Off the Wire

Off The Wire Archive

News items for March 2004

DHS says it can handle cyberattacks
In the event of a cyberattack on the nation's infrastructure, the Homeland Security Department would have the authority and the wherewithal to coordinate an appropriate response, department officials told lawmakers today. [more]
Wednesday, 31 March 2004, 1:22 PM CET

Security managers report virus problem worse
New report charts security manager dissatisfaction. [more]
Wednesday, 31 March 2004, 1:19 PM CET

Email filter patent puts industry on edge
US patent granted to Postini, the email security company, could grant it legal ownership of a large chunk of the methodology underlying anti-spam and message filtering technology on the market. [more]
Wednesday, 31 March 2004, 1:14 PM CET

PuTTY SSH client for Symbian OS
PuTTY is a free SSH client developed by Simon Tatham and others. [more]
Wednesday, 31 March 2004, 1:10 PM CET

Hackers in demand!
It is no crime to think like a hacker. In fact, the only way to stop a hacker is to think like one and then put preventive measures in place. [more]
Wednesday, 31 March 2004, 1:01 PM CET

$pam, $pam, lovely $pam
Wall Street can't seem to get enough of the taste of spam...the e-mail kind. [more]
Wednesday, 31 March 2004, 12:59 PM CET

Linux vs. Windows: which is more secure?
In a new report, Is Linux More Secure Than Windows? from Forrester Research Inc., Computing Infrastructures Senior Analyst Laura Koetzle finds that both Windows and Linux can be deployed securely. [more]
Wednesday, 31 March 2004, 12:52 PM CET

Protecting yourself against mini-DDoS attacks
These are distributed denial of service attacks small enough to fly below the security radars of ISPs and law enforcement agencies, but potent enough to shut down cable or DSL modems connections. [more]
Wednesday, 31 March 2004, 1:12 AM CET

Honeypots for Windows
Distract intruders away from your legitimate resources. [more]
Wednesday, 31 March 2004, 1:09 AM CET

Viruses tag along
If there's one thing that anti-virus software makers fear—aside from a mass change of heart by the virus writers—it's the creation of a virus-delivery mechanism that evades detection by their signature-based products. [more]
Wednesday, 31 March 2004, 1:05 AM CET

Human nature vs. security
Social engineering in the latest crop of viruses has people jumping through hoops to open malicious attachments. How do we change the pattern? [more]
Tuesday, 30 March 2004, 6:28 PM CET

ISS slammed for 'selling' security patches
ISS's security products were last week attacked by the Witty worm but the company is refusing to provide patches to customers who do not have a valid maintenance contract. [more]
Tuesday, 30 March 2004, 6:25 PM CET

Portable devices get improved security
With the increase in valuable enterprise data being carried by mobile workers, companies may be nervous about business plans falling into the wrong hands. To address this concern, Memory Experts International has launched a product to protect data even when a laptop or personal digital assistant is stolen. [more]
Tuesday, 30 March 2004, 11:13 AM CET

Code attacks Cisco vulnerabilities
Cisco Systems issued a security warning this weekend to customers after new software code was published on the Internet that targeted certain vulnerabilities on several of its networking products. [more]
Tuesday, 30 March 2004, 11:12 AM CET

Keeping developers out of security
A recent example of application security misinformation comes from XML security gateway vendors that say companies must have a separate XML security layer to keep application developers out of security. [more]
Tuesday, 30 March 2004, 12:58 AM CET

Cisco warns of new hacking toolkit
Cisco Systems Inc. during the weekend warned customers about the public release of computer code that exploits multiple security vulnerabilities in Cisco products. [more]
Tuesday, 30 March 2004, 12:56 AM CET

Viruses rock European businesses
Internet viruses are overwhelming Europe's small business sector with 22 percent of these companies closing down operations to recover from recent attacks, according to research revealed Monday. [more]
Tuesday, 30 March 2004, 12:54 AM CET

Whose site is it anyway?
Richard Moulds from nCipher takes a look at the increasing problem of Website spoofing and explains how ecommerce providers can deliver a higher level of trust. [more]
Monday, 29 March 2004, 1:48 PM CET

The layered approach to security is dead
Building a trust based collaborative system is the new challenge to the layered model of securing your enterprise. Because of the very nature of the way that documents flow through an organisation (and outside of it too) we are left with dynamic content that can be extracted, changed, leaked: the integrity lost forever and the information open to a competitor or worse - the press. [more]
Monday, 29 March 2004, 1:43 PM CET

HNS Newsletter issue 206 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by the InfoSec Institute. [more]
Monday, 29 March 2004, 1:42 PM CET

ISS PAM/ICQ 'Witty' worm analysis
This analysis seeks to provide technical details about the worm, and the lessons it has taught security experts. [more]
Monday, 29 March 2004, 12:23 PM CET

Facial ID as plain as the smile on your face
The way you smile could uniquely identify you, and provide a basis for new facial recognition technology. [more]
Monday, 29 March 2004, 12:07 PM CET

Witty sets a new worm record
The Witty worm first hit computers known to be vulnerable and emerged so quickly that most companies had no time to apply a patch, according to an analysis of the program. [more]
Monday, 29 March 2004, 12:07 PM CET

Online security: who's liable?
Hackers, viruses, and other online threats don't just create headaches for Internet users -- they could also create prison sentences for corporate executives, experts say. [more]
Monday, 29 March 2004, 11:58 AM CET

Cybersecurity liability seen increasing
Hackers, viruses and other online threats don't just create headaches for Internet users--they could also create prison sentences for corporate executives, experts say. [more]
Monday, 29 March 2004, 11:56 AM CET

Microsoft pays for customer security
Microsoft Australia has begun a project to help customers improve security - with one difference: this time the software giant is picking up the tab. [more]
Monday, 29 March 2004, 11:55 AM CET

Auditing the mind of a hacker
Security consultants are teaming up with clinical psychologists - including behavioural scientists from the FBI - to gain a better understanding of what drives and motivates hackers. [more]
Monday, 29 March 2004, 11:54 AM CET

