Off the Wire

Off The Wire Archive

News items for February 2007

Arrests made in Stop & Shop data theft
Employees at one store reported suspicious activity near the cash registers. [more]
Wednesday, 28 February 2007, 8:18 AM CET

Hackers dodge prison in MySpace extortion case
Two hackers who developed and sold code that tracked users of MySpace aimed to make it big by offering their services as high-priced "consultants" after the social networking site sent them a cease-and-desist letter. [more]
Wednesday, 28 February 2007, 7:00 AM CET

Windows Vista Trusted Platform Module Services guide
This guide provides the instructions necessary to use Trusted Platform Module (TPM) services in a test lab environment. [more]
Wednesday, 28 February 2007, 6:30 AM CET

Researcher charts new, more dangerous Oracle attack
The flaw could increase the dangers for unpatched systems. [more]
Wednesday, 28 February 2007, 5:20 AM CET

Study provides insight on hack attacks
While the study concluded with an obvious warning, it is always worth repeating: Computer users should always choose longer, more difficult, and less obvious passwords with combinations of upper and lowercase letters and numbers that are not open to brute-force dictionary attacks. [more]
Wednesday, 28 February 2007, 4:36 AM CET

Software helps VoIP calls traverse Internet firewalls
Eyeball has announced that its "Interactive Connectivity Establishment" (ICE) software now fully supports version 2.0 of CableLabs's PacketCable firewall and NAT traversal specifications. [more]
Wednesday, 28 February 2007, 4:15 AM CET

Windows Genuine Advantage's newest setting: "you might be a pirate"
Windows Genuine Advantage (WGA) is an anti-piracy tool loathed by many, tolerated by some, and even appreciated by others. [more]
Wednesday, 28 February 2007, 4:00 AM CET

Google sharpens malware alerts for webmasters
Points out problematic pages within affected sites. [more]
Wednesday, 28 February 2007, 4:00 AM CET

Hacker breaches T-Mobile systems, reads US Secret Service email
And downloads candid shots of celebrities. [more]
Wednesday, 28 February 2007, 3:27 AM CET

Killing risk, unifying data protection
In IT, it's important to question and reevaluate why we do things. [more]
Wednesday, 28 February 2007, 3:12 AM CET

Why isn’t WPA2 an automatic update?
If you’re using Wi-Fi in your workplace, chances are, you’re using WPA2 security. [more]
Wednesday, 28 February 2007, 3:09 AM CET

How to enable processor-based security
At last PCs operating under Windows have a security level similar to that used by high performance servers. [more]
Wednesday, 28 February 2007, 2:09 AM CET

High expectations and hacking
A recent Forrester Research report found that as far as CEOs are concerned, IT groups perform up to expectations (hooray!), but those expectations are low (boo). [more]
Wednesday, 28 February 2007, 1:45 AM CET

Security flap over support ActiveX controls bug
Flaws in an ActiveX component incorporated in many technical support support packages create a risk of hacking attacks, security watchers warn. [more]
Wednesday, 28 February 2007, 1:33 AM CET

Wireless driving European home security sector
Frost & Sullivan said that the European residential security market, which has "high growth potential", was worth €1.6bn in 2005 and will jump to €2bn by 2012. [more]
Wednesday, 28 February 2007, 1:20 AM CET

A Mac users guide to encrypted email
Encryption can be used to keep the contents of the email safe from prying eyes. [more]
Tuesday, 27 February 2007, 4:09 PM CET

Video: Richard Rushing, AirDefense CSO, on wireless security
At the recent RSA Conference 2007 in San Francisco, AirDefense was doing wireless airwave monitoring. AirDefense found more than half of the 347 wireless devices susceptible to "Evil Twin" types of attacks, combined with some of the latest zero-day attacks. In this 8 minute video you'll get a picture of the wireless (in)security at a show where security professionals meet as well as some advice on how to get more secure. [more]
Tuesday, 27 February 2007, 3:45 PM CET

Staying safe in a WiMax world
History has demonstrated that security is often the last item considered when new technologies make their way to market. [more]
Tuesday, 27 February 2007, 2:44 PM CET

German cops and spooks prep own spyware
Germany's police and secret services are pushing for a legal basis for "online house searches" – carried out without the knowledge of suspects, using spyware similar to a Trojan. [more]
Tuesday, 27 February 2007, 2:38 PM CET

Smart malware injects spam into messages
Trojan scans outgoing messages before embedding spam content. [more]
Tuesday, 27 February 2007, 2:37 PM CET

Three hacker teams unlock the PSP
Computer hackers have scored a victory in their battle against Sony and the way the company controls its PlayStation Portable (PSP) handheld games console. [more]
Tuesday, 27 February 2007, 11:24 AM CET

HNS Podcast: data auditing
In this podcast, he talks about data auditing. You'll learn why data auditing matters, how it works, what you have to look in a data auditing system, how compliance drives data auditing, and much more. [more]
Tuesday, 27 February 2007, 3:41 AM CET

Battle brewing over RFID chip-hacking demo
Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards. [more]
Tuesday, 27 February 2007, 2:20 AM CET

Q&A: Reverse hacker describes ordeal
Sandia put lab's interests over those of the country, security analyst says. [more]
Tuesday, 27 February 2007, 1:45 AM CET

Want to cut the security risks from home offices? Here's how
Most companies still lack policies for virtual offices. Here are some ways to allay the huge data risks they pose. [more]
Tuesday, 27 February 2007, 1:30 AM CET

Is eBay stamp racket the Net's stickiest scam?
It may be the stickiest scam on the Internet — a nine-year saga of deceit that has seen thousands of altered postage stamps sold to unwitting collectors on eBay and other Internet auction sites. [more]
Tuesday, 27 February 2007, 1:21 AM CET

Industrial security - it's not the same as IT security
In the past, equipment control for manufacturing processes on the shop floor tended to be carried out by discrete systems running arcane real time operating systems controlled by proprietary management systems that had no connection through to other systems.
Tuesday, 27 February 2007, 12:15 AM CET

Experts warn of data security 'police state'
Ill-conceived or poorly implemented IT security regimes could leave enterprises struggling to survive within the restrictive confines of an information "police state", experts have warned. [more]
Tuesday, 27 February 2007, 12:10 AM CET

Malaysia cracks down on Internet scam
Several suspected to be involved in a global Internet investment plan. [more]
Tuesday, 27 February 2007, 12:09 AM CET

Three minutes with Sun's security guru
Whitfield Diffie has been credited with making privacy possible in the digital age. [more]
Tuesday, 27 February 2007, 12:06 AM CET

Security fear over wireless broadband
Thousands of consumers who have upgraded to wireless broadband, which lets you access the web anywhere in the home, are leaving themselves vulnerable to fraud. [more]
Tuesday, 27 February 2007, 12:03 AM CET

Strange love for passwords
Frank Hayes is right, sort of. Passwords are a hassle. [more]
Tuesday, 27 February 2007, 12:00 AM CET

DHS biometric program in trouble
A House Appropriations subcommittee and congressional investigators are renewing criticism of the US-VISIT program, a Department of Homeland Security initiative to collect and share biometric-fingerprint and facial data from all foreign visitors to the United States. [more]
Monday, 26 February 2007, 10:23 AM CET

