Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Off The Wire Archive

News items for March 2005

Windows Server 2003 SP1 is here
SP1 heavily laced with security fixes. [more]
Thursday, 31 March 2005, 11:26 AM CET

Microsoft expands Windows piracy check on downloads
Policy will apply to local langauge add-ons. [more]
Thursday, 31 March 2005, 10:57 AM CET

Vendors offer IP-telephony security services
Enterasys Networks and Lucent Technologies introduced a package of services designed to improve the security of IP telephony networks. [more]
Thursday, 31 March 2005, 10:09 AM CET

Web browser forensics, part 1
This article provides a case study of digital forensics, and investigates incriminating evidence using a user's web browser history. [more]
Thursday, 31 March 2005, 9:06 AM CET

Apprentice hacker rings up large phone bill
An "apprentice" hacker broke into the PABX (private automatic branch exchange) system of John James Hospital in Canberra, Australia, last week and made more than A$5,000 (US$3,850) worth of international calls. [more]
Thursday, 31 March 2005, 8:19 AM CET

Sweating over security - new exams from Microsoft
Two new exams for developers really put your secure coding expertise to the challenge. [more]
Thursday, 31 March 2005, 7:28 AM CET

New identity theft scenarios
Just wanted to let in all of my friends and family on a secret a learned while attending an Identity Theft class put on at the Ontario Convention Center on March 22, 2005. [more]
Thursday, 31 March 2005, 6:15 AM CET

7 computer security tips for students
Preparing for school used to mean filling a backpack with a handful of sharpened pencils, spiral notebooks, and a dozen textbooks. [more]
Thursday, 31 March 2005, 5:05 AM CET

Protect wireless access using MAC address filters
There are a number of basic steps you should take to protect your wireless network and filtering MAC addresses is one more way to secure it. [more]
Thursday, 31 March 2005, 4:21 AM CET

Microsoft drops Blaster virus writer fine
Parsons' punishment, an alternative to paying Microsoft back the money, was the result of an agreement between prosecutors, defense attorneys and Microsoft representatives yesterday. [more]
Thursday, 31 March 2005, 3:31 AM CET

Surfers urged to take phishing IQ test
Get smart, not ripped off. [more]
Thursday, 31 March 2005, 1:01 AM CET

EMEA enterprise security market up 49% in Q4 2004
The Europe, Middle East and Africa (EMEA) enterprise security market continued its impressive record of growth in the fourth quarter of 2004 to achieve the highest value yet seen in a single quarter. [more]
Thursday, 31 March 2005, 12:09 AM CET

Europeans worry about online banking security
Phishing, keystroke logging and other types of scams are increasingly worrying users of online banking services in Europe while scaring others away, according to a report issued Tuesday from Forrester Research Inc. [more]
Wednesday, 30 March 2005, 5:29 PM CET

Analysts slam hacker law changes
Technology darling Derek Wyatt MP is proposing changes to the Computer Misuse Act next week but analysts from the Butler Group says the changes don't go far enough. [more]
Wednesday, 30 March 2005, 5:28 PM CET

Malware comes of age: the arrival of the true computer parasite
Even though malware has been a recognised threat within the general IT community for well over 15 years, it is effectively a bigger problem now than it has ever been before. [more]
Wednesday, 30 March 2005, 5:27 PM CET

Logon type codes revealed
The logon/logoff category of the Windows security log gives you the ability to monitor all attempts to access the local computer. [more]
Wednesday, 30 March 2005, 5:25 PM CET

Network to fight back against DoS attacks
"Service providers that are cooperating by sharing attack fingerprints are helping mitigate these threats more quickly and closer to the source, thus making the Internet a more secure place," says Yankee Group senior analyst Jim Slaby. [more]
Wednesday, 30 March 2005, 5:18 PM CET

Microsoft working on new ID system
Microsoft Corp. will build software for managing identities into Windows in order to beef up security by giving users more control over their personal information, the world's largest software maker said Tuesday. [more]
Wednesday, 30 March 2005, 5:17 PM CET

Phone hackers tap into hospital
Cyber criminals have hacked into a private hospital's telephone system, racking up almost $5,000 in international calls in an attack experts warn is becoming increasingly common. [more]
Wednesday, 30 March 2005, 5:05 PM CET

New Warps to provide security early warning
The government has stepped up its drive to protect the UK's critical technology infrastructure by backing the creation of computer security and cybercrime information exchanges for businesses in Yorkshire and the North East. [more]
Wednesday, 30 March 2005, 4:48 PM CET

Phishers spread net for smaller prey
Fraudsters moving away from banks towards e-commerce sites. [more]
Wednesday, 30 March 2005, 4:46 PM CET

Net fingerprints combat attacks
Eighty large net service firms have switched on software to spot and stop net attacks automatically. [more]
Wednesday, 30 March 2005, 4:45 PM CET

Tackling the enemy within
Staff training is as vital to network security as the most cutting-edge patch or state-of-the-art email filter. [more]
Wednesday, 30 March 2005, 4:43 PM CET

Breaking firewalls with OpenSSH and PuTTY
If the system administrator deliberately filters out all traffic except port 22 (ssh), to a single server, it is very likely that you can still gain access other computers behind the firewall. [more]
Tuesday, 29 March 2005, 3:12 PM CET

Practically certified
Recent changes to the GIAC makes one question the value of certification for the security industry. [more]
Tuesday, 29 March 2005, 3:10 PM CET

Stolen UC Berkeley laptop exposes personal data
A thief recently walked into a University of California, Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni. [more]
Tuesday, 29 March 2005, 3:09 PM CET

Industry teams up to finger hackers
Official database to examine the behaviour of attacks against IT systems. [more]
Tuesday, 29 March 2005, 3:07 PM CET

The 10 worst security practices
Security specialists are constantly on the lookout for proven methods we can replicate to keep our networks and data safe. [more]
Tuesday, 29 March 2005, 3:06 PM CET