Security needs better education for programmers
Dealing with Internet computer worms and viruses requires a long-term education effort aimed at programmers while they are still in college, a Homeland Security Department executive said today. [more]
Monday, 29 March 2004, 11:52 AM CET

National security spec advances
A group of technology companies and government agencies this week will unveil an open specification for securely sharing sensitive information across heterogeneous networks in times of crisis. [more]
Monday, 29 March 2004, 11:49 AM CET

Small firms fail to take basic anti-virus measures
Small businesses in the UK are losing £9.5m a year because they do not take basic steps to protect themselves against computer viruses, a pan-European survey has claimed. [more]
Monday, 29 March 2004, 11:48 AM CET

EU Commissioner makes his views felt on EU network security
Mr Erkki Liikanen, Member of the European Commission, responsible for Enterprise and the Information Society, spoke on the subject of European Network Security at CeBIT Hannover. [more]
Thursday, 25 March 2004, 6:48 PM CET

Port scanning and Nmap 3.5
Inspired by the release of Nmap 3.5, the latest version of the award-winning network security tool, I've been exploring network security issues for a couple of weeks now. [more]
Thursday, 25 March 2004, 6:43 PM CET

Using key-based authentication over SSH
SSH, or secure shell, is a protocol by which users can remotely log in, administer, or transfer files between computers using an encrypted transport mechanism. [more]
Thursday, 25 March 2004, 6:37 PM CET

Security patches by modem? Forget it!
Let's face it - there is no way for dial-up users on any major operating system to keep their computers up-to-date and patched. OK, maybe "no way" is an exaggeration. How about, "a difficult, burdensome, time-consuming, very prone to failure way?" [more]
Thursday, 25 March 2004, 6:33 PM CET

Security breach delays Gnome 2.6 release
An intrusion by a 'dumb cracker' may set back the release of the latest version of the open-source Gnome desktop environment. [more]
Thursday, 25 March 2004, 6:32 PM CET

Interview with the keystroke caperist
A former claims adjuster for a US insurance company is the first to be charged under federal wiretap law for the covert use of a hardware keystroke logger, after he was caught using the device while secretly helping consumer attorneys gather information to use against his own company. [more]
Thursday, 25 March 2004, 6:31 PM CET

Pointsec for PC receives common criteria certification
Pointsec for PC, a market leader in mobile data protection solutions, is the first in its field to achieve Assurance Level 4 of the internationally-recognised Common Criteria Standard. [more]
Thursday, 25 March 2004, 6:30 PM CET

Investing in blue chip security
Internet banking is easy and reliable, but the banks are looking to a new technology that is smarter and more secure. Guy Clapperton says chipped bank cards are on the way. [more]
Thursday, 25 March 2004, 6:27 PM CET

Netsky.P worm jams email systems this morning
The new variant to the netsky worm is causing numerous problems this morning. [more]
Thursday, 25 March 2004, 6:26 PM CET

Eutelsat denies rogue diallers accusation
Angry victims of rogue diallers which ring expensive satellite numbers are blaming the wrong company, Eutelsat says. [more]
Wednesday, 24 March 2004, 10:52 AM CET

Server breach likely to delay Gnome
The Gnome Project said Tuesday that its servers have apparently been breached, potentially delaying the latest release of its desktop system for Linux. [more]
Wednesday, 24 March 2004, 10:38 AM CET

Hotmail, Yahoo vulnerable to security flaw
Hole could let attackers run malicious code on PCs using IE to check Web-based email accounts. [more]
Wednesday, 24 March 2004, 10:29 AM CET

Configuring Windows Firewall in Windows XP Service Pack 2
Windows Firewall provides a level of protection from malicious users and programs that rely on unsolicited incoming traffic to attack computers on a network. [more]
Wednesday, 24 March 2004, 10:27 AM CET

Use common sense to beat hackers
The arrest of a suspected hacker in England in connection with a cyber attack against a military website is welcome news. [more]
Wednesday, 24 March 2004, 10:17 AM CET

Pocket PC software review - SignWise Pro 2.51
Handhelds are steadily becoming a must have for a number of organizations and because all the services they provide, we tend to cram a lot of important data on them. Some security precautions should be considered and the program I'm covering today tends to provide secure signature based logon and encryption mechanisms. [more]
Tuesday, 23 March 2004, 6:20 PM CET

EU to lose billions through spam and viruses
The surging tide of unsolicited emails and malware is set to cost European businesses dear. [more]
Tuesday, 23 March 2004, 3:52 PM CET

Determining which biometric technology is right for you
Unless biometrics can meet your minimum requirements you should reject it. [more]
Tuesday, 23 March 2004, 3:39 PM CET

IE flaw exposes weakness in Yahoo! filtering
Flaws in the filtering technology used by Web-based email services make it possible for hackers to smuggle viruses past defences. [more]
Tuesday, 23 March 2004, 3:22 PM CET

One in three firms suffer hacking attempts
Survey reveals poor systems security among UK's biggest businesses. [more]
Tuesday, 23 March 2004, 3:21 PM CET

MPs reassess computer crime laws
UK legislation aimed at protecting computer users from hackers and spammers is to investigated by an influential group of MPs. [more]
Tuesday, 23 March 2004, 1:29 PM CET

Security vital to successful remote working
So what are the key dangers for remote working? And what can companies do to combat them? [more]
Tuesday, 23 March 2004, 12:15 PM CET

How secure is OS X?
What is the big picture when it comes to Apple security? Is OS X safe enough to be a viable contender for running public Web sites and general enterprise applications? [more]
Tuesday, 23 March 2004, 10:54 AM CET

Forensic analysis of a live Linux system
This article is the first of a two-part series that provides step-by-step instructions on forensics of a live Linux system that has been recently compromised. [more]
Tuesday, 23 March 2004, 10:51 AM CET

Monitoring network integrity with Nmap
Nmap performs all sorts of network scans, from simple ping scans to see what hosts on a network are "alive" to more advanced scans by protocol and packet type. [more]
Tuesday, 23 March 2004, 10:47 AM CET

