Off the Wire

Off The Wire Archive

News items for March 2003

HNS Software Contest - Panda Antivirus Platinum
A little effort can get you some free antivirus software. What more could you ask for? Come get some! [more]
Monday, 31 March 2003, 4:39 PM CET

Interview with Lisa Yeo
The author of "Personal Firewalls for Administrators and Remote Users" talks about her book and firewalls in general. [more]
Monday, 31 March 2003, 3:30 AM CET

The Case For Secure Email
This non-technical article is designed to educate you about how email really works, what the real security issues are, what the solutions are, and how you can mitigate your exposure to these security risks. [more]
Monday, 31 March 2003, 3:29 AM CET

HNS Newsletter Issue 155 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is brought to you by Surfcontrol. Stop Spam Now - Free SurfControl E-mail Filter Trial. [more]
Monday, 31 March 2003, 3:24 AM CET

Using PowerDNS
This article covers some of the basics of using PowerDNS and its Web-based front-end PowerAdmin. [more]
Monday, 31 March 2003, 3:17 AM CET

Crackers strike Georgia Tech computer, gain credit card data
Crackers invaded a computer at Georgia Tech and copied names, addresses and - in some cases - credit card information for 57,000 patrons of the Ferst Center for the Arts. [more]
Monday, 31 March 2003, 3:15 AM CET

Big Brother Is Watching You Shop
Commercial databases, such as credit card records, grocery purchases and hotel bills, are the latest pool of information the government says it has a right to collect. [more]
Monday, 31 March 2003, 3:14 AM CET

HNS Book Giveaway Winners
Six lucky winners have been chosen, each one gets a book. [more]
Monday, 31 March 2003, 2:45 AM CET

Sendmail Critical Security Problem
Sendmail urges all users to either upgrade to sendmail 8.12.9 or apply a patch. [more]
Sunday, 30 March 2003, 3:08 AM CET

How to Secure your Teleworkers with a VPN
Many fear that the move towards teleworking and the change of the enterprise network from a closed, protected architecture to an open, Internet-based system leaves a lot of questions unanswered. [more]
Friday, 28 March 2003, 2:30 PM CET

"Hacking Web Applications" Training
White Hat Security announced a two day training session, dealing with topics related to hacking Web applications. [more]
Friday, 28 March 2003, 1:30 PM CET

A spam fighter's work is never done
Suresh Ramasubramanian's job is to stop junk e-mail from ever getting to your in box. But for every spammer he blocks, a dozen more rise up. [more]
Friday, 28 March 2003, 12:50 PM CET

Incident Response Tools For Unix, Part One: System Tools
This article is the first in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. [more]
Friday, 28 March 2003, 12:41 PM CET

What's So Free About This DVD?
A documentary filmmaker who labored for years on a film about open-source software programmers, releases it on DVD without any copyright protection. He hopes people won't pirate it. [more]
Friday, 28 March 2003, 12:40 PM CET

Wartime Internet Security Is 'Business as Usual'
The Feds warned that the Iraq war may prompt crackers to attack. But Internet security firms aren't changing their standard procedures to accommodate the higher threat level - because for them, vigilance is par for the course. [more]
Friday, 28 March 2003, 12:34 PM CET

EU to unify e-crime rules
To deter online attacks, forthcoming regulations will require EU states to harmonise anti-hacking laws and hand out custodial sentences for serious offences. [more]
Friday, 28 March 2003, 12:13 PM CET

Don't dismiss possibility of malicious code on Linux
With Linux source code open to inspection, someone could remediate dangerous vulnerabilities to be exploited by malicious code. [more]
Friday, 28 March 2003, 12:07 PM CET

Protect Your PC For Free! No More Excuses!
With the resurgence of several email viruses and the proliferation of new ones, your computer faces more problems. Michael Oliveri addresses the things you can do to protect your system as a whole. [more]
Thursday, 27 March 2003, 3:55 PM CET

Spam Checklist - April Fool's Day is Approaching
As April Fool's day is less then a week away, Clearswift is advising organizations to take great care of spam emails that traditionally use this day as a "firestarter". Here's a checklist that can help. [more]
Thursday, 27 March 2003, 3:50 PM CET

Reactivity XML Firewall Tackles Costs of Securing XML
Reactivity, Inc. recently introduced Reactivity XML Firewall, a network security appliance designed to protect new-generation applications, while tackling the operating costs of securing XML and Web services. [more]
Thursday, 27 March 2003, 3:49 PM CET

Security - still in its infancy
How immature is the IT security market? And what would it look like if it grew up? [more]
Thursday, 27 March 2003, 2:38 PM CET

IBM Security Executive Is Father of Accused "Hacker"
Loren Anderson, a 17-year-old accused of identity theft and fraud, is the son of a computer security executive at IBM. [more]
Thursday, 27 March 2003, 2:37 PM CET

Why the Dogs of Cyberwar Stay Leashed
The United States could try out its much-hyped "cyberwarfare" capabilities in Iraq... but it would probably be illegal. [more]
Thursday, 27 March 2003, 2:35 PM CET

DoJ investigates Network Associates
The US Department of Justice will join an ongoing Securities and Exchange Commission investigation into Network Associates' accounting practices. [more]
Thursday, 27 March 2003, 12:40 PM CET