DNA key to decoding human factor
For law enforcement officials charged with busting sophisticated financial crime and hacker rings, making arrests and seizing computers used in the criminal activity is often the easy part. [more]
Tuesday, 29 March 2005, 3:04 PM CET

Cisco, EarthLink, MCI join forces against cyber attacks
Telecom equipment providers and network operators, including Cisco Systems Inc., EarthLink Inc. and MCI Inc., unveiled on Monday an alliance to combat cyber attacks. [more]
Tuesday, 29 March 2005, 3:03 PM CET

Oracle snaps up security firm
Database behemoth Oracle continued its shopping spree yesterday when it bought Oblix, a privately-owned security firm, for an undisclosed amount. [more]
Tuesday, 29 March 2005, 3:00 PM CET

Legal fears halt Apple virus competition
Organisers scrap $25,000 challenge to infect OS X. [more]
Tuesday, 29 March 2005, 2:59 PM CET

Mitnick sequel fails to hack it
Whereas Art of Deception had a simple theme - how social engineering gets around your computer defences - Art of Intrusion is less sure of its ground. [more]
Tuesday, 29 March 2005, 2:58 PM CET

Why due diligence as a defense is not enough
While businesses have invested in technologies such as firewalls, intrusion detection, and now intrusion prevention, we are all too familiar with FUD (Fear, Uncertainty, and Doubt). How many presentations have you attended in the last six months where a security service provider discusses “Code Red”, “Nimda” or “Slammer”? The most recent of these is now two years old. So why are we still discussing them? One word, “fear”. [more]
Monday, 28 March 2005, 10:46 AM CET

Microsoft considering desktop, security certs
New cert options for MCPs may be in future. [more]
Monday, 28 March 2005, 6:23 AM CET

Microsoft funding of security report decried
Finding that system is superior to Linux is biased, critics say. [more]
Monday, 28 March 2005, 5:17 AM CET

Security debate centers on Firefox and IE
Microsoft Internet Explorer developer Dave Massy responded to a Mozilla Foundation claim that Firefox will "always" be more secure. [more]
Monday, 28 March 2005, 4:01 AM CET

How to hire an IT security consultant
Relying on the three Ts can help: thoroughness, timing, and trust. [more]
Monday, 28 March 2005, 3:27 AM CET

Six years after Melissa, mass-mailed malware has peaked
On March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to addresses it dug out of infected machines, swept the Internet. Six years later, mass-mailed worms have reached their peak, said the researcher who led authorities to the hacker who wrote Melissa. [more]
Monday, 28 March 2005, 2:15 AM CET

Today's "hacker" most interested in money
More malicious code out to get secret information. [more]
Monday, 28 March 2005, 1:14 AM CET

SEC faulted for lax data security in GAO report
Personal data held in a government database is at increased risk of unauthorized disclosure, modification, or loss--possibly without anyone knowing, government auditors reported Thursday. [more]
Monday, 28 March 2005, 12:04 AM CET

Apple pulls Mac OS X server version of update
Apple pulls Security Update 2005-003 for Mac OS X Server likely because of the severe issues affecting IMAP and APOP e-mail service. [more]
Thursday, 24 March 2005, 12:33 PM CET

Tips for when hackers strike
Last week I was faced with the situation every user and administrator dreads -- my Web server was hacked. [more]
Thursday, 24 March 2005, 12:30 PM CET

How to set up DNS for Linux VPNs
This excerpt from InformIt examines how to properly set up DNS for your Linux VPN. [more]
Thursday, 24 March 2005, 12:28 PM CET

'Doomsday nerds' defend cyberspace
From the outside it looks like a home for a Hobbit or two, but inside are analysts monitoring banks of screens feeding security alerts from monitored components of its clients' networks. [more]
Thursday, 24 March 2005, 12:19 PM CET

Firefox plugs security hole
Firefox maker Mozilla has released a downloadable update of its web browser to fix a security bug. [more]
Thursday, 24 March 2005, 12:18 PM CET

Survey claims insufficient security spending
FTSE 250 CIOs call for greater security budgets. [more]
Thursday, 24 March 2005, 12:18 PM CET

Hacker sentenced to nearly four years
A man who pleaded guilty to hacking into an Arkansas data company's computer system and stealing personal identification files was sentenced Wednesday to nearly four years in federal prison. [more]
Thursday, 24 March 2005, 12:14 PM CET

Drive-by Trojans exploit browser flaws
Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. [more]
Wednesday, 23 March 2005, 7:58 PM CET

Adware dominates PC malware infections
Adware rather than spyware is the most common problem code on PCs, according to a recent survey of infected PCs. [more]
Wednesday, 23 March 2005, 7:52 PM CET

PyMusique author hacks Apple's iTunes fix
Once again, software will allow you to download songs without DRM. [more]
Wednesday, 23 March 2005, 7:51 PM CET

Spamming spammers?
IBM to offer service to bounce unwanted e-mail back to the computers that sent them. [more]
Wednesday, 23 March 2005, 10:29 AM CET

Duo charged over DDoS for hire scam
The FBI last week arrested a 17 year-old and a Michigan man over suspected involvement in a denial of service for hire racket. [more]
Wednesday, 23 March 2005, 10:28 AM CET

Former IT manager, current security threat?
In the wake of the dot-com crash and numerous financial scandals that have rudely ushered in the new millennium, we've become accustomed to seeing corporate executives sentenced to prison. [more]
Wednesday, 23 March 2005, 10:22 AM CET

Is your Mac really more secure?
Compared to the Windows/Intel Win32 platform, Mac OS X looks like an attractive alternative, at least when malware is the deciding factor. [more]
Wednesday, 23 March 2005, 10:21 AM CET