RIAA site disabled for five days
As the Recording Industry Association of America continues its push to shut down digital pirates, the industry group suffered its own defeat online. [more]
Tuesday, 23 March 2004, 10:41 AM CET

Your own people may be the problem
A recent independent audit of computer systems at five Internal Revenue Service field offices found dozens of security lapses. [more]
Monday, 22 March 2004, 2:11 PM CET

The joke of federal cybersecurity oversight
The standards for acceptable cybersecurity are known: it's time to start holding the people in charge accountable to them. [more]
Monday, 22 March 2004, 2:08 PM CET

Monitoring and managing Linux software RAID
In this article the author provides an overview of the software RAID implementation in the Linux 2.4.X kernel. [more]
Monday, 22 March 2004, 2:03 PM CET

Security spending grows
Identity management and regulatory compliance are key security headaches. [more]
Monday, 22 March 2004, 1:56 PM CET

VoIP - Vulnerability over Internet Protocol
Just as the VoIP market is finally taking a cautious step towards delivering some of its long-overdue promise, the increasing priority of IT security may force it two steps back. [more]
Monday, 22 March 2004, 1:48 PM CET

HNS Newsletter issue 205 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. This issue is sponsored by SPI Dynamics. [more]
Monday, 22 March 2004, 1:29 PM CET

Are biometrics coming to a PC near you?
Feds investigate adopting biometric 'passwords' to stop identity theft. [more]
Monday, 22 March 2004, 1:16 PM CET

Computer security 101
It's a jungle out on the Internet, with any number of cyberpredators salivating at the prospect of mauling your records. Here's how to stop them. [more]
Monday, 22 March 2004, 12:52 PM CET

Retooling e-authentication
Draft document recommends that agencies use commercial credentials. [more]
Monday, 22 March 2004, 12:50 PM CET

Watch out: It's virus season again
Virus writers seem to be trying every trick they can these days to infect our computers, but we can fight back. How? For starters, says Robert, try updating Windows frequently. [more]
Monday, 22 March 2004, 12:49 PM CET

Witty attacks your firewall and destroys your data
A new worm that, ironically, makes sport of Win-32 systems defended by BlackIce and RealSecure firewall products from Internet Security Systems (ISS) began circulating Saturday. [more]
Monday, 22 March 2004, 12:46 PM CET

Malware - it's getting worse
The recent MyDoom Worm successfully infected enough victims in order to shut down SCO's web site, followed by new variants that targeted Microsoft's web site. This paper isn't intended to discuss the motives of the author, instead it will help you understand how worms enter your network, how you can block them before they even reach your internal network, and how to act in case they get in. [more]
Monday, 22 March 2004, 12:19 PM CET

Anti-virus companies milking their cash cow?
Right now, a war goes on between virus writers. [more]
Friday, 19 March 2004, 9:38 PM CET

Cisco boosts speed and security
Enhanced security and 10Gb Ethernet support for Catalyst Intelligent Switching range. [more]
Friday, 19 March 2004, 9:37 PM CET

Anti-piracy vigilantes track file sharers
Crime-busting coders spark controversy when they circulate a Trojan horse on peer-to-peer networks designed to chastise pirates, and report back to a public website. [more]
Friday, 19 March 2004, 10:40 AM CET

Symantec to launch network gatekeeper
Symantec plans to introduce on Monday a series of secure networking appliances that it hopes will help it pick up more small business customers. [more]
Friday, 19 March 2004, 10:38 AM CET

Bagle spreads new threat
The Bagle worm is exploiting an old Outlook flaw to spread even more quickly, while an ancient Trojan has gained a new name and a new lease of life. [more]
Friday, 19 March 2004, 10:37 AM CET

Software security flaws hit plateau
Seven new security vulnerabilities were identified in software products on average every day in 2003. [more]
Friday, 19 March 2004, 1:37 AM CET

Fraudsters prey on apathetic Brits
An apathetic and careless approach to finances by some British consumers is making fraud far easier. [more]
Friday, 19 March 2004, 1:36 AM CET

Microsoft-EU anti-trust talks collapse
The European Commission's competition talks with Microsoft Corp. have collapsed, European Competition Commission Mario Monti said Thursday. [more]
Friday, 19 March 2004, 1:35 AM CET

Task force: Classes, security tool kit needed
A government industry working group released its initial report on Thursday, recommending that elementary schools teach online ethics, that companies observe a Cyber Security Month and that a security tool kit for home users be created. [more]
Friday, 19 March 2004, 1:32 AM CET

IT industry releases security action plans for DHS
Two of the five action plans are out; three more are due in April. [more]
Friday, 19 March 2004, 1:30 AM CET

The Ultimate Windows Server 2003 System Administrator's Guide
This book is a comprehensive guide that brings details of planning, deployment, administration, and management of a Windows Server 2003 operating system. [more]
Thursday, 18 March 2004, 4:47 PM CET

GAO offers security guide
A report from the General Accounting Office outlined the major types of commercial security technologies that agencies can use. [more]
Thursday, 18 March 2004, 3:50 PM CET

Detection of SQL injection and cross-site scripting attacks
This article discusses techniques to detect SQL Injection and Cross Site Scripting (CSS) attacks against your networks using regular expressions with the open-source IDS, Snort. [more]
Thursday, 18 March 2004, 2:23 PM CET

Cashing in on virus infections
After a recent epidemic of computer viruses that seemed much worse than usual, security experts are questioning whether the antivirus software industry is working hard enough -- or has enough incentive -- to develop new and better ways of stopping nasty software. [more]
Thursday, 18 March 2004, 2:18 PM CET

Fake escrow sites on the rise
Take basic precautions and you won't get fooled, advise online watchdogs. [more]
Thursday, 18 March 2004, 2:17 PM CET

Microsoft tightens XP's security
Microsoft is nearing the finish line for its Service Pack 2 update, with the release of a near-final version that features centralised security management. [more]
Thursday, 18 March 2004, 12:45 PM CET