How Antispam Software Works
You're getting more junk e-mail than ever? You can take comfort in the fact that so is everyone else. Or you can do something about it. [more]
Thursday, 27 March 2003, 12:27 PM CET

Commuters hack wireless networks
Wireless hacking is most likely to occur during the rush hour, a survey has found. [more]
Thursday, 27 March 2003, 12:19 PM CET

Too cool for secure code
Until Unix and Linux programmers get over their macho love for low-level programming languages, security holes will continue to flow freely. [more]
Thursday, 27 March 2003, 11:57 AM CET

Scam casts doubt on eBay's anti-fraud software
Robert Beck suspended his distrust of online auctions and went for a top-of-the-line speaker system. He cast a winning bid of $1,900, paid by credit card and waited for his first eBay purchase. [more]
Thursday, 27 March 2003, 11:51 AM CET

How to Make Wireless Networks Secure
Physical wires turn out to be one of the primary obstacles to attackers looking to hack their way onto a LAN. The chief concern in migrating to WLAN access is security. [more]
Wednesday, 26 March 2003, 5:15 PM CET

Interview with Scott Mann
One of the authors of "Linux System Security: The Administrator's Guide to Open Source Security Tools, 2/e" talks about his book and Linux in general. [more]
Wednesday, 26 March 2003, 1:14 PM CET

Strix Systems Announces Secure Wireless LAN System
Built on distributed intelligence, routing and switching, the company's wireless LAN system dynamically self-discovers, self-tunes for ideal operation and finally self-heals to maintain full network coverage. [more]
Wednesday, 26 March 2003, 5:07 AM CET

Defense, NSA move on 'open source' software development
A senior research scientist at NSA, said that in spite of complaints from proprietary software vendors, the agency is continuing to improve its Security Enhanced Linux. [more]
Wednesday, 26 March 2003, 5:03 AM CET

Information security too important for IT
A new report from Henley Management College has found that few companies are giving security the board level attention it deserves, even though it is becoming an increasingly important corporate issue. [more]
Wednesday, 26 March 2003, 3:13 AM CET

Virus Hoaxes and the Real Dangers They Pose
This article offers a brief overview of virus hoaxes, how users can spot them, and how they can protect themselves against them. [more]
Wednesday, 26 March 2003, 1:20 AM CET

Are Wireless Networks Secure Yet?
Once vendors and standard-setters solve the encryption and authentication problems facing WLANs, they will be able to attack new areas of network management. [more]
Wednesday, 26 March 2003, 1:12 AM CET

English Al-Jazeera Website attacked
Arab satellite TV network Al-Jazeera launched an English-language website that was hit with a DoS attack. [more]
Wednesday, 26 March 2003, 1:03 AM CET

Blair Tagged as Privacy Threat
A U.K. civil liberties group announces its annual Big Brother awards for the people and companies who represent the country's biggest threats to privacy. The winners include British Prime Minister Tony Blair. [more]
Wednesday, 26 March 2003, 1:01 AM CET

Cheap Keycorp smartcard launched
Smartcard developer Keycorp and MasterCard International have announced an affordable, high security smartcard, to address escalating debit and credit card fraud. [more]
Wednesday, 26 March 2003, 12:56 AM CET

Interview with Chris Negus
The author of "Red Hat Linux 8 Bible" talks about his book and Linux in general. [more]
Tuesday, 25 March 2003, 2:33 PM CET

Three-Day Virtual Conference
A trio of security experts will participate in multiple panel discussions ranging from remote access deployments to VPN and Web application security. [more]
Tuesday, 25 March 2003, 1:43 PM CET

Keep pace with WLAN security developments
Wireless security is a complicated topic, and one that requires much education and know-how. Unfortunately, this education is largely lacking, according to experts. [more]
Tuesday, 25 March 2003, 1:26 PM CET

Anti-war hackers strike the US Navy
Virus writer and hacker activity has stepped up dramatically since the coalition armed forces started their war against Iraq. [more]
Tuesday, 25 March 2003, 3:03 AM CET

IT meltdown tops fear poll
UK firms are more worried about losing IT capacity than people in the event of a terrorist attack, a survey has found. [more]
Tuesday, 25 March 2003, 3:02 AM CET

Is SSL safe?
Czech security researchers this week claimed to have uncovered weaknesses in SSL that might permit crackers to decypher transmissions over supposedly secure links. [more]
Tuesday, 25 March 2003, 2:05 AM CET

Microsoft Asks Colleges to Teach Hacking
Students will learn how to hack into software and fix its bugs. [more]
Tuesday, 25 March 2003, 1:52 AM CET

Security Specs in the Works
Now that the federal government has shown its cards on the issue of Internet security, a newly formed task force of security company executives is planning a response. [more]
Tuesday, 25 March 2003, 1:37 AM CET

Hotmail restricts outgoing messages
Microsoft’s MSN Hotmail, a free Web-based e-mail service, has tightened restrictions on daily outbound messages sent by subscribers, a tactic it says will help curb spam. [more]
Tuesday, 25 March 2003, 1:34 AM CET

New LovGate Worm Variant Intercepted
According to the copies Message Labs came across, the file attachment is written in Microsoft Visual C/C++ and is compressed using ASPack. The size of the attachment is 107,008 bytes. [more]
Monday, 24 March 2003, 7:47 PM CET