Report: viruses, phishing not going away soon
Symantec said phishing -- the criminal strategy of sending e-mail that appears to come from financial institutions asking for account information and passwords -- jumped 366 percent in the last 6 months of 2004, compared to the first half of the year. [more]
Wednesday, 23 March 2005, 10:18 AM CET

Desperate housewives spam used to spread spyware
There has been a sharp increase in spam messages purporting to offer the details of women looking for casual sex in recent weeks. [more]
Tuesday, 22 March 2005, 3:54 PM CET

Brazilian cops net 'phishing kingpin'
Brazilian police last week arrested the suspected kingpin of a gang which looted an estimated $37m from online banking accounts. [more]
Tuesday, 22 March 2005, 3:29 PM CET

Business school 'hack' raises ethical questions
Where do morality and ethics end, and criminality begin? What is the appropriate "punishment" for the crime of curiosity coupled with the act of snooping? [more]
Tuesday, 22 March 2005, 2:32 PM CET

Huge rise in IM backdoor attacks
Hackers increasingly spreading malicious code via instant messaging. [more]
Tuesday, 22 March 2005, 1:57 PM CET

Your iptable is ready: using a Linux firewall
Roll out the unwelcome mat for online attackers with one of the most powerful security tools in the open-source world. [more]
Tuesday, 22 March 2005, 1:26 PM CET

Monitoring made harder by cookie security fears
Security fears are driving more than half of all internet users to routinely delete cookies from their computers, which is making it difficult for businesses to monitor the behaviour of visitors to their websites. [more]
Tuesday, 22 March 2005, 1:04 PM CET

For network security, build a m0n0wall
M0n0wall is an open source firewall and wireless router developed by Manuel Kasper, built on a stripped-down FreeBSD operating system. [more]
Tuesday, 22 March 2005, 12:55 PM CET

OS X security update fixes phishing flaw
Apple has released a security update to Mac OS X Panther that patches a vulnerability in the Safari browser. [more]
Tuesday, 22 March 2005, 12:37 PM CET

Wireless security top concern for financial companies
Monday's second annual "Wireless On Wall Street" summit in New York gathered a diverse crowd of business and technology professionals from banks, brokerages, and insurance companies of all sizes. [more]
Tuesday, 22 March 2005, 12:33 PM CET

Police catch $37m global phishing fraudster
Suspected gang leader arrested in Brazil. [more]
Monday, 21 March 2005, 3:58 PM CET

Automated security management gaining favor
Businesses are piling onmore and more tools as they fend off mounting security threats. [more]
Monday, 21 March 2005, 2:53 PM CET

US authorities warn of bogus anti-spyware
Spyware Assassin closed down after making 'deceptive claims'. [more]
Monday, 21 March 2005, 2:51 PM CET

Freedom from security
The ability for a company to enforce corporate security policy diminishes severely once a computer is used outside of the office. For example, if a worker takes a company laptop for a week, who is responsible for ensuring that corporate security policy is followed when the machine is being used? [more]
Monday, 21 March 2005, 1:56 PM CET

Internet phones a hacking risk?
Low-cost services may attract identity thieves looking to turn stolen credit cards into cash. [more]
Monday, 21 March 2005, 1:38 PM CET

Managing security in a compliance-crazy world
Products from eSecurity, nCircle, eEye, Enterasys, and NetIQ ease documentation burden. [more]
Monday, 21 March 2005, 1:32 PM CET

Spyware - worse than viruses?
Any company that has been the victim of a computer virus attack will understand just how big a problem it is. [more]
Monday, 21 March 2005, 1:21 PM CET

Half of viruses written for criminal gain
Symantec report reveals 54 per cent of malware written to steal identities. [more]
Monday, 21 March 2005, 1:20 PM CET

ID scheme will be a costly, dangerous failure, says LSE report
A report published today by the London School of Economics' Department of Information Systems concludes that the proposals set out in UK Government's ID Cards Bill are "too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence. [more]
Monday, 21 March 2005, 1:18 PM CET

Half of UK adults fear ID theft
Londoners most at risk as internet fraud soars. [more]
Monday, 21 March 2005, 1:16 PM CET

Experts suspect insider in hackers bid to steal £220m
Detectives are investigating the possibility of insider involvement in a daring electronic bid to steal £220m from the London headquarters of a Japanese corporate bank. [more]
Friday, 18 March 2005, 1:41 PM CET

Planned bank heist raises Trojan warnings
A recently foiled bank heist in London has some security experts issuing heightened warnings about key-logging Trojans. [more]
Friday, 18 March 2005, 1:02 PM CET

Are you safer with Firefox?
Is Firefox a more secure web browser than Microsoft's Internet Explorer? [more]
Friday, 18 March 2005, 1:01 PM CET

How to justify information security spending
At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. [more]
Friday, 18 March 2005, 12:58 PM CET

Linux Kernel security, again
It's a sad day when an ancient fork bomb attack can still take down most of the latest Linux distributions. [more]
Friday, 18 March 2005, 12:48 PM CET

IM viruses increase by 50 per cent a month
F-Secure detects more than 200 instant messaging worms. [more]
Friday, 18 March 2005, 12:45 PM CET

Automated patching, easy approach to security
Patch management is an essential administration task within today's busy IT networks with the constant threat of new security bugs. [more]
Friday, 18 March 2005, 12:44 PM CET

Will biometric security harm users?
Microsoft has launched a keyboard that uses biometric data for authentication, the nattily named Optical Desktop Elite with Fingerprint Reader for Bluetooth. [more]
Friday, 18 March 2005, 12:35 PM CET

Rootkits leave antivirus systems powerless
No defence in standard antivirus code. [more]
Friday, 18 March 2005, 12:27 PM CET

Networks under threat from RFID rollouts
IDC's report, commissioned by Cisco, predicts that RFID will have a significant impact on enterprise networks not just because of the number of tags involved, but because of the amount of data each tag could hold and the number of times it is scanned during transit or processing. [more]
Friday, 18 March 2005, 12:26 PM CET