The 12kb bomb
It only takes a 12kb virus for total system compromise and a highly effective spam engine. Anyone can make one. Some assembly required. [more]
Thursday, 18 March 2004, 12:43 PM CET

The key to authentic communication
Passwords are considered by some to be the weakest link in the security chain. They are hard to remember yet often disturbingly easy to steal or even guess, but developing an alternative is proving a challenge. [more]
Thursday, 18 March 2004, 12:41 PM CET

Experts debate danger of Phatbot worm
Security discussion lists and reports were abuzz Wednesday with talk of a new worm, named "Phatbot," that had spread to as many as hundreds of thousands of systems. But not all security experts agreed that the worm was widespread. [more]
Thursday, 18 March 2004, 12:38 PM CET

Fixes are in for OpenSSL
The group behind OpenSSL, a widely used open-source Web security program, released two patches for security flaws to block potential denial-of-service attacks, the organization's developers said on Wednesday. [more]
Thursday, 18 March 2004, 12:34 PM CET

Building a Panther Server as an OD Master and Windows PDC
The setup of a Panther server as a PDC, however, is oriented mainly to Apple shops and those who wish to easily integrate Windows desktops without having to maintain a parallel server environment. [more]
Wednesday, 17 March 2004, 3:23 PM CET

Your LDAP administration toolbox
Do you have what it takes to manage an LDAP infrastructure? Administration of a directory means having a thorough knowledge of the directory's structure, data, security, performance, and general configuration. [more]
Wednesday, 17 March 2004, 2:53 PM CET

Hackers embrace P2P concept
Computer security experts in the private sector and U.S. government are monitoring the emergence of a new, highly sophisticated hacker tool that uses the same P2P networking abilities that power controversial file-sharing networks like Kazaa and BearShare. [more]
Wednesday, 17 March 2004, 2:37 PM CET

Mitigating the complexities of security management
Without a holistic view of the current security structure, how do you go about managing security? Security tools may work well on their own, but how do they work together to protect your network, and how do you monitor their performance? [more]
Wednesday, 17 March 2004, 1:40 PM CET

Tackling Unix security in large organisations
Managing security in large organizations can be a challenge. Here are some practical tips for keeping your organization sealed tight. [more]
Wednesday, 17 March 2004, 1:19 PM CET

Phishing still on the increase
Finance, retail and ISP customers primary targets of attacks. [more]
Wednesday, 17 March 2004, 1:17 PM CET

The virus avalanche
Jack Clark, technical consultant at McAfee Security, considers the deluge of recent virus activity and how security firms and users can protect themselves from further attacks. [more]
Wednesday, 17 March 2004, 1:13 PM CET

Nothing easy about security
Information security experts offer no easy answers for agencies trying to improve their security grades. [more]
Wednesday, 17 March 2004, 1:00 PM CET

Tale of a spam lover
For Orlando Soto, no day is complete without some spam. [more]
Wednesday, 17 March 2004, 12:25 PM CET

Immunix stops selling secure Linux OS
According to Immunix COO Frank Rego, his company's decision to stop selling Immunix Linux wasn't a sudden shift but "more of a gradual change. [more]
Wednesday, 17 March 2004, 12:06 PM CET

Microsoft to broaden security-patch software
The company says data security is by far its most important area of investment. [more]
Wednesday, 17 March 2004, 12:05 PM CET

Rethinking IDS
False IDS alerts driving you nuts? The best protection against unwanted intrusion may be a layered defense that uses firewalls, IDS, and IPS. [more]
Tuesday, 16 March 2004, 2:19 PM CET

Viruses still like germs
Evidence that computer virus infections spread like biological disease was offered by security experts at Symantec Corp., which today released its semi-annual Internet Security Threat Report. [more]
Tuesday, 16 March 2004, 2:07 PM CET

Europe considers harsh piracy law
The European Union will likely enact a law to give local police more power to seize the assets of suspected intellectual-property thieves. Opponents say the law is just too severe. [more]
Tuesday, 16 March 2004, 2:06 PM CET

What to watch out for when writing portable shell scripts
This article reviews some of the issues shell programmers may run into when trying to write widely portable scripts. [more]
Tuesday, 16 March 2004, 1:50 PM CET

Linux memory forensics
Forensic analysis is the investigation of an event that involves looking for evidence and interpreting that evidence. In the case of a computer crime in which a system was compromised, the investigator needs to find out who, what, where, when, how, and why. [more]
Tuesday, 16 March 2004, 1:39 PM CET

Outsourcing: losing control over sensitive data
How do you protect sensitive data when it's in the hands of a third party? [more]
Tuesday, 16 March 2004, 12:28 PM CET

Creating secure backups with GnuPG
Learn how to transfer your GnuPG keys to the server, encrypt data and decrypt it after a download. [more]
Tuesday, 16 March 2004, 11:34 AM CET

Where to turn for answers?
When everyone in the security world has something to sell, it's harder than ever to get straight answers about genuine threats. [more]
Tuesday, 16 March 2004, 11:16 AM CET

Thumbs up for Longhorn security lockdown
As software security holds its place as a top priority among enterprise networks, engineers at Microsoft are building proactive PC monitoring capabilities into its next generation Longhorn operating system, a move that's being widely embraced. [more]
Tuesday, 16 March 2004, 11:05 AM CET

Security considerations for Web-based mail
Many businesses don't deploy Web mail for fear of exposing corporate e-mail systems to external threats. With recent government legislation, e-mail confidentiality has become a growing concern. [more]
Tuesday, 16 March 2004, 11:03 AM CET

Zombie PCs must die!
Comcast, the US cable giant, is threatening to disconnect customers whose infected PC are being used to relay spam messages. [more]
Tuesday, 16 March 2004, 11:02 AM CET

Flaws level off, but worms still squirming
The number of public alerts about software security flaws leveled off over the last six months, but worms continue to threaten the Internet, according to a report security company Symantec released Monday. [more]
Tuesday, 16 March 2004, 11:01 AM CET