Verio Announces Customer VPN Service
Verio, a leader in global IP solutions and the world's largest Web hosting provider, today introduced a completely managed customer premise equipment based Virtual Private Network service. [more]
Monday, 24 March 2003, 6:28 PM CET

HNS Book Giveaway
We are giving away 3 copies of "A Practical Guide to Red Hat Linux 8" and 3 copies of "The Complete Linux Shell Programming Training Course". Want some knowledge? [more]
Monday, 24 March 2003, 6:02 PM CET

Don’t Take Code Red Lightly
This paper analyzes the patterns of emerging malware and presents a strategy to assist network and security administrators in addressing “new” yet old threats. [more]
Monday, 24 March 2003, 1:22 PM CET

Newest Version of SoftRemote VPN Product Released
SoftRemote 10.0 supports the latest IETF Network Address Translation Traversal (NAT-T) Draft which enhances the ability of IPSec sessions to transit IPSec-aware NAT devices. [more]
Monday, 24 March 2003, 1:02 PM CET

Matador 2.0 Desktop Anti- Spam Solution Released
MailFrontier announced the latest release of their anti-spam product Matador. Matador 2.0 now supports Outlook Express and several web based e-mail solutions like Hotmail and MSN. [more]
Monday, 24 March 2003, 1:01 PM CET

E-mail worm pretends to have spy satellite images
A new e-mail worm has surfaced that purports to show screensavers of US spy satellite pictures of Iraq or animations that are either patriotic or that mock President Bush. [more]
Monday, 24 March 2003, 12:58 PM CET

Application-Level Firewalls: Smaller Net, Tighter Filter
Application-layer firewalls differ from stateful packet-filtering and circuit-level gateways in several ways. Find out the details. [more]
Monday, 24 March 2003, 12:57 PM CET

'Hacker-proof' ad a no-go for Microsoft
Authorities in South Africa have put the brakes on a Microsoft advertisement bearing the bold claim of making hackers extinct. [more]
Monday, 24 March 2003, 12:54 PM CET

HNS Newsletter Issue 154 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by SPI Dynamics. Get a FREE whitepaper on how to protect from an SQL Injection Attack. [more]
Monday, 24 March 2003, 2:20 AM CET

HNS Book Contest Winners
Three lucky winners have been chosen, each one gets three books. Who are they? [more]
Monday, 24 March 2003, 2:13 AM CET

LA Police Build Wireless LANs
Station hot spots will update cops with Symbol's handhelds. [more]
Monday, 24 March 2003, 1:13 AM CET

Book Review: Red Hat Linux 8 Bible
This is one of the latest books on Red Hat Linux 8 that, as all books do, promises to give you a wealth of knowledge. Does it? [more]
Friday, 21 March 2003, 1:08 PM CET

An Analysis of a Compromised Honeypot
This paper will deconstruct the steps taken to conduct a full analysis of a compromised machine. [more]
Friday, 21 March 2003, 1:08 PM CET

Ten Security Checks for PHP, Part 1
This article provides five steps to help identify or avoid security holes in applications written using PHP. [more]
Friday, 21 March 2003, 1:01 PM CET

Feds Alert to Web Security Threat
The Department of Homeland Security advises Americans to brace themselves for acts of cyberterror. But computer security experts say Internet users probably aren't much more vulnerable than usual. [more]
Friday, 21 March 2003, 12:53 PM CET

Q&A: Microsoft's Scott Charney on security in a time of war
Scott Charney, chief security strategist at Microsoft, spoke with Computerworld about areas of concern for IT professionals during a time of war. [more]
Friday, 21 March 2003, 11:57 AM CET

"Hackers" claim NSA breach
Hackers claim to have compromised a computer at the National Security Agency. But their target was the least secretive organization imaginable within the massive intelligence agency: the public affairs office. [more]
Friday, 21 March 2003, 11:56 AM CET

DDoS attack cripples Uecomm's AU links
A crippling distributed denial of service attack battered the Internet last evening, knocking several Uecomm links offline. [more]
Friday, 21 March 2003, 11:55 AM CET

Will War Swap Privacy for Security?
The challenge of balancing security and privacy is taking a new turn with battles in progress in Iraq. [more]
Friday, 21 March 2003, 11:53 AM CET

Software Review: Ad-aware 6.0 Professional
I'm really impressed with the state of the Ad-watch and Proc-watch modules which make Ad-ware a complete Desktop security solution, rather than just a spyware remover tool. [more]
Thursday, 20 March 2003, 4:40 PM CET

Large Scale Network Forensics
Computer forensics are being injected into the corporate world to fulfill a large gap in IT capabilities and a greater need for comprehensive security. Melisa LaBancz gives you an inside look. [more]
Thursday, 20 March 2003, 4:39 PM CET

People are the biggest security risk
Human error - not technical malfunction - is the most significant cause of IT security breaches in the public and private sectors. [more]
Thursday, 20 March 2003, 4:37 PM CET

Hiding is the best way to beat spam
Want to stop spammers from clogging your in-box with get-rich-quick schemes, invitations from hot girls and Nigerian money-laundering antics? [more]
Thursday, 20 March 2003, 3:15 PM CET

