Off the Wire

Off The Wire Archive

News items for March 2007

Fortune 500s unwittingly become spammers
The next time you receive a piece of junk e-mail touting penny stock, pimping Rolex watches, or lauding a work-at-home scam, consider investigating who really sent it. You may be surprised. [more]
Friday, 30 March 2007, 12:26 PM CET

TJX lost up to 45.6m card numbers
TJX has taken the crown for presiding over the largest credit card heist ever, with a tally of 45.6m numbers lost to unknown thieves who intruded on the US-based retailing giant's networks over a span of 17 months. [more]
Friday, 30 March 2007, 12:20 PM CET

IBM ISS goes fishing for phishers
MS3004 appliance's anti-phishing features complement its anti-spam and IPS tools, but accuracy is a concern. [more]
Friday, 30 March 2007, 12:19 PM CET

Monitoring and securing enterprise data
Companies usually overlook that exposed data because their security posture is still focused on network perimeters, not on what might be going on behind the firewall or even over secure connections with business partners and suppliers, says Paul Stamp, an analyst at Forrester. "The perimeter around data is shrinking," he says. [more]
Friday, 30 March 2007, 12:18 PM CET

Losing confidence in IT security
One common scheme to intercept data is called man-in-the-middle, where a thief collects information in transit from one entity to another, say between a consumer and his online bank. [more]
Friday, 30 March 2007, 12:17 PM CET

How to surf anonymously without a trace
Several ways to protect yourself from the feds and others. [more]
Friday, 30 March 2007, 12:11 PM CET

Agent says FBI wiretapped accused engineer
Chinese American is suspected of stealing information from U.S. military. [more]
Friday, 30 March 2007, 12:11 PM CET

Hackers target TK Maxx customers
Hackers have stolen information from at least 45.7 million payment cards used by customers of US retailer TJX, which owns TJ Maxx, and UK outlet TKMaxx. [more]
Friday, 30 March 2007, 12:10 PM CET

Author apologizes but fails to fix Panda worm
The worm's author claims to have written a fix, but Symantec says it doesn't undo file and registry changes made by the worm and is ineffective against variants. [more]
Friday, 30 March 2007, 12:09 PM CET

Exploit for latest Windows vuln already animated
A vulnerability in the way Windows handles animated cursors puts users at risk of being pwnd, and several nefarious websites are already trying to exploit the flaw, according to the SANS Internet Storm Center. [more]
Friday, 30 March 2007, 12:08 PM CET

Cracking Google's 'secret sauce' algorithm
A clue: 'pretend we're not here'; a reward: tens of millions of dollars. [more]
Friday, 30 March 2007, 12:08 PM CET

Malware plague hits 40 per cent of firms
Global security issue not being addressed, says Webroot. [more]
Friday, 30 March 2007, 12:02 PM CET

Security firm issues unofficial fix for Windows zero-day bug
Attack code to exploit cursor flaw already circulating. [more]
Friday, 30 March 2007, 12:01 PM CET

Advanced SSH security tips and tricks
In this article I'll show you some simple tricks to help you tighten security for your secure shell (SSH) service. [more]
Friday, 30 March 2007, 12:00 PM CET

Beware Internet Explorer worm
An email that appears to be an invitation from Microsoft to download the beta for Internet Explorer 7.0 contains a worm, security experts have warned. [more]
Friday, 30 March 2007, 11:59 AM CET

Video: key features in GFI LANguard Network Security Scanner 8
Andre Muscat, the Director for the Development of Network Security Products at GFI discusses the key features in the latest release of the GFI LANguard Network Security Scanner, an award-winning 3-in-1 security scanning, patch management and network auditing solution. [more]
Thursday, 29 March 2007, 9:24 AM CET

Malicious hackers build private IM to keep out the law
Malicious hackers have built their own encrypted instant-message (IM) program to shield themselves from law enforcement trying to spy on their communication channels. [more]
Thursday, 29 March 2007, 9:23 AM CET

UK divided on e-crime strategy
Welsh go their own way with central unit for recording and collating e-crime incidents. [more]
Thursday, 29 March 2007, 9:22 AM CET

IPv6 taking on national-security implications
Network security products still lack IPv6 support, which makes June 2008 deadline tough. [more]
Thursday, 29 March 2007, 9:20 AM CET

We can have 'win-win' on security vs. privacy, says Academy
People think there has to be a choice between privacy and security; that increased security means more collection and processing of personal private information. [more]
Thursday, 29 March 2007, 9:19 AM CET

Detecting sensitive data at rest with Nessus
Tenable Network Security has released a new Nessus plugin named "Windows File Contents Check". [more]
Thursday, 29 March 2007, 9:02 AM CET

Host integrity tools: Osiris
On the path to adventure (aka open source), I found a tool that I wanted to check out: Osiris. [more]
Thursday, 29 March 2007, 8:58 AM CET

Hacking Second Life
The open source release of the Second Life viewer program by developer Linden Lab offers a rare opportunity to peer into the comparative strengths of closed and open source development models. [more]
Thursday, 29 March 2007, 8:55 AM CET

Five tips to protect yourself against your employees
That mid-level executive who walks out of corporate headquarters with a flash key that holds reams of sensitive data doesn’t feel like a hacker.
Thursday, 29 March 2007, 8:54 AM CET

Scammers target domain name owners
Fraudsters are targeting domain owners in a new spam-based scam. [more]
Thursday, 29 March 2007, 8:53 AM CET

A bullish outlook for Longhorn security
Vista's security advances may be ambitious, but they could seem ho-hum in comparison to those of Longhorn when the server OS stampedes onto the scene later this year. [more]
Thursday, 29 March 2007, 8:49 AM CET

Your identity has been stolen: a 24-point recovery checklist
If you are between the ages of 18 to 29 and you live in Phoenix or Los Angeles, your chances for identity theft are higher than the national average according to the FTC. [more]
Wednesday, 28 March 2007, 11:45 AM CET

New Nessus configuration auditing features for Windows Servers
Tenable has added several new types of configuration and security audits that can be performed by Nessus 3 against Windows servers. This blog post explains the new items. [more]
Wednesday, 28 March 2007, 11:44 AM CET

Effective Security means doing more with less risk
Information security is going through a major change. There are those who are ahead of the curve of mainstream adoption and of course there are those who have unique highly regulated environments who may struggle to adapt. [more]
Wednesday, 28 March 2007, 11:42 AM CET

EU proposes greater data sharing between police forces
The German Presidency of the European Union wants police forces across Europe to be able to share data more freely and wants a single body to be in charge of overseeing the process. [more]
Wednesday, 28 March 2007, 11:39 AM CET

Web attacks get personal
Researchers with IBM's ISS group say that cyber-criminals are using malware personalization schemes that allow for maximum exposure and more consistent payoff. [more]
Wednesday, 28 March 2007, 11:39 AM CET

Why NAC alone is not enough
While a NAC solution blocks infected endpoints from entering the network, what happens when a connected PC becomes non-compliant? [more]
Wednesday, 28 March 2007, 11:38 AM CET

Security vendors target mobile devices
Symantec and McAfee are expanding their mobile security services as malware writers step up their attacks on mobile devices. [more]
Wednesday, 28 March 2007, 11:38 AM CET

Malware hiding behind TRUSTe certs
In his study, spyware and adware researcher Ben Edelman compared TRUSTe certified Web sites with a list of known malware sites from McAfee's SiteAdvisor product, a service that black-lists Web sites containing spyware, spam, viruses, and online scams. Edelman found that 5.4 percent of the TRUSTe sites were considered untrustworthy. [more]
Wednesday, 28 March 2007, 11:37 AM CET

Code posted for IE attack
New software has been published on the Internet that could be used to exploit a known flaw in Internet Explorer. [more]
Wednesday, 28 March 2007, 11:34 AM CET

One in ten Brits is victim of online fraud
More than on in ten (12 per cent) of UK internet users fell victim to fraud over the last 12 months. [more]
Wednesday, 28 March 2007, 11:33 AM CET

How I’d hack your weak passwords
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it? [more]
Wednesday, 28 March 2007, 11:33 AM CET

Four steps to battling botnets
... and one more that may be more than you can manage. [more]
Wednesday, 28 March 2007, 11:28 AM CET

PayPal asking e-mail services to block messages
PayPal, the Internet-based money transfer system owned by eBay, is trying to persuade e-mail providers to block messages that lack digital signatures, which are aimed at cutting down on phishing scams, a company attorney said Tuesday. [more]
Wednesday, 28 March 2007, 11:28 AM CET