Hacking tests begin on national ID database
Security experts have begun work on threat and vulnerability tests to ensure that the National Identity Register database, which will form the basis of the UK's controversial ID card scheme, is secure from hack attacks and unauthorised internal access. [more]
Monday, 15 March 2004, 3:08 PM CET

HNS Newsletter issue 204 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 15 March 2004, 1:34 PM CET

Feds want wiretap-ready Net
Technology companies should be required to ensure that law enforcement agencies can install wiretaps on Internet traffic and new generations of digital communications, the Justice Department says. [more]
Monday, 15 March 2004, 1:07 PM CET

New trend seen in latest worms
Symantec, the anti-virus software company, said it tracked an average of seven new Internet security vulnerabilities per day in 2003. [more]
Monday, 15 March 2004, 1:04 PM CET

Computer-related security breaches are on the rise
A computer virus cost Arosnet Internet Services between $5,000 and $8,000 in lost time this year when a client's computer infected its network. [more]
Monday, 15 March 2004, 1:03 PM CET

Wireless LAN security monitors
Network Computing examines tools from major vendors for keeping a wireless LAN secure after it's built. The tools watch out for rogue access points and denial-of-service attacks and perform other tasks to keep attackers at bay. [more]
Monday, 15 March 2004, 12:24 PM CET

Why firewalls aren't always enough
You may think your computer systems are safe behind your firewall. But criminal hackers may still be able to access them--through what's called "social engineering." Robert explains. [more]
Monday, 15 March 2004, 12:09 PM CET

Wisconsin, New York unplug Matrix
Two more states pull out of the interstate criminal and antiterrorism database known as the Matrix. Wisconsin had joined just a few weeks ago, but once the cost and privacy ramifications became clear, the state reconsidered. [more]
Monday, 15 March 2004, 2:14 AM CET

Leaked code still could bear malicious fruit
When news of the leak of a portion of Windows source code broke last month, many in the security community cautioned against overreacting, saying that the leak likely wouldn't lead to a slew of new vulnerability discoveries. [more]
Monday, 15 March 2004, 2:12 AM CET

NZ Police lay first charge for hacking
Police have laid the first charges for hacking under the controversial Crimes Amendment (No 6) Act, which was passed in mid-2003 and carries severe penalties for computer crime. [more]
Monday, 15 March 2004, 2:08 AM CET

Security gadgets yet to seal fate of Japan's hanko tradition
Old habits die hard. The use of carved personal seals in Japan has survived technological leaps which could have rendered them obselete despite their widely acknowledged vulnerability to fraud. [more]
Monday, 15 March 2004, 2:04 AM CET

Security appliances
Is your business properly protected from today's security hackers? We tested several security appliances and found Fortinet's FortiGate 60 to be the leader of the pack. [more]
Friday, 12 March 2004, 12:56 PM CET

802.11i and WPA2: addressing WLAN security weaknesses
As it stands now, WPA2 exists as a subset of the pending 802.11i standard and is designed within the 802.1X framework. It provides a snapshot of how to address weaknesses with robust key management and encryption. [more]
Friday, 12 March 2004, 3:49 AM CET

PKI appliance goes for selective security
A system from Ingrian Networks aims to end network security overkill by concentrating on the important bits. [more]
Friday, 12 March 2004, 3:40 AM CET

Inside the DoD's crime lab
Digital evidence comes in all shapes and sizes: pallets full of computers, a hard drive with an AK-47 bullet hole in it, audio tapes fished out of the ocean, mangled floppies, garbled 911 calls. [more]
Friday, 12 March 2004, 3:39 AM CET

The rethinking of computer security
The security industry is in the midst of a transition, one that promises to profoundly change the way businesses think about the subject. [more]
Friday, 12 March 2004, 3:38 AM CET

Secure coding? Absolutely
Andrew Briney's column, "Secure Coding? Bah!" (January 2004), struck a chord, as it should have been titled "Secure Coding? Absolutely." Given that the software industry as a whole has never made a concerted effort to write better code, it's far too early to throw in the towel. [more]
Friday, 12 March 2004, 3:36 AM CET

We're just innocent techies, say accused spammers
Lawyers for a Florida firm accused of inundating AOL users with spam have hit back with a motion seeking to dismiss the lawsuit. [more]
Thursday, 11 March 2004, 2:32 AM CET

Touching SAP data: user access and biometrics
Enterprises can record when users access data in an SAP system, but biometrics makes it possible to add physical evidence to the log. [more]
Thursday, 11 March 2004, 2:15 AM CET

Qwik-Fix Pro - technical whitepaper
Qwik-Fix Pro works to proactively protect against threats to the Microsoft Windows platform before they are discovered and well before malicious code writers have a chance to develop exploits to compromise hosts that are vulnerable. [more]
Thursday, 11 March 2004, 2:03 AM CET

Why are virus attacks getting worse?
Why have we seen so many new virus attacks in recent weeks? [more]
Thursday, 11 March 2004, 1:55 AM CET

Customers required to waive right to sue
In the face of ongoing attacks by computer hackers, some companies that store their customers' personal data are adopting a new defensive tactic: If your information is stolen, they're not legally responsible. [more]
Thursday, 11 March 2004, 1:33 AM CET

Hacking need not always be a dirty word
Most look at a toaster and see a kitchen appliance. Scott Fullam looks at a toaster and sees an engineering challenge. The result: a toaster that burns the words "hot" or "cool" on the side of a bread slice. [more]
Thursday, 11 March 2004, 1:31 AM CET

Symbiot launches DDoS counter-strike tool
Security company Symbiot is about to launch a product that can hit back at hackers and DDoS attacks by lashing out with its own arsenal of tricks, but experts say it may just be a bit too trigger-happy. [more]
Thursday, 11 March 2004, 12:58 AM CET

Resume fraud gets slicker and easier
Simple misrepresentation of facts on a resume is passe. Lying convincingly is in. [more]
Thursday, 11 March 2004, 12:57 AM CET

Risk management seen key to IT security
In IT security, emotional reactions, panic and legislation are counterproductive. But intelligent risk management can enable organizations to face an uncertain future optimistically. [more]
Thursday, 11 March 2004, 12:43 AM CET

Microsoft rethinks latest security patch
One day after releasing a trio of security patches, Microsoft is upgrading the seriousness of one of those fixes to "critical." [more]
Thursday, 11 March 2004, 12:33 AM CET

Internet providers sue hundreds for spam
Leading Internet companies, in an unusual joint effort among corporate rivals, announced six lawsuits Wednesday against hundreds of people accused of sending millions of unwanted e-mails in violation of the new federal law against "spam." [more]
Thursday, 11 March 2004, 12:31 AM CET

Bypassing China's net firewall
Numerous efforts are under way in the West to help Chinese web users get around China's censorship of the internet. [more]
Wednesday, 10 March 2004, 12:29 PM CET

Net users warned about eBay fraud
The NSW government and police today warned internet buyers about serial fraudsters preying on customers using the Australian site of the world's most popular online auction service. [more]
Wednesday, 10 March 2004, 12:22 PM CET

A peek at script kiddie culture
From the (edited) interview transcript with Andrew D. Kirch you'll learn that one of the "new waves" in DDoS coordination is hijacking corporate conference call facilities. [more]
Wednesday, 10 March 2004, 12:08 PM CET

Microsoft's high-risk security strategy
Fighting to protect its operating system monopoly by making Windows more secure, Microsoft this year finds itself sitting between the rock of inevitable antitrust oversight, and the hard place of its reputation regarding security. [more]
Wednesday, 10 March 2004, 12:04 PM CET

Googling up passwords
Google is in many ways the most useful tool available to the bad guys, and the most dangerous Web site on the Internet for many, many thousands of individuals and organizations. [more]
Wednesday, 10 March 2004, 12:03 PM CET

Patch management
Before rushing out and patching every system, when a new patch is released, a Network Manager must understand the patch and what it is doing. It also needs to be tested on a test network running the business applications prior to be rolled out. The roll out of a patch could compromise your business if it breaks the business software and stops everyone from working. It would not be the first time... [more]
Wednesday, 10 March 2004, 11:57 AM CET

Application firewalls add Web services
Web application firewalls are evolving to support XML- and Web services-based applications, and vendors Teros and NetContinuum are both driving upcoming product releases in that direction. [more]
Wednesday, 10 March 2004, 11:44 AM CET

SSL's credibility as phishing defense is tested
Internet "phishing" scams are incorporating the use of SSL certificates - both real and faked - in their efforts to trick users into divulging sensitive login information for financial accounts. [more]
Wednesday, 10 March 2004, 11:37 AM CET

'This is the final variant' says Netsky virus writer
Should we believe it? Virus writers are so reliable normally… [more]
Wednesday, 10 March 2004, 11:36 AM CET

Bruce Schneier on airport security
Security is only as strong as its weakest link; three locks on the front door do little good if the back door is open. Likewise, the air transportation system is only as secure as the country's most insecure airport, because once someone passes through security at one location, they don't have to do so at another. [more]
Wednesday, 10 March 2004, 11:35 AM CET

Cisco expands integrated security system portfolio
Cisco Systems on Tuesday expanded its integrated security systems product portfolio, unveiling a smorgasbord of new hardware and software tools designed to facilitate enhanced performance, flexibility, and network resilience to security threats. [more]
Wednesday, 10 March 2004, 11:26 AM CET

Review - LANguard Network Security Scanner 3.3
In order to maintain your systems secure you need to keep a constant watch at what vulnerabilities have been released and what your machines are running. Today I'm taking a look at a software title already well-known in the security community that can help you secure your systems. [more]
Tuesday, 9 March 2004, 2:31 AM CET

Linux kernel vuln reloaded
Security researchers have discovered a potentialy serious security vulnerability within a Linux kernel memory management module. [more]
Tuesday, 9 March 2004, 2:11 AM CET

New Sober worm poses as Microsoft patch
A new virus discovered Monday plays off fears generated by last week's wave of worms by masquerading as a patch from Microsoft that purportedly keeps MyDoom at bay. [more]
Tuesday, 9 March 2004, 1:54 AM CET

Card fraud figures show rise in ID theft
Cardholder-not-present tops Apacs plastic card crime league. [more]
Tuesday, 9 March 2004, 1:45 AM CET emerges from virus battle
SCO Group's primary Web site has only just returned to service after being knocked off the Internet more than a month ago by MyDoom.A. [more]
Tuesday, 9 March 2004, 1:40 AM CET

Californian ISP sues Bob Vila site for spam
Californian ISP Hypertouch is taking home improvement website and its marketing agency to court for alleged violations of America's CAN-SPAM Act. [more]
Monday, 8 March 2004, 2:51 PM CET

States join spyware battle
The drive to control "spyware" and other software that hijacks personal computers without owners' permission is spreading to state legislatures, turning up pressure on PC pests. [more]
Monday, 8 March 2004, 2:44 PM CET

U.S. urged to take lead in issuing biometric passports
The State Department should begin issuing passports with chips containing biographic information later in the year; an assistant secretary of state says the United States needs to take the lead encourage other nations to issue similar passports. [more]
Monday, 8 March 2004, 2:43 PM CET

Networking improvements in the 2.6 kernel
The new Linux kernel includes support for and improvements in many areas of networking: from tunneling and better file security to encryption and privacy protection. This article covers how these improvements affect users even as they make Linux more secure and more enterprise-ready. [more]
Monday, 8 March 2004, 2:42 PM CET

Camera phones could threaten company security
Businesses are concerned that camera phones can compromise their security and employees' privacy, and many businesses are trying to ban camera phones from their offices. [more]
Monday, 8 March 2004, 2:42 PM CET

Windows Server 2003 update to precede Longhorn
Stirring up its Windows Server product road map, Microsoft said Friday it plans to ship an updated version of its Windows Server 2003 product before a Longhorn version of the server operating system, expected by about 2007. [more]
Monday, 8 March 2004, 2:40 PM CET

IIS 6.0 security
This article discusses the major default configuration and design changes incorporated in IIS 6.0 to make it a more secure platform for hosting critical web applications. [more]
Monday, 8 March 2004, 2:33 PM CET

A crash course in security incident reporting
Security incidents that federal agencies reported in 2003 reveal a sharply divided picture of information security across the federal government. [more]
Monday, 8 March 2004, 2:30 PM CET

Feds: e-mail subpoena ruling hurts law enforcement
An appeals court refuses to reconsider a ruling that an overbroad subpoena for stored e-mail can qualify as a computer intrusion, despite a plea from the Justice Department to rethink the decision. [more]
Monday, 8 March 2004, 2:29 PM CET

Security forensics
As has been stated more frequently than most people care to remember, security in IT is important. [more]
Monday, 8 March 2004, 2:28 PM CET

What's good about computer viruses
If every computer user simply protected his or her own laptop or PC, virus and worm writers would have to pursue another form of entertainment. [more]
Friday, 5 March 2004, 5:23 PM CET

IT staff offered fast-track hacker course
Put yourself in the cyber-criminals' shoes and protect your network from attack. [more]
Friday, 5 March 2004, 2:47 PM CET

Softbank rocked by giant data leak
Senior execs at Softbank in Japan are to take a pay cut after the personal details of more than four million broadband punters leaked out. [more]
Friday, 5 March 2004, 2:47 PM CET

Does open source software enhance security?
There are several reasons why open-source software provides for superior computer and network security, but the computing public seems confused about why this is so, writes Thomas C Greene. [more]
Friday, 5 March 2004, 12:13 PM CET

Pranksters snow TV weather announcement system
Hacked newscast warns viewers: "All your base are belong to us." [more]
Friday, 5 March 2004, 12:00 PM CET

Updates aim to defuse Bagle ploy
Security companies have started updating their products with more sophisticated techniques aimed at getting inside the encrypted attachments in which the Bagle worm has spread. [more]
Friday, 5 March 2004, 11:54 AM CET

Government agencies must step up security
Aberdeen Group director of security research Eric Hemmendinger said the OMB essentially is embarking on a public relations campaign to raise awareness about the need to improve security in agency IT systems. [more]
Friday, 5 March 2004, 11:52 AM CET

'War driver' finds easy pickings
Unsecured wireless systems can be tapped. [more]
Thursday, 4 March 2004, 1:51 PM CET

CIA invests in start-ups. The payoff? Technology
That's right: The CIA is investing in tech start-ups. At a time when the CIA has come under fire for intelligence lapses, In-Q-Tel offers a promising path to technology that might help the agency spot trouble sooner and make fewer errors. [more]
Thursday, 4 March 2004, 1:46 PM CET

New bill aims to shine light on spyware
If you've ever wondered how software got on your computer, and spent even more time wondering how to get it off, chances are you've encountered spyware. [more]
Thursday, 4 March 2004, 1:06 PM CET

HP, Philips advance on digital-rights front
HP has been outspoken about its support for creating technologies that uniformly protect digital content. HP also says it is guided by a digital-rights management philosophy that respects the rights of consumers to use the music and movies they purchase according to fair-use laws. [more]
Thursday, 4 March 2004, 12:09 PM CET

PKI vendors wanted
A decade of work has led to public-key infrastructure standards that are close to making digital authentication a governmentwide reality, General Services Administration officials announced this week. [more]
Thursday, 4 March 2004, 12:06 PM CET

El Reg badly misguided on cyber-terror threat
The Register's recent, negative review of "Black Ice: The Invisible Threat of Cyber-Terrorism" by Dan Verton drew a good deal of reader mail, including a request by the author to debate the issues raised in their article, and his book. [more]
Thursday, 4 March 2004, 12:04 PM CET

Linux wireless networking
In this article, Sreekrishnan Venkateswaran explains wireless networking with WLAN, Bluetooth, GPRS, GSM, and IrDA from a Linux perspective. He uses various wireless devices and the corresponding kernel layers and user space tools to demonstrate how they work with Linux. [more]
Thursday, 4 March 2004, 11:53 AM CET

UK provider warns users about leaked Windows code
British broadband provider BTopenworld has sent warning letters to a number of its customers, warning them that if they continue to share copies of the Windows source code that they would violate the company's acceptable use policy and have their connections terminated. [more]
Thursday, 4 March 2004, 11:48 AM CET

Using the GNU Privacy Guard
The GNU Privacy Guard can be regarded as a complete replacement for the popular PGP (Pretty Good Privacy) software. [more]
Thursday, 4 March 2004, 11:41 AM CET

Worms eat away ISP's profits
Internet services providers in North American will spend hundreds of millions of dollars dealing with worms this year, according to a study. [more]
Thursday, 4 March 2004, 11:35 AM CET

Bagle worm has gateway AV scanners caught by surprise
Although by now most vendors have implemented some kind of patch to combat the most recent variant of the Bagle worm, fact remains this malware managed to defeat a large number of vendors' gateway AV scanners. The culprit? A password protected zip file that carries the Bagle worm. [more]
Thursday, 4 March 2004, 11:02 AM CET

Visualizing WEP insecurity
This article describes how one can setup and perform a small wireless demonstration that is quick and easy to perform with a good visual result to trigger the attention of your co-workers. [more]
Wednesday, 3 March 2004, 12:33 PM CET

Protect your wireless network
If you have a wireless network set up in your home, you might be inviting criminals to steal from you without even having to break in. [more]
Wednesday, 3 March 2004, 12:25 PM CET

Network protocol stack and TCP hacking
The network protocol stack, which forms the carrier and pipeline of data from one host to another is designed in such a way that we can interact with different layers at desired level. [more]
Wednesday, 3 March 2004, 12:09 PM CET

The next step in the spam control war: greylisting
This paper proposes a new and currently very effective method of enhancing the abilities of mail systems to limit the amount of spam that they receive and deliver to their users. [more]
Wednesday, 3 March 2004, 12:07 PM CET