Five mistakes of data encryption
Pitfalls on the path to a "silver bullet". [more]
Monday, 26 February 2007, 10:22 AM CET

Mobile devices expose networks to security threats
Wireless devices have become very advanced and widely used, but are thinly secured, say security experts. [more]
Monday, 26 February 2007, 6:09 AM CET

Interview with Kurt Sauer, CSO of Skype
In this interview Mr. Sauer talks about what's it like to be the CSO of Skype, the technology challenges that Skype faces with the constant evolution of threats, VoIP security in general, and much more. [more]
Monday, 26 February 2007, 1:37 AM CET

TV show delays drive Oz viewers to piracy
Australian TV viewers are waiting longer than ever to view their favourite overseas produced televisions shows, driving them to use BitTorrent and other internet-based peer-to-peer programs to download programmes from overseas, prior to their local broadcast. [more]
Monday, 26 February 2007, 1:36 AM CET

Europe seeks to tighten some online laws
Some European countries are proposing outlawing the use of fake information to open e-mail accounts or set up Web sites, a move intended to help terror investigations but which could face resistance on a privacy-conscious continent. [more]
Monday, 26 February 2007, 1:27 AM CET

Google sees video antipiracy tools as priority
Google, racing to head off a media industry backlash over its video Web site YouTube, will soon offer antipiracy technologies to help all copyright holders thwart unauthorized video sharing, its chief executive said yesterday. [more]
Monday, 26 February 2007, 1:15 AM CET

Computer dangers that lurk within
Keeping computer records safe, avoiding identity theft and preventing spam no longer come down to using cutting-edge technology -- they now involve psychology and the courts, according to local computer security experts. [more]
Monday, 26 February 2007, 1:00 AM CET

Browser vulnerabilities and attacks will continue to mount
Even as software makers add more sophisticated security features to their browsers and rush to patch documented flaws more quickly, experts maintain that holes in the programs will continue to allow for widespread malware attacks. [more]
Monday, 26 February 2007, 12:30 AM CET

Think your social security number is secure? Think again
It should come as little surprise that Social Security numbers are posted on the Internet. But, says Betty Ostergren, a former insurance claims supervisor in suburban Richmond, Va., who has spent years trolling for them, “people are always astounded” to learn that theirs is one of them. [more]
Monday, 26 February 2007, 12:21 AM CET

Can contactless credit cards be hacked? 5 tips to stay secure
Although RFID is still a tough sell to a many people, millions of contactless credit cards have been issued over the past year. [more]
Monday, 26 February 2007, 12:18 AM CET

SWIFT sides with US in data spat with EU
The Belgian firm stuck in the middle of a transatlantic spat over the US infringement of civil liberties by the agents of its war on terror is throwing its lot in with the Americans. [more]
Monday, 26 February 2007, 12:15 AM CET

Hackers are ringing the changes
Data security specialists are warning that hackers and other criminals are turning their attention from personal computers to the new generation of sophisticated mobile phones. [more]
Monday, 26 February 2007, 12:12 AM CET

Diffie: Privacy laws could hurt the little guy
Whitfield Diffie has been credited with making privacy possible in the digital age. As a co-inventor of public key cryptography, he is one of the most respected contributors to the field of computer security and is in constant demand as a speaker. [more]
Monday, 26 February 2007, 12:09 AM CET

Enhanced Windows compliance auditing
The Nessus 3 Direct Feed was updated today with enhanced functionality for Windows compliance checks. [more]
Monday, 26 February 2007, 12:06 AM CET

Congressman wants answers about TSA site
Citing reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline travelers that lacked basic security protections. [more]
Monday, 26 February 2007, 12:00 AM CET

Microsoft's Vista security goal...pie in the sky?
If exec Ben Fathi is wrong, 'they'll rub your nose in it,' says one analyst. [more]
Friday, 23 February 2007, 9:32 PM CET

Fraudsters declare war on anti-scam services
Spammers have been attacking and threatening several of the groups and individuals who have been performing some of the most important work in hobbling online scams, spam and computer viruses. [more]
Friday, 23 February 2007, 9:31 PM CET

The industrious spies
The Web site of GURPS (Generic Universal Role Playing System) lists 18 "state of the art equipments (sic) used for advanced spying". [more]
Friday, 23 February 2007, 5:20 AM CET

RFID chips shrink to powder size
Tiny computer chips used for tracking food, tickets and other items are getting even smaller. [more]
Friday, 23 February 2007, 5:00 AM CET

Nifty shell tricks for new UNIX users
The objective of this tutorial is to show new users how to use and implement many of the shell's methods for providing automation at various levels. [more]
Friday, 23 February 2007, 4:12 AM CET

Fast and secure FTP server with vsftpd in Debian
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. [more]
Friday, 23 February 2007, 3:24 AM CET

Hacking wireless networks with KisMac
How to hack into a WEP protected wireless network using KisMac. You'll think about getting extra security for your wireless network for sure. [more]
Friday, 23 February 2007, 1:09 AM CET

RATs: Remote Access Trojans and how to help avoid them
Remote Access Trojans (RATs) are malicious software programs that criminals can use to control your computer through your Internet connection. [more]
Friday, 23 February 2007, 1:01 AM CET

Man pleads guilty to spreading Trojan via IRC
A Washington-state man pleaded guilty to one felony count of computer fraud relating to charges he spread malware to users of an IRC channel. [more]
Friday, 23 February 2007, 12:54 AM CET

Microsoft starts feeding anti-piracy tool to users in 21 countries
Its Windows Genuine Advantage Notifications software has been revised. [more]
Friday, 23 February 2007, 12:48 AM CET

Mass. bill would make retailers pay for data breaches
Lawmakers in Massachusetts are poised to consider legislation that would force retailers who suffer data breaches to cover the costs associated with any fraud-related losses by their customers. [more]
Friday, 23 February 2007, 12:45 AM CET

Border security virtual fence costs questioned
SBInet project comes under congressional oversight. [more]
Friday, 23 February 2007, 12:36 AM CET

Google sees video antipiracy tools as priority
Google, racing to head off a media industry backlash over its video Web site YouTube, will soon offer antipiracy technologies to help all copyright holders thwart unauthorized video sharing, its chief executive said yesterday. [more]
Friday, 23 February 2007, 12:27 AM CET

Quantum crypto backdoor closed
Cambridge boffins patch photon-splitting vuln. [more]
Friday, 23 February 2007, 12:18 AM CET

Why you should protect your wireless network with WPA
It is easy to break into a WEP protected wireless network using easily available software and find out what a surfer has been up to as well as having access to his computer and his internet connection. [more]
Friday, 23 February 2007, 12:12 AM CET

Elaborate 'pharming' attack targeted 50 banks
To be infected, a user had to be lured to a Web site. [more]
Friday, 23 February 2007, 12:03 AM CET

Malicious hackers or careless users?
There have been numerous unrelated web-sites intrusions lately. [more]
Friday, 23 February 2007, 12:00 AM CET

Jay Bavisi, President of EC-Council, on Ethical Hacking
In this 07:20 video Jay Bavisi talks about ethical hackers, the importance of certification, a new university as well as EC-Council events around the world. [more]
Thursday, 22 February 2007, 5:16 PM CET

CYA security
Since 9/11, we've spent hundreds of billions of dollars defending ourselves from terrorist attacks. [more]
Thursday, 22 February 2007, 4:47 PM CET