Hospital laptop theft sparks concerns
A laptop containing data on 11,000 children between the ages of eight months and eight years old has been stolen from a Nottinghamshire hospital. [more]
Wednesday, 28 March 2007, 11:27 AM CET

OpenID-enable your WordPress blog
Alan Castonguay's WPOpenID plugin turns any WordPress site into an OpenID consumer. [more]
Wednesday, 28 March 2007, 11:26 AM CET

Blog death threats spark debate
Prominent blogger Kathy Sierra has called on the blogosphere to combat the culture of abuse online. [more]
Wednesday, 28 March 2007, 11:25 AM CET

California cuts off aid to ID thieves
The California secretary of state's office has shut down portions of its website after it was discovered it had been selling hundreds of thousands of public documents containing social security numbers and signatures, a practice that lasted for years. [more]
Tuesday, 27 March 2007, 9:09 AM CET

ShmooCon: Bad Web 2.0 thinking imperils Web security
Speaker gives live demo of exploitable hole on popular news site. [more]
Tuesday, 27 March 2007, 7:00 AM CET

Creating OpenBSD binary patches in a chroot environment
Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. [more]
Tuesday, 27 March 2007, 4:12 AM CET

UTSA to train 'cyber warriors'
With a $3.5 million state grant to be announced today, the University of Texas at San Antonio will open a new computer-security research institute that one day could protect you from theft or identity theft. [more]
Tuesday, 27 March 2007, 2:33 AM CET

Windows Home Server testing uncovers 2,400 bugs
Microsoft's Windows Home Server developers have been inundated with bug reports. [more]
Tuesday, 27 March 2007, 2:21 AM CET

To understand security risks, think outside the box
In the case of virtual risks, what people believe depends on who they believe, which in turn depends on who they trust. Curiously, people tend to put less trust in experts with access to the most reliable information, and put more trust in friends and family, who tend to be those with access to the least reliable information. [more]
Tuesday, 27 March 2007, 2:12 AM CET

Inside look: making the SOA connection
The SOA approach has provided measurable benefits for application development at Avnet, says I.T. vice president, Bill Chapman, such as a 30 percent more efficient quote-to-order process, with an associated reduction in cycle times for order management to minutes from more than a day. But some benefits are harder to quantify, because they come from increased business activity. [more]
Tuesday, 27 March 2007, 2:00 AM CET

Protect SSH from brute force attacks with pam_abl
Practically all Unix and Linux servers run an SSH service to let administrators connect securely from remote locations. [more]
Tuesday, 27 March 2007, 1:42 AM CET

Hi-tech 'threat' to private life
Bombs triggered by the presence of people with specific biometric traits may soon be feasible, warns a report. [more]
Tuesday, 27 March 2007, 1:27 AM CET

Security products for IPv6 called MIA
There's no way to know exactly how much IPv6-based networking there is in the world, but it's fair to say it's still new, says Jim Bound, chair of the North American IPv6 Task Force, a volunteer organization that promotes IPv6. The U.S. government is making the most visible effort on IPv6 to date, but "hasn't spent a lot of money yet," says Bound. [more]
Tuesday, 27 March 2007, 1:18 AM CET

Oracle claims SAP hacked its secrets
Oracle has accused its German rival SAP of hacking into its computers. [more]
Tuesday, 27 March 2007, 12:18 AM CET

Vista security by the numbers
Last week, Jeff Jones, Microsoft's security strategy director, released a rosy report about Windows Vista's security progress. Counting Jones' way, Vista has a pretty good 90-day track record compared with other operating systems. But counting another way, the vulnerability number is much higher. [more]
Tuesday, 27 March 2007, 12:12 AM CET

The community should unite for security
As criminals get more sophisticated, the only way to guard against the onslaught of phishing, pharming and bot network attacks is to work together, and that's where CIPS comes in. [more]
Tuesday, 27 March 2007, 12:06 AM CET

Researchers untangle the junk Web
According to the new study by Microsoft Research and the University of California at Davis, a small group of as few as three operators create most of the spammy Web pages on the Internet. Search engines are continually changing tactics to avoid such spam Web sites, but the spamming can still be effective, as anybody who has searched for ringtones knows. [more]
Tuesday, 27 March 2007, 12:03 AM CET

U.S.-based servers host majority of malicious code
One reason: Free Web hosting servers are readily available. [more]
Tuesday, 27 March 2007, 12:00 AM CET

Despite upgrades, security experts fear $100 laptops
The One Laptop per Child program has upped the specs of its laptop and claims the devices will be secure, but security researchers wonder if the project will lead to widespread abuse. [more]
Monday, 26 March 2007, 9:02 AM CET

Many net users 'not safety-aware'
Fewer than half of the UK's 29m adult internet users believe they are responsible for protecting personal information online, a survey suggests. [more]
Monday, 26 March 2007, 9:01 AM CET

Terror database has quadrupled in four years
The list marks the first time foreigners and U.S. citizens are combined in an intelligence database. [more]
Monday, 26 March 2007, 3:45 AM CET

Comparing the multilevel security policies of the Solaris Trusted Extensions and Red Hat Enterprise Linux systems
Sun and Red Hat have both submitted new versions of their trusted OS for CC certification evaluation. [more]
Monday, 26 March 2007, 3:21 AM CET

Protect your children from online predators
For parents, the Internet can be like navigating a minefield. [more]
Monday, 26 March 2007, 2:15 AM CET

Hackers on a plane
White hat hackers unite! [more]
Monday, 26 March 2007, 2:00 AM CET

Wi-Fi hot spots may deliver user directly to hacker, thief
As communities push to turn themselves into massive wireless hot spots, unsuspecting Internet users are stumbling directly onto hacker turf, giving computer thieves nearly effortless access to their laptops and private information, authorities and high-tech security experts say. [more]
Monday, 26 March 2007, 1:00 AM CET

California selling social security numbers
A Sacramento lawmaker showed how you could go to the Secretary of State's the web page where, until today, the state was selling your personal information for only $6 -- the cost of lunch. [more]
Monday, 26 March 2007, 12:45 AM CET

Think twice about new security gizmos
In a recent study about spyware by Nemertes Research, Senior Vice President Andreas Antonopoulos was surprised to find that 16% of the companies examined were not concerned about the threat. [more]
Monday, 26 March 2007, 12:39 AM CET

Biometric passport: security in question
Singapore’s biometric passport could be compromised as it follows the same International Civil Aviation Organization (ICAO)-recommended standard for machine-readable passports as the UK, which recently reported a security breach. [more]
Monday, 26 March 2007, 12:30 AM CET

A real-world Windows Vista BitLocker tip
There is something you ought to be aware of. [more]
Monday, 26 March 2007, 12:24 AM CET

What to do when your security's breached
You've got a full-blown security incident on your hands. What are you going to do about it? [more]
Monday, 26 March 2007, 12:21 AM CET

VoIP still faces security hangups
After legal and regulatory victories, Internet voice remains a consumer play, as businesses remain skeptical. [more]
Monday, 26 March 2007, 12:07 AM CET

Ireland pounces on school fingerprinters
The Irish Information Commissioner's Office has come down on the notion of school fingerprinting and taken early action to prevent the technology being deployed arbitrarily. [more]
Monday, 26 March 2007, 12:03 AM CET

Breaches of personal data: blaming the myth and punishing the victim
A study that will appear in the Journal of Computer-Mediated Communication later this year analyzes failures to secure computerized personal records. [more]
Monday, 26 March 2007, 12:00 AM CET

US company offers Wi-Fi-proof paint
An American company says it has successfully tested wireless-blocking paint. EM-SEC Technologies, in a release last week, said its "Coating Solution", applied to a test facility, had successfully protected "wireless devices and other electronic equipment". [more]
Friday, 23 March 2007, 5:42 PM CET

Is Xbox support staff helping hackers hijack accounts?
Microsoft Thursday blamed Xbox Live network account hacks on users' gullibility, but evidence shows that in some cases the gaming service's own support staff could be unwittingly helping hackers snare players' identities. [more]
Friday, 23 March 2007, 5:41 PM CET

SSL on ISC, part 1: What is SSL and why should I care?
Achieve data security over open communications channels using the Integrated Solutions Console. [more]
Friday, 23 March 2007, 5:39 PM CET

Malware spreading via Skype
Experts are warning of a new piece of malware spreading via the Skype VoIP application. [more]
Friday, 23 March 2007, 4:12 PM CET

Ten dangerous claims about smartphone security
My heart sank when I first saw Al Gore pull out his BlackBerry. It was in the waning weeks of the 2000 presidential campaign, and there he was on the TV, tapping away on his then-novel converged device. [more]
Friday, 23 March 2007, 11:19 AM CET