Anti-virus vulnerabilities strike again
Users of McAfee’s anti-virus products were warned this week of a potentially serious security vulnerability. [more]
Friday, 18 March 2005, 12:24 PM CET

International hackers attempt massive heist
High Tech Crime Unit smashes £220m hacking ring. [more]
Thursday, 17 March 2005, 12:34 PM CET

Alliance to secure wired and wireless networks
Performance Technologies has teamed up with Open System Consultants (OSC) to provide GSM operators secure authentication, authorisation and accounting for wired or wireless networks. [more]
Thursday, 17 March 2005, 8:36 AM CET

Secure batch email with UUCP and SSH
The POP protocol is no solution for people (like me) who want to fetch their email in a practical and efficient manner from multiple locations, be it from a dial-up account or a fixed Internet link. Thus, it seemed to me that UUCP over SSH provides great benefits for those people. [more]
Thursday, 17 March 2005, 8:35 AM CET

A method for forensic previews
This article explains the forensic preview process, whereby a production machine is left as undisturbed as possible while it is evaluated for potential intrusion and compromise. [more]
Thursday, 17 March 2005, 8:32 AM CET

"Holy Father" on rootkit writing for fun and profit
Rootkit author discusses efforts to highlight weaknesses in software security. [more]
Thursday, 17 March 2005, 8:28 AM CET

Auditors find IRS workers prone to hackers
More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password. [more]
Thursday, 17 March 2005, 8:26 AM CET

Make security business-orientated, says expert
Information security today is not about tackling the hacker question but using security models to create business value, according to KPMG risk advisory associate director Rob Goldberg. [more]
Thursday, 17 March 2005, 6:09 AM CET

Hackers control more than a million PCs
German study finds botnet attacks worse than expected. [more]
Thursday, 17 March 2005, 4:31 AM CET

Limewire patches serious snooping bugs
Limewire users need to update their software following the discovery of a brace of vulnerabilities. [more]
Thursday, 17 March 2005, 2:04 AM CET

US cyber-security 'nearly failing'
Government agencies scrape through with a 'D+' rating. [more]
Thursday, 17 March 2005, 1:02 AM CET

FIMA conference focuses on IM security
Instant messaging has revolutionized the way colleagues communicate, but increasing regulations and a growing number of security breaches in the medium have businesses concerned about how much sensitive information might be getting into the wrong hands. [more]
Thursday, 17 March 2005, 12:38 AM CET

Writing an incident handling and recovery plan
The following is an outline of a typical generalized incident handling and response plan for a small to mid-sized organization that doesn't have a dedicated incident response staff. [more]
Wednesday, 16 March 2005, 9:13 PM CET

Botnets multiplying over IRC
Honeynet Project reports hundreds of attacks a month. [more]
Wednesday, 16 March 2005, 1:17 PM CET

IT manager sentenced to prison in hacking case
An Orange, Calif., IT manager who earlier pled guilty to hacking into his previous employer's computer network was sentenced Monday to five months in prison, the U.S. Attorney's Office said Tuesday. [more]
Wednesday, 16 March 2005, 8:52 AM CET

Microsoft security practice raises concerns
Microsoft Corp. is giving early versions of its software security patches to the U.S. Air Force and other organizations, a practice some experts fear could give rogue hackers important details about how to break into unprotected computers on a massive scale. [more]
Wednesday, 16 March 2005, 8:50 AM CET

ChoicePoint says it's sorry
ChoicePoint's chief executive apologized Tuesday to 145,000 customers exposed to identity theft but he had difficulty convincing some lawmakers the company was doing enough to resolve the problem. [more]
Wednesday, 16 March 2005, 8:49 AM CET

Windows firewalls lacking
For something as simple as a firewall for Windows servers, a good solution just doesn't exist. [more]
Wednesday, 16 March 2005, 5:41 AM CET

Networking titans build out SAN, MAN wares
Network vendors are pushing the envelope with hardware tuned for backup, larger networks, and wireless security, as evidenced by new wares from Cisco, Foundry, and Juniper. [more]
Wednesday, 16 March 2005, 5:28 AM CET

UK firms face 'spiralling threat' from email misuse
Clear and present danger as 'banter culture' prevails. [more]
Wednesday, 16 March 2005, 4:05 AM CET

Hackers can beat security tokens
Two-factor authentication 'doesn't solve anything', claims security expert. [more]
Wednesday, 16 March 2005, 3:23 AM CET

European IT heads have false sense of security
70 percent of companies are open to internet attack. [more]
Wednesday, 16 March 2005, 2:21 AM CET

New worm throws 'smachdown' on users
Elitper-D, a worm new to the Wild, is conning users by disguising itself as a screensaver. [more]
Wednesday, 16 March 2005, 1:17 AM CET

Get smart about AV good buys and bad buys
While security purchases are likely to be the most crucial decisions an organisation will make, anti-virus (AV) software remains AV software whichever way you choose to look at it. [more]
Tuesday, 15 March 2005, 12:42 PM CET

Microsoft to ditch passwords
"We are at a confidence crisis. For the first time we run the risk of taking a step backwards and the reason is the threat of identity theft," said RSA Security chief executive Art Coviello. [more]
Tuesday, 15 March 2005, 12:07 PM CET

Government and industry back IT security professionalism plans
Proposals to create a professional institution that would set minimum standards of professionalism for IT security specialists have won backing from the government and leading businesses. [more]
Tuesday, 15 March 2005, 12:06 PM CET

Personal information taken in Nevada DMV office break-in
Personal information from more than 8,900 people was stolen when thieves broke into a Nevada Department of Motor Vehicles office, officials said Friday. [more]
Tuesday, 15 March 2005, 12:05 PM CET