Cisco updates firewall appliances
Cisco is introducing software upgrades that boost speed and allow more concurrent users on some of its low-end PIX firewall appliances. [more]
Thursday, 20 March 2003, 2:04 PM CET

Canada in hacktivist crosshairs
Figures from a European cyber-security watchdog indicate that Canadian as well as U.S. servers are in the crosshairs as attackers around the world express their disapproval of U.S. activity in the Middle East. [more]
Thursday, 20 March 2003, 1:51 PM CET

Point, click, get root on Yahoo
A simple scan for unpublished websites within Yahoo's Internet address space gave an IT worker access to several of the portal company's internal systems, including root access inside the company firewall. [more]
Thursday, 20 March 2003, 12:28 PM CET

'External attack' under control - Tiscali UK
Tiscali UK is prepared to take legal action against those behind yesterday's "external attack" that knocked out the ISP. [more]
Thursday, 20 March 2003, 12:26 PM CET

Looking into the mind of a virus writer
Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to 34. Capable of sowing chaos worldwide. That is the profile of the average computer-virus writer, according to an industry expert. [more]
Thursday, 20 March 2003, 12:23 PM CET

Book Review: Maximum Security 4/e
When you're about to read a book that already reached its fourth edition, you know you're about to embark on an interesting journey. What does this edition bring? Read on to find out. [more]
Wednesday, 19 March 2003, 6:26 PM CET

New worm uses war related messages to lure people
"Ganda" inserts its component into executable Win32 PE EXE files and even actively protects itself against anti-virus programs. [more]
Wednesday, 19 March 2003, 6:23 PM CET

Nmap 3.20 is out - a ton of improvements
The new stable version on the popular open source utility for network exploration or security auditing has been released. This version has hundreds of improvements over 3.00. [more]
Wednesday, 19 March 2003, 4:05 PM CET

When Computing Was Reliable
The latest brouhaha over software patches shows how far we've regressed since the days of the mainframe. [more]
Wednesday, 19 March 2003, 3:57 PM CET

Worm turns on Iraq conflict fears
Home PC users have been warned to be on the lookout for a new worm that feeds on fears over the impending invasion of Iraq. [more]
Wednesday, 19 March 2003, 3:54 PM CET

We'd love to go wireless but what about security?
European businesses are keen to embrace wireless technologies, in all their flavours, but doubts about security are continuing to act as a brake on wider usage of wireless LANs. [more]
Wednesday, 19 March 2003, 3:38 PM CET

Smartcards 'pushing credit card crime to Australia'
The introduction of security-protected credit cards in Europe and Asia-Pacific could lead to rising fraud activity down under, according to new research. [more]
Wednesday, 19 March 2003, 3:36 PM CET

Leaked Bug Alerts Cause a Stir
Confidential security alerts made their way to a mailing list, prompting speculation about the culprit and causing a new flurry in the debate over how and when details about software bugs are made public. [more]
Wednesday, 19 March 2003, 3:35 PM CET

Users exploit LAN switch security features
While some hurdles exist, deploying intelligent Ethernet gear at the LAN edge is becoming popular as users seek to tap multilayer switching features to boost security and application bandwidth control. [more]
Wednesday, 19 March 2003, 3:28 PM CET

Book Review: Network Security Principles and Practices
If you work with Cisco products, this book and all Cisco Press security titles will be of great use for expanding your knowledge or just introducing yourself with the power of Cisco's security infrastructure. [more]
Tuesday, 18 March 2003, 5:35 AM CET

Diverse groups oppose security proposal
A coalition of nearly 70 groups is attempting to block a Bush administration proposal that would grant police more surveillance authority and sweeping powers to target computer crime and terrorist activities. [more]
Tuesday, 18 March 2003, 5:33 AM CET

Companies throw security out with the garbage
Identity theft is now the largest form of white-collar crime in the western world, but not because the Internet has made it easier to steal personal information. [more]
Tuesday, 18 March 2003, 5:11 AM CET

Initial setup for common functionality with Astaro Security Linux 4.0
This workshop explains how to use Astaro Security Linux and the main functions like HTTP- and DNS-Proxy, but also how to reach the webserver in your internal network from the Internet. [more]
Tuesday, 18 March 2003, 4:58 AM CET

Wireless MAC has security standards covered
The SiS160 driver offers support for the latest 802.1x security standards, including TKIP (temporal key integrity protocol) and WPA (Wi-Fi protected access). [more]
Tuesday, 18 March 2003, 3:56 AM CET

Surveillance Nation
Tracking devices, and interlinked databases are leading to the elimination of unmonitored public space. Are we prepared for the consequences of the intelligence-gathering network we’re unintentionally building? [more]
Tuesday, 18 March 2003, 3:55 AM CET

Redesigning the Net to save it from spam
To stem the unrelenting tidal wave of unsolicited, unwanted e-mail, people and companies are going to extraordinary lengths - at considerable expense. [more]
Tuesday, 18 March 2003, 3:54 AM CET

Who's Winning Privacy Tug of War?
Businesses want customers to give it up. The government can't make up its mind. And consumers just want e-mail inboxes free of junk. The battle over electronic privacy is as hot as ever. [more]
Tuesday, 18 March 2003, 3:51 AM CET

