET

Better fingerprint biometrics?
University of Buffalo researchers say they have put their fingers on a way to improve security of wireless handheld devices and Web sites. [more]
Monday, 27 February 2006, 9:46 AM CET

Running Apache2 with PHP5 and PHP4 at the same time
This tutorial shows how to install and configure Apache2 with PHP5 and PHP4 enabled at the same time.
Monday, 27 February 2006, 9:46 AM CET

Ernst & Young loses four more laptops
Ernst and Young appears set on establishing a laptop loss record in February. The accounting giant has lost four more systems, according to a report in the Miami Herald. [more]
Monday, 27 February 2006, 12:33 AM CET

How secure is open source?
Do open source systems provide a better way of preventing bugs, or are their developers just cultural elitists? [more]
Monday, 27 February 2006, 12:19 AM CET

Security wars: Novell SELinux killer rattles Red Hat
Novell has released the source code for its recently acquired open-source Linux security application, AppArmor, and has also set up a project site in hopes of attracting outside developers to further refine the program. [more]
Monday, 27 February 2006, 12:09 AM CET

Six rules for encrypting your enterprise data
Regulatory compliance requirements for protecting sensitive data have led many companies to consider encryption. This document provides six fundamental rules that should be considered prior to data encryption deployment. [more]
Monday, 27 February 2006, 12:01 AM CET

An introduction to code access security
The .NET deployment model is based on clients pulling the latest version of an app from a Web server. While this eliminates a lot of headaches, how is a client to know the code is secure? Keith Brown explains. [more]
Friday, 24 February 2006, 11:44 PM CET

McAfee - security giant's data lost
McAfee, the Santa Clara security software company, has lost the personal information of thousands of its employees due to a lapse by an external auditor. [more]
Friday, 24 February 2006, 7:03 PM CET

Researchers use fingerprints to secure networks
Research determines how big a fingerprint image needs to be to replace a six-letter password. [more]
Friday, 24 February 2006, 6:54 PM CET

Interviewing hackers
Many articles address the question of how to interview people when trying to fill a technical post. Perhaps the most important part of such an interview is the technical assessment. Here's a technique that we believe can improve the accuracy of technical assessment. [more]
Friday, 24 February 2006, 6:35 PM CET

DIY hardware keylogger
The article presents the prototype version of the KeeLogger with full documentation, electrical schematics, and program. [more]
Friday, 24 February 2006, 6:24 PM CET

Rootkit pharming
Haxdoor is one of the most advanced rootkit malware out there. [more]
Friday, 24 February 2006, 6:23 PM CET

Internet Explorer 7 adds new security
First publicly available beta also includes tabbed browsing and other features. [more]
Friday, 24 February 2006, 3:16 PM CET

It’s time to hone your hacking skills, legally
We are all hackers now. At least, we can be. Americans have built our lives on a foundation of silicon and software, with computers in millions of homes and digital music players in millions of shirt pockets. They’re our gadgets. Why shouldn’t we hack them? [more]
Friday, 24 February 2006, 1:59 PM CET

Disaster recovery: what if?
No organization that depends on technology and stored data can afford to be without a disaster-recovery strategy. We tell you how to get an initiative off the ground -- before it all goes up in smoke. [more]
Friday, 24 February 2006, 1:58 PM CET

Adware firm blasts critics as "irresponsible"
The sniping between a controversial adware company and a prominent anti-spyware researcher continued Thursday as 180solutions defended its practices and called critic Ben Edelman "irresponsible." [more]
Friday, 24 February 2006, 1:55 PM CET

Piracy 'in almost every street'
Someone in almost every street in every town is illegally copying music and film, industry investigators claim. [more]
Friday, 24 February 2006, 1:54 PM CET

IT exec sentenced to eight years for data theft
Case involved the theft of a billion records from Acxiom. [more]
Friday, 24 February 2006, 1:53 PM CET

Huge anti-piracy push by the MPAA
The MPAA (Motion Picture Association of America) is steamrolling across the great indexing plains. [more]
Friday, 24 February 2006, 1:52 PM CET

Anti-piracy watermarking coming soon to digital cinema
Access Integrated Technologies Inc. (AccessIT) intends to roll out a digital cinema anti-piracy initiative focused on forensic watermarking technology, and detection and recovery services by April. [more]
Friday, 24 February 2006, 1:50 PM CET

Secure XML messaging with JMS
Enhance your enterprise applications by integrating these technologies. [more]
Friday, 24 February 2006, 1:47 PM CET

Time to get educated about Microsoft's InfoCard initiative
Why your end-users will want you to know about InfoCard technology. [more]
Friday, 24 February 2006, 1:46 PM CET

Debate rages over port security technology
As President Bush confronts congressional leaders this week over the operation of U.S. port terminals by a Middle Eastern company, industry leaders are also asking if the deal puts port security technology at risk. [more]
Friday, 24 February 2006, 1:39 PM CET

IT security still under funded
February 23, 2006: Mid-size firms lead the way in protecting their IT assets from assault. [more]
Friday, 24 February 2006, 1:38 PM CET

OS X security flaws: much ado about nothing?
Media, security vendors overhype the recent spate of Apple security vulnerabilities. [more]
Friday, 24 February 2006, 1:36 PM CET

Mac attack a load of crap
All the Mac viruses and security holes in the news are overblown. They're news only because of their novelty, not the threat they pose. [more]
Thursday, 23 February 2006, 9:01 AM CET

Unauthorized matching of public and private email addresses
Imagine how you'd feel if you signed up for a contest with your throwaway address, and suddenly started getting messages from the contest holder at your private address. [more]
Thursday, 23 February 2006, 8:57 AM CET

Search industry focuses on ferreting out click graud
"From an industry perspective, I think we're in a really high growth market and in a market like that you're always going to find folks who are trying to game the system," LookSmart CEO David Hills said. [more]
Thursday, 23 February 2006, 8:55 AM CET

China's MII readies new regulations to fight spam
Public can also file junk-e-mail complaints at Web site. [more]
Thursday, 23 February 2006, 8:54 AM CET

Backup or be damned
When you go home tonight, are you sure that all of your business’ data is safely backed up? [more]
Thursday, 23 February 2006, 8:49 AM CET

Privacy group: U.S. laws needed to rein in surveillance
Laws do not adequately deal with technologies that give government access to digital records, CDT says. [more]
Thursday, 23 February 2006, 8:47 AM CET

Zombie PCs growing quickly online
Indictments and court cases in the US have once again thrown the spotlight on so-called zombie computers or bots. [more]
Thursday, 23 February 2006, 8:46 AM CET

Security a balancing act for Microsoft
Microsoft's move into security software isn't limited to consumer PCs. [more]
Thursday, 23 February 2006, 8:41 AM CET

Spammers change distribution tactics
Criminals using new ways to avoid detection, warn experts. [more]
Thursday, 23 February 2006, 8:40 AM CET

Three out of four say business security has improved
Nearly 30% of IT security pros say they have little or no confidence that their companies detected all data security beaches last year, according to a new survey. [more]
Thursday, 23 February 2006, 8:39 AM CET

Security leaders give IT a C+ grade
It's not good enough, however. [more]
Thursday, 23 February 2006, 8:38 AM CET

Police nabs Nigerian scammers
The heir of president Mobutu gets some time to contemplate his next move. [more]
Thursday, 23 February 2006, 8:36 AM CET

Study shows how photonic decoys can foil hackers
A University of Toronto professor and researcher has demonstrated for the first time a new technique for safeguarding data transmitted over fiber-optic networks using quantum cryptography. [more]
Thursday, 23 February 2006, 8:35 AM CET