Online trading firms to swap fraud tips
Representatives from some of the nation's top online stock trading firms will meet with federal law enforcement officials on Friday to discuss ways they can work together to combat Internet fraud. [more]
Friday, 23 March 2007, 11:18 AM CET

Think twice about new security gizmos
In a recent study about spyware by Nemertes Research, Senior Vice President Andreas Antonopoulos was surprised to find that 16% of the companies examined were not concerned about the threat. [more]
Friday, 23 March 2007, 11:15 AM CET

EMC "pleads guilty" to overpayment in RSA acquisition
More acquisitions planned. [more]
Friday, 23 March 2007, 11:14 AM CET

Trojan roaming Skype network
The malicious code, known as both Warezov and Stration, is spreading through the Skype network for the second time since February. [more]
Friday, 23 March 2007, 1:33 AM CET

MPs probe 'surveillance society'
An inquiry into the growing use of surveillance in society is to be held by an influential committee of MPs. [more]
Friday, 23 March 2007, 1:21 AM CET

FCC launches Net neutrality inquiry
Wheels of policy grind too slowly, say consumer-rights advocates. [more]
Friday, 23 March 2007, 1:06 AM CET

Oracle sues SAP for website espionage
Oracle sued SAP, alleging employees with the German firm passed themselves off as Oracle customers so they could engage in the wholesale theft of proprietary Oracle support materials. [more]
Friday, 23 March 2007, 1:00 AM CET

American Express addresses RFID people tracking plans
The top brass at American Express, chagrined at the discovery of its people tracking plans, met with CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) last week to discuss the issue. [more]
Friday, 23 March 2007, 12:45 AM CET

How to automatically back up your computer
We've seen plenty of crazy ways to keep your precious data safe. Some people burn a few tons of DVDs, others make a montly habit of swapping hard drives into a safe location. [more]
Friday, 23 March 2007, 12:27 AM CET

Feds mandates 'secure' Windows set-up
Changes in US government purchasing policies due to come into effect this summer could have a huge effect on computer security, particularly for Windows desktops. [more]
Friday, 23 March 2007, 12:25 AM CET

Vista security tips: yes, I like the prompts
Windows Vista has been in the news a lot lately – in particular, Vista's security. [more]
Friday, 23 March 2007, 12:18 AM CET

VoIP phreakers establish thriving black market
Telephone systems hackers have established a thriving black market in reselling stolen VoIP minutes. [more]
Friday, 23 March 2007, 12:12 AM CET

DHS must assess privacy risk before using data mining tool
The tool would be used to cull data for the fight on terrorism. [more]
Friday, 23 March 2007, 12:09 AM CET

Vendors must collaborate to boost IT security
BT calls for open standards. [more]
Friday, 23 March 2007, 12:03 AM CET

Massive malware run against ABN-AMRO customers
This morning we saw a massive malware run in the Netherlands. The emails were purportedly sent by the Dutch ABN-AMRO bank. [more]
Friday, 23 March 2007, 12:00 AM CET

Human brain a poor judge of risk
Assessing and reacting to risk is one of the most important things a living creature has to deal with, and there's a very primitive part of the brain that has that job. [more]
Thursday, 22 March 2007, 3:26 PM CET

Video: Web application security with Jeremiah Grossman
Jeremiah Grossman is the CTO of WhiteHat Security. In this video he talks about the differences between web application security and network security, the assessment process in general, logical vunerabilties as well as Web 2.0 security developments. [more]
Thursday, 22 March 2007, 1:28 PM CET

Xbox Live accounts 'not hacked'
Microsoft has denied reports that users of its Xbox Live online gaming service have had their accounts hacked. [more]
Thursday, 22 March 2007, 12:48 PM CET

Backup and restore Ubuntu system using sbackup
Now we will see a easy backup and restore tool called "sbackup". [more]
Thursday, 22 March 2007, 12:47 PM CET

Man hijacks 90 eBay accounts
An Australian man pleaded guilty to breaking into eBay and a local bank to steal AU$42,000 (about $34,000), in a case that demonstrates the problem of account takeovers on the auction site. [more]
Thursday, 22 March 2007, 2:00 AM CET

Lack of Mac malware baffles experts
Exploit authors continue to ignore OS X. [more]
Thursday, 22 March 2007, 1:06 AM CET

Experts warn of identity theft risk
Consumers are bombarded with warnings about identity theft. Publicized threats range from mailbox thieves and lost laptops to the higher-tech methods of e-mail scams and corporate data invasions. [more]
Thursday, 22 March 2007, 1:00 AM CET

Scientists test gait biometrics
Biometric technology that identifies people by the way they walk could be used to bolster security at airports and at the 2012 Olympic Games, say researchers. [more]
Thursday, 22 March 2007, 12:45 AM CET

Stolen TJX data used in Florida crime spree
Police told company months before company told customers. [more]
Thursday, 22 March 2007, 12:36 AM CET

Majority UK of web sites vulnerable to attack
A third of sites contain critical vulnerabilities. [more]
Thursday, 22 March 2007, 12:27 AM CET

US wants all 10 fingerprints on entry
Surrender your digits. [more]
Thursday, 22 March 2007, 12:15 AM CET

Firefox updates security, stability
Mozilla released new security and stability updates for both versions of its Firefox browser and for its Internet application suite, SeaMonkey. [more]
Thursday, 22 March 2007, 12:09 AM CET

Ethical hackers face new test
Scheme to improve business trust in penetration testing still needs industry backing. [more]
Thursday, 22 March 2007, 12:06 AM CET

US Patent Office says P2P threatens national security
The US Patent & Trademark Office (USPTO) has launched a stinging attack on peer-to-peer (P2P) file sharing services, publishing a report (pdf) from its Office of International Relations earlier this month. [more]
Thursday, 22 March 2007, 12:00 AM CET

Google privacy policy may not protect your identity, advocates say
Google will alter IP addresses to make searches anonymous. Is that enough? [more]
Wednesday, 21 March 2007, 11:39 AM CET

Getting started with the CentOS 4.4 Single Server CD
Recently I needed to set up a server with all the usual server components -- Web, mail, and file sharing. It needed to be rock-solid and reliable. I didn't want to download 4GB of software from the Net, so I turned to CentOS' Single Server CD. [more]
Wednesday, 21 March 2007, 11:02 AM CET

Know your attacker
Which is more secure, a product wherein one security flaw is found each year -- but is only fixed six months later -- or a product wherein one equally serious security flaw is found every week -- but where it only takes a day before the flaw is corrected? [more]
Wednesday, 21 March 2007, 10:09 AM CET

Biggest security threat? Your users
How to protect against naivé, careless or malicious users. [more]
Wednesday, 21 March 2007, 10:02 AM CET

Anatomy of an eBay scam
Fraudulent listings on eBay continue to pile up, and the online auctioneer appears to be incapable of proactively putting an end to them. [more]
Wednesday, 21 March 2007, 3:02 AM CET

Lawmakers warn FBI on surveillance powers
Agency told it could lose broad spying authority after revelations of abuses. [more]
Wednesday, 21 March 2007, 1:30 AM CET

Businesses don’t understand Web application security threats
Businesses may unwittingly leave themselves open to application-layer attacks because they don’t understand their networks lack defenses to deflect them, according to a study by Forrester Research. [more]
Wednesday, 21 March 2007, 1:08 AM CET

Reporting data breaches won't kill your company
Speaker at Infosec reassures throng that public is pretty forgiving. [more]
Wednesday, 21 March 2007, 12:45 AM CET

Second Life presents real life security risk
Online virtual community Second Life affects worker productivity and can cause real life IT security risks, a security vendor claimed today. [more]
Wednesday, 21 March 2007, 12:36 AM CET

Privacy for Internet names moves forward
Proposal that would give more options to small businesses, individuals. [more]
Wednesday, 21 March 2007, 12:30 AM CET

MySpace to be co-opted into Month of Bugs
An unknown duo is promising to devote the entire month of April to disclosing bugs on MySpace, a preferred networking site for teens and the hackers and pedophiles who scam them. [more]
Wednesday, 21 March 2007, 12:21 AM CET

EU proposal would change piracy liability
Onus would move from end users to carriers, sites, producers. [more]
Wednesday, 21 March 2007, 12:12 AM CET

RIM chief: Wireless security must be top priority
Wireless mobile security is multifaceted and complicated, Lazaridis stresses in keynote. [more]
Wednesday, 21 March 2007, 12:06 AM CET

Hacker attacks getting more personal
They can use a variety of exploits on the same site to target victims. [more]
Wednesday, 21 March 2007, 12:00 AM CET