Spambusters: war on unsolicited email
Although it lacks the headline impact of the various forms of nakedly malicious cyber crime such as hacking, phishing, identity theft, worms, viruses and denial of service attacks, spam is fast changing its status from that of on-line nuisance to major global menace. [more]
Thursday, 22 February 2007, 4:46 PM CET

Wi-Fi terror menaces Vancouver
International terrorists with a grudge against the winter sports community are believed to be clearing their diaries in preparation for the 2010 Winter Olympic Games, to be held in Vancouver. [more]
Thursday, 22 February 2007, 4:44 PM CET

MSN punts 'scareware'
Microsoft has admitted its Windows Live Messenger client displayed banner ads for several days punting an application blacklisted as a security risk. [more]
Thursday, 22 February 2007, 1:00 AM CET

Read RSS, get hacked
Hackers have found a really simple solution to delivering malware. [more]
Thursday, 22 February 2007, 12:55 AM CET

Security tops managed service investment priorities
Security is the top investment organizations plan to make this year in managed services, with storage, backup and disaster recovery coming in second place, according to survey results released this month by CompTIA, the Computing Technology Industry Association. [more]
Thursday, 22 February 2007, 12:51 AM CET

UK security found wanting
UK business lags behind US on approach to data protection, says survey. [more]
Thursday, 22 February 2007, 12:27 AM CET

OpenSSL gets hard-fought revalidation
OpenSSL is an open source toolkit that allows programs to securely exchange data in the same fashion as proprietary versions of Secure Sockets Layer encryption. [more]
Thursday, 22 February 2007, 12:21 AM CET

Microsoft apologises for serving malware
Microsoft has apologised for serving malware via its websites and Windows Live Messenger software. [more]
Thursday, 22 February 2007, 12:12 AM CET

Cisco says 77 of routers open to 'drive-by pharming'
Cisco is warning users that nearly 80 of its routers are vulnerable to a hack tactic that got play last week. [more]
Thursday, 22 February 2007, 12:06 AM CET

Automated scanners vs. low-hanging fruit
Low-Hanging Fruit (LHF) are vulnerabilities that are easy to find and exploit. [more]
Thursday, 22 February 2007, 12:00 AM CET

Psychology of fraud - today’s issues
On almost any given day, you can find a news story about an employee who has gone bad and has committed some type of fraud. This is a timeless problem known as the insider threat. It’s always been there and it always will be there. Why? Because businesses need to trust their employees in order to stay in business. [more]
Wednesday, 21 February 2007, 2:30 PM CET

Planning for pandemics and other disasters
In the second of our two-part series, Michigan’s CISO discusses planning for pandemics and other natural (and even man-made) disasters. [more]
Wednesday, 21 February 2007, 2:21 PM CET

Setup the SSH server to use keys for authentication
An SSH server can be set up in various ways. [more]
Wednesday, 21 February 2007, 2:17 PM CET

Government backs digital lockdown
The government has rejected a call to ban the digital locks that limit what people can do with the software, music and movies they own. [more]
Wednesday, 21 February 2007, 2:16 PM CET

Man admits sending millions of spam e-mails that offered to steal passwords
A man who flooded e-mail systems with millions of messages advertising software that could steal passwords pleaded guilty to violating a federal anti-spam law. [more]
Wednesday, 21 February 2007, 2:59 AM CET

Windows Live Messenger ads serve up malware
Rogue banner ads slip through safety net. [more]
Wednesday, 21 February 2007, 2:39 AM CET

Spy docs stay sealed for now
A federal judge rebuffed an effort by media organizations, ranging from the Associated Press to Wired News, to unseal whistleblower documents in a civil rights group's case against AT&T for allegedly helping the government's warrantless wiretapping of Americans. [more]
Wednesday, 21 February 2007, 1:48 AM CET

Leahy tries again with data privacy bill
U.S. Sen. Patrick Leahy introduced legislation Tuesday aimed at tightening controls on consumers' personal information, citing recent online security breaches in Vermont and elsewhere that exposed thousands to possible identity theft. [more]
Wednesday, 21 February 2007, 1:36 AM CET

Phishing scam uses Google Maps to locate victims
Account holders with at least two Australian banks have become victims of a phishing scam in which malicious code reveals the physical location of affected IP addresses using Google Maps. [more]
Wednesday, 21 February 2007, 12:36 AM CET

Hacked eBay accounts give rise to conspiracy theories
Eagle-eyed conspiracy buffs have pounced on a recent rash of compromised eBay user accounts as proof of a mile-wide hole in the auctioneer's front lines, giving new life to a theory that could one day rival the intrigue surrounding Roswell UFO crashing and Kennedy assassinations. [more]
Wednesday, 21 February 2007, 12:30 AM CET

Microsoft falls victim to shady 'scareware'
Redmond removes banner ad from Windows Live Messenger for an app that falsely hypes security threats. [more]
Wednesday, 21 February 2007, 12:27 AM CET

Windows Defender spyware-blocking under fire (again)
Microsoft's Windows Defender has once again come under criticism for alleged shortcomings in blocking invasive spyware applications. [more]
Wednesday, 21 February 2007, 12:21 AM CET

Common sense is the best computer security
Now more than ever, the key component of any computer security system is right between your ears. [more]
Wednesday, 21 February 2007, 12:12 AM CET

Snort no fort, could be mugged by bug
The open-source intrusion detection system could be used to run malware. [more]
Wednesday, 21 February 2007, 12:03 AM CET

Microsoft to tighten anti-piracy noose in Vista
In response to "overly optimistic" sales forecasts for its Vista operating system, Microsoft plans to "dial up" the anti-piracy technology built into this latest version of Windows. [more]
Wednesday, 21 February 2007, 12:00 AM CET

DoS attacks deemed illegal in Sweden
Denial of Service attacks (DDoS), where targets are deluged with requests for information, will be made a criminal offence in Sweden from 1 June. [more]
Tuesday, 20 February 2007, 6:48 PM CET

Laptop losses and phishing fruit salad
Dr Neal Krawetz takes a look at the numbers behind reports of laptop thefts and phishing attacks, showing inconsistent metrics and the difficulty in using numbers to determine the real level of threat. [more]
Tuesday, 20 February 2007, 4:13 PM CET

Basic security
I've discovered that there are lots of companies who really have a very limited view of security and who only practice basic security. [more]
Tuesday, 20 February 2007, 4:12 PM CET

Home wireless networks wide open
Half of all home wireless systems open to attack. [more]
Tuesday, 20 February 2007, 12:16 PM CET

Flickr discloses private photos
People started seeing strange photos in place of their own about 1/7th of the time. [more]
Tuesday, 20 February 2007, 12:15 PM CET

Imperfect Storm aids spammers
For 24 hours in mid-January, stock-fraud investigation site StockPatrol disappeared from the internet, overwhelmed by a massive flood of web requests coming from thousands of sources. [more]
Tuesday, 20 February 2007, 12:12 AM CET

What are you doing to stop security saboteurs?
All it takes to sabotage a network is one person. [more]
Tuesday, 20 February 2007, 12:03 AM CET

Crooks behind spam deluge
The Australian Communications and Media Authority has launched a series of investigations into possible breaches of local anti-spamming laws following its successful prosecution of a Perth spammer last year. [more]
Tuesday, 20 February 2007, 12:00 AM CET