Interview with Steve Kalman
The Managing Director for Esquire Micro Consultants and the teacher of eight courses on Cisco routers talks about his book and security in general. [more]
Monday, 17 March 2003, 8:33 PM CET

HNS Newsletter issue 153 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by Application Security. Get a FREE sample vulnerability assessment of your database and applications. [more]
Monday, 17 March 2003, 2:59 PM CET

HNS Book Contest - Want some knowledge?
A little effort can get you some free knowledge. What more could you ask for? Come get some! [more]
Monday, 17 March 2003, 4:24 AM CET

HNS Book Giveaway Winners - Maximum Wireless Security
Three lucky winners have been chosen, each one gets a copy of "Maximum Wireless Security". Are you one of them? [more]
Monday, 17 March 2003, 3:14 AM CET

ID theft logs on to the Net
The smuggling of artifacts, drugs, ancient coins, rare stamps, wildlife trophies... they’re passe now. Identity theft is the latest criminal click on the block in the world of the Internet. [more]
Monday, 17 March 2003, 2:46 AM CET

High Insecurity
We feel physically threatened by possibilities of terrorist attacks and all of our personal information—much of it stored in digital form—seems to be vulnerable too... [more]
Monday, 17 March 2003, 2:44 AM CET

Cyber terrorism 'overhyped'
The threat posed by cyber-terrorism has been overhyped and the net is unlikely to become a launch pad for terror attacks. [more]
Monday, 17 March 2003, 2:41 AM CET

Network Guardians Face Thorny Job
Problems multiply and network administrators can hardly keep up with security patches. Executives from the telecom, wireless, cable and satellite industries gather to brainstorm solutions. [more]
Monday, 17 March 2003, 1:54 AM CET

Book Review: Linux System Security
The authors really did put some energy into this book, which can be seen at every step of this information packed publication. [more]
Friday, 14 March 2003, 9:56 PM CET

Remote timing attacks are practical
Timing attacks are usually used to attack weak computing devices such as smartcards. This paper shows that timing attacks apply to general software systems. [more]
Friday, 14 March 2003, 5:26 PM CET

DeLoder Worm/Trojan Analysis (DeLoder-A)
A computer running Win 2000 Pro was put online for ONLY 5 hours. The purpose of this experiment was to verify if the recent outbreak of port 445 activities are related to worms, Trojans, or viruses. [more]
Friday, 14 March 2003, 5:24 PM CET

Does File Trading Fund Terrorism?
Industry execs claim peer-to-peer networks pose more than just legal problems. [more]
Friday, 14 March 2003, 5:22 PM CET

Pakistan Creates Cyber Crime Wing
A Pakistani security agency establishes a special arm to combat cyber crimes. Officials want to avoid having to rely on foreign investigators to track criminals who use the Internet. [more]
Friday, 14 March 2003, 5:01 PM CET

Hi-Tech Surveillance Firm Prospers
If you're under FBI surveillance, there's a good chance your phone calls and Internet traffic are traveling over the equipment of Verint Systems - a company that's doing very well these days. [more]
Friday, 14 March 2003, 5:00 PM CET

'Honest, We're the Good Guys'
The government wants access to personal information collected by businesses. The businesses want to help out with homeland security, but don't want to turn over confidential info to the government. [more]
Friday, 14 March 2003, 4:58 PM CET

Interview with Richard Boyer
The Vice President of Program Management of NetFrameworks talks about the company and identity management. [more]
Thursday, 13 March 2003, 9:17 AM CET

Book Review: Personal Firewalls for Administrators and Remote Users
This is a very good publication intended for all of you that want to learn more specifically about personal firewalls. The book is written clearly and is very easy to follow. [more]
Thursday, 13 March 2003, 9:16 AM CET

Manage Passwords Safely and Simply
Plagued by a plethora of passwords? Here's how to deal with them without driving yourself nuts. [more]
Thursday, 13 March 2003, 9:10 AM CET

Snort survives first vulnerability
Sourcefire CEO Wayne Jackson provides the details on how Sourcefire and ISS joined forces, along with the FBI's NIPC, to mitigate the flaw, patch sensitive government systems and issue a patch. [more]
Thursday, 13 March 2003, 9:06 AM CET

Code Red offshoot packs mild punch
There was little cause for alarm from a minor new variant of the destructive Code Red worm that began circulating this week. [more]
Thursday, 13 March 2003, 8:58 AM CET

Deploying Honeyd in the Wild
In this paper we we will deploy Honeyd on the Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. [more]
Thursday, 13 March 2003, 8:52 AM CET

CERT Reports Rise In Attacks On Weak Admin Passwords
The CERT Coordination Center has noticed an uptick in the number of Windows 2000 and Windows XP PCs compromised by attacks on weak administrator passwords. [more]
Thursday, 13 March 2003, 8:44 AM CET

Group resumes Xbox cracking project
A group of computer hobbyists has resumed its effort to crack the main security code for Microsoft's Xbox video game console. [more]
Thursday, 13 March 2003, 8:42 AM CET

Interview with Christopher Alberts
The senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute talks about his book and computer security in general. [more]
Wednesday, 12 March 2003, 5:27 PM CET