Virus writers start dissing match with new worms
The virus onslaught continued late Tuesday as new versions of Bagle and MyDoom hit the Internet. The latest versions appeared to serve as digital graffiti, with the code delivering secret messages to the anonymous authors of other "competing" worms. [more]
Wednesday, 3 March 2004, 12:04 PM CET

Compartmentalize your network to improve security
An often-overlooked layer of defense can provide last-ditch protection against malicious software threats. [more]
Wednesday, 3 March 2004, 12:02 PM CET

Your password to everything
There are few people around in the developed world today who would argue that the importance of computer systems has decreased over the last few years. [more]
Wednesday, 3 March 2004, 12:00 PM CET

Bolstering Security With smart cards and tokens
The solution, security vendors say, is to make it more difficult to access business networks and applications, while still keeping procedures easy enough so users don't rise up in protest. [more]
Wednesday, 3 March 2004, 11:56 AM CET

Security experts hit back at presidential advisor
Security experts have been quick to hit back at an advisor of President Bush for criticising software developers' coding practices. [more]
Wednesday, 3 March 2004, 11:44 AM CET

Card technology vs token technology
This is a tough question in any corporate environment that is addressed more often than not. What are the cost factors between the two offers? [more]
Wednesday, 3 March 2004, 11:43 AM CET

HIPAA security rule
This article presents a detailed overview of the American HIPAA (Health Insurance Portability and Accountability Act) Security Rule and key factors you should consider when preparing to comply with the rule. [more]
Wednesday, 3 March 2004, 11:42 AM CET

Automated kits fuel virus epidemic
Virus creation kits blamed as new variants Netsky.D and Bagel.G appear. [more]
Tuesday, 2 March 2004, 3:09 PM CET

Viruses thwart security measures
The findings were revealed in early results of a UK government survey that catalogues security breaches suffered by British businesses. [more]
Tuesday, 2 March 2004, 2:36 PM CET

Sonicwall Pro 4060 & 3060
Two VPN/firewall appliances that are easy to manage and upgrade. [more]
Tuesday, 2 March 2004, 1:20 PM CET

Is password-lending a cybercrime?
A judge's wrongheaded interpretation of the federal Computer Fraud and Abuse Act illustrates the problems of allowing civil enforcement of a criminal law. [more]
Tuesday, 2 March 2004, 1:19 PM CET

War dialling: Slamming the backdoor on hackers
Internet users worried about security breaches are so preoccupied with enforcing the front gate that many inadvertently leave the backdoor ajar to be exploited by hackers. [more]
Tuesday, 2 March 2004, 12:55 PM CET

IP security to encrypt post office banking
The Post Office is to use internet protocol-based technology to encrypt basic banking transactions at more than 16,500 Post Offices in the UK. [more]
Tuesday, 2 March 2004, 12:02 PM CET

Spam tide may be turning
Major announcements at the RSA Conference here last week—in addition to recent anti-spam technology advances—mark the beginning of the end of spam as we know it. [more]
Tuesday, 2 March 2004, 11:54 AM CET

New worm spreading through e-mail
A new computer worm dubbed "Netsky-D" was clogging e-mail systems around the world after emerging on Monday, a security expert said. [more]
Tuesday, 2 March 2004, 11:48 AM CET

Australia escapes virus nightmare
Despite being faced with a virulent new version of Netsky and more "Bagles" than a New York deli, Australia's email systems have remained relatively untroubled by the mass of internet virus that have descended since the weekend. [more]
Tuesday, 2 March 2004, 11:41 AM CET

Security increased for Tuesday's e-voting
With a record number of voters casting electronic ballots on Super Tuesday, election officials from California to Maryland are beefing up security to prevent problems ranging from software glitches to hackers. [more]
Tuesday, 2 March 2004, 11:39 AM CET

How not to be seen
In a world where the spies have unparalleled access to our everyday lives, there are some simple ways to make them earn their pay. [more]
Monday, 1 March 2004, 4:15 PM CET

US court: reverse engineering is 'presumptively legal'
Using reverse-engineering methods to find out about proprietary software is not illegal, rules a Californian court. [more]
Monday, 1 March 2004, 4:10 PM CET

Don't wait to be hit by cyber-crime
NHTCU warns UK firms to polish IT security practices. [more]
Monday, 1 March 2004, 4:06 PM CET

Open software, secure software
Even experts can disagree. Linux & Open-Source Center Editor Steven Vaughan-Nichols thinks the open-source approach does lead to more secure software. [more]
Monday, 1 March 2004, 1:51 PM CET

Government backs quantum cryptography
DTI and e-Envoy to investigate 'hack-proof' technology. [more]
Monday, 1 March 2004, 1:48 PM CET

Review - HackNotes Web Security Pocket Reference
The book is written on a way that follows HackNotes schemes - it covers possible security issues, methods of exploiting them, as well suggestions and hints on the things to do to make the attacker's life as complicated as possible. [more]
Monday, 1 March 2004, 1:46 PM CET

Microsoft enlists developers in security push
Microsoft is readying updates to its programming tools that will be released in tandem with Windows XP Service Pack 2, a security-oriented release of Windows due later this year. [more]
Monday, 1 March 2004, 1:26 PM CET

E-mail of the future to combat spam
Microsoft and Yahoo! Inc are each developing systems aimed at authenticating senders of e-mail. America Online Inc. is testing a third. [more]
Monday, 1 March 2004, 12:50 PM CET

US moves to squelch chinese encryption plans
U.S. government and industry bodies oppose a proposed Chinese wireless encryption standard that they believe will undermine the World Trade Organization's crucial trade efforts with China. [more]
Monday, 1 March 2004, 12:21 PM CET

German revolt against RFID
Metro Group has abandoned a trial of RFID radio tags, after protests by digital rights activists. [more]
Monday, 1 March 2004, 12:20 PM CET

Microsoft enlists developers in security push
Microsoft is readying updates to its programming tools that will be released in tandem with Windows XP Service Pack 2, a security-oriented release of Windows due later this year. [more]
Monday, 1 March 2004, 12:18 PM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th