NZ security guru calls for data breach disclosure
A lot of security incidents that occur simply don’t make it into the public domain. [more]
Tuesday, 20 March 2007, 1:38 PM CET

'Surge' in hijacked PC networks
The number of computers hijacked by malicious hackers to send out spam and viruses has grown almost 30% in the last year, according to a survey. [more]
Tuesday, 20 March 2007, 1:37 PM CET

Mac OS X security: investigating security breaches and illegal use
Knowing how to investigate a security breach, potential crime, or policy violation on a Mac computer or server is crucial for understanding the incident and building a chain of evidence that clearly identifies the culprit. [more]
Tuesday, 20 March 2007, 11:41 AM CET

Swedish Internet surveillance law stalled
Privacy advocates get some breathing room on vast expansion. [more]
Tuesday, 20 March 2007, 2:00 AM CET

Firefox security goes head-to-head with Microsoft's IE7
A SANS Institute survey shows that for security minded users, Mozilla's browser is just as popular as Microsoft's. [more]
Tuesday, 20 March 2007, 2:00 AM CET

MySpace bug alerts could trigger mischief
MySpace joins other popular Web sites whose security vulnerabilities form the basis for a so-called "month of bugs" Web site, according to two anonymous hackers who announced the MySpace project on Monday. [more]
Tuesday, 20 March 2007, 1:51 AM CET

Chinese hackers stealing gamers' identities
In a country where malicious activity is skyrocketing, hackers are stealing and then selling the identities of high-scoring gamers. [more]
Tuesday, 20 March 2007, 1:50 AM CET

Security a top issue as teleworking grows
Security continues to dominate as IT’s most pressing concern when it comes to supporting a large telecommuting workforce. [more]
Tuesday, 20 March 2007, 1:42 AM CET

HNS Podcast: common mistakes made by IT administrators
The speaker is George Gerchow, the Technology Strategist for Configuresoft and a active member of the Center for Policy & Compliance, a research and advisory group designed to address the issues of managing security within strict metrics. In this podcasts he discusses the common mistakes made by IT administrators when setting up their systems. [more]
Tuesday, 20 March 2007, 1:33 AM CET

Are secure connections, really that secure?
SSL technology can be used to hide, and spread, malware. [more]
Tuesday, 20 March 2007, 1:12 AM CET

How the NSA secures operating systems
NSA has developed and distributed configuration guidance for operating systems. These guides are currently being used throughout the government and by numerous entities as a security baseline their systems. [more]
Tuesday, 20 March 2007, 1:00 AM CET

Is Skype cost effective from a security standpoint?
The risk of Skype is an unchecked vector into the enterprise network. [more]
Tuesday, 20 March 2007, 12:55 AM CET

Russia promises piracy crackdown
Minister reassures CeBIT of new laws to tackle malware. [more]
Tuesday, 20 March 2007, 12:45 AM CET

Microsoft admits to OneCare flaws
Company concedes security software not up to scratch. [more]
Tuesday, 20 March 2007, 12:42 AM CET

Hackers selling IDs for $14, Symantec says
Report warns of 'underground economy servers' used by crime organizations for identity scams. [more]
Tuesday, 20 March 2007, 12:15 AM CET

Shamed adware advertisers slip up again
Cingular and Travelocity still advertising through illegal apps, researcher claims. [more]
Tuesday, 20 March 2007, 12:12 AM CET

Firms neglect mobile data security
Firms are not doing enough to protect against data losses from hardware theft, the latest Internet Security Threat Report from Symantec will reveal today. [more]
Monday, 19 March 2007, 12:24 PM CET

Security threats are starting to merge
Problem is much worse that a year ago, according to research. [more]
Monday, 19 March 2007, 12:22 PM CET

Six ways to stop data leaks
A data breach at DuPont offers timely lessons for thwarting insider threats. By Jaikumar Vijayan. [more]
Monday, 19 March 2007, 11:35 AM CET

Stolen identities sold cheap on the black market
Recovering from identity theft can take years and cost thousands of dollars. But how much is your identity worth to the thieves who sell it to other fraudsters? Turns out, less than the price of two tickets to the movies. [more]
Monday, 19 March 2007, 11:33 AM CET

P2P file-sharing ruins physical piracy business
If the likes of the MPAA, RIAA and IFPI are to be believed, file-sharing is causing worldwide havok, costing billions of dollars and creating unemployment. [more]
Monday, 19 March 2007, 11:28 AM CET

eBay thief stole $42,000
A man stole $42,000 after hacking into eBay and Commonwealth Bank accounts last year, with eBay now set to trial individual security keys to protect members. [more]
Monday, 19 March 2007, 11:27 AM CET

Security for Web 2.0
Your employees might be blogging right now, as you read this. [more]
Monday, 19 March 2007, 11:26 AM CET

Dogs sniffing out pirate copies
Two dogs trained in Northern Ireland are getting a break in the movie business, by sniffing out pirates. [more]
Monday, 19 March 2007, 1:42 AM CET

Biometrics: what and how
A biometric system is a pattern recognition system; it operates by acquiring biometric data from a person, extracting a feature set from the acquired data and comparing this feature against the templates in the database. [more]
Monday, 19 March 2007, 1:09 AM CET

Lessig: Supreme Court copyright ruling invites chaos
Grokster v MGM means two bites of the apple for litigators, he says. [more]
Monday, 19 March 2007, 1:03 AM CET

Hackers gear up for month of MySpace bugs
Striking a blow against Web monoculture, or News Corp., or something. [more]
Monday, 19 March 2007, 12:30 AM CET

Cyber-criminals getting more sophisticated
Robert Hoyler thought hackers who broke into his computer stole only his bank account information. But it turned out that the thieves also left something behind: a hidden software virus that recorded his every keystroke. [more]
Monday, 19 March 2007, 12:24 AM CET

Auction fraud tops computer crime complaints
Fraud still tops the list of complaints made to the FBI's Internet Crime Complaint Center, but the percentage of fraud complaints as well as number of complaints overall is down. [more]
Monday, 19 March 2007, 12:20 AM CET

Chinese hackers wake up to malware
"The past three to four months have seen a slow increase in Chinese malware. It used to be the odd file every now and then, but it is now almost every day," Chris Boyd, director of malware research at FaceTime Communications. [more]
Monday, 19 March 2007, 12:16 AM CET

Anti-spyware bill could mean tougher fines
On Thursday, the anti-spyware bill - which has twice passed the U.S. House of Representatives only to be rejected by the Senate - got its third hearing in the House Subcommittee on Commerce, Trade and Consumer Protection. [more]
Monday, 19 March 2007, 12:12 AM CET

A student-hacker rematch at the 2nd annual Collegiate Cyber Defense Competition
Students again faced off against experienced hackers at the annual Mid-Atlantic Regional Collegiate Cyber Defense Competition. [more]
Monday, 19 March 2007, 12:09 AM CET

Microsoft security guru wants Vista bugs rated less serious
But 'an exploit is an exploit,' says one researcher. [more]
Monday, 19 March 2007, 12:06 AM CET

'Storm' worm on the attack
A few weeks ago, a new variant of the Storm Worm (Small.DAM) appeared. Like most worms, this one starts off by propagating via email. [more]
Monday, 19 March 2007, 12:03 AM CET

ModSecurity console: purpose and deployment
If you have more then 1 ModSecurity installation, you have undoubtedly run into issues with consolidating, analyzing and responding to alert messages. [more]
Monday, 19 March 2007, 12:00 AM CET

Will data storage costs increase privacy?
The potential cost savings of anonymizing search-query data were probably a minor factor in Google's decision to revamp its privacy policy and anonymize search data after 18 to 24 months, according to privacy expert Lauren Weinstein, who pointed out that the value of the search-query data collected by Google far exceeds its storage cost. [more]
Friday, 16 March 2007, 10:50 PM CET

How to create a command-line password locker
Like many people, I have too many passwords to remember. [more]
Friday, 16 March 2007, 7:39 PM CET

Bluetooth makeover bolsters security
The Bluetooth chip, which holds the dubious honor of being available in more devices than any other wireless technology but actually used by the least number of people, will get a much-needed upgrade later this year. [more]
Friday, 16 March 2007, 7:38 PM CET

IBM researchers take on video surveillance privacy
Storage, analysis, compression on their minds as well. [more]
Friday, 16 March 2007, 7:36 PM CET

With tax season here, IRS warns of cybersquatters
Citizens are warned that,,, and any other purported IRS site that is not could be phishing scams, but some wonder if the warning is enough. [more]
Friday, 16 March 2007, 11:52 AM CET