Controversial report finds Windows more secure than Linux
Contrary to popular wisdom, Windows appears to be more secure than a popular version of Linux, according to an upcoming report from two security researchers. [more]
Tuesday, 15 March 2005, 12:04 PM CET

Secure your server with LIDS
The Linux Intrusion Detection System (LIDS) is a kernel patch for both 2.4 and 2.6 kernels that adds Mandatory Access Control (MAC) and other security enhancements to the Linux kernel. [more]
Tuesday, 15 March 2005, 12:02 PM CET

Award recognises US professor's contribution to cyber security
The International Information Systems Security Certification Consortium, (ISC)2, has presented Dorothy Denning, one of the world's leading information security experts, with an award for her contribution to cyber security and encryption. [more]
Tuesday, 15 March 2005, 12:00 PM CET

Stress afflicts security bosses
Keeping computer viruses at bay is more stressful than divorce, warns a survey. [more]
Tuesday, 15 March 2005, 11:59 AM CET

IT sec community has false sense of security
A false sense of security could lead IT managers to getting the sack, a new survey has revealed. [more]
Tuesday, 15 March 2005, 11:53 AM CET

Revisiting NLB bidirectional affinity on ISA Server 2004 SE
Given that NLB is a popular feature, I think its important to provide you more information on this subject. [more]
Tuesday, 15 March 2005, 11:52 AM CET

Firms overlook threat from the enemy within
Sites not fully protected, according to study. [more]
Monday, 14 March 2005, 5:42 PM CET

Deceptive duo hacker changes plea
Robert Lyttle, one of two hackers behind the Deceptive Duo team responsible for a number of network breaches in 2002, including a U.S. Navy database, has decided to plead guilty to the charges filed by the U.S. Attorneys' Office last year, according to documents filed in the case.
[more]
Monday, 14 March 2005, 5:28 PM CET

FTC bars bogus anti-spyware claims
Free scans detected spyware that wasn’t there. [more]
Monday, 14 March 2005, 4:17 PM CET

Supermarkets next in line for phishing attacks
Online retailers are likely to become the next target of 'phishing' scams, UK police warned last weekend. [more]
Monday, 14 March 2005, 2:10 PM CET

AOL explains its privacy policy
America Online spokesman Andrew Weinstein responded to a request for more information about AOL Instant Messenger's terms of service, which I wrote about Saturday after spotting it on Slashdot. [more]
Monday, 14 March 2005, 2:02 PM CET

Applicants face rejection for hacking attempts
An applicant to the business school of Duke University who tried to hack into his admission file has been rejected, school officials said Friday. [more]
Monday, 14 March 2005, 2:00 PM CET

The CISM prep guide: mastering the five domains of information security management
Certified Information Security Manager (CISM) is a certification developed by the Information Systems Audit and Control Association (ISACA). This book is a guide that is supposed to make your road to certification easier. Read on to get the details. [more]
Monday, 14 March 2005, 1:56 PM CET

Alternative browser spyware infects IE
Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. [more]
Monday, 14 March 2005, 12:14 PM CET

Schneier: tokens won't completely secure data
Technology isn't going to protect e-commerce customers -- stronger government regulation is what will get the attention of online banks and merchants, forcing them to stop being casual about security, said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security. [more]
Monday, 14 March 2005, 12:05 PM CET

Microsoft security practice raises fears
Peiter "Mudge" Zatko, a security expert who has worked for both the Clinton and Bush administrations, said the risk from Microsoft's effort was "the worst possible thing for national security." [more]
Monday, 14 March 2005, 12:01 PM CET

Study: CIOs to target network security
What are local chief information officers putting at the top of their to-do lists in the next year? [more]
Monday, 14 March 2005, 11:59 AM CET

F-Secure takes on hidden malicious code
Finnish security firm F-Secure last week debuted a scanner for "rootkits", software used by some hackers to hide their malicious code, and posted a free beta of the tool to its website. [more]
Monday, 14 March 2005, 11:57 AM CET

Hosting your own web server: things to consider
Are you disgusted or disappointed with your current web host? Have you switched web hosting companies too many times? Have you thought of hosting your own website(s)? Do you have the ambition to control and manage your own web server? [more]
Friday, 11 March 2005, 11:02 AM CET

An illustrated guide to cryptographic hashes
With the recent news of weaknesses in some common security algorithms (MD4, MD5, SHA-0), many are wondering exactly what these things are... [more]
Friday, 11 March 2005, 11:00 AM CET

Oz investigators bust 'file-sharing' ISP
Australian anti-piracy operatives have raided an ISP suspected of using BitTorrent to "allow the pirating of hundreds of thousands of songs and video clips". [more]
Friday, 11 March 2005, 10:58 AM CET

Anti-phishing laws on the cards
The US is drawing up a law to outlaw phishing, and EU legislation is likely to follow. [more]
Friday, 11 March 2005, 10:46 AM CET

Windows honeypot foils worms
A new Microsoft labs project could lead to better security for Windows servers. [more]
Friday, 11 March 2005, 10:35 AM CET

Companies turn to secure IM to meet privacy concerns
With the use of instant messaging on an upswing, companies concerned about security, regulatory and privacy issues are sometimes turning to secure IM solutions that allow only authorised users access to IM -- while stopping others from sending instant messages. [more]
Friday, 11 March 2005, 10:30 AM CET

Many Wi-Fi nets open to security breaches
The explosion of Wi-Fi networks both in businesses and in public hotspots is needlessly exposing businesses and individual users to security risks because proper precautions aren't taken, according to research released Thursday by RSA Security. [more]
Friday, 11 March 2005, 10:29 AM CET

Time-drift technique fingers PCs
Security researchers have developed a technique for remotely fingerprinting an electronic device using clock skews - small, microscopic deviations in device hardware. [more]
Friday, 11 March 2005, 10:28 AM CET