HNS Podcast: minimize threats to your organization, data and networks
Andrew White is the Founder, President and Chief Executive Officer of Route1, a provider of security and identity management network solutions. Since enterprises are always under threat, in this podcast Andrew talks about what you can do in order to minimize threats to your organization, data and networks. [more]
Monday, 19 February 2007, 6:19 PM CET

PayPal makes drying up phishing holes a priority
Security exec details steps payment company is taking to stop e-mail scams. [more]
Monday, 19 February 2007, 11:19 AM CET

Set up remote access in UNIX through OpenSSH
Use OpenSSH to provide a secure environment for running a remote terminal. [more]
Monday, 19 February 2007, 5:17 AM CET

Hardware versus software firewalls
According to estimates, an unprotected Windows computer system connected to the Internet could be compromised within twelve minutes. [more]
Monday, 19 February 2007, 4:00 AM CET

PHP hardening patch - Suhosin
PHP has a notorious security history, but web hosts have to provide it. [more]
Monday, 19 February 2007, 3:15 AM CET

Hackers love to vacuum
Chris Hughes has a vision of the future that involves -- finally! -- bringing together hacked game systems, wireless Internet access and clean floors. [more]
Monday, 19 February 2007, 2:30 AM CET

Five things you should know about fighting spam
The battle for your users' e-mail inboxes probably will never end, but it's not a failure of technology. Experienced e-mail and system administrators share the key points they really, really wish you understood. [more]
Monday, 19 February 2007, 2:21 AM CET

Chinese hackers attack 'anything and everything'
At the Naval Network Warfare Command here, U.S. cyber defenders track and investigate hundreds of suspicious events each day. But the predominant threat comes from Chinese hackers, who are constantly waging all-out warfare against Defense Department networks, Netwarcom officials said. [more]
Monday, 19 February 2007, 2:06 AM CET

Video of the RSA security bloggers meetup in San Francisco
Taking a break from the bustle of RSA 2007, some of the best-known security bloggers got together at the Foreign Cinema, a French bistro and movie house in San Francisco, hosted by network security podcaster Martin McKeay. [more]
Monday, 19 February 2007, 2:00 AM CET

High expectations and hacking
A recent Forrester Research report found that as far as CEOs are concerned, IT groups perform up to expectations (hooray!), but those expectations are low (boo). [more]
Monday, 19 February 2007, 1:51 AM CET

State Web site sees security breach
The state Office of Technology has sent letters to 5,600 citizens and businesses notifying them that a security breach at the state Web site allowed a hacker to view their credit card numbers. [more]
Monday, 19 February 2007, 1:45 AM CET

Back up Gmail with fetchmail
While I love the convenience and features of Gmail, I hate that all my messages live on Google's servers. Without a local copy, if I can't get online, or if Gmail has an outage, my email's inaccessible. [more]
Monday, 19 February 2007, 1:03 AM CET

How to disable Windows Defender from starting when Vista boots
Perhaps you prefer to use Ad-Aware and/or Spybot to keep your PC spyware-free. [more]
Monday, 19 February 2007, 1:00 AM CET

Encrypt your web browsing session (with an SSH SOCKS proxy)
You're at an open wireless hotspot, but you don't want to send your web browsing data over it in plain text. Or you want to visit a non-work-approved web page from the office computer without the IT team finding out. [more]
Monday, 19 February 2007, 12:51 AM CET

Princeton professor finds no hardware security in E-voting machine
A Princeton University computer science professor who bought several Sequoia electronic voting machines off the Internet claims he found no hardware security to prevent someone from accessing the technology that controls the vote counting. [more]
Monday, 19 February 2007, 12:45 AM CET

Have you resold your data to crooks?
Meet 'Ted,' 'Betty' and 'Bob' ... even if they don't want to meet you. [more]
Monday, 19 February 2007, 12:30 AM CET

Smokers may be the weak IT security link
U.K. security company warns that smokers leaving open doors could let in intruders. [more]
Monday, 19 February 2007, 12:18 AM CET

Half of pirated Vista is malware
Anyone stealing software less likely to fuss about getting 0wned. [more]
Monday, 19 February 2007, 12:15 AM CET

Handling false positives and creating custom rules
It is inevitable; you will run into some False Positive hits when using web application firewalls. [more]
Monday, 19 February 2007, 12:00 AM CET

Five fixes in latest Apple patch
Apple has issued a security update containing five patches for vulnerabilities disclosed during January's Month of Apple Bugs (MoAB) project. [more]
Friday, 16 February 2007, 3:05 PM CET

Home network security scrutinised
Home computer users who leave default passwords on network hardware unchanged could be at risk from attack say security experts. [more]
Friday, 16 February 2007, 2:57 PM CET

Turks arrest 17 online theft suspects
Gang colluded with Russian hackers, police claim. [more]
Friday, 16 February 2007, 2:56 PM CET

Password malpractice, are you guilty?
The explosion of passwords in today’s enterprise has created a sea of holes in the security infrastructure. [more]
Friday, 16 February 2007, 2:56 PM CET

Russian piracy charges dropped after Gorbachev writes to Gates
School principal may be off the hook after personal appeal. [more]
Friday, 16 February 2007, 3:04 AM CET

DHS nixes use Of RFID in border security program
Technology's performance, accuracy found lacking. [more]
Friday, 16 February 2007, 2:15 AM CET

What would you do first as chief information security officer?
Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. [more]
Friday, 16 February 2007, 2:14 AM CET

Piracy case collapses in Russia
A Russian court has thrown out a criminal case against a rural headteacher accused of using pirated Microsoft software in his school. [more]
Friday, 16 February 2007, 12:36 AM CET

Speed could kill for internet worms
Malicious software could be detected milliseconds after an attack begins. [more]
Friday, 16 February 2007, 12:21 AM CET

The importance of IT security
Security is, without doubt, emerging as one of the most important elements in IT planning and implementation. [more]
Friday, 16 February 2007, 12:12 AM CET

ID theft could incriminate innocent people
Two-year custodial sentence for obtaining personal information introduced. [more]
Friday, 16 February 2007, 12:06 AM CET

A reflection on Vista security
More then a month ago Joanna Rutkowska installed Vista RTM on her primary laptop (x86 machine) and has been running it since that time almost every day. [more]
Friday, 16 February 2007, 12:03 AM CET

Drive-by Web attack could hit home routers
If you haven't changed the default password on your home router, do so now. [more]
Friday, 16 February 2007, 12:00 AM CET

Scanning Ajax for XSS entry points
Ajax code loaded in browser can have entry points to XSS and it is the job of the security analyst to identify these entry points. It is difficult to decisively conclude that possible entry points to an application can be exploited. One may need to do a trace or debug to measure the risk of these entry points. [more]
Thursday, 15 February 2007, 12:45 PM CET

The fact and fiction of camcorder piracy
Internet law professor Michael Geist examines the arguments surrounding camcorder piracy of movies and says facts should be separated from fiction. [more]
Thursday, 15 February 2007, 10:26 AM CET

What firewall rules?
As I prepare to do an audit of my own firewall rules, I'd like to remind everyone that this is a must-do annual exercise for your networks. [more]
Thursday, 15 February 2007, 10:25 AM CET