Microsoft slams security firm's bounty for Windows flaws
Microsoft blasts a security company's recent offer of $10,000 to anyone who discovers a Windows flaw that leads to a critical fix. [more]
Wednesday, 22 February 2006, 2:45 AM CET

Mobile security: another hole to plug
As companies grant more network and application access via handheld devices such as smart phones, securing the devices is moving up the priority list. That explains why McAfee last week started selling a $30 security platform for mobile devices that identifies and removes viruses, worms, and other malicious applications. [more]
Wednesday, 22 February 2006, 2:39 AM CET

Online banking: a better security bet?
On average, consumers who bank online discover ID theft or fraud faster than those who rely on paper statements to view their accounts. The average online banker will view his or her accounts twice a month or more, compared to offline bankers who view their paper statement an average of once every 30 days. [more]
Wednesday, 22 February 2006, 2:20 AM CET

Patch testing
Critical to the concept of patch management is testing. [more]
Wednesday, 22 February 2006, 1:12 AM CET

Gartner cautious on promise of better security
Windows Vista will bring an incremental rather than revolutionary improvement in corporate network security, said analyst firm Gartner. [more]
Wednesday, 22 February 2006, 1:10 AM CET

Linux kernel security in a nutshell
Recently, I started looking more closely at some of the security add-ons for Linux and was surprised to find so many kernel-related projects out there. [more]
Wednesday, 22 February 2006, 12:48 AM CET

Impact of worm targeting Mambo CMS low, say researchers
Mare.D targets Mambo CMS and PHP XML-RPC. [more]
Wednesday, 22 February 2006, 12:36 AM CET

BT flogs ID theft insurance
But consumer group says firms should pay, not punters. [more]
Wednesday, 22 February 2006, 12:21 AM CET

U.S. reclassifies many documents in secret review
In a seven-year-old secret program at the National Archives, intelligence agencies have been removing from public access thousands of historical documents that were available for years, including some already published by the State Department and others photocopied years ago by private historians. [more]
Wednesday, 22 February 2006, 12:13 AM CET

Enhancing security, compliance, and malicious code protection
This free educational web seminar will provide critical information regarding the increasing threat of malicious code attacks, the most widely misunderstood vulnerabilities of the IBM iSeries, and methods to assist you. [more]
Wednesday, 22 February 2006, 12:02 AM CET

Sophos unveils e-mail security appliance
Company aims its first messaging security appliance at large organizations. [more]
Wednesday, 22 February 2006, 12:00 AM CET

Managing the impact of academic research on industry/government: conflict or partnership?
In the world of Information Security, there is great potential for conflict between the research aims of academics on the one hand, and the interests of industry and government on the other. As just one example, consider the implications of publishing an academic research paper describing a cryptographic flaw in the Data Encryption Standard (DES). Even today, with DES in its original form gradually being phased out in most applications, this would be headline news in the academic community. [more]
Tuesday, 21 February 2006, 3:43 PM CET

Invasion of the computer snatchers
Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again. [more]
Tuesday, 21 February 2006, 3:22 PM CET

Identity theft feeds $1bn gaming black market
Almost a quarter of a million fake accounts created in South Korea alone. [more]
Tuesday, 21 February 2006, 3:18 PM CET

It takes an extraprise to secure your business
Never mind the front gate, your company's biggest vulnerability could reside far outside its walls. [more]
Tuesday, 21 February 2006, 3:16 PM CET

Security experts see vulnerabilities in embedded databases
With Oracle Corp.’s purchase last week of open-source embedded software maker, SleepyCat Software Inc., at least one security analyst believes Oracle - which has come under fire for security vulnerabilities in its core database - could be adding more potential problems. [more]
Tuesday, 21 February 2006, 3:14 PM CET

Private identities become a corporate focus
During his keynote during the RSA Conference, Scott McNealy seemed almost apologetic. [more]
Tuesday, 21 February 2006, 3:12 PM CET

Strict liability for data breaches?
A recent case involving a stolen laptop containing 550,000 people's full credit information sheds new night on what "reasonable" protections a company must make to secure its customer data - and what customers need to prove in order to sue for damages. [more]
Tuesday, 21 February 2006, 3:11 PM CET

Demand for security technology in Middle East increases
OnLine Distribution has announced that its security division has recorded one of its most successful months to date, with sales of a new e-mail messaging security system at an all-time high. [more]
Tuesday, 21 February 2006, 3:09 PM CET

EU cops to get Europe-wide licence and vehicle database
Although 'nascent' springs to mind... [more]
Tuesday, 21 February 2006, 12:39 AM CET

Linux worm turns on Mambo and PHP
Could be a real nightmare. [more]
Tuesday, 21 February 2006, 12:26 AM CET

Poor web applications affect IT security
Many IT departments do not realise the impact of poorly designed web applications on the security of their enterprises, software development experts have warned. [more]
Tuesday, 21 February 2006, 12:22 AM CET

Movie studios may be moving against region encoding hacks, other exploits
Five major US studios are suing Samsung for developing and briefly selling at least one DVD player which they allege was not properly secured to protect the contents of encrypted DVDs, according to reports. [more]
Tuesday, 21 February 2006, 12:17 AM CET

London Oyster card - a tool for spouse stalkers?
Transport for London's (TfL) 'ID card lite', the Oyster travelcard, is already being illicitly used to snoop on people's movements, according to the Independent on Sunday. [more]
Tuesday, 21 February 2006, 12:11 AM CET

Database activity monitoring: intrusion detection & security auditing
Detailed defense-in-depth database security practice which shows how to employ multiple layers of protection can reduce the risk of intrusion using vulnerability assessment and intrusion detection/security auditing. [more]
Tuesday, 21 February 2006, 12:07 AM CET

Microsoft, Cisco not in sync on security
While Microsoft and Cisco continue the hard sell on their respective visions for quarantine-based endpoint security, customers and industry experts are asking hard questions about cost, complexity and the willingness of these industry giants to work together. [more]
Monday, 20 February 2006, 5:45 PM CET

Curing malware infections
When panic-stricken customers or users call for help with systems that have gone kablooey, the culprit is probably a malware infection. [more]
Monday, 20 February 2006, 5:44 PM CET

Spammers adopt stealth tactics
Botnet controllers are switching to stealth tactics in a bid to avoid detection. Instead of mass mail-outs of spam and malicious code, they are adopting slower distribution tactics in a bid to avoid appearing on corporate security radars. [more]
Monday, 20 February 2006, 5:43 PM CET

Proof that employees don't care about security
An experiment carried out within London's square mile has revealed that employees in some of the City's best known financial services companies don't care about basic security policy. [more]
Monday, 20 February 2006, 5:29 PM CET

Stronger security urged
Experts at Demo 2006 say products, implementations need to improve drastically. [more]
Monday, 20 February 2006, 5:25 PM CET

Secure or not, RFID tag adoption is in the cards
Industry and government are driving toward broader adoption of smart cards, even as cryptographers continue to find and fix weaknesses in the underlying RFID chips and hashing algorithms. [more]
Monday, 20 February 2006, 5:21 PM CET

Political hacking scandal hits Hungary
A "Watergate-style" political scandal has broken in Hungary after the opposition party was forced to admit an over-zealous intern was responsible for hacking into the servers of the governing party. [more]
Monday, 20 February 2006, 5:18 PM CET

iPod gets 007 data spying tool
An IT security consultant has developed a program designed to scan corporate networks for sensitive files and automatically transfer them to an iPod. [more]
Monday, 20 February 2006, 5:17 PM CET

Network filtering by operating system
With pf and altq, you can now limit the amount of bandwidth available to users of different operating systems. [more]
Monday, 20 February 2006, 12:54 AM CET