Credit card flaws fuel online fraud bonanza
Ivan Remsik, senior analyst for financial services at Forrester, warned that, as long as multiple technologies use or reside on the same physical plastic entity, fraud is set to rise. [more]
Friday, 11 March 2005, 10:25 AM CET

A look at Microsoft's Anti Spyware beta
Over the last couple of years, spyware has grown from being a nuisance into being an epidemic. [more]
Friday, 11 March 2005, 10:16 AM CET

Unsecured Wi-Fi in one third of all wireless networks
The explosion of wireless networks is leaving global businesses wide open to 'drive-by hacking' and other security risks, experts have warned. [more]
Thursday, 10 March 2005, 5:02 PM CET

Exploit released for CA product vulnerability
Malicious hackers have released code that exploits a widespread vulnerability in software from Computer Associates International (CA), setting off a round of Internet scanning for vulnerable CA systems. [more]
Thursday, 10 March 2005, 12:25 PM CET

Juniper scores with WLAN protector
With the announcement of its NetScreen-5GT Wireless firewall this week, Juniper has firmly (and finally) jumped on the wireless bandwagon. [more]
Thursday, 10 March 2005, 12:17 PM CET

Hackers breach LexisNexis, grab info on 32,000 people
Hackers have compromised databases belonging to LexisNexis and stolen information on at least 32,000 people, according to a statement today from LexisNexis' parent company, Reed Elsevier PLC. [more]
Thursday, 10 March 2005, 12:09 PM CET

CommWarrior mobile virus could go global
Although viruses spread via mobile phones are sure to become more of a problem in the future, their novelty and the amount of press they are being given may be diverting attention from more pressing security concerns, Graham Cluley of security firm Sophos told NewsFactor. [more]
Thursday, 10 March 2005, 12:05 PM CET

Windows NT4 holdouts open to security hole
Hundreds of thousands of web sites that continue to run the Windows NT4 face a security dilemma, with no public patch available for a vulnerability in a key Windows networking protocol. [more]
Thursday, 10 March 2005, 12:02 PM CET

Wireless security still lax
Report finds 36 per cent of the City's wireless networks left open to attack. [more]
Thursday, 10 March 2005, 12:00 PM CET

Enabling aecure SSL OWA access through the ISA Firewall
To get you up and running with your secure OWA and Web site publishing through the ISA firewall, we’ll present a two part series on how the ISA firewall handles remote access to Web sites using Web Publishing Rules. [more]
Thursday, 10 March 2005, 11:50 AM CET

Hungarian charged with hacking Sony Ericsson network
Swedish authorities formally charged a 26-year-old Hungarian man with industrial espionage yesterday, after he allegeldy hacked into the Sony Ericsson AB and Ericsson AB intranets. [more]
Wednesday, 9 March 2005, 3:02 PM CET

Virus authors switch from havoc to profit
The last quarter of 2004 was categorised by a distinct trend of virus writers moving away from merely trying to create disruptions to developing malicious code that could potentially generate revenue. [more]
Wednesday, 9 March 2005, 3:00 PM CET

Combating "cardholder not present" fraud
Of the security issues facing banks everywhere, prevention of card fraud has always been a high priority, and is set to grow even further in importance. The level of card fraud has risen significantly over recent years, caused in the main, by the explosion in the number and usage of payment cards and the associated high level of organised card crime activity. [more]
Wednesday, 9 March 2005, 1:11 PM CET

UK card fraud hits £505m
The banking industry hopes that losses in future will be contained by schemes such as Chip and PIN. [more]
Wednesday, 9 March 2005, 1:01 PM CET

Mail servers: resolving the identity crisis
Dspam filters spam with the best. In my installation, it stops over 98% of all spam: I’ve only had one false positive in the last year, and that was a message to the Dspam list that contained a real spam! [more]
Wednesday, 9 March 2005, 12:59 PM CET

Astaro rolls out new spyware
Astaro released an improved version of its Linux-based security package that now includes gateway-based spyware protection against malware and the ability to block and removed infected software already on a system. [more]
Wednesday, 9 March 2005, 12:58 PM CET

E-mail firewalls: a vital defense layer
The exponential rise in spam and e-mail-borne viruses has pushed must-have network security layers beyond traditional firewalls and intrusion-detection appliances. [more]
Wednesday, 9 March 2005, 12:57 PM CET

Microsoft updates code removal tool, passes on patches
Tool adds features to detect malicious code. [more]
Wednesday, 9 March 2005, 12:40 PM CET

I.T. frameworks demystified: avoiding overload
"Companies need to have a focus, set goals for implementing frameworks and devote adequate project management resources," David Pultorak, president of Fox IT, a consulting firm specializing in I.T. service management. "If you overdo these frameworks and misapply them or are not sure what the implementation is, the result can be less than satisfactory." [more]
Wednesday, 9 March 2005, 12:34 PM CET

Hackers 'poison' search engine results
Users being directed to webpages containing malware. [more]
Wednesday, 9 March 2005, 12:31 PM CET

Yet another worldwide virus scare that wasn't
Yet another mobile virus is making the news, but the press still hasn't recognized that most of these stories are hyped up well beyond the actual threat level. [more]
Wednesday, 9 March 2005, 12:30 PM CET

Group studies infrastructure security
The Institute for Information Infrastructure Protection, a consortium of two dozen cybersecurity organizations charged with coordinating a national research and development program, last week began a $8.5 million, two-year research program for securing computer-based systems that control critical infrastructures, such as dams. [more]
Wednesday, 9 March 2005, 12:25 PM CET

Service management functions: security management
Failure to secure information can have a severe impact on business credibility. [more]
Wednesday, 9 March 2005, 11:24 AM CET

High profile, low security
Big companies stumble with high profile security breaches that make your local WiFi coffee shop look secure. [more]
Tuesday, 8 March 2005, 2:04 PM CET

Nuclear cyber security debate hots up
Two companies that make digital systems for nuclear power plants have come out against a government proposal that would attach cyber security standards to plant safety systems. [more]
Tuesday, 8 March 2005, 1:59 PM CET

Home users will bodge DIY security
Web site that advises home users on security could do more harm than good. [more]
Tuesday, 8 March 2005, 1:58 PM CET

Sensible IT security for small businesses
"Do I need a new firewall?" This is a frequent question asked by owners of small businesses concerned about growing security threats infesting the Internet. [more]
Tuesday, 8 March 2005, 11:00 AM CET

Scammers use Symantec, DNS holes to push adware
Users being tricked into installing programs onto their computers. [more]
Tuesday, 8 March 2005, 10:29 AM CET

Gates misses the mark, and the point, on security
Bill Gates wants us to believe security is Microsoft's new Number One priority. He wants us to believe they have the users' best interests at heart. [more]
Tuesday, 8 March 2005, 10:28 AM CET

Crypto suite supports Linux-based devices
Cryptography specialist Certicom has launched a security software suite aimed at helping device makers create secure, Web-based user interfaces based on elliptic curve cryptography. [more]
Tuesday, 8 March 2005, 10:24 AM CET

Primary response update targets Trojans, rootkits
Sana Security said on Monday that a new version of its Primary Response product can help customers detect a new generation of complex online threats, including Trojan horse programs and malicious remote monitoring software known as "rootkits." [more]
Tuesday, 8 March 2005, 10:19 AM CET

Virus writers laugh at laws
Virus writers have little to fear, a security firm said Monday, and know they can practice their craft with near impunity. [more]
Tuesday, 8 March 2005, 10:17 AM CET

CA, Symantec bolster recovery, ID management
Vendors create building blocks for next-generation security. [more]
Tuesday, 8 March 2005, 10:15 AM CET

ID cards are a waste, says security guru
Bruce Schneier tells Computer Weekly why ID cards could exacerbate crime and why the only way to beat ID theft is to make banks responsible for its prevention. [more]
Tuesday, 8 March 2005, 10:11 AM CET

New IM worms hit MSN Messenger
New worms spreading through MSN Messenger -- and its bundled-with-Windows Windows Messenger version -- via links to a malicious site are infecting users and leaving their PCs open to hacker hijack, security vendors reported Monday. [more]
Tuesday, 8 March 2005, 10:06 AM CET

Unified management is next for security
How well does unified threat management fit the requirements of an effective information security program? [more]
Monday, 7 March 2005, 5:59 PM CET

Single Sign On 'in-a-box' lands in Europe
Single sign on appliance firm Imprivata launched in the Europe on Monday (7 March) with a promise to reduce corporate password management pains. [more]
Monday, 7 March 2005, 3:34 PM CET

The rise of the customised security attack
As criminals operating online have begun to realise the potential commercial value of Internet-related crimes, so they have started to investigate other ways of using malware to line their pockets. [more]
Monday, 7 March 2005, 3:33 PM CET

More secure Linux still needs to win users
NSA put its efforts into SELinux, but complexity is likely to hold back adoption. [more]
Monday, 7 March 2005, 1:41 PM CET

Policing the virus writers: good news?
More suspects are being caught, but that doesn't mean you can expect to see fewer viruses. [more]
Monday, 7 March 2005, 1:40 PM CET

Dampig Trojan menaces Symbian mobiles
Virus writers have created a new Trojan capable of infecting Symbian Series 60 smartphones. [more]
Monday, 7 March 2005, 1:37 PM CET

RFID invades the capital
In May, Homeland Security employees will begin using an RFID-equipped ID card. Some say the device will create thousands of new opportunities for hackers and snoops. [more]
Monday, 7 March 2005, 1:36 PM CET

Hacker helps b-school applicants
A computer hacker gained access to internal admissions records at Harvard, Stanford and other top business schools, then helped applicants log on and learn their fate weeks ahead of schedule, officials said Thursday. [more]
Monday, 7 March 2005, 1:33 PM CET

Spammers adopt slippery tactics to bypass ISP defences
Spam levels are rising even though the percentage of junk mail spewed out from compromised PCs directly is on the slide. [more]
Friday, 4 March 2005, 5:54 PM CET

Security fears fail to hold back Wi-Fi
Wireless Lans to triple in five years, reports analyst. [more]
Friday, 4 March 2005, 3:01 PM CET

Domain owners lose privacy
The U.S. Commerce Department has ordered companies that administer internet addresses to stop allowing customers to register .us domain names anonymously using proxy services. [more]
Friday, 4 March 2005, 3:01 PM CET

Anti-virus expert claims spyware does not exist
Reports of spyware's life have been greatly exaggerated, according to anti-virus expert Eugene Kaspersky. [more]
Friday, 4 March 2005, 3:00 PM CET

No Microsoft security bulletins planned for March?
After releasing 12 security bulletins in February, Microsoft has zero new security bulletins on tap for March. [more]
Friday, 4 March 2005, 5:56 AM CET

Microsoft researchers target worms, buffer overruns
Researchers at Microsoft showed off some forward-looking technologies on Wednesday, including new ways to protect systems against Internet worms, prevent hacker attacks and measure available bandwidth on home networks. [more]
Friday, 4 March 2005, 5:45 AM CET

Fears grow for mobile security
Mobile devices are the 'new frontier' for viruses, warns report. [more]
Friday, 4 March 2005, 5:44 AM CET

CISSP among highest paying certifications
Security skills rose 1.1% between 2003 and 2004. [more]
Friday, 4 March 2005, 5:43 AM CET

Linux security rough around the edges, but improving
SELinux from the NSA offers more security tools but also more complexity, which will likely slow its adoption. [more]
Friday, 4 March 2005, 5:34 AM CET