British hacker fights extradition
A Scot has launched a High Court fight against extradition to the US for allegedly carrying out the "biggest military computer hack of all time". [more]
Thursday, 15 February 2007, 10:21 AM CET

U.S. group wants Canada blacklisted over piracy
A powerful coalition of U.S. software, movie and music producers is urging the Bush administration to put Canada on an infamous blacklist of intellectual property villains, alongside China, Russia and Belize. [more]
Thursday, 15 February 2007, 4:38 AM CET

Security analyst wins $4.3M in suit against Sandia Labs
Shawn Carpenter used his own hacking techniques to probe outside breach. [more]
Thursday, 15 February 2007, 4:37 AM CET

Security worries strike Cisco routers
Software flaw could lead to DoS, unauthorized access. [more]
Thursday, 15 February 2007, 4:33 AM CET

Soft versus hard security
Security is a game of managing risk – pure and simple. [more]
Thursday, 15 February 2007, 4:32 AM CET

Why don't companies buy more secure software?
Balancing security and functionality is nothing new. But is there a way to fairly allocate the security costs to the users who benefit from the functionality? We ask the LinuxWorld OpenSolutions Summit keynote speaker Bruce Schneier. [more]
Thursday, 15 February 2007, 1:20 AM CET

Do you have a mobile security policy?
The cost of those security breaches is high and rising. The Ponemon Institute found that in 2006, data breaches cost an average of $182 per record, up a full 31 percent from 2005. A separate Symantec survey found that the average corporate laptop contains $972,000 worth of data. [more]
Thursday, 15 February 2007, 1:11 AM CET

Nationwide fined for laptop theft
Stolen computer did not contain PINs, passwords, account balance information or memorable data relating to any customers. [more]
Thursday, 15 February 2007, 1:03 AM CET

Sun patches Telnet zero-day pronto
'This ... should not have happened,' says a Sun engineer. [more]
Thursday, 15 February 2007, 12:45 AM CET

Valentine or virus?
It could be a Happy Virus Day for you as virus writers love to take advantage of the blizzard of e-greeting cards swirling around the Internet.
Thursday, 15 February 2007, 12:21 AM CET

The Fear biz is the computer security biz
Scott Granneman looks at the use of fear in computer security, from misleading media reports and gross exaggeration by industry leaders to the use of fear in order to sell new computers and software. [more]
Thursday, 15 February 2007, 12:16 AM CET

Securing Vista: Tips on conducting desktop audits
As one of the main pillars of security, auditing is perhaps the least known and overlooked. [more]
Thursday, 15 February 2007, 12:06 AM CET

Filesystem encryption in mixed environments with TrueCrypt
If you want to encrypt your sensitive files so that no one can access them without your personal password or decryption key, you have several options. But if you want a free, cross-platform, open source encryption application, try TrueCrypt. [more]
Thursday, 15 February 2007, 12:00 AM CET

Biggest threat to corporate information: ignorance
Corporate executives listen up: Valuable company information is getting into the wrong hands. [more]
Wednesday, 14 February 2007, 2:04 PM CET

Vista buffer-overflow vulnerabilities exposed
Microsoft Corp.'s Vista operating system might well be Redmond's most secure client operating environment to date, but that doesn't—and couldn't—mean Vista is completely unassailable. [more]
Wednesday, 14 February 2007, 1:27 PM CET

Crack in Blu-ray, HD DVD encryption gets wider
A poster named arnezami on the Doom9 forums has claimed to have found a method of extracting the Volume ID signatures from both HD DVD and Blu-ray discs, which could make it easier for hackers to extract an unprotected version of the high-resolution video and audio content from store-bought titles. [more]
Wednesday, 14 February 2007, 1:18 PM CET

ID theft: where you live makes a difference, study finds
N.Y., Calif and Nevada are among the riskiest for ID theft. [more]
Wednesday, 14 February 2007, 1:13 PM CET

Federal government inks $44.2 million border security deal
Australia's Department of Immigration and Citizenship (DIAC) has inked a four-year contract worth $44.2 milliion with CPS Systems, a provider of electronic border management solutions. [more]
Wednesday, 14 February 2007, 3:14 AM CET

Solaris telnet vuln solutions digest and network risks
A couple of updates and a summary digest of useful information shared from all around on this vulnerability. [more]
Wednesday, 14 February 2007, 3:14 AM CET

Zero day strikes at Solaris 10
Flawed telnet service exposes servers to attacks. [more]
Wednesday, 14 February 2007, 12:36 AM CET

Extradition appeal hearing starts for UK hacker
McKinnon could face up to 60 years in prison, or Gitmo. [more]
Wednesday, 14 February 2007, 12:27 AM CET

Pirates of the multiplex
Under U.S. pressure, Swedish authorities are going after the popular Pirate Bay Web site for illegal distribution of video files. [more]
Wednesday, 14 February 2007, 12:21 AM CET

New copyright police to increase raids and seizures in UK
The Government will fund 4,500 new copyright police to conduct raids from April. The move comes as the Department of Trade and Industry passes responsibility for copyright enforcement to Trading Standards Officers. [more]
Wednesday, 14 February 2007, 12:18 AM CET

Chinese police arrest eight for computer virus
"Panda Burning Incense" was stinking up PCs. [more]
Wednesday, 14 February 2007, 12:00 AM CET

Interview with Chris Sullo, author of Nikto
Nikto is a very popular open source web application security scanner. In this interview, Chris Sullo discusses his plans, views, and other tools. [more]
Tuesday, 13 February 2007, 5:23 PM CET

Cyber attacks: a real threat for every organization
It is easy to fall into the extremes of either believing that targeted cyber attacks rarely happen, or that it happens to you or your company all the time. The truth is that targeted cyber attacks are used to gain leverage in competitive areas, such as software development, or simply personal relationships. The more competitive advantage you have, the more frequent such attacks are going to be. [more]
Tuesday, 13 February 2007, 5:01 PM CET

Using Tor isn't a crime, but it could be a policy violation
Using Tor (which used to stand for The Onion Router, but is just Tor now) isn't illegal in the US, but in many companies, it's against corporate policy. [more]
Tuesday, 13 February 2007, 4:32 PM CET

Wanted: missing FBI laptops
If you lose your laptop, don't go crying on the shoulder of the Federal Bureau of Investigation. It has its own problems. The agency had at least 160 laptops lost or stolen over the past four years. [more]
Tuesday, 13 February 2007, 4:31 PM CET

DRM in Windows Vista
Windows Vista includes an array of "features" that you don't want. [more]
Tuesday, 13 February 2007, 4:26 PM CET

PayPal introduces security token
Online finance service PayPal, which is used by many people on eBay to pay for items, is introducing a security token to tackle fraud. [more]
Tuesday, 13 February 2007, 4:24 PM CET

Cybercrime calculator targets hackers, terrorists
The University of New Hampshire has unveiled a tool for gauging the level of threat any would-be attacker poses to the energy, emergency response or other sectors of the US economy and infrastructure that rely heavily on IT and networks. [more]
Tuesday, 13 February 2007, 4:22 PM CET

Welcome new CISAs and CISMs, or not
Newly certified? Didn't make the cut? Either way, here's what to do. [more]
Tuesday, 13 February 2007, 4:19 PM CET

IE and Firefox cough up hard drive contents
The latest versions of Internet Explorer and Firefox on Windows and (in the case of Firefox) Unix systems are vulnerable to attacks that could reveal the contents of sensitive files residing on a victim's hard drives. [more]
Tuesday, 13 February 2007, 4:18 PM CET

PCI Security Standard struggles to get full credit
Judging by the buzz at last week’s RSA Conference 2007 here, few data security standards have attracted as much attention — or generated as much angst — inside IT departments as the one being pushed by Visa U.S.A. Inc., Master�Card International Inc. and other credit card companies. [more]
Tuesday, 13 February 2007, 4:17 PM CET

Linux vs. Vista: how does security stack up?
For consumers looking to boost their computers' security, is Vista the way to go? Or can Linux provide greater protection from hacker attacks? [more]
Tuesday, 13 February 2007, 4:07 PM CET

Asian firms held back by virus fears
Malware is seen as the greatest threat by executives at small and medium sized businesses in the Asia-Pacific region, according to a survey published this week. [more]
Tuesday, 13 February 2007, 4:06 PM CET

Internet safety group broadens mission
The explosion of social networking sites such as and Second Life, along with free video sharing sites like, is making it increasingly difficult to protect children surfing the Internet, says Stephen Balkam, who founded a voluntary Web site rating system seven years ago. [more]
Tuesday, 13 February 2007, 4:06 PM CET

Keeping secrets from web spies
Picking a password is a tricky business. And the temptation is to go for something that is easy to remember like our partner's birthday, a pet's name, or a film star. [more]
Tuesday, 13 February 2007, 4:02 PM CET

Google reportedly helped film pirates
Major studios charge Google suggested keywords such as 'bootleg movie download,' and 'pirated.' Search engine execs pledge reform. [more]
Tuesday, 13 February 2007, 4:02 PM CET

Viruses 'have hit most mobile operators'
Mobile operators are starting to feel the pinch from viruses resulting from the increasing use of emails and internet browsing on cellphones, according to an industry study published today. [more]
Tuesday, 13 February 2007, 3:57 PM CET

How does the hacker economy work?
It's a murky world of chat rooms, malware factories, and sophisticated phishing schemes. Here's a look inside. [more]
Tuesday, 13 February 2007, 3:45 PM CET

Cell phones: the new phish food
Last year, we started to see cases of voice phishing or "vishing" attacks. That's when bad guys send e-mails urging people to call an automated 1-800 number that prompts callers to enter their credit card data. [more]
Friday, 9 February 2007, 7:37 PM CET

OpenSSL gets hard-fought revalidation
The Open Source Software Institute (OSSI) has announced that OpenSSL has regained its FIPS 140-2 validation and is now available for download. [more]
Friday, 9 February 2007, 7:36 PM CET

New cybersecurity chief lays out guidance
Garcia's first RSA address outlines two priorities for 2007. [more]
Friday, 9 February 2007, 7:33 PM CET

Verizon Business: real time customizable network-based Firewall
Michael Marcellin, the Executive Director for IP & Ethernet Networking for Verizon Business, announces the launch of the first network-based firewall that can be customized in real time, adding the ability to control traffic through business networks, with a simple web-based GUI. [more]
Friday, 9 February 2007, 2:55 AM CET

Two security holes found in Firefox web browser
Two flaws found in the Firefox web browser could result in users exposing sensitive information to malicious attackers, according to a computer security company. [more]
Friday, 9 February 2007, 2:45 AM CET

A dozen patches expected from Microsoft next week
Microsoft said that it plans to release at least a dozen patch bundles next Tuesday to plug security vulnerabilities in its Windows operating systems and other software. [more]
Friday, 9 February 2007, 2:00 AM CET

Do you have a mobile security policy?
It’s a problem so pervasive that some IT managers have started calling it the “After-Christmas Syndrome”: every January and February, workers who received new gadgets flood IT departments with requests for network access. [more]
Friday, 9 February 2007, 1:45 AM CET

Number of people stopped by New York Police soars
The New York Police Department released new information yesterday showing that police officers stopped 508,540 individuals on New York City streets last year — an average of 1,393 stops per day — often searching them for illegal weapons. [more]
Friday, 9 February 2007, 1:21 AM CET

A new secure hash standard
The U.S. National Institute of Standards and Technology is having a competition for a new cryptographic hash function. [more]
Friday, 9 February 2007, 1:00 AM CET

An American Idol for crypto geeks
The U.S. National Institute of Standards and Technology is having a competition for a new cryptographic hash function. [more]
Friday, 9 February 2007, 12:36 AM CET

Pompous and overbearing are not attributes that suit security professionals
Have you run across those people who are experts in their field and feel the need to let everyone else know when they are wrong? [more]
Friday, 9 February 2007, 12:20 AM CET

Trend Micro patches anti-virus scanner
The scanning engine, used in virtually all of its products, has a critical flaw. [more]
Friday, 9 February 2007, 12:15 AM CET

Securing the Hardware Management Console
Get step-by-step instructions for things you should do during installation of the Hardware Management Console (HMC), measures you can take after installation, and maintenance guidelines to ensure that a secure system stays secure. [more]
Friday, 9 February 2007, 12:00 AM CET

US Disease Control website catches malware cold
Officials at the US Centers for Disease Control were left dealing with a different kind of outbreak last week after hackers planted a virus on the agency's website. [more]
Thursday, 8 February 2007, 9:45 PM CET

Keeping up with polymorphic worms and botnets
A bot in crimeware terminology is a compromised machine. The bot herders assemble this botnet of compromised machines and sell it to what are called the fraudsters. [more]
Thursday, 8 February 2007, 9:45 PM CET

US Senate introduces strong privacy bill
US Senators yesterday introduced a bill that better protects the privacy of citizens’ personal information in the face of data security breaches across the country. [more]
Thursday, 8 February 2007, 9:43 PM CET

Hackers attack every 39 seconds
Hackers attack computers every 39 seconds, according to new research. [more]
Thursday, 8 February 2007, 9:39 PM CET

Enhance security with file encryption tools
System-wide security solutions such as SELinux, AppArmor, Bastille and grsecurity can, in most cases, make your Linux desktop more than reasonably secure. But there are still cases where file or directory encryption is necessary. [more]
Thursday, 8 February 2007, 9:39 PM CET

Johns Hopkins alerts patients, employees to data loss
Backup tapes with personal data on more than 135,000 Johns Hopkins patients, employees and retirees were lost by a contractor and are believed to have been destroyed, the hospital and university said Wednesday. [more]
Thursday, 8 February 2007, 1:42 AM CET

UK researchers hack chip and PIN security
Two UK-based researchers demonstrated this week how to hack a security scheme in which a customer must enter a four-digit code for credit or debit card transactions. [more]
Thursday, 8 February 2007, 1:15 AM CET

Bush's 2008 IT budget focuses on cybersecurity
In the wake of government data breaches, the OMB seeks to increase funding for several departments and better fight internal breaches as well as outside threats. [more]
Thursday, 8 February 2007, 1:08 AM CET

High security for $100 laptop
The One Laptop Per Child project, which proposes to give every child in the developing world a computer of his own, dazzled fans with the unveiling of its little green "$100 laptop" in November 2005. [more]
Thursday, 8 February 2007, 1:02 AM CET