Information Security Excellence Awards Winners Announced
Winners were chosen to represent 10 different thematic categories and 'top product of the year' and 'best new product' titles were given to the outstanding solutions. Check out the best of the best. [more]
Wednesday, 12 March 2003, 4:54 PM CET

U.K. plans to expand Internet surveillance powers
The government said that it plans to give more officials and local authorities the power to monitor private e-mail and mobile telephone records in a bid to tackle organized crime and terrorism in Britain. [more]
Wednesday, 12 March 2003, 4:52 PM CET

Now They're After You: Music Cops Target Users
Whatever happens legislatively, the days when you could download all the songs or movies you wanted for free, without fear of prosecution, seem nearly at an end. [more]
Wednesday, 12 March 2003, 4:42 PM CET

Slim pickings for cybersecurity in DHS budget
As the new Department of Homeland Security swallows nearly every cybersecurity office in the U.S. government, high-profile leaders are jumping ship. [more]
Wednesday, 12 March 2003, 4:38 PM CET

Buffer Overflow Attacks and Their Countermeasures
What is buffer overflow, why is it dangerous and how is it preventable? [more]
Wednesday, 12 March 2003, 4:36 PM CET

Military to Clamp Down on E-Mail
Concerned that sensitive information might leak out, some units of the US military are starting to clamp down on e-mail communication from their soldiers and sailors. [more]
Wednesday, 12 March 2003, 4:33 PM CET

Hundreds warned as data disappears
Despite their country's permissive reputation, the Dutch don't have a license to swap copyrighted files, legal experts say. Recent publicity for the Honest Thief fed the misconception. [more]
Wednesday, 12 March 2003, 1:24 PM CET

Book Review - Writing Information Security Policies
If you are planning on starting or enforcing the security policies in your organization and don't know much about their structure and usage, this book will serve as a wonderful guide. [more]
Tuesday, 11 March 2003, 8:28 PM CET

A practical approach for defeating Nmap OS-Fingerprinting
This paper describes different solutions to defeat Nmap and behave like another chosen operating system, as well as a demonstration on how this can be accomplished. [more]
Tuesday, 11 March 2003, 7:04 PM CET

Teach customers to be security-conscious
While security is at the top of most companies' agendas, the headlines continue to report sky-high numbers of security incidents. [more]
Tuesday, 11 March 2003, 7:03 PM CET

SANS Institute lauds Microsoft security efforts
Microsoft, long at the receiving end of widespread user criticism for buggy products, last week received a rare pat on the back for its security efforts from the SANS Institute. [more]
Tuesday, 11 March 2003, 7:02 PM CET

Hackers come out to play
The public will get a rare glimpse into the computer underground next month when some of the country's most talented hackers and crackers gather in Sydney for the inaugural Ruxcon conference. [more]
Tuesday, 11 March 2003, 12:38 PM CET

IP Spoofing: An Introduction
This article examines the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it. [more]
Tuesday, 11 March 2003, 11:38 AM CET

When Bad Things Happen to Good Demos
A slick security product demonstration only serves to prove that vendors often don't think enough about what security managers need. [more]
Tuesday, 11 March 2003, 11:28 AM CET

Security alert posted for PeopleSoft
A serious security flaw in business management software from PeopleSoft leaves sensitive corporate data vulnerable to attackers. [more]
Tuesday, 11 March 2003, 11:26 AM CET

New face recognition technology apparently works
The technology records the surface of a person's face by scanning it with a series of light patterns and stores the data as a three-dimensional image in a computer. [more]
Tuesday, 11 March 2003, 11:25 AM CET

Network worm uses weak Windows passwords
Say hello to a network worm which attempts to compromise and spread through Windows machines with weak, default passwords. Called Deloder, the worm also tries to drop a backdoor component. [more]
Tuesday, 11 March 2003, 11:23 AM CET

A Practical Guide to Red Hat Linux 8
What you get with this massive book is a compendious guide to Red Hat Linux 8 that covers basically everything a Red Hat user might need. [more]
Monday, 10 March 2003, 2:01 PM CET

HNS Newsletter Issue 152 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by Application Security. Get a FREE sample vulnerability assessment of your database and applications. [more]
Monday, 10 March 2003, 2:00 PM CET

HNS Book Giveaway Winners
Six lucky winners have been chosen, each one gets a book. Are you one of them? [more]
Monday, 10 March 2003, 1:54 PM CET

HNS Book Giveaway - Maximum Wireless Security
We are giving away 3 copies of "Maximum Wireless Security" by Dr. Cyrus Peikari and Seth Fogie. Want some knowledge? [more]
Monday, 10 March 2003, 12:40 PM CET

Russian hacker gets 3 years in jail
A Russian hacker, lured to the US by the FBI under the ruse of a job interview in a case that prompted a sharp rebuke from Moscow, was sentenced on Friday to three years in prison for computer crime. [more]
Monday, 10 March 2003, 11:26 AM CET

Iraqi Cyberwar: an Ageless Joke
Did U.S. infowar commandos smuggle a deadly computer virus into Iraq inside a printer? Of course not. Why does it keep getting reported? [more]
Monday, 10 March 2003, 11:21 AM CET