Core freezes runtime at lock down to secure devices
Solidcore Embedded Solution is software that controls runtime by freezing the open source code on devices, enabling manufacturers to stop the code from being tampered with during production or in the field by unauthorized users. [more]
Friday, 4 March 2005, 5:33 AM CET

Does the press make too much of security warnings?
What sometimes seems like an avalanche of new threats may be more useful to security software vendors than it is to their customers. [more]
Thursday, 3 March 2005, 2:28 PM CET

Security through the development cycle
Information security is an ever-evolving process. [more]
Thursday, 3 March 2005, 12:40 PM CET

The (practically) ultimate OpenSSH/Keychain howto
All right, so maybe this isn't quite the ultimate. But this howto will show you the fundamental ways to use OpenSSH. [more]
Thursday, 3 March 2005, 11:35 AM CET

RealPlayer users advised to patch security bugs
Vulnerabilities involving .wav and .smil file formats allow buffer overflow exploits. [more]
Thursday, 3 March 2005, 11:32 AM CET

BitDefender bug bites GFI
GFI's Mail Security anti-virus product threw a wobbler Wednesday afternoon (2 March) when an update to BitDefender Engine Module caused it to delete the body content of every incoming and outgoing message. [more]
Thursday, 3 March 2005, 11:15 AM CET

California's pioneering identity theft laws aren't enough
Law enforcement officials attending the state's first summit on identity theft asked Monday for more money to combat the crime in California, the only state believed to have more than 1 million victims last year. [more]
Thursday, 3 March 2005, 11:12 AM CET

Wireless firms jump on Senate Wi-Fi
Commercial cellular carriers activated service this week for the U.S. Senate across a secure wireless network that has been months in planning. [more]
Thursday, 3 March 2005, 11:08 AM CET

Biometric pen protects against laptop fraud
Secure Signature Systems' Biometric Pen is a pen-based biometric system designed to provide a secure method of access to a computer through signature recognition and verification. [more]
Thursday, 3 March 2005, 11:07 AM CET

Symantec granted patent for security tech
By establishing a mechanism that enables researchers to write simple detection scripts to allow for complex scanning and emulation of executable files, complex threats -- such as self-mutating viruses, worms and spyware -- can be detected more easily. [more]
Thursday, 3 March 2005, 11:06 AM CET

ISA Server 2004 Service Pack 1 released
Service Pack 1 for the new ISA firewall was released this week. Check out this article for some details on what its got and my installation experience. [more]
Thursday, 3 March 2005, 8:33 AM CET

Wireless struggles with security
Agency officials in charge of setting policies for wireless use and related technologies such as radio frequency identification (RFID) still have a difficult job. [more]
Wednesday, 2 March 2005, 11:14 AM CET

Firewall warns dealers of physical security threat
Specialist distributor, Firewall Systems, is warning resellers to start thinking of security as a managed service or risk losing market share to physical security providers. [more]
Wednesday, 2 March 2005, 11:13 AM CET

Realistic SELinux
SElinux is an impressively designed but notoriously hard-to-configure set of kernel hooks that enforce Orange Book-style security on Linux. [more]
Wednesday, 2 March 2005, 11:12 AM CET

Insecure indexing risk dissected
It's embarrassing when future PR items, upcoming security advisories or boilerplates for obituaries that are not meant to be visible to external users drift into the public domain. [more]
Wednesday, 2 March 2005, 11:10 AM CET

Mobile spam volume doubles
"In addition to being irked by charges for incoming unsolicited text messages, consumers will protest at any perceived invasion of their privacy and will assume that their carrier allowed their personal information to get to spammers," said Rich Begert, president and chief executive at Wireless Services Corporation. [more]
Wednesday, 2 March 2005, 11:07 AM CET

Security through layers
Wireless networks are inherently insecure, but the more layers of security they have, the less likely they are to be attacked, said Mischel Kwon, wireless security officer for the Justice Department's Management Division. [more]
Wednesday, 2 March 2005, 11:05 AM CET

The network poltergeist
The IT industry isn’t as boring and technically obsessed as many outsiders believe. Viruses and malicious hacker threats in particular have been increasingly sensationalised in the popular press, squeezing the issues gradually into the public consciousness. [more]
Wednesday, 2 March 2005, 10:59 AM CET

Send-Safe spam tool gang evicted by MCI
US telco MCI Worldcom has caved in to mounting pressure and booted a site that sells spamming software off its network. [more]
Tuesday, 1 March 2005, 3:34 PM CET

Opera beefs up browser to thwart phishers
Opera is trying to close the net on phishers with the release last Friday (February 25) of a second beta of its forthcoming Opera 8 browser. [more]
Tuesday, 1 March 2005, 12:51 PM CET

Interview: Google hack honeypot project
Orange Crate is pleased to announce an interview with Greg Smith and Ryan McGeehan, project leaders for the Google Hack Honeypot Project, an interesting project aimed at indentifying the attack vectors used through search engine hacking. [more]
Tuesday, 1 March 2005, 12:21 PM CET

Two sides of vulnerability scanning
There are two approaches to network vulnerability scanning, active and passive. [more]
Tuesday, 1 March 2005, 11:13 AM CET

Firewalls' false sense of security
The Internet front door to almost every bank and financial services company in the world is guarded by two sets of firewalls defining a DMZ. [more]
Tuesday, 1 March 2005, 10:42 AM CET

MS security is a conflict of interest, says Gartner
Gartner has criticised Microsoft's plans to develop anti-virus and anti-spam add-ons for its software products. [more]
Tuesday, 1 March 2005, 10:40 AM CET

Biometric security in the palm of your hand
Fujitsu is launching what it claims will be the world's first biometric palm scanner, checking veins in the human hand to verify someone's identity. [more]
Tuesday, 1 March 2005, 10:39 AM CET

How secure is your computer?
Honeypot experiment shows unprotected Windows SP 1 at risk. [more]
Tuesday, 1 March 2005, 10:38 AM CET