IBM preps patches for security flaw
Tivoli Directory Server 6.x hole could leave software exposed. [more]
Monday, 20 February 2006, 12:39 AM CET

Firm offers $10K reward for critical Windows bug
For a limited time, iDefense will pay researchers $10,000 for finding Windows vulnerabilities that Microsoft classifies as "critical." [more]
Monday, 20 February 2006, 12:34 AM CET

Online census prompts security warning
Fill out your forms online but make sure your system is secure first. [more]
Monday, 20 February 2006, 12:28 AM CET

Preventing SSH dictionary attacks with DenyHosts
This article shows how to install and configure DenyHosts. [more]
Monday, 20 February 2006, 12:23 AM CET

Panic spreads over Windows Vista 'back door' that never was
Who'd be a Microsoft? There you are, strolling along minding your own business and the next thing you know you're in a top level conspiracy with the UK security forces to put a back door into Windows Vista. [more]
Monday, 20 February 2006, 12:04 AM CET

Man charged over Oscar 'piracy'
A man accused of uploading a copy of the biopic film Walk the Line has been charged with copyright infringement. [more]
Monday, 20 February 2006, 12:01 AM CET

Implementing web security in a defense-in-depth architecture
Learn how to protect client devices and mission-critical applications from malware such as keyloggers, phishing and pharming scams and other web-borne threats in Instant Messages and "drive-by downloads" from infected URLs. [more]
Monday, 20 February 2006, 12:00 AM CET

Weekly report on viruses and intruders - W32/Bagle.GZ.worm, OSX/Oomp.A Mac OS X worm
This week’s report focuses on the updates released by Microsoft to correct several errors. As well as the W32/Bagle.GZ.worm, we can also highlight the appearance of OSX/Oomp.A, a worm that affects Mac OSX. [more]
Friday, 17 February 2006, 8:09 PM CET

Sony rootkit may lead to regulation
DHS is worried about potential vulnerabilities. [more]
Friday, 17 February 2006, 6:56 PM CET

Recover passwords using the power of multiple computers
Elcomsoft Distributed Password Recovery offers administrators a comprehensive solution for recovering passwords to MS-Office documents when employees forget their passwords, or when they deliberately add passwords to documents in an effort to sabotage their companies. [more]
Friday, 17 February 2006, 3:51 PM CET

Phishing in IRS waters
Beware: scammers are posing as the taxman, sending out refund e-mails as a ploy to swipe your personal info. [more]
Friday, 17 February 2006, 3:33 PM CET

Attack code targets Media Player flaw
Users who have applied the latest round of patches should not be affected by the 'critical' vulnerability. [more]
Friday, 17 February 2006, 3:30 PM CET

Accountants reject email monitoring
Market and client sensitive information will not be subjected to email checks, say accountants. [more]
Friday, 17 February 2006, 3:29 PM CET

Biometrics struggle to go mainstream
As biometric devices reach critical mass, they are failing in ease of use and reliability. [more]
Friday, 17 February 2006, 10:33 AM CET

'Spam man' wins gold
According to the International Olympic Committee's website, Australia's gold medallist Dale Begg-Smith, runs an internet pop-up advertising company that he describes as the third largest of its type. [more]
Friday, 17 February 2006, 10:32 AM CET

Basic Mac OS X security
Mac OS X is a secure operating system in that it's multi-user and has limits on what some user accounts can do. If an account is setup as a basic user, that user can only hurt himself, not the whole system or other users. [more]
Friday, 17 February 2006, 3:11 AM CET

China shuts 76 web sites in crackdown on piracy
An official says that China is also considering signing two new international treaties to help fight piracy of films, music, and software. [more]
Friday, 17 February 2006, 2:30 AM CET

Security, economics, and lost conference badges
Conference badges are an interesting security token. They can be very valuable -- a full conference registration at the RSA Conference this week in San Jose, for example, costs $1,985 -- but their value decays rapidly with time. By tomorrow afternoon, they'll be worthless. [more]
Friday, 17 February 2006, 2:24 AM CET

Microsoft launches U.K. antipiracy campaign
Program aimed at cutting pirate software in the U.K will include 'house calls' to retailers. [more]
Friday, 17 February 2006, 2:14 AM CET

U.S. warns of coming online threats
"The main thing is monitoring what's going on at the desktop level as well as the network level," said Javier Santoyo, development manager for Symantec Security Response. "Know what your users are bringing onto the system in addition to who's trying to break in." [more]
Friday, 17 February 2006, 1:05 AM CET

Mobile virus growth outpaces PC malware
Security firm reports steeper growth curve for mobile viruses than for PC viruses. [more]
Friday, 17 February 2006, 12:46 AM CET

OASIS stamps approval on WS-Security 1.1
A standards body on yesterday gave final approval to a security specification that is recognized as a foundation for securing distributed applications and Web services. [more]
Friday, 17 February 2006, 12:40 AM CET

Cisco chief predicts end of 'pinpoint' security apps
Pinpoint security software is developed to address specific problems. For example, a popular category is software that locks down VoIP applications and monitors the network for threats specifically targeted at those systems. But implementing this type of application does not take the "whole body" of a network into consideration, Chambers believes. [more]
Friday, 17 February 2006, 12:29 AM CET

Low-threat Mac OS X Trojan appears
It was bound to happen: a Trojan horse for Mac OS X has appeared, purporting to be screenshots of Apple's forthcoming Mac OS X 10.5 "Leopard" operating system. [more]
Friday, 17 February 2006, 12:21 AM CET

Is enterprise single sign-on possible?
Join us for this one-hour webcast to gain an understanding of the ESSO marketplace and how these technologies can benefit your organization. [more]
Friday, 17 February 2006, 12:18 AM CET

Industry struggles to tackle phishing
No end in sight as January breaks all previous records. [more]
Thursday, 16 February 2006, 1:41 PM CET

'Pentagon hacker' wants to see Bush's John Hancock
Alleged Pentagon Hacker Gary McKinnon was told in court today that the US Embassy would write a letter to help him avoid the full wrath of presidential anti-terror laws, if he were extradited for prosecution. [more]
Thursday, 16 February 2006, 1:38 PM CET

FBI director: cyber threats 'fluid and far-reaching'
Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. [more]
Thursday, 16 February 2006, 1:35 PM CET

Online security running out of time
As online trust is eroding, consumers shun internet businesses. [more]
Thursday, 16 February 2006, 1:33 PM CET

Phone tap: how's the traffic?
Driving to work, you notice the traffic beginning to slow. And because you have your cell phone on, the government senses the delay, too. [more]
Thursday, 16 February 2006, 1:30 PM CET

Things you don't want Google to find
"Hacking Google" isn't exactly new. That is, using the search engine to look for confidential information. But as McAfee's senior vice president for Risk Management George Kurtz demonstrated today at RSA conference, that didn't prevent users and organisations to post those goodies online for anyone to find. [more]
Thursday, 16 February 2006, 2:41 AM CET

Enterprise WLANs add 3rd party security
The fastest way to make sure your wireless LAN (WLAN) is protected is to let the network protect itself. That’s why companies like Extreme Networks and Xirrus are partnering with providers of intrusion detection and prevention systems to embed security functions rather than force customers to install an overlay sensor network. [more]
Thursday, 16 February 2006, 2:18 AM CET

Privacy and anonymity
Privacy and anonymity on the internet are as important as they are difficult to achieve. Here are some of the the current issues we face, along with a few suggestions on how to be more anonymous. [more]
Thursday, 16 February 2006, 1:34 AM CET

Microsoft releases seven software patches
Releases include patches for Internet Explorer, Windows Media Player. [more]
Thursday, 16 February 2006, 1:12 AM CET