Cryptographic Filesystems: Design and Implementation
This article discusses some of the background and technology of cryptographic filesystems and covers some example implementations of these filesystems. [more]
Monday, 10 March 2003, 11:21 AM CET

Oracle: Look at total cost of security
How do companies prevent potentially crippling Internet-based virus and worm attacks? They might want to look at what needs protecting first, and then building protection around the critical areas. [more]
Monday, 10 March 2003, 11:13 AM CET

Can the feds make software more secure? Yup!
At first, Robert was skeptical about the new Department of Homeland Security and its ability to deal with software security flaws. But so far, it looks like he was wrong. [more]
Monday, 10 March 2003, 11:12 AM CET

Not Soft on Spam: Tougher Tools
Software company Trend Micro releases a new blocking technology to keep junk e-mail out of inboxes. [more]
Monday, 10 March 2003, 11:11 AM CET

Review: The Complete Linux Shell Programming Training Course
You'll find a lot of examples in this book. For almost any command, syntax or concept covered, there is a screen shot or a graphical explanation which stands as a proof of concept. [more]
Friday, 7 March 2003, 5:57 PM CET

The Best Spyware Stopper
According to Fred Felman from Zone Labs, ZoneAlarm "shuts down Internet connectivity instead of losing control of the system" when an unauthorized application tries to send information from a PC. [more]
Friday, 7 March 2003, 2:25 PM CET

Tripwire Security Seminars in March 2003
During March, Tripwire is holding several product and security related web seminars. Here is a list of some of the most interesting ones. [more]
Friday, 7 March 2003, 1:43 PM CET

Credit-Card Co. Visa to Mask Card Numbers
Visa said it will require merchants that take Visa payments to display only the last four digits of a card number on receipts in an effort to thwart a surge in financial identity theft. [more]
Friday, 7 March 2003, 1:37 PM CET

Two held over theft that cracked online banking
Tokyo police arrested two men on suspicion of stealing 16 million yen through an online banking scheme that might involve hundreds of victims, officials said Thursday. [more]
Friday, 7 March 2003, 1:35 PM CET

SCO sues Big Blue over Unix, Linux
SCO Group, inheritor of the intellectual property for the Unix operating system, has sued IBM for more than $1 billion, alleging Big Blue misappropriated SCO's Unix technology and built it into Linux. [more]
Friday, 7 March 2003, 1:31 PM CET

Intruders steal students' personal info
Someone broke into a database and stole the names, Social Security numbers and e-mail addresses of more than 55,000 students, former students and employees at the University of Texas at Austin. [more]
Friday, 7 March 2003, 1:26 PM CET

Google Closes Blogger Security Holes
Google closed several security holes that could have allowed hackers to substitute their own musings for any of the over one-million electronic diaries maintained through the "Blogger" online publishing tool. [more]
Friday, 7 March 2003, 1:23 PM CET

Exploring RSA Encryption
This is an explanation of how and why RSA encryption works, plus examples on how to use it for yourself. [more]
Thursday, 6 March 2003, 4:18 PM CET

Tighter security in Office 2003
Microsoft's next version of Office will offer help to companies and government departments that have fallen foul of malicious leaks of information. [more]
Thursday, 6 March 2003, 4:17 PM CET

IBM has released 6 new prep tutorials for DB2 Certification
The new tutorials will teach you the basics of the DB2 products and tools, DB2 security, and much more. [more]
Thursday, 6 March 2003, 3:15 PM CET

Wireless LAN Analyzers: The Ultimate Hacking Tools?
A Wi-Fi protocol analyzer can help you plan and secure your network even if you don't use Wi-Fi. [more]
Thursday, 6 March 2003, 12:26 PM CET

Spam Wars Make Strange Bedfellows
The open-source community is closer than ever to curing the spam problem, but they'll have to hold their noses and help out Windows users to get there. [more]
Thursday, 6 March 2003, 12:25 PM CET

Strategies & Issues: Justifying Security Spending
To get the dollars they need, security administrators have to start speaking the language of business. [more]
Thursday, 6 March 2003, 12:12 PM CET

Windows Root Kits a Stealthy Threat
Hackers are using vastly more sophisticated techniques to secretly control the machines they've cracked, and experts say it's just the beginning. [more]
Thursday, 6 March 2003, 12:00 PM CET

Interview with Carlisle Adams
The Senior Cryptographer and Principal of Security at Entrust, Inc. talks about his book and PKI in general. [more]
Wednesday, 5 March 2003, 5:16 PM CET

Worm/Trojan "Randon" Threatens Port 445
A new blended worm / trojan threat appears. Kaspersky Labs reports registered infections at the hands of the new network worm "Randon". [more]
Wednesday, 5 March 2003, 5:15 PM CET

E-Punishment: How Much Is Too Much?
Is fear the motivation behind the sentencing of cybercrooks? That's the opinion of some legal experts, who say the penalties handed down to hackers are way too harsh. [more]
Wednesday, 5 March 2003, 5:04 PM CET

Cybercrime Follows Money Trail
Financial services firms face a particularly high threat of cyberattack, a federal agency reports. The findings can be attributed to criminals' well-documented attraction to money. [more]
Wednesday, 5 March 2003, 2:37 PM CET