Old adware habits hard to break for AT&T and Travelocity
AT&T Wireless and Travelocity have continued to pay for ads that get served up by some of the net's more notorious networks despite a legally binding promise to refrain from pitching crud to web denizens. [more]
Friday, 16 March 2007, 2:17 AM CET

Chinese hackers wake up to malware riches
Security researchers are noticing an increase in malware originating from China, which is adding to the challenge of investigating online pests. [more]
Friday, 16 March 2007, 1:03 AM CET

Russian IT minister pledges piracy clampdown
Russia will step up its fight against IP violations as part of effort to gain admittance to the WTO. [more]
Friday, 16 March 2007, 12:15 AM CET

Core Security discovers IPv6-related flaw in OpenBSD
Buffer-overflow vulnerability could compromise software. [more]
Friday, 16 March 2007, 12:12 AM CET

Linux vs. Windows: which is most secure?
I’m more secure on Linux than I am on Windows... [more]
Friday, 16 March 2007, 12:06 AM CET

DHS head: Security and privacy not at odds
The head of the U.S. Department of Homeland Security on Thursday downplayed privacy concerns raised by the government's efforts to create standardized, data-chipped drivers licenses across the country. [more]
Friday, 16 March 2007, 12:03 AM CET

Compliance biggest driver of security spending, survey says
More than 70% of Fortune 1000 companies are boosting security budgets. [more]
Friday, 16 March 2007, 12:00 AM CET

Task force shapes ID theft policy
A viral epidemic of consumer identity fraud and data theft prompted President Bush last year to create a task force charged with crafting proposals to marshal Uncle Sam's resources to prevent identity fraud, assist victims and more aggressively prosecute those responsible. [more]
Thursday, 15 March 2007, 3:41 PM CET

Court winner launches anti-spam campaign
A man who won £750 in compensation from a UK firm after receiving a single spam email has set up to help other internet users bring spammers to court.
Thursday, 15 March 2007, 1:49 PM CET

Forget hackers - companies responsible for most data breaches
In the five minutes it might take to read this article, about 672 electronic records containing confidential information will be compromised. [more]
Thursday, 15 March 2007, 11:18 AM CET

How to find stolen laptops
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world. [more]
Thursday, 15 March 2007, 11:17 AM CET

Monitor your Mac and more with GeekTool
One of the best ways to keep up with information about the state of your computer is to embed it in your desktop as simple, plain text. [more]
Thursday, 15 March 2007, 11:11 AM CET

Rise of the Netflix Hackers
In less than 10 years, Netflix has grown into a $700 million DVD rental powerhouse, shipping more than 1.5 million DVDs a day to its base of 6.3 million subscribers. [more]
Thursday, 15 March 2007, 11:09 AM CET

Virtually secure?
Virtual machines offer CIOs and security researchers a lot. And, unfortunately, hackers too. [more]
Thursday, 15 March 2007, 12:30 AM CET

Courts put price on unsolicited email
The damage caused by unsolicited spam email was given a price tag for the first time last week by a successful prosecution in the Small Claims Court. [more]
Thursday, 15 March 2007, 12:21 AM CET

File sharing could threaten personal and national security
A recent government report says that the old adage "buyer beware" now even applies to those who are not technically buying anything at all. Despite the reputation of "free" downloads, much of the illegal file sharing done on the internet comes at a steep price: personal and national security. [more]
Thursday, 15 March 2007, 12:09 AM CET

George Bush fingered as terrorist by US feds... maybe
A Texas-based software company is offering a free tool allowing web users to check the likelihood of a particular name being flagged up by US government's Transportation Safety Administration (TSA), the body which operates the infamous "No Fly" list. [more]
Thursday, 15 March 2007, 12:03 AM CET

Plea deal reached in HP spy scandal
Patricia Dunn will avoid jail time by pleading guilty to a single misdemeanor count of fraudulent wire communications in a boardroom scandal that shook Silicon Valley's oldest and biggest technology company, Hewlett-Packard. Dunn resigned her board position and several other top executives resigned over their roles in the corporate subterfuge. [more]
Thursday, 15 March 2007, 12:00 AM CET

High Street banks leaving customer info on the pavement
The Information Commissioner has told 11 UK banks to stop dumping customers' statements in bins on the pavement outside branches. [more]
Wednesday, 14 March 2007, 2:58 PM CET

Online banking fraud rises sharply
Total card fraud is down but online fraud is up. [more]
Wednesday, 14 March 2007, 2:57 PM CET

Zabbix: State-of-the-art network monitoring
I have used BigBrother and Nagios for a long time to troubleshoot network problems, and I was happy with them - until Zabbix came along. Zabbix is an enterprise-class open source distributed monitoring solution for servers, network services, and network devices. It's easier to use and provides more functionality than Nagios or BigBrother. [more]
Wednesday, 14 March 2007, 2:23 PM CET

Anger over OneCare deleting users' emails
You had mail. [more]
Wednesday, 14 March 2007, 2:19 PM CET

Microsoft hits 'cybersquatters'
Microsoft is pursuing five alleged UK-based cybersquatters in its battle against firms and individuals who have registered variations or misspellings of its key brands, such as Xbox. [more]
Wednesday, 14 March 2007, 2:18 PM CET

Internet scams dominate UK card fraud losses
Sophos claims productivity and corporate data at risk as it blocks virtual game. [more]
Wednesday, 14 March 2007, 2:12 PM CET

Living paranoid in security
Randy Barr is quick to admit that he lives a paranoid life. [more]
Wednesday, 14 March 2007, 2:15 AM CET

Windows Server 2003 SP2 quietly released
With an absence of fanfare, but otherwise on schedule, Microsoft opened up its download page for Service Pack 2 of Windows Server 2003, both 32-bit and 64-bit editions. [more]
Wednesday, 14 March 2007, 1:17 AM CET

Blanket discovery for stolen laptops
Bad things happen online. Trade secrets are lost or stolen. Personal information is compromised. Copyrights and trademarks are infringed. [more]
Wednesday, 14 March 2007, 1:16 AM CET

Improve your computer security with just one password
You might think I'm quite mad, but I'm thoroughly convinced that if you only have one password - with some modifications - you can still keep your computer as safe as if you had five or ten. [more]
Wednesday, 14 March 2007, 1:15 AM CET

Al-Qaeda plot to bring down UK Internet
Scotland Yard has uncovered evidence that Al-Qaeda has been plotting to bring down the internet in Britain, causing chaos to business and the London Stock Exchange. [more]
Wednesday, 14 March 2007, 1:06 AM CET

No Microsoft security patches today, but two Vista fixes released
As promised, Microsoft did not unveil any security fixes today. But it did push out several other patches it deemed "high priority," including two for Windows Vista. [more]
Wednesday, 14 March 2007, 1:00 AM CET

EU considered streamlining online copyright law
Record companies, artists already lobbying. [more]
Wednesday, 14 March 2007, 12:45 AM CET

Your new ID-theft worry? Photocopiers
Consumers are bombarded with warnings about identity theft. Publicized threats range from mailbox thieves and lost laptops to the higher-tech methods of e-mail scams and corporate data invasions. [more]
Wednesday, 14 March 2007, 12:27 AM CET

If you must pirate, use counterfeit Windows
A senior Microsoft exec has admitted that some software piracy actually ends up benefiting the technology giant because it leads to purchases of other software packages. [more]
Wednesday, 14 March 2007, 12:15 AM CET

Feds, AT&T urge for dismissal of wiretap trial
Both the government and AT&T rely heavily upon a declaration last year by John Negroponte, then-director of national intelligence, that revealing information about the program could "cause exceptionally grave damage to the national security of the United States." [more]
Wednesday, 14 March 2007, 12:09 AM CET

Microsoft fixes OneCare, but it's too late for some users
It released a patch Sunday, two days ahead of schedule. [more]
Wednesday, 14 March 2007, 12:03 AM CET

Data breaches: Blame sloppy companies, not hackers
Researchers say organizational mismanagement causes 60% of breaches. [more]
Wednesday, 14 March 2007, 12:00 AM CET

IT Managers are stressed? How about Security managers?
No one should be surprised to find out that IT managers are stressed out. [more]
Tuesday, 13 March 2007, 6:53 PM CET

Clouseau inspects pirated P2P content
The Pavlova of the parallels takes on illegal P2P traffic. [more]
Tuesday, 13 March 2007, 2:06 PM CET