Biometric ID cards scheduled for 2008
MPs approve scheme including cost reports for controversial legislation. [more]
Thursday, 16 February 2006, 12:42 AM CET

"Trusted Network Connect" - hardware-based security technology
Three years after it was first announced, Trusted Network Connect (TNC) is finally here. [more]
Thursday, 16 February 2006, 12:27 AM CET

Security isn't "one size fits all"
Although Microsoft and Sun Microsystems have long been rivals, their security strategies contain more than a passing similarity. Both envision use of smart-card technology plugged into the desktop to authenticate users to their systems and both believe that the majority of a users' security technology should come from the same company. [more]
Thursday, 16 February 2006, 12:22 AM CET

Practical counter-fraud solutions
This paper details the technical aspects of typical phishing campaigns, focusing on the tactics, methodology, and unique features of the phishing email and the phishing Web site. [more]
Thursday, 16 February 2006, 12:03 AM CET

Network security is the key to keeping VOIP secure
Despite warnings that VoIP is vulnerable to a new breed of attacks, the biggest threat to it remains weaknesses in general network security, according to a vendor presentation at the RSA Security Conference 2006. [more]
Thursday, 16 February 2006, 12:01 AM CET

Security experts look to the future
A panel discussion involving a group of experts held during DEMO ‘06 in Phoenix last week concluded that the state of security today is not where it should be. But the panelists also had suggestions on how to improve it. [more]
Wednesday, 15 February 2006, 1:11 PM CET

Cellphone could crack RFID tags, says cryptographer
A well known cryptographer has applied power analysis techniques to crack passwords for the most popular brand of RFID tags. [more]
Wednesday, 15 February 2006, 12:24 PM CET

UK holds Microsoft security talks
UK officials are talking to Microsoft over fears the new version of Windows could make it harder for police to read suspects' computer files. [more]
Wednesday, 15 February 2006, 12:20 PM CET

Spyware: what you need to know
It can turn your system against you, slow your browser to a crawl and inhabit your computer like some grotesque parasite. It can cling to your Windows registry with its grasping mandibles and sucking away its very life. And those are just the side effects of spyware -- those annoying, privacy-invading programs you'll spend the better part of the Thanksgiving holiday removing from your parents' computer. [more]
Wednesday, 15 February 2006, 10:18 AM CET

'Security in the cloud' is not the way to go
One of the basic philosophies of security is defense in-depth: overlapping systems designed to provide security even if one of them fails. An example is a firewall coupled with an intrusion-detection system (IDS). Defense in-depth provides security because there's no single point of failure and no assumed single vector for attacks.

Wednesday, 15 February 2006, 10:16 AM CET

Economics prevent safe software
Money, not technology can solve the sorry state of computer security. [more]
Wednesday, 15 February 2006, 10:15 AM CET

Sophos enters e-mail security appliance market
Sophos, which has long offered its antivirus and antispam software for resale with a number of e-mail security appliance makers' wares, is now getting into the business itself. [more]
Wednesday, 15 February 2006, 10:14 AM CET

'Crimeware' nearly doubles in december
A recently revealed image-rendering vulnerability related to Windows Meta Files made it easier for phishers to spread software designed for a criminal enterprise, such as identity theft. [more]
Wednesday, 15 February 2006, 10:05 AM CET

British computer hacker fights extradition to U.S.
Gary Mckinnon was arrested last June following charges by U.S. prosecutors that he illegally accessed 97 government computers - including Pentagon, Army, Navy, and NASA systems. [more]
Wednesday, 15 February 2006, 12:09 AM CET

Gates outlines ID management for Vista, XP
InfoCard stores password, identity information. [more]
Wednesday, 15 February 2006, 12:08 AM CET

Sun talks up next generation cryptography
Sun Microsystems at the RSA Conference in San Jose revealed that it will add support for Elliptic Curve Cryptography (ECC) in its Sun Java System Web Server 7.0. [more]
Wednesday, 15 February 2006, 12:07 AM CET

Securing the point of use: the new foundation for data security
In a world of burgeoning threats to data, the complexity of information security needs is increasing. More complex solutions are not the answer. The future of data security lies at the point of use. [more]
Wednesday, 15 February 2006, 12:06 AM CET

Industry group unveils trusted software specs
Security chips reach ubiquity in the enterprise. [more]
Tuesday, 14 February 2006, 12:52 PM CET

Security workers get RFID implants
"To protect high-end secure data, you use more sophisticated techniques," said Sean Darks, chief executive at "The implants aren't any different from a retina scan or fingerprinting. They're all just different levels of security." [more]
Tuesday, 14 February 2006, 12:51 PM CET

The new face of phishing
Phishing is a difficult enough form of fraud to avoid for most computer users, but when some of the biggest names in the financial industry fail to do their part to detect and eliminate these online scams, consumers often are placed in an untenable situation. [more]
Tuesday, 14 February 2006, 12:50 PM CET

Using InfoCards for user-centered identity
As a taste of upcoming MIX06 sessions, Kim Cameron presents a thumbnail sketch of how InfoCards bring an architecture for identity to the Internet, a demo of how it works and a peek at how you integrate it into a Web page. See Kim's full session on this topic at the MIX06 conference. [more]
Tuesday, 14 February 2006, 2:34 AM CET

Tools address security concerns
Faced with regulatory compliance requirements and grueling audits, network managers are turning increasingly to security-event management systems to detect when policies have been breached. [more]
Tuesday, 14 February 2006, 1:24 AM CET

VeriSign signs up eBay, Yahoo to identity program
VIP suite lets customers use a single authentication credential across all VIP-enabled sites. [more]
Tuesday, 14 February 2006, 1:12 AM CET

Networking 101: understanding (and using) ICMP
As Networking 101 begins moving on up the stack toward the layers involved with routing, we must pause for a moment. [more]
Tuesday, 14 February 2006, 1:04 AM CET

Breached! A security manager's nightmare
A fluke discovery that personal information is visible on the Internet triggers a bit of panic at a state agency. [more]
Tuesday, 14 February 2006, 12:30 AM CET

How to avoid a St. Valentine's day malware massacre
Steer clear of some Web sites, unless your idea of romance is spending some more quality time with your helpdesk staff. [more]
Tuesday, 14 February 2006, 12:23 AM CET

Cisco revamps security-management offerings
Cisco Systems is taking a big step to ease the management of its security equipment--and that of other vendors, as well. [more]
Tuesday, 14 February 2006, 12:20 AM CET

Security titans ready for showdown at RSA
Network-access control and security-policy enforcement are expected to grab much of the limelight at this week's RSA Conference 2006, which organizers estimate will draw 14,000 attendees and more than 300 exhibitors. [more]
Tuesday, 14 February 2006, 12:19 AM CET

IIPA piracy petition criticizes Russia
U.S. trade associations calls for possible sanctions against Russia for serious copyright violations. [more]
Tuesday, 14 February 2006, 12:18 AM CET

The next generation of strong authentication
Discover simplified, strong authentication that is designed to integrate with existing infrastructure, as well as leverage a single platform, for a cost-effective, next-generation solution for access control. [more]
Tuesday, 14 February 2006, 12:14 AM CET

Management vendors improve ID products
CA and HP this week separately plan to announce better integration within their respective identity management suites so that customers can more easily secure application access and enforce compliance policies.