Advanced Nessus 3 WMI checks against Windows Systems
Tenable Network Security has recently added the ability to query remote Windows systems via the Windows Management Instrumentation (WMI) protocol. [more]
Thursday, 8 February 2007, 12:59 AM CET

UK to jail privacy violators
In a move to crack down on the illegal trade in personal information UK courts will soon start jailing people who trade in, or deliberately misuse, the personal data of others, according to the Department for Constitutional Affairs. [more]
Wednesday, 7 February 2007, 8:31 PM CET

New Vista firewall fails on outbound security
Preston Gralla discovers it's impossible to practically configure outbound filtering. [more]
Wednesday, 7 February 2007, 8:30 PM CET

When security companies fail
Security Fix has long pontificated on the necessity of Microsoft Windows users setting up their machines to run under "limited user" accounts. It is considered a fairly effective method for warding off spyware and virus infections on your average Windows PC. [more]
Wednesday, 7 February 2007, 6:05 PM CET

Warning over ePassport microchips
Microchips in Britain's new ePassports only have two-year warranties, a National Audit Office report says. [more]
Wednesday, 7 February 2007, 5:44 PM CET

Study: Weak passwords really do help hackers
Four computers left online for 24 days were hit by 270,000 hacking attempts. [more]
Wednesday, 7 February 2007, 6:04 AM CET

A hacker's-eye view of Nokia's N800 Internet Tablet
This detailed, hands-on review examines Nokia's Linux-based N800 Internet Tablet first as a consumer electronics device, and then as a platform for open source software development. [more]
Wednesday, 7 February 2007, 6:00 AM CET

The psychology of security
Security is both a feeling and a reality. And they're not the same. [more]
Wednesday, 7 February 2007, 3:07 AM CET

Httprint vs. ModSecurity
There was a great email posted to the ModSecurity user mail-list today that asked about ModSecurity's ability (or inability) to trick web server fingerprinting tools such as HTTPrint. [more]
Wednesday, 7 February 2007, 3:03 AM CET

Microsoft warns Excel users of zero day attacks
Following reports of zero day attacks, Microsoft has alerted Excel users to use caution when opening or saving file attachments. [more]
Wednesday, 7 February 2007, 2:57 AM CET

Open vs. closed
There is no better way to start an argument among a group of developers than proclaiming Operating System A to be "more secure" than Operating System B. [more]
Wednesday, 7 February 2007, 2:55 AM CET

Hackers attack key net traffic computers
Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002. [more]
Wednesday, 7 February 2007, 2:55 AM CET

IT man’s licence to hack
Matthew Parker, from the technology security and risk services team, has passed the EC Council exam. [more]
Wednesday, 7 February 2007, 2:54 AM CET

Gorbachev asks Microsoft for leniency in piracy case
Microsoft is sidestepping an appeal from a former leader of the Soviet Union to intervene in a piracy case involving a school principal. [more]
Wednesday, 7 February 2007, 2:53 AM CET

New phishing technique discovered
A new ‘undetectable’ phishing tactic has been hijacking the web pages of a major UK bank, according to security vendor Envisional. [more]
Wednesday, 7 February 2007, 2:51 AM CET

U.K. big business fails to destroy old data
U.K. businesses are failing to remove sensitive data from old PCs. The contents of such systems remain available to whoever buys them secondhand, according to a survey released Tuesday by Pointsec Mobile Technologies. [more]
Wednesday, 7 February 2007, 2:50 AM CET

Gates: protect Windows Vista users with IP
Improved technology and design alone will not be enough to keep Windows Vista and Office 2007 users safe from hackers and identity thieves, according to Bill Gates. [more]
Wednesday, 7 February 2007, 2:47 AM CET

US ID theft losses decline
US identity theft losses dropped 11.5 per cent last year to $49.3bn, according to a new study. [more]
Tuesday, 6 February 2007, 5:19 AM CET

Study: Users ignore bank security features
Users of online banking sites tend to bypass critical clues that the integrity of those sites may have been compromised, according to the working draft of a study released on Sunday by researchers at Harvard University and the Massachusetts Institute of Technology. [more]
Tuesday, 6 February 2007, 5:00 AM CET

Malicious JavaScript code detected on Super Bowl-related sites
Security experts are finding an increasing number of Web sites hosting malicious JavaScript code first detected on Super Bowl-related sites last week. [more]
Monday, 5 February 2007, 5:53 PM CET

The future of personal security
High-tech security isn't just for the airport anymore. Advances now coming out of the labs will help protect what's dear to you, from your car to your kids, your dinner to your dinero. [more]
Monday, 5 February 2007, 5:51 PM CET

Hackers' infections slither onto Web sites
It was the year when cybercriminals targeted everything from MySpace to Wikipedia. Even a Web site maintained by a Kentucky Boy Scout troop wasn't safe for casual browsing. [more]
Monday, 5 February 2007, 5:50 PM CET

German court bans police from spying on PCs
Germany's High Court has handed down a landmark decision banning police from installing spyware on computers of suspected criminals without their knowledge. [more]
Monday, 5 February 2007, 5:49 PM CET

Windows 'fails' active virus test
Security tools that work with Windows Vista have failed tests to see if they can detect viruses circulating online. [more]
Monday, 5 February 2007, 5:48 PM CET

Microsoft Chief Security Advisor discusses security challenges and Windows Vista
Last week in London at the Infosecurity press conference, Ed Gibson, the Chief Security Advisor, shared his views on the security challenges the Redmond giant is tackling at the moment, and emphasized the positive turn they are taking with the just released Windows Vista. [more]
Monday, 5 February 2007, 2:45 AM CET

Windows Vista's hyped security will be tested
Hackers are off trying to find vulnerabilities in Vista, putting to test Microsoft's claim that it's the most secure Windows OS ever. [more]
Monday, 5 February 2007, 1:27 AM CET

Recent security breaches have state cracking down
Last year, it was a Vermont State College laptop that was stolen. Last month, it was sensitive information posted on a state web site. Last week, it was a state computer that had been compromised. [more]
Monday, 5 February 2007, 1:21 AM CET

Are hackers gaining ground in malware wars?
While hacking used to be about kids defacing Web sites or sending out viruses just to see the effect, most of today's Web attacks are designed to avoid attention and generate profits. [more]
Monday, 5 February 2007, 1:00 AM CET

Too much secrecy helps terrorists
CSIS: Overreacting to risk means we're 'giving in to fear'. [more]
Monday, 5 February 2007, 12:45 AM CET

Your wireless network exposed
Eugene Brumley goes to the coffee shop, whips open his laptop and logs on to free wireless internet, not worried about a thing. [more]
Monday, 5 February 2007, 12:21 AM CET

Malware attacks getting much worse
Hacks and attacks on our PCs are getting worse, not better. [more]
Monday, 5 February 2007, 12:15 AM CET

Hackers commit offsides hit
Dolphins' Web sites hacked in advance of Super Bowl. [more]
Monday, 5 February 2007, 12:09 AM CET

Interview with Mads Lillelund, CEO of Bluesocket
In this interview Mr. Lillelund discusses wireless security, the development of wireless networks, the dangers posed by mobile devices, and more. [more]
Monday, 5 February 2007, 12:06 AM CET