Review: GFI EndPointSecurity 3
It has become very easy to bypass some default system barriers and easily move potentially insecure pieces of software from the device to a specific computer, or vice versa, taking home some protected company data. Security products such as GFI's Endpoint Security help in this line of work and add an extra layer of security to your organization's network environment. [more]
Tuesday, 13 March 2007, 1:16 PM CET

'Social surfing' could lose parents millions to ID fraud
Survey says almost 50 per cent of computer users have been affected by spyware. [more]
Tuesday, 13 March 2007, 12:59 PM CET

Biometric passports go jumbo
The Identity and Passport Service (IPS) has produced a larger version of the biometric passport. [more]
Tuesday, 13 March 2007, 12:20 PM CET

Fish for new employees and get phished? users allegedly targeted by scamsters. [more]
Tuesday, 13 March 2007, 11:06 AM CET

Introduction to OpenID
OpenID is an open decentralized digital identity system that has been gaining traction in recent months. [more]
Tuesday, 13 March 2007, 11:05 AM CET

Security breaches impact 530,000 in N.C.
More than 100 security breaches have been reported to the state's Consumer Protection Division under laws that require businesses and government to let consumers know when their personal information may have been lost or stolen. [more]
Tuesday, 13 March 2007, 10:52 AM CET

Three more charged for pump-and-dump hacking
US authorities have charged three Indian nationals for an elaborate pump-and-dump scheme that used hijacked brokerage accounts to manipulate the prices of 14 securities including Sun Microsystems and put options for Google. [more]
Tuesday, 13 March 2007, 10:46 AM CET

Attend Black Hat Briefings Europe for FREE!
We have a couple of complimentary access passes to the upcoming Black Hat Briefings Europe. The Briefings will be held March 29-30 in Moevenpick Hotel Amsterdam City Centre in the Netherlands. [more]
Tuesday, 13 March 2007, 10:45 AM CET

The verdict on Vista security: a mixed bag
Microsoft contends that Windows Vista is its most secure operating system to date. It’s a audacious claim, to be sure, but there just might be something to it, too. [more]
Tuesday, 13 March 2007, 10:42 AM CET

Popular P2P apps could expose sensitive files
Kazaa, LimeWire and Morpheus were among the programs cited. [more]
Tuesday, 13 March 2007, 12:21 AM CET

BSA steps up web piracy crackdown
The Business Software Alliance (BSA) has renewed its global effort to halt software piracy on the internet by taking legal action against five prolific pirates in the UK, US, Germany and Austria. [more]
Tuesday, 13 March 2007, 12:15 AM CET

Secure your enterprise data
Regulations and a fear of banner headlines put the focus on data, not network, security. [more]
Tuesday, 13 March 2007, 12:03 AM CET

Nigerians launch fake Met Police site
Nigerian scammers have launched a fake London Metropolitan Police website, which includes a fake anti-terrorist hotline number. [more]
Tuesday, 13 March 2007, 12:00 AM CET

Laptops feature secure hard drives
Seagate announced Monday the first manufacturer to sell laptop PCs with its new built-in encryption technology. [more]
Monday, 12 March 2007, 5:55 PM CET

A Baker's Dozen Of security bytes
The lifespan of laptops, PDAs and smartphones is falling as the pace of technology marches ever onwards. But for every new mobile device purchased by organisations of all sizes there is usually a piece of legacy hardware that gets sold, passed on to a colleague, friend or relative, or simply thrown away in the office rubbish. [more]
Monday, 12 March 2007, 5:47 PM CET

ICANN shield beats DNS hackers
February attack beaten by Anycast system installed in 2002. [more]
Monday, 12 March 2007, 1:51 PM CET

Chinese hackers seek U.S. access
The cyberattack of a U.S. military computer system has deepened concern about cyberspying and the security of the Internet's infrastructure. [more]
Monday, 12 March 2007, 10:00 AM CET

RSS security threats with financial services
RSS comes with its own security issues that assume critical significance with regard to financial services. In this article we will see some of the security concerns around RSS security and attack vectors. [more]
Monday, 12 March 2007, 2:15 AM CET

Apple applies for patent on RFID-based network, security tool
Apple describes a system that uses RFID tags and readers to simplify the configuration of wireless network devices and access points. [more]
Monday, 12 March 2007, 2:04 AM CET

China's great firewall
While China is building a relentless case that it is the rising global superpower of the 21st century, progress is being deliberately constrained within that most 21st century of institutions, the Internet. [more]
Monday, 12 March 2007, 1:56 AM CET

Using truecrypt-intaller to help install Truecrypt for Debian
Truecrypt is an Open Source disk encryption software which uses a concept of containers to store encrypted data. [more]
Monday, 12 March 2007, 1:11 AM CET

Justice Department: FBI ‘lost track’ of requests
The FBI underreported how often it used the USA Patriot Act to force businesses to turn over customer information in suspected terrorism cases, according to a Justice Department audit. [more]
Friday, 9 March 2007, 4:49 PM CET

SEC takes action against spammers
35 companies found to be generating stock touting emails have trading suspended. [more]
Friday, 9 March 2007, 3:00 PM CET

Essential security: firewalls
Security is a broad term comprising issues from business continuity to antivirus software, from mobile access to PBX protection. Fundamental to most of your most immediate security concerns is the firewall. [more]
Friday, 9 March 2007, 2:49 PM CET

Cybercrime must be a priority
Independent peer says laws that cannot be enforced are useless. [more]
Friday, 9 March 2007, 2:46 PM CET

Last month's root-server attack revisited
Last month's attack on at least six of the net's root servers was formidable, but thanks to the implementation of a technology designed to protect the infrastructure, only two were affected, according to a factsheet issued today by ICANN. [more]
Friday, 9 March 2007, 10:42 AM CET

Businesses fail to educate staff on security
Research says employees may be responsible, but employers are liable. [more]
Friday, 9 March 2007, 1:18 AM CET

Security as a service
When architects begin designing their organizational SOA one of the first tasks they need to undertake is to discover and document myriad services that can be shared across applications. [more]
Friday, 9 March 2007, 1:12 AM CET

Turn your cell phone into a spy gadget
There are a few ways to do this. [more]
Friday, 9 March 2007, 1:06 AM CET

Microsoft: Relax, no patches next week
It's the first time in 18 months Microsoft hasn't issued a Patch Tuesday security update. [more]
Friday, 9 March 2007, 1:03 AM CET

Sweden seeks telecoms monitoring
Sweden's government has presented a bill to give its defence intelligence agency powers to monitor any e-mail or phone call into or out of the country. [more]
Friday, 9 March 2007, 1:00 AM CET

US hacker gets a year in the slammer
LexisNexis attacker brought to book. [more]
Friday, 9 March 2007, 12:25 AM CET

Patching up security
CEOs and CFOs know that viruses can damage their business and cost millions. But many do not realise that an anti-virus programme cannot help when it comes to the increasingly frequent flaws that are being exposed in corporate software. [more]
Friday, 9 March 2007, 12:18 AM CET

More proof of e-voting trouble
Here we go again: Yet another confirmation by the non-partisan GAO on Wednesday, in yet another a sure-to-be-ignored report, that our electronic voting systems across the country are a hellish patchwork of un-overseen technological mayhem and disaster. [more]
Friday, 9 March 2007, 12:12 AM CET

Poor HR leaves firms open to security risks
'Employee education gap' putting employers and employees in danger. [more]
Friday, 9 March 2007, 12:03 AM CET

Thieves raid online accounts in penny stock scam
Unidentified thieves hacked into dozens of accounts at seven leading online brokerage firms, sold the customers' assets and used the money to buy penny stocks the thieves had previously purchased in an attempt to run up their prices, the Securities and Exchange Commission alleges in a complaint filed Tuesday. [more]
Friday, 9 March 2007, 12:00 AM CET

Poor passwords open web bank users to ID theft
More than half of surfers use between one and four passwords to access up to 20 online banking and e-commerce accounts, new research has claimed. [more]
Thursday, 8 March 2007, 1:57 PM CET

Building the case for biometrics
Significant questions about biometrics remain. [more]
Thursday, 8 March 2007, 1:53 PM CET

Adobe tackles photo forgeries
A suite of photo-authentication tools under development by Adobe Systems could make it possible to match a digital photo to the camera that shot it, and to detect some improper manipulation of images, Wired News has learned. [more]
Thursday, 8 March 2007, 1:52 PM CET

Security: risk and reward
OpenID is a great example of a technology borne out of the failure of centralized schemes. [more]
Thursday, 8 March 2007, 10:20 AM CET

eBay goes hacker hunting in Romania
More than two months after breaching eBay's employee servers, a hacker who calls himself Vladuz remains at large, despite the best efforts of the online auctioneer's security team and officials with law enforcement agencies in the US and eastern Europe. [more]
Thursday, 8 March 2007, 10:20 AM CET