Monday, 13 February 2006, 2:41 AM CET

Startup tries to spin a safer Web
File-sharing software that installs adware, Web sites that attempt to compromise a visitor's computer, and free downloads that install a host of other unwanted software -- the Web has become a confusing, and sometimes dangerous, place for the average home user. [more]
Monday, 13 February 2006, 2:40 AM CET

Is AJAX a security risk?
Asynchronous JavaScript and XML has come under scrutiny recently, after it was discovered that AJAX has the potential to expose browsers to potential security problems. [more]
Monday, 13 February 2006, 1:59 AM CET

Movie Firewall dramatizes dangers of ID theft
Harrison Ford character finds huge debt he didn’t incur. [more]
Monday, 13 February 2006, 1:52 AM CET

Security breach leads to card cancellations
Several major banks are canceling their customer’s credit cards after a security breach. [more]
Monday, 13 February 2006, 1:49 AM CET

'Cyber Storm' tests US defences
Vital US infrastructure including power grids and banking systems have been put under simulated attack in a week-long security exercise called Cyber Storm. [more]
Monday, 13 February 2006, 1:22 AM CET

Company requires RFID injection
Two employees have been injected with RFID chips this week as part of a new requirement to access their company's datacenter. [more]
Monday, 13 February 2006, 1:16 AM CET

Critical bugs sting Lotus Notes
Some of the six holes can allow attackers to hijack corporate systems even if users only view incoming e-mail. [more]
Monday, 13 February 2006, 1:09 AM CET

Sue companies, not coders
At a security conference last week, Howard Schmidt, the former White House cybersecurity adviser, took the bold step of arguing that software developers should be held personally accountable for the security of the code they write. [more]
Monday, 13 February 2006, 12:58 AM CET

Unmasking online threats in 2006
Attend this webcast today to learn details of existing and emerging online threats to global organizations, current challenges and obstacles in proactively combating these online threats and best practices in mitigating these risks and threats. [more]
Monday, 13 February 2006, 12:50 AM CET

NTT develops secure IM system
There are already a few secure IM systems out there, such as e/pop, and add-ins like IM Secure Pro, but the new stand-alone messaging tool from NTT in Japan looks promising, especially as it uses Transport Layer Security and can connect to AIM et al. [more]
Monday, 13 February 2006, 12:48 AM CET

Skip airport security lines?
Registered Traveler program, which will expedite screening of certain passengers, is set to begin in June. [more]
Monday, 13 February 2006, 12:17 AM CET

Tool helps reduce search for bugs
A university researcher showed off on Saturday an open-source tool that helps programmers dramatically shrink the amount of code they need to audit to find a particular bug. [more]
Monday, 13 February 2006, 12:09 AM CET

US charges Calif. man in computer "botnet" case
A California man was indicted on Friday on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted ad software. [more]
Monday, 13 February 2006, 12:07 AM CET

Coping with a major security breach? what’s your contingency plan?
Legal pressures, not to mention your moral obligation to assist unwitting victims, means that you should never delay when disclosing IT security incidents. [more]
Friday, 10 February 2006, 3:30 PM CET

French bank accounts targeted by Russian virus gangs
Russian criminal gangs have used sophisticated virus programs to steal more than £600,000 from personal bank accounts across France. [more]
Friday, 10 February 2006, 1:42 AM CET

Canadian IT operators discover beauty in spam
The Sheridan College Institute of Technology and Advanced Learning has created software that translates network and server activity into music. And, their IT department operators can interpret the music to detect problems in the system. [more]
Friday, 10 February 2006, 1:20 AM CET

Homeland security tests U.S. readiness for massive Internet attack
The cyber-disaster drill originally had been scheduled for last year but had to be postponed because of Hurricane Katrina. Even before that emergency, however, many lawmakers were calling for the test to determine how prepared the U.S. is for a massive Internet attack. [more]
Friday, 10 February 2006, 1:05 AM CET

WiFi for dummies
The average user has no idea of the risks associated with public WiFi hotspots. Here are some very simple tips for them to keep their network access secure. [more]
Friday, 10 February 2006, 12:41 AM CET

Microsoft continues to nibble at security
Things rarely stand completely still in the rainy Northwest. [more]
Friday, 10 February 2006, 12:39 AM CET

Europe urged to improve Web security
Europe must work harder to make the Internet more secure as the nature of on-line threats becomes increasingly criminal across the 25-nation bloc, a senior EU official warned Thursday. [more]
Friday, 10 February 2006, 12:34 AM CET

ID fraud conmen target TV comic Hill
Fraudsters siphoned £280,000 from the bank account of TV comic Harry Hill as part of a scam targeting wealthy people that netted an estimated £500,000. [more]
Friday, 10 February 2006, 12:03 AM CET

Phishing: 21st-century organized crime
Phising is on the rise! Learn the scope of the phishing problem and the process by which the information harvested in phishing attacks is passed from one cybercriminal to the next. [more]
Friday, 10 February 2006, 12:00 AM CET

Distributed wireless security monitoring systems
Distributed Wireless Security Monitoring Systems help categorize and prioritize threats. We examine two offerings from AirDefense and AirTight Networks. [more]
Thursday, 9 February 2006, 10:53 AM CET

Hunting the initial vector - story of a hack
The first hack of the year came earlier than expected for 2006, only hours into the year and a host fell victim to attackers. [more]
Thursday, 9 February 2006, 10:28 AM CET

Liberty Alliance identity work due by September
Financial companies hope to assuage consumer concerns over identity theft despite vague federal guidelines. [more]
Thursday, 9 February 2006, 4:04 AM CET

Firefox exploit emerges
An exploit that takes advantage of a recently-patched bug in Mozilla Corp.'s Firefox browser has gone public. [more]
Thursday, 9 February 2006, 3:20 AM CET

Playing games with the RIAA
"It's obvious that Mr. Whitehead doesn't know Kazaa from a kazoo either, or he's simply pretending he doesn't," said Zi Mei. "The RIAA's 'investigative' techniques are sloppy and harmful, to say the least." [more]
Thursday, 9 February 2006, 3:15 AM CET

Fears of a BlackBerry blackout
BlackBerry-dependent institutions, such as hospitals, are considering contingency plans. Public officials nervously wonder about their ability to keep government operating smoothly without BlackBerries. [more]
Thursday, 9 February 2006, 2:53 AM CET

Decrypting encryption myths
Encryption is great if used wisely, writes CIO Update columnist Peter Tippett of Cybertrust. [more]
Thursday, 9 February 2006, 2:47 AM CET

Microsoft joins security market with anti-virus service
Microsoft Corp. said on Tuesday it plans to launch a new computer security service in June, marking the world's biggest software maker's entry into the fast-growing consumer anti-virus market. [more]
Thursday, 9 February 2006, 1:18 AM CET

Help! My box has been owned...
A flaw in the Microsoft Windows help system could be exploited to run arbitrary code with the privileges of the target user, according to a security advisory released this week. [more]
Thursday, 9 February 2006, 12:53 AM CET

Cisco confirms VPN vulnerability
A vulnerability located for Cisco’s 3000-series VPN concentrators running WebVPN appears to extend to all versions of the product, according to a security researcher who has been following the situation. Cisco on Tuesday acknowledged the problem and has confirmed that an advisory update is in the offing. [more]
Thursday, 9 February 2006, 12:49 AM CET

Microsoft reports two bugs - a third is identified
Microsoft Corp. is warning of two bugs in its software that could potentially give unauthorized control or access over a person's computer, while a third problem has been highlighted by a security research company. [more]
Thursday, 9 February 2006, 12:21 AM CET

Cyber storm brewing for homeland security
The U.S. Department of Homeland Security is attempting to create a perfect storm in cyberspace this week in what it's touting as the first international test of cyber preparedness. [more]
Thursday, 9 February 2006, 12:15 AM CET

Disaffected Avecho workers kicked offline
Former workers of controversial UK-based anti-virus vendor Avecho Group have pulled a website criticising their former employer following legal threats from new owners of the company. [more]
Thursday, 9 February 2006, 12:12 AM CET

UK admits failure on spam
No prosecutions against spammers in 2005 despite some 364 complaints. [more]
Thursday, 9 February 2006, 12:06 AM CET

Network configuration management
With the increased number of cyber attacks and the overall complexity of enterprise networks today, IT professionals are challenged with the daunting task of protecting networks from known and unknown malicious activity. [more]
Thursday, 9 February 2006, 12:05 AM CET

Spinning suspicious searches
Google is currently resisting efforts by the U.S. government to acquire its server data. [more]
Wednesday, 8 February 2006, 1:23 PM CET

Apple's in the eye of flaw finders
At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher's computer, disabling the firewall and starting up a file server. [more]
Wednesday, 8 February 2006, 10:36 AM CET

Domain name contact information and the right to anonymity
The conflict between the open Internet--the one we all love for its small users and free speech--and the commercial Internet--with high barriers to entry--continues. [more]
Wednesday, 8 February 2006, 10:33 AM CET

Muslim hackers blast Denmark in Net assault
Pro-Muslim computer hackers have unleashed a withering cyber attack on Danish and Western websites in the past week, escalating their defacement barrage to coincide with dozens of violent street-level demonstrations across the Arab world in protest at the publication of a cartoon depiction of the Prophet Mohammed. [more]
Wednesday, 8 February 2006, 10:32 AM CET

Spyware remains rampant as Winamp exploited
A new study by the University of Washington finds that one in twenty executables on the Internet contain spyware. [more]
Wednesday, 8 February 2006, 10:30 AM CET

Recycling poses information security risk
In an ideal world, recycling IT assets or sensitive documents would not pose a security threat. Unfortunately, as a Toronto Health Clinic recently learned, the world is far from ideal. [more]
Wednesday, 8 February 2006, 9:57 AM CET

A new view of security in Vista
Companies beta testing Vista have been quick to praise new security features in the operating system which is due out by year's end. [more]
Wednesday, 8 February 2006, 9:53 AM CET

Windows hit by yet another WMF hole
Older versions of Internet Explorer once again exposed. [more]
Wednesday, 8 February 2006, 9:42 AM CET

Microsoft to unveil paid security service
A new security service from Microsoft Corp. will charge users $49.95 per year to better protect its Windows operating system from spyware, viruses and other Internet attacks. [more]
Wednesday, 8 February 2006, 1:17 AM CET

Hollywood PI in wiretap charge rap
A former sleuth to the stars has been charged with masterminding an illegal wiretapping operation targeted against actors, reporters and agents. [more]
Wednesday, 8 February 2006, 1:11 AM CET

Rule change aids China cyber-squatters
New domain name regulations mean no automatic protection for trademark owners. [more]
Wednesday, 8 February 2006, 12:58 AM CET

US patient records faxed to herbal pill firm
Long-running number mix-up sends data to Canada. [more]
Wednesday, 8 February 2006, 12:39 AM CET

Why wait for hackers?
esting new applications for security weaknesses is a process that is often performed from the outside-in. [more]
Wednesday, 8 February 2006, 12:32 AM CET

Maker of CD copying software relents on security
"SunnComm's behavior is a very thinly veiled media ploy to make the company appear more favorable in the market, and a blatant attempt to avoid the class action lawsuits that are plaguing Sony BMG as a result of compromising the security of personal computers around the world," Jarad Carleton, an analyst with Frost & Sullivan, told TechNewsWorld. [more]
Wednesday, 8 February 2006, 12:06 AM CET

Senators question GSA on response to eOffer security problem
The Senate Government Affairs Committee is questioning the General Services Administration’s slow action in taking down its eOffer system after a vendor discovered a security flaw. [more]
Wednesday, 8 February 2006, 12:02 AM CET

Study notes decline in Internet spyware
A new study details the extent and seriousness of potentially destructive spyware on the Internet, finding that it is still prevalent but declined significantly. [more]
Tuesday, 7 February 2006, 5:04 AM CET

Straight talk on Mac security risks
Macs have a reputation for being more secure than Windows boxes. Is that reputation deserved? [more]
Tuesday, 7 February 2006, 4:03 AM CET

Hackers writing zero-day malware to order
2005 was watershed year for zero-day exploits, warns security firm. [more]
Tuesday, 7 February 2006, 3:21 AM CET

New anti-spam tactic: charge 'em
Two of the world's biggest e-mail account providers, Yahoo and America Online, plan to introduce a service that would charge senders a fee to route their e-mail directly to a user's mailbox without first passing through junk mail filters, representatives of both companies said Sunday. [more]
Tuesday, 7 February 2006, 3:18 AM CET

Is application security training worth the money?
Look for training that focuses on identifying and expunging problems in the software itself. [more]
Tuesday, 7 February 2006, 3:14 AM CET

E-mail 'stamps' may help companies avoid junk mailboxes
The program, which is being offered through a company called Goodmail Systems, will target banks, online retailers and other groups that send large amounts of e-mail. In exchange for a payment and a pledge to contact only people who have agreed to receive their messages, the companies would be ensured their e-mails aren't diverted to spam folders or have images or Web addresses filtered out. [more]
Tuesday, 7 February 2006, 3:04 AM CET

All together now: security
Banks can agree on one thing: losing customer data is bad. [more]
Tuesday, 7 February 2006, 1:19 AM CET

Hitachi advances paper-thin RFID chip
Targeting radio-frequency identification, Hitachi Ltd. has developed what it says is the smallest and thinnest IC in the world for those applications. [more]
Tuesday, 7 February 2006, 1:15 AM CET

ISS in RSA Conference keynote
Enterprise security service provider Internet Security Systems announced it will deliver several presentations and demonstrations at the 15th annual RSA Conference, including a keynote address by ISS president and CEO Thomas Noonan. [more]
Tuesday, 7 February 2006, 1:12 AM CET

US prepares to hack the world
Critical sections of the UK IT infrastructure will come under attack this week as the US Department of Homeland Security runs Operation Cyber Storm, a global penetration test to assess how vulnerable the nation is to online attack. [more]
Tuesday, 7 February 2006, 1:01 AM CET

Smartcard pressure
The market for smartcards will jump by 50 per cent this year, driven mainly by cards with chips that improve compliance and security. [more]
Tuesday, 7 February 2006, 12:56 AM CET

Kama Sutra a wet blanket
The much anticipated Kama Sutra worm turned out to be rather flaccid. [more]
Tuesday, 7 February 2006, 12:52 AM CET

Using rootkits to defeat Digital Rights Management
An easier approach is to fool game DRM software into thinking its reading data for playing a game from its original CD rather than from an on-disk copy. [more]
Tuesday, 7 February 2006, 12:47 AM CET

Viruses... in an instant
Each day, thousands of employees are being put in a compromising situation by their employers. Names have been changed to conceal the identities of these poor victims of circumstance. [more]
Tuesday, 7 February 2006, 12:37 AM CET

Juniper unveils super-secure router
Juniper Networks this week is bringing its security and networking capabilities together in its new Secure Services Gateway, a branch-office appliance that combines unified threat management with WAN access routing features. [more]
Tuesday, 7 February 2006, 12:21 AM CET

E-mail charging plan to beat spam
Big net firms are trying to stop spammers by charging to deliver e-mail messages. [more]
Tuesday, 7 February 2006, 12:12 AM CET

Painless backups using rdiff-backup
Backup is a pain. Yet these days many of us actually have access to relatively large quantities of storage on multiple systems, all connected together by the Internet. The combination of cheap computers, cheaper hard drives, and the magic of TCP/IP ought to mean that keeping backups of our vital files should be no problem at all. [more]
Tuesday, 7 February 2006, 12:04 AM CET

The automation of IT
Vendors say their revamped identity management suites are perfect for automating midsize enterprises. If so, then why are they so desperate to make a sale? [more]
Tuesday, 7 February 2006, 12:00 AM CET

Telecoms let NSA spy on calls
The National Security Agency has secured the cooperation of large telecommunications companies, including AT&T, MCI and Sprint, in its efforts to eavesdrop without warrants on international calls by suspected terrorists, according to seven telecommunications executives. [more]
Monday, 6 February 2006, 7:38 PM CET

The data security deluge
When software designed to manage the loads of information collected from security systems debuted a few years ago, its high cost and complexity stood in the way of its adoption. [more]
Monday, 6 February 2006, 7:37 PM CET

Adobe graphics flaw could see design work destroyed
A security flaw in Adobe Systems' line of graphics design software could allow unauthorised users to change or destroy program files, the company has said. [more]
Monday, 6 February 2006, 7:35 PM CET

Cisco looks to grab broader security role
At next week's RSA Conference, Cisco plans to debut major security products to help bolster its already strong security portfolio. [more]
Monday, 6 February 2006, 7:35 PM CET

CD anti-piracy firm vows openness
SunComm's MediaMax software has been discovered covertly installing itself and can leave PCs vulnerable to attack. [more]
Monday, 6 February 2006, 7:33 PM CET

Microsoft support line barely registers Kama Sutra
Company security manager stops short of calling worm a non-event. [more]
Monday, 6 February 2006, 2:21 AM CET

Symantec to wrestle Microsoft in consumer security
Symantec plans to defend its consumer security turf against inroads by Microsoft with new software delivered over the Internet and sold as a service, the Cupertino, Calif.-based company said Friday. [more]
Monday, 6 February 2006, 2:16 AM CET

US state website hacked
A security breach of the Rhode Island state website has turned out to be much worse that first thought. Linda Rosencrance reports. [more]
Monday, 6 February 2006, 2:11 AM CET

Virus floors Russian stock exchange
A computer virus succeeded in bringing down the main Russian stock exchange on Thursday. The Russian Trading System (RTS) was forced to suspend operations in its three markets between 1315 and 1420 GMT after unnamed malware infected systems. Viral infection resulted in a huge upsurge of outgoing traffic, interrupting normal network operations. [more]
Monday, 6 February 2006, 2:07 AM CET

Hackers code bespoke zero day malware to order
Russian security company Kaspersky Labs says it has discovered a worrying phenomenon that emerged in the wake of Microsoft’s security gaffe over the .wmf exploit at the end of last year: the tailoring and sale of zero day malware for a specific market. [more]
Monday, 6 February 2006, 1:12 AM CET

Computer viruses to hit China next week
The computer viruses known as "Kompu" and "Happytime" will attack China next week, but damage will be limited, predicted the Tianjin-based National Computer Virus Emergency Response Center on Sunday. [more]
Monday, 6 February 2006, 1:03 AM CET

One in eight 'harassed by e-mail'
One in eight people received an offensive e-mail in the last year, government figures have indicated. [more]
Monday, 6 February 2006, 12:54 AM CET

Measuring the effectiveness of application security policies
It's easy for software vendors to insist that their products are safe, simply by pointing to the small numbers of vulnerabilities detected. [more]
Monday, 6 February 2006, 12:37 AM CET

Best practices for wireless and mobile security
Featured speaker, Jack Gold of META Group will be presenting his latest research on the mobile and wireless market. Additionally, iAnywhere will be presenting some case studies. [more]
Monday, 6 February 2006, 12:32 AM CET

UNIX security: don't believe the truth
One of the biggest reasons for many people to switch to a UNIX desktop, away from Windows, is security. However, how much is that increased security really worth for an average home user, when you break it down? According to me, fairly little. Here's why. [more]
Monday, 6 February 2006, 12:07 AM CET

E-mail encryption for Linux: a startup guide
Do you ever send confidential/extremely personal information or documents via e-mail? [more]
Friday, 3 February 2006, 10:02 PM CET

Experts comment on the top security threats in 2006
At the Infosecurity Europe 2006 Press Conference a panel of speakers from MessageLabs, Centennial Software, (ISC)2, Black Spider, Juniper Networks and Insight Consulting debated the most dangerous security threats we can expect in 2006. [more]
Friday, 3 February 2006, 1:39 PM CET

Microsoft talks about security developments
Microsoft realized that phishing, pharming, botnets and rootkits show that attacks are becoming more sophisticated. This situation makes traditional defenses to be inadequate and evolution is at hand. [more]
Friday, 3 February 2006, 1:32 PM CET

Nyxem virus infections minimal
Casualties from the latest virus dubbed Nyxem, BlackWorm or Karma Sutra in Australia have been surprisingly low, with Sophos Australia reporting only one infection from the virus. [more]
Friday, 3 February 2006, 1:14 PM CET

Mobile phone tracking, girlfriend stalking and the law
A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called 'How I stalked my girlfriend'. It painted a scary picture. [more]
Friday, 3 February 2006, 1:14 PM CET

Best practices for control system security
Contemplating an IPS? Some pointers from CIO Update guest columnist Ernest Rakaczky of Invensys may help. [more]
Friday, 3 February 2006, 1:13 PM CET

Humanity survives Kama Sutra apocalypse
Security watchers reckon the Kama Sutra worm, which is programed to overwrite files on infected Windows PCs today, will have a damaging but not catastrophic effect. [more]
Friday, 3 February 2006, 1:12 PM CET

Are you using strategic metrics in managing IT risk?
If you have responsibility for any aspect of IT security or regulatory compliance in your organization, are you making use of metrics to help you determine your IT risk management strategy? [more]
Friday, 3 February 2006, 1:08 PM CET

Information security management of an Intranet and Internet
Future growth in the use of Intranets and the Internet depends very heavily on how well they can be secured. [more]
Friday, 3 February 2006, 1:05 PM CET

Artists burnish RFID's image
RFID tags, the next-generation bar codes loved by big box stores but hated by some privacy advocates, could get an image boost from an unlikely source: artists. [more]
Friday, 3 February 2006, 1:01 PM CET

New technology boosts quantum cryptography
Los Alamos (N.M.) National Laboratory scientists say they've made a breakthrough in extending the limits for secure optical fiber communications. [more]
Friday, 3 February 2006, 12:59 PM CET

Major DHS cybersecurity exercise to take place in February
The Homeland Security Department will test how well it works with other federal agencies and private IT companies to protect cybersecurity in a national exercise Feb. 6-10. [more]
Friday, 3 February 2006, 2:59 AM CET

Fake F-Secure e-mail contains malware
An unknown attacker sent out the thousands of infected e-mails yesterday. [more]
Friday, 3 February 2006, 2:55 AM CET

Mobile users warned of hoax police email
Mobile phone users are being warned about an email in circulation claiming that their handsets could be taken over. [more]
Friday, 3 February 2006, 2:54 AM CET

Friday is D-day for viral temptress
"This worm feeds on people's willingness to receive salacious content on their desktop computer," said Graham Cluley, senior technology consultant at cyber-security firm Sophos. "People should stop accepting this kind of content from their friends and colleagues." [more]
Friday, 3 February 2006, 2:48 AM CET

S/MIME is ready to help secure e-mail today
The S/MIME system for sending secure e-mail was developed by RSA Security in the 1990s and adopted as an Internet standard by the Internet Engineering Task Force in 1998. [more]
Friday, 3 February 2006, 2:42 AM CET

Hiding email addresses and fighting spam
Sarven writes: "I've compiled a list of methods for hiding email addresses from the page source, to rebel against the email spam bots. Each method has its (dis)advantages, therefore I leave it up to the reader to decide which method suits them the most, as there are many factors." [more]
Friday, 3 February 2006, 2:20 AM CET

Security flaws fixed in Firefox update
Secunia rates as "highly critical" the security fixes but Mozilla says there is no known code in circulation that exploits any of the bugs. [more]
Friday, 3 February 2006, 2:15 AM CET

Nineteen accused of digital piracy
Operation Site Down continues to pay dividends for the U.S. Department of Justice. [more]
Friday, 3 February 2006, 2:13 AM CET

Super Bowl security to use sensor fusion to fight WMD threats
As some 65,000 football fans gather at Ford Field in Detroit Sunday for this year’s Super Bowl XL, Michigan National Guard troops will be patrolling the stadium and nearby neighborhoods with handheld computers and special sensors tied together in a uniform system to fight terrorist threats. [more]
Friday, 3 February 2006, 12:42 AM CET

ID theft 'costs UK £1.7bn a year'
Identity fraud is costing the UK an estimated £1.7bn every year, Home Office Minister Andy Burnham has said. [more]
Friday, 3 February 2006, 12:39 AM CET

ID card fears after biometric passport 'cracked' in 2 hours
Plans to bring in ID cards could lead to a massive surge in identity fraud, campaigners warned yesterday. [more]
Friday, 3 February 2006, 12:39 AM CET

Microsoft opens up censored blogs
Recently the software giant faced criticism for removing the blog of Chinese journalist Zhao Jing for writing about sensitive topics. [more]
Friday, 3 February 2006, 12:31 AM CET

Convergence and the rise of botnets
The MessageLabs Intelligence Annual Report provides us with an insight on how cyber criminals worked during the past year. [more]
Thursday, 2 February 2006, 9:01 PM CET

Computer security today: a report from the Infosecurity Europe 2006 press conference
Infosecurity Europe 2006 is just around the corner. Taking place at the Olympia in London 25-27 April 2006, it is the most important gathering of security professionals in Europe. At the press conference in London earlier this week, we were introduced to last year’s statistics as well as information about the 2006 conference with many presentations. [more]
Thursday, 2 February 2006, 9:01 PM CET

UK falls out of spam's 'dirty dozen'
The US still tops the list of the spam-relaying countries, according to a report by Sophos, a provider of integrated threat management products. However, the US has made significant reductions and for the first time accounts for less than a quarter of all spam. [more]
Thursday, 2 February 2006, 1:19 PM CET

The elemental principles of security compliance management
Compliance is a word that is in everyone's thoughts these days. Over the past couple of years, it has most often been used in the same sentence as ‘regulatory.' [more]
Thursday, 2 February 2006, 1:18 PM CET

Web application firewalls critical piece of the app security puzzle
Having a Web application firewall in place can mean the difference between scrambling to fix a vulnerability -- taking an application offline and paying emergency overtime fees for developers and QA staff -- or having the breathing room to repair the vulnerability on your own schedule. [more]
Thursday, 2 February 2006, 1:17 PM CET

Certification: examining the CISA and CISM certifications
The world of certification is no different from that of any other commodity. When a particular certification becomes “popular”, it is usually because the demand for it in the market is high, and thus a person holding it can earn more money. [more]
Thursday, 2 February 2006, 1:15 PM CET

ID fraud overblown, says online banking business
Identity fraud has declined in the last two years, a banking industry-sponsored survey done for the Better Business Bureau (BBB) said Tuesday. [more]
Thursday, 2 February 2006, 1:13 PM CET

Is application security training worth the money?
Software security--sometimes called application security by the myopic--is catching on. That's good because we can certainly use less broken software in the world. [more]
Thursday, 2 February 2006, 1:12 PM CET

Are your servers secure?
Are your servers secure? In a word, No. No machine connected to the internet is 100% secure. This doesn't mean that you are helpless. You can take measures to avoid hacks, but you cannot avoid them completely. [more]
Thursday, 2 February 2006, 1:11 PM CET

Security snafu at Boston Globe exposes subscriber data
An apparent attempt to recycle discarded internal reports has ended up in the compromise of credit card and bank number information belonging to more than 240,000 subscribers of The Boston Globe and the Worcester Telegram & Gazette. [more]
Thursday, 2 February 2006, 12:45 AM CET

Security and compliance: danger lurks for stored data
Today's companies are both highly regulated and highly dependent upon their digital assets. This dual challenge is monumental -- public examples of security breaches are all over the news. [more]
Thursday, 2 February 2006, 12:40 AM CET

EBay Buyers Want What’s In Your Hard Drive
Maybe you should clean out your hard drive before you put it up for sale on eBay. People may want to see what's in it. A researcher suggested on Monday that people search for hard drives with lots of interesting information on hard drives for sale at the online auction house. [more]
Thursday, 2 February 2006, 12:39 AM CET

Symantec Girds For Microsoft's Security Entry
Symantec is anticipating increased competition from Microsoft in 2006, but plans to maintain the company's market position by staying one step ahead of the software giant, said chairman and CEO John Thompson. [more]
Wednesday, 1 February 2006, 7:02 PM CET

Viruses dip slightly in January
The number of email viruses doing the rounds has dropped fractionally, while spam still accounts for almost 90 per cent of traffic, experts say. [more]
Wednesday, 1 February 2006, 7:01 PM CET

Microsoft's OneCare offers malware loophole
The firewall in Microsoft's forthcoming OneCare security suite fails to stop two potentially harmful data streams, security expert Roger Grimes has alleged. [more]
Wednesday, 1 February 2006, 4:27 PM CET

Feature: The Top 10 Infosec Myths
Only by cutting through the hype to separate reality from myth can IT professionals help take their enterprises to the next level. Here are 10 network security myths that bear further examination. [more]
Wednesday, 1 February 2006, 4:25 PM CET

IM is the new threat vector in messaging, says Postini report
Worm attacks over instant-messaging networks increased tenfold in 2005, while e-mail spam remained constant at about 75% to 80% of all messages sent, according to an annual report issued by messaging security service provider Postini on Monday. [more]
Wednesday, 1 February 2006, 4:24 PM CET

Spyware probe couple deported to Israel
Spyware-for-hire suspects Michael and Ruth Haephrati arrived in Israel on Monday to face industrial espionage charges following their extradition from Britain. [more]
Wednesday, 1 February 2006, 4:24 PM CET

Malicious Malware: attacking the attackers, part 1
This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part one of two. [more]
Wednesday, 1 February 2006, 4:23 PM CET

EFF sues AT&T over U.S. wiretapping program
A civil liberties organization filed a class-action lawsuit against AT&T Corp. Tuesday for collaborating with a U.S. National Security Agency (NSA) program to intercept Internet and telephone communications of U.S. citizens without authorization from a court of law. [more]
Wednesday, 1 February 2006, 4:22 PM CET

First reports of Nyxem damage
The destructive deadline of the Nyxem.E worm is based on the clock of the infected machine. So if you're infected and your clock is not set right, things could start to happen at any time - even though the official activation time is the 3rd of the month [more]
Wednesday, 1 February 2006, 4:21 PM CET

Face and fingerprints swiped in Dutch biometric passport crack
Dutch TV programme Nieuwslicht (Newslight) is claiming that the security of the Dutch biometric passport has already been cracked. [more]
Wednesday, 1 February 2006, 4:20 PM CET


Breaking the security of physical devices

Posted on 18 August 2014.  |  In this podcast recorded at Black Hat USA 2014, Silvio Cesare, Director of Anti-Malware Engineering at Qualys, discusses the security measures of a number of household devices and things.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Aug 19th