Computer security in 2007: a report from the Infosecurity Europe press conference
The main topics at this year's gathering of IT security professionals will be: wireless security, ID management, remote security, telecoms security and insider threats. [more]
Saturday, 3 February 2007, 6:19 PM CET

Microsoft downplays Vista voice recognition
Microsoft has acknowledged a clever person might be able to remotely exploit the voice recognition features of the new Vista operating system to gain access to a PC, but a company representative downplayed the seriousness of the problem. [more]
Friday, 2 February 2007, 9:04 PM CET

Kaspersky offers anti-virus for mobiles
The new Anti-Virus Mobile software will cover Windows Mobile and Symbian phone and be officially launched next week at the RSA Conference 2007 in San Francisco. [more]
Friday, 2 February 2007, 1:48 PM CET

Screenshot Tour: How to crack a Windows password with Ophcrack Live CD
Extremely impressed at the ease and speed with which the Ophcrack Live CD cracked my Windows admin password when I tested it out a few weeks ago, I thought it might be useful to throw together a quick guide detailing how to use this powerful little utility. [more]
Friday, 2 February 2007, 1:46 PM CET

German police again the target of cybercrime
Spam e-mail allegedly sent by the police office is making the rounds in the German-speaking region of Europe. [more]
Friday, 2 February 2007, 1:45 PM CET

Inside the ISS X-Force
When the sensors feeding into Internet Security Systems' Global Threat Operations Center detected a new XML HTTP vulnerability early last November, attacks exploiting that vulnerability already were occurring across the Internet. [more]
Friday, 2 February 2007, 1:40 PM CET

Steal this download
Investigative reporter Kim Zetter spent a year probing the life of David Thomas, a high-tech grifter who became an FBI asset. [more]
Friday, 2 February 2007, 1:40 PM CET

Vista encryption 'no threat' to computer forensics
Security advances in Windows Vista are unlikely to frustrate cybercrime investigation, according to a leading computer forensics firm. [more]
Friday, 2 February 2007, 1:39 PM CET

Study: ID fraud in decline
Despite high-profile data breaches, identity fraud may be on the decline, according to a study released on Thursday. [more]
Friday, 2 February 2007, 1:38 PM CET

UDP service and vulnerabiltiy enumeration
This blog entry discusses UDP port scanning, active services enumeration and passive network monitoring to identify UDP services and vulnerabilities. [more]
Friday, 2 February 2007, 1:37 PM CET

Free online AV scanners
Someone was asking about this list, and I pulled up a more complete list than the Yahoo! “Online Virus Scanners” directory entry. [more]
Friday, 2 February 2007, 1:37 PM CET

Four laws Congress needs to pass now to boost computer security
Even though we have a new Congress, I doubt that much will change with regard to computer security. [more]
Thursday, 1 February 2007, 7:33 PM CET

Unveiling A National Cyber Alert System
The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS) unveiled the National Cyber Alert System, an operational system delivering to Americans timely and actionable information to better secure their computer systems. [more]
Thursday, 1 February 2007, 7:32 PM CET

Making Apache httpd logs more useful
No doubt you're already aware of the standard logfiles that Apache httpd creates for you. There's the access log, which tells you every time a request is made to your server. [more]
Thursday, 1 February 2007, 7:32 PM CET

Microsoft ships SSL VPN software
Microsoft Corp. has introduced a new product combining the Whale Communications virtual private networking (VPN) software it bought last year with the latest version of its Internet Security and Acceleration Server (ISA Server), the company said Wednesday. [more]
Thursday, 1 February 2007, 7:31 PM CET

'Contact us' attack takes out mail servers
The "contact us" feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers, according to UK-based security consultancy SecureTest. [more]
Thursday, 1 February 2007, 7:30 PM CET

Vista has speech recognition hole
Microsoft has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders. [more]
Thursday, 1 February 2007, 7:30 PM CET

Video demonstration of Haxdoor.KI trojan and F-Secure Internet Security 2007
Today we have some video demos of Haxdoor.KI and F-Secure Internet Security 2007 with DeepGuard technology. [more]
Thursday, 1 February 2007, 7:29 PM CET

Progress of UK MPS e-crime strategy
The Metropolitan Police Service (MPS) is currently subject to a Metropolitan Police Authority (MPA) scrutiny on e-crime (now nationally referred to as ‘e-crime’). [more]
Thursday, 1 February 2007, 12:52 PM CET

UK bank exposes details of 75,000 accounts
An Aberdeen woman found a novel way to receive highly confidential information on 75,000 clients of the Halifax Bank of Scotland (HBOS): she simply requested her statement. [more]
Thursday, 1 February 2007, 12:51 PM CET

Trade group gives Feds low cybersecurity grade
The Cyber Security Industry Alliance has given the U.S. government D grades on its cybersecurity efforts in 2006, and renewed its call for Congress to pass a comprehensive data protection law in 2007. [more]
Thursday, 1 February 2007, 12:47 PM CET

Book review: WarDriving and Wireless Pen Testing
WarDriving and Wireless Penetration Testing is perfect for those who have never done this type of auditing/testing before, and it also serves as a great reference book for those more experienced pen-testers who may need to look some specific item up once in a while. [more]
Thursday, 1 February 2007, 12:46 PM CET

PayPal tackles UK phishing concerns
Online payment broker PayPal is to offer a two-factor authentication system to UK customers before the end of the year. [more]
Thursday, 1 February 2007, 12:45 PM CET

IE ripe for attack, despite Microsoft claims
Windows Vista may be "dramatically more secure" than Windows XP but Internet Explorer is destined to remain Windows' Achilles' heel. [more]
Thursday, 1 February 2007, 12:45 PM CET

Kaspersky seeks help from international police to fight cybercrime
Kaspersky Lab Thursday will acknowledge that cybercriminals have the upper hand and cooperative international policing is needed to protect honest users. [more]
Thursday, 1 February 2007, 12:44 PM CET

Vista DRM broken already?
Two controversial aspects of Microsoft's Vista were conspicuous by their absence at yesterday's launch event - neither digital rights management nor the way Microsoft will shut down or reduce the functionality of software it considers to be an illegal copy were mentioned. [more]
Thursday, 1 February 2007, 12:43 PM CET

A day in the life of an information security investigator
Here's a question that I get all of the time: "How do most IT departments screw up information security investigations?" [more]
Thursday, 1 February 2007, 12:41 PM CET

Kenya: We have hacked al-Qaida laptop
Kenyan authorities say they have cracked the password on a laptop computer belonging to one of the most wanted al-Qaida suspects in Africa. [more]
Thursday, 1 February 2007, 12:34 PM CET

What's your password Mr. Gates?
Bill Gates took some ribbing from "The Daily Show with Jon Stewart" host Stewart, who opened the interview by noting the last major release of Microsoft's Windows operating system came in 2001. [more]
Thursday, 1 February 2007, 12:31 PM CET

Microsoft's top three Vista security features
Microsoft finally rolled its Vista operating system out the door billing it as its most secure operating system ever, but what are the security features that will really matter to enterprise users? [more]
Thursday, 1 February 2007, 12:29 PM CET

Staying updated on security Q&A
Q. Why does Windows say my antivirus program is out of date when I just recently installed it? [more]
Thursday, 1 February 2007, 12:29 PM CET


Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Aug 21st