Gates calls for new consumer privacy law
He's been saying it for years, but this week he said it to Congress. [more]
Thursday, 8 March 2007, 10:19 AM CET

"Mr. Safety" keeps watch on MySpace
Fending off predators, preteens and malware perps all in a day's work. [more]
Thursday, 8 March 2007, 1:50 AM CET

Windows Vista security at 90 days: how's it doin'?
Security firms say it depends on whether you believe Microsoft should be judged on how far they've come or how far they've yet to go. [more]
Thursday, 8 March 2007, 1:45 AM CET

ID theft forecast: Gloomy today, worse tomorrow
Thieves are staying a few steps ahead of banks, retailers and the hoi polloi. [more]
Thursday, 8 March 2007, 1:30 AM CET

A new battleground for computer security
The changing interests of the Internet's troublemakers are creating fresh dangers for consumers, making Web sites they know and trust potential sources of PC misery. [more]
Thursday, 8 March 2007, 1:00 AM CET

Top ten tips for hiring security code reviewers
These tips are based on my experiences and observations of interviewing, hiring and managing these folks as well as being a consumer in previous jobs. [more]
Thursday, 8 March 2007, 12:45 AM CET

DOJ, states concerned about Vista docs in antitrust case
They're concerned Microsoft is changing documentation deadlines. [more]
Thursday, 8 March 2007, 12:36 AM CET

Warning: don't spam this scot
Most people just grumble and hit delete, but when Gordon Dick received a spam message advertising Internet services, he fought back. [more]
Thursday, 8 March 2007, 12:27 AM CET

Another war we're not winning: us vs spam
Are we losing the war on spam? Is the war on spam a war we can win? Is there any reason for hope? [more]
Thursday, 8 March 2007, 12:21 AM CET

Mozilla patches faulty patch
The Mozilla Foundation has patched a faulty patch that was itself subject to a security vulnerability. [more]
Thursday, 8 March 2007, 12:06 AM CET

Italy tops global wiretap league
Britain may have more CCTV cameras per head than anywhere else in the world but when it comes to electronic surveillance the country is way behind Italy, the Netherlands and even Sweden. [more]
Thursday, 8 March 2007, 12:03 AM CET

Hacking's gift to I.T.
Ed Amoroso knows a thing or two about security. As the senior vice president and chief security officer for AT&T Inc., he is responsible for shoring up all online operations at the $44 billion telecom giant. [more]
Thursday, 8 March 2007, 12:00 AM CET

Video: practical tips for safer computing
David Perry, the Global Director of Education at Trend Micro, discusses the Malware Report for 2007 and offers a variety of practical tips for safer computing that will educate users about the dangers of online threats. [more]
Wednesday, 7 March 2007, 5:29 PM CET

Digital data explosion brings security challenges for IT
The amount of digital information created in the world will increase sixfold by 2010, with the vast majority of this data being stored and secured by organisations, according to research. [more]
Wednesday, 7 March 2007, 12:23 PM CET

Cybercrime treaty: what it means to you
A new global treaty could put the responsibility—and potentially enormous cost—of fighting cybercriminals squarely on your shoulders. [more]
Wednesday, 7 March 2007, 10:35 AM CET

Update: Mozilla issues fix for critical flaw
'Critical' JavaScript vulnerability in the Firefox browser and SeaMonkey app suite has been fixed. [more]
Wednesday, 7 March 2007, 12:28 AM CET

Apple QuickTime patches fuel security debate
Apple this week issued eight security patches for its free QuickTime media player. The vulnerabilities in the program and are for both Mac OS X and Windows versions. Apple last released a patch for QuickTime in January. It also released an update to iTunes -- iTunes 7.1. [more]
Wednesday, 7 March 2007, 12:25 AM CET

Microsoft tars Google with profiting off pirates
An exec accused the search company of profiting from software pirates. [more]
Wednesday, 7 March 2007, 12:19 AM CET

NAC: Balancing security and the user experience
While network access control (NAC) is one of the most talked-about network security topics, the NAC label itself is now applied to so broad a range of security solutions that it is practically meaningless—as vague as the term security itself. [more]
Wednesday, 7 March 2007, 12:06 AM CET

Yahoo gets "Paranoid" about IT security
One of the most important IT teams at Yahoo Inc. is a globally dispersed group with a name more fitting for a punk rock band. [more]
Wednesday, 7 March 2007, 12:03 AM CET

Firm 'ordered to pay spam costs'
A British company has been ordered to pay damages for sending spam. [more]
Wednesday, 7 March 2007, 12:00 AM CET

sshguard: Protection for OpenSSH
Are you concerned about brute force dictionary attacks on SSH? Given the popularity of these attacks, you should be. sshguard is a new tool to help protect against such attacks. Although it is still in beta stage, it appears to work well. [more]
Tuesday, 6 March 2007, 5:19 PM CET

Windows-like flaw hits Citrix
A flaw in Citrix's Presentation Server Client creates a means for hackers to compromise machines running the popular thin-client application. [more]
Tuesday, 6 March 2007, 3:48 PM CET

How dangerous is Skype?
Skype expert Michael Gough examines the top five security misconceptions. [more]
Tuesday, 6 March 2007, 3:14 PM CET

Modifications for stopping phpBB forum spambots
phpBB is one of the most popular software products for running online forums. As spammers found forums as a fantastic breeding ground for sending their commercial messages, phpBB admins have a lot of troubles to keep the integrity of their forums. I have been administering a couple of phpBB boards and this is the list of top anti-spambot mods. [more]
Tuesday, 6 March 2007, 2:16 PM CET

How to clone a biometric passport while it's still in the bag
In an investigation for the Daily Mail, security consultant Adam Laurie has demonstrated how a new UK biometric passport can be cloned without even being removed from its delivery envelope. [more]
Tuesday, 6 March 2007, 1:39 PM CET

Support certificates in your applications with the .NET Framework 2.0
This articles discusses the background for certificates and the Windows Certificate Store. [more]
Tuesday, 6 March 2007, 10:35 AM CET

Vista activation crack a 'joke,' says hacker
Still, some users maintain that it worked for them. [more]
Tuesday, 6 March 2007, 10:31 AM CET

Privacy board clears U.S. spy programs
A White House privacy board is giving its stamp of approval to two of the Bush administration's controversial surveillance programs - electronic eavesdropping and financial tracking - and says they do not violate citizens' civil liberties. [more]
Tuesday, 6 March 2007, 10:30 AM CET

Passwords and the limitations of people
It is very difficult to come up with hard-to-guess but easy-to-memorize, six-character passwords, especially when at least one of the characters cannot be a letter. Most security geeks suggest that the minimum reasonable length for passwords these days is eight characters. It may be far worse to require very long passwords. [more]
Tuesday, 6 March 2007, 10:30 AM CET

Rootkits evade hardware detection
At Black Hat, researcher shows how advanced rootkits can hide in system RAM. [more]
Tuesday, 6 March 2007, 10:28 AM CET

Zombies and botnets: Help keep your computer under your control
Online criminals can use a virus to take control of large numbers of computers at a time, and turn them into "zombies" that can work together as a powerful "botnet" to perform malicious tasks. [more]
Tuesday, 6 March 2007, 10:25 AM CET

Hacker steals crucial data from French Prez candidate
A cyber crook has stolen sensitive data from Jean-Marie Le Pen, a far-right contender for president of France. The breach may kill his chances of being able to run for the office. [more]
Tuesday, 6 March 2007, 10:20 AM CET

How to set up a secure home network
We'll walk you through the details of installing and securing a wired and Wi-Fi local-area network, which can connect four to eight people in a 600-square foot workspace. [more]
Tuesday, 6 March 2007, 10:16 AM CET

Apple patches 8 major flaws in Quicktime
Apple has issued a collection of 8 security updates for both the OS X and Windows versions of its QuickTime multimedia software. [more]
Tuesday, 6 March 2007, 10:14 AM CET

‘Back-hacker’ says Sandia tried to keep probe of breach quiet
Last month, a jury in New Mexico awarded Shawn Carpenter $4.3 million as part of a wrongful termination lawsuit against Sandia National Laboratories, where he had worked as a network intrusion- detection analyst. [more]
Tuesday, 6 March 2007, 12:00 AM CET

Windows fails second virus test
Microsoft's Live OneCare security software has failed tests which check how well it spots and stops malicious programs designed to attack Windows. [more]
Monday, 5 March 2007, 2:59 PM CET

Top secret: we're wiretapping you
It could be a scene from Kafka or Brazil. Imagine a government agency, in a bureaucratic foul-up, accidentally gives you a copy of a document marked "top secret." And it contains a log of some of your private phone calls. [more]
Monday, 5 March 2007, 9:21 AM CET

Looking Into what we can look into
When it comes to employee monitoring, a state agency’s hands are often tied. Our manager seeks to change that. [more]
Monday, 5 March 2007, 7:03 AM CET

Security gets a little too personal
The Transportation Security Administration is testing, at Sky Harbor International Airport in Phoenix, an X-ray scanner that produces a nude image of passengers. This is to help detect terrorists. [more]
Monday, 5 March 2007, 1:30 AM CET

E-mail security with Apple Mail
In this tutorial, we’ll discuss how to use Apple’s Mail application to send secure emails that are signed and encrypted. [more]
Monday, 5 March 2007, 1:15 AM CET

Black Hat: We're all terribly leaky
Data breaches are bad but day-to-day "seepage" is a problem too. [more]
Monday, 5 March 2007, 12:36 AM CET

Rinbot worm threatens big business networks
A new strain of the Rinbot virus -- unusual in that it targets Symantec's antivirus program instead of Microsoft software -- has infiltrated CNN's network, the news organization reported. [more]
Monday, 5 March 2007, 12:27 AM CET

eBay plugs hole in sign-on page
A week or more after it was brought to its attention, eBay has plugged a hole in its sign-on page that was being exploited by phishers. [more]
Monday, 5 March 2007, 12:21 AM CET

Antivirus firms charge loyal customers more
The mortgage industry has woken up to the fact that its customers get a little irate when they see fabulous introductory rates offered to new customers while they are left to plod along feeling uncared for. It seems this ailment has afflicted the antivirus industry as well. [more]
Monday, 5 March 2007, 12:12 AM CET

Feds hope to boost business role in slowing cyberattacks
Private sector seeks more intelligence on potential strikes, needs asset tallies. [more]
Monday, 5 March 2007, 12:03 AM CET

Homeland Security bends on Real ID deadline
The Bush administration agreed Thursday to grant states an extra year and a half to comply with new driver's license standards. [more]
Monday, 5 March 2007, 12:00 AM CET

Do you still value your CISSP?
The CISSP doesn't matter anymore. [more]
Friday, 2 March 2007, 8:50 PM CET

Why your Web apps are sitting ducks
Lousy code, PHP and search engine hacking tools lead to vulnerabilities, study says. [more]
Friday, 2 March 2007, 4:37 PM CET

Intel 'hacker' has charges quashed
Randal Schwartz clears his name after 12 years. [more]
Friday, 2 March 2007, 3:09 PM CET

CNN network hit by Rinbot worm
Antivirus software not updated in time. [more]
Friday, 2 March 2007, 2:47 PM CET

Windows and UNIX worms exploiting well-known flaws
With an old worm hitting the headlines after some high-profile businesses have had their network security weaknesses exposed by infections, a new one has been sighted exploiting the very simple vulnerability in telnet on Sun Microsystems' Solaris operating system reported a few weeks ago. [more]
Friday, 2 March 2007, 2:46 PM CET

Black Hat: Think like an attacker
Building secure applications means understanding attacks. [more]
Friday, 2 March 2007, 11:38 AM CET

HIPAA training observations
I spent the last two days in Austin attending a HIPAA Security Auditing course provided by the State of Texas. [more]
Friday, 2 March 2007, 11:07 AM CET

Analysis: browser security
If your enterprise is considering running critical applications on Firefox and IE, are you courting disaster? We examine the latest in browser security, such as antiphishing technology and validation certificates, to help keep your data safe. [more]
Friday, 2 March 2007, 11:06 AM CET

Vista product activation hacked already
“Oh bugger.” That, friends and lovable-enemies, is what I’m imagining the security team at Microsoft are muttering, thanks to the news that Vista’s beefed-up product activation has been circumnavigated with a brute-force keygen hack. [more]
Friday, 2 March 2007, 11:04 AM CET

Hackers break open Xbox 360 security
Security hole left open for 3 months. [more]
Friday, 2 March 2007, 2:09 AM CET

National ID card rules unveiled
Homeland Security officials released long-delayed guidelines that turn state-issued identification cards into de facto internal passports Thursday, estimating the changes will cost states and individuals $23 billion over 10 years. [more]
Friday, 2 March 2007, 1:54 AM CET

Black Hat: Software Vulnerability Index making progress
Could the encyclopedic document be published by summer? [more]
Friday, 2 March 2007, 1:20 AM CET

Google steps up click fraud war
Advertisers allowed to build IP blacklists. [more]
Friday, 2 March 2007, 12:54 AM CET

Security crisis? Keep your cool, expert says
Security managers have to keep their cool and clearly communicate with chief information officers (CIOs) during a crisis affecting company networks, a top security official with Microsoft said Wednesday. [more]
Friday, 2 March 2007, 12:40 AM CET

Using squidGuard for content filtering
Content filtering for the Web can be a messy proposition. [more]
Friday, 2 March 2007, 12:30 AM CET

Webmaster pays $3,300 to settle malware charges
A webmaster is to surrender $3,300 in ill-gotten gains and refrain from making misleading claims, to settle federal charges he deceived consumers into installing spyware, dialer programs and other types of malware. [more]
Friday, 2 March 2007, 12:25 AM CET

EU threatens Microsoft with new $4M per day fine
The European Union's antitrust agency threatened Microsoft Corp. today with fines of up to $4 million a day and claimed that the company is overcharging for the information rivals need to make their products work smoothly with Windows. [more]
Friday, 2 March 2007, 12:21 AM CET

Majority of Russian net traffic is spam
Malicious programs also up 41 per cent on the previous year. [more]
Friday, 2 March 2007, 12:12 AM CET

Microsoft's OneCare takes last place in anti-virus evaluation
The top dog in the tests was G Data Security's AntiVirusKit. [more]
Friday, 2 March 2007, 12:08 AM CET

New computer virus threatens biz nets
Technology security firm warns the latest strains of the RINBOT or DELBOT virus are starting to multiply rapidly. [more]
Friday, 2 March 2007, 12:04 AM CET

Security firms laugh at 'unstoppable Trojan' claims
We laugh in the face of Trojans, and tweak the nose of the spindly killer worms. [more]
Thursday, 1 March 2007, 12:08 PM CET

Lessons from the DuPont breach: Five ways to stop data leaks
Follow the data, and protect it, say security experts. [more]
Thursday, 1 March 2007, 10:25 AM CET

RIAA urges student pirates to settle now for less
The Recording Industry Association of America sent out 400 "pre-litigation" letters to 13 American universities, informing them that a copyright infringement lawsuit is imminent for a number of their students. [more]
Thursday, 1 March 2007, 10:20 AM CET

Top 10 WordPress anti spam plugins
Blog spam is a huge problem but fortunately protection is available and in a few steps you can make sure you are protected. Check out the plugins in this list, one of them will certainly suit your needs. [more]
Thursday, 1 March 2007, 12:37 AM CET

Mac vs. Linux: which is more secure?
This may seem peculiar to many of you, but I find Linux’s security controls to be more true to the UNIX model they were patterned after. OS X, on the other hand, started with the UNIX model, but then diverged rather substantially. [more]
Thursday, 1 March 2007, 12:33 AM CET

Securing Linux by breaking it with Damn Vulnerable Linux
Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. [more]
Thursday, 1 March 2007, 12:27 AM CET

Which? highlights phishing losses
Consumer group Which? has called on the banking industry to give automatic compensation to customers who lose money to online phishing frauds. [more]
Thursday, 1 March 2007, 12:21 AM CET

Windows Vista: more features, better defenses?
Beyond the bells and whistles, data safety is Vista's most important new feature -- one every bit as important to consumers and business users alike. [more]
Thursday, 1 March 2007, 12:18 AM CET

Researchers: Worms not heading underground
New variants of the Storm Worm prove that the time-honored malware delivery model hasn't faded as attackers find new ways propagate threats. [more]
Thursday, 1 March 2007, 12:12 AM CET

Securing your online ID: beyond username and password
We've made it our business to throw roadblocks in the faces of fraudsters by amassing millions of PC reputations and helping financial institutions share this information to stall the growth of online fraud. By sharing reputation, all parties realize the benefit of a solution that far exceeds the sum of individual technologies. [more]
Thursday, 1 March 2007, 12:03 AM CET

Police limit e-crime probes
Lower-value incidents overlooked by local forces, say businesses. [more]
Thursday, 1 March 2007, 12:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th