Is ANY Certification Worth Pursuing?
Given that the current economic market in the IT field is the weakest it has been in a while, many people are considering certification. Emmett discusses the cost vs. the value of Unix/Linux certification. [more]
Wednesday, 5 March 2003, 2:35 PM CET

The peril within
WLANs are inherently insecure and can serve as the open window through which attackers could easily penetrate a system. [more]
Wednesday, 5 March 2003, 2:31 PM CET

Escape From SQL Hell
Quick response to SQL Slammer deflects potential disaster. [more]
Wednesday, 5 March 2003, 2:24 PM CET

How to "Speak Security" to Executives
Security Strategies sat down with Ernst & Young security expert Mark Doll to discuss how to communicate security issues with upper management among other topics. [more]
Wednesday, 5 March 2003, 2:13 PM CET

Security Planning Best Practices
When we begin to plan how best to protect our systems and organizations from intruders, it helps to think of those who maliciously attack the security of our organizations. [more]
Tuesday, 4 March 2003, 3:23 PM CET

Sophos: Top 10 Viruses and Hoaxes in February 2003
This is the latest in a series of monthly charts counting down the ten most frequently occurring viruses and hoaxes as compiled by Sophos. [more]
Tuesday, 4 March 2003, 3:16 PM CET

Trustworthy Computing: What's next?
The Code Red and Nimda worms convinced Microsoft that security needed to become its top priority. That decision led directly to the creation of the company's Trustworthy Computing initiative. [more]
Tuesday, 4 March 2003, 3:16 PM CET

Once more cyber war has been predicted
Imagine Iraqi commanders getting misleading text messages on their cell phones. They appear to contain orders from Saddam but are actually sent by the U.S. military in disguise, directing Iraqi troops to a trap. [more]
Tuesday, 4 March 2003, 1:28 PM CET

Net Hacker Tool du Jour: Google
Hackers often use underground software to gain access to private information on the Net or private computer networks. But the newest trick up their sleeves is a tool all Web users are familiar with. [more]
Tuesday, 4 March 2003, 12:27 PM CET

Klez Won't Stop Making Net Rounds
Few e-mail viruses last as long as the Klez virus has. It seems to have the longest legs, topping the antivirus charts for almost a full year. What's a security-conscious Net user to do? [more]
Tuesday, 4 March 2003, 12:19 PM CET

How to Sell: Security - Scaling defences
Antivirus software companies have often been accused of writing viruses to keep themselves in business, rather like a bouncer starting fights at a nightclub so that he can then break them up. [more]
Tuesday, 4 March 2003, 12:10 PM CET

EU cybercrime code could punish online demonstrations
Legal experts have voiced their concern about new EU cybercrime rules because they say the rules don't differentiate between a real criminal and political protesters expressing their views by e-mail. [more]
Tuesday, 4 March 2003, 12:06 PM CET

Sendmail flaw tests new security body
The US' new Department of Homeland Security has carried out its first cyberdefence project, dealing with a serious flaw in the ubiquitous email server. [more]
Tuesday, 4 March 2003, 11:50 AM CET

Managing Cisco Network Security
The goal of this book is to help readers implement Cisco supported network security technologies as well as design networks that are more secure. Does it deliver? Read on to find out. [more]
Monday, 3 March 2003, 1:55 PM CET

HNS Newsletter Issue 151 has been released
Get it in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by SPI Dynamics. Get a FREE whitepaper on how to protect from an SQL Injection Attack. [more]
Monday, 3 March 2003, 1:52 PM CET

HNS Book Giveaway - Cisco security titles
We are giving away 3 copies of "Cisco Secure Virtual Private Networks" and 3 copies of "Cisco Secure Intrusion Detection System". Want some knowledge? [more]
Monday, 3 March 2003, 12:53 PM CET

HNS Book Giveaway Winners
Three lucky winners have been chosen, each one gets a copy of "Counter Hack". Are you one of them? [more]
Monday, 3 March 2003, 12:43 PM CET

Secrecy and security
There's considerable confusion between the concepts of secrecy and security, and it is causing a lot of bad security and some surprising political arguments. [more]
Monday, 3 March 2003, 12:30 PM CET

The Consequences of Criminalizing Crypto
The Justice Department's plan to make routine encryption illegal in the hands of criminals will hurt law abiding citizens, and prove catastrophic for Internet security. [more]
Monday, 3 March 2003, 12:28 PM CET

Secure Untrusted Applications with Chroot
Supported by all Linux and Unix systems, application jails put up a nearly impenetrable barrier between the "jailed" software and the rest of the system. [more]
Monday, 3 March 2003, 12:25 PM CET

How you can help 'jam' spam
Junk e-mail is a scourge for all of us. Now, industry leaders are joining forces to fight the spam plague. But they can't do it alone. You can help. Here's how. [more]
Monday, 3 March 2003, 12:20 PM CET

Creating an Apache Site with Public and Secure Access
If you want Apache to do anything useful, you have to write a config file. And, although we all know very well just how to do it in our heads, 99 times out of 100, we start out with an existing file and modify it. [more]
Monday, 3 March 2003, 12:18 PM CET

How to guard against today's Trojan horses
These days malicious users aren't after your data - they want to use your PC to attack other systems. The best way to protect yourself? Use antivirus software AND a firewall. [more]
Monday, 3 March 2003, 12:13 PM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd