Off the Wire

Off The Wire Archive

News items for April 2004

Linux vulnerable to infiltration
Linux source code could be infiltrated by dubious elements, including spies, according to a white paper released by Dan O'Dowd, chief executive officer of Green Hills Software Inc. [more]
Thursday, 29 April 2004, 4:25 PM CET

Hack your way to Hollywood
Heather Robinson, 25, sure has moxie. She turned her youthful indiscretions with a stolen credit card into a movie deal. Now she's trying to land another, this one based on her electronic snooping through AOL's customer database. [more]
Thursday, 29 April 2004, 4:21 PM CET

Multinational team cracks crypto puzzle
RSA Security on Tuesday said that over three months of consistent effort helped a team of mathematicians from Europe and North America solve the company's latest encryption puzzle. [more]
Thursday, 29 April 2004, 4:20 PM CET

Computer hacking 'costs billions'
Three-quarters of UK companies have been hit by security breaches in their computer systems over the past year, costing billions to industry. [more]
Thursday, 29 April 2004, 4:19 PM CET

Spying software watches you work
Spyware is rampant on computers in US businesses, a survey has found. [more]
Thursday, 29 April 2004, 4:16 PM CET

Hackers? What about rising damp?
A water leak or a failure in temperature control are just as likely to cause computer downtime as malicious attackers. But such so-called environmental issues are neglected until disaster strikes. [more]
Thursday, 29 April 2004, 2:56 PM CET

Poll: Most 'security conscious'
Macworld Online readers are far more security conscious than the rest of the UK population – 70 per cent of whom would reveal their computer password "for a bar of chocolate", a new survey concludes. [more]
Thursday, 29 April 2004, 2:55 PM CET

Infosecurity Europe 2004 showcase video
The video is 4:53 minutes in length, available for download in Windows Media 9 256K (9.08 MB) and 64K (2.27 MB). Check out the great atmosphere in London. [more]
Wednesday, 28 April 2004, 3:56 PM CET

Skills shortage threatens security
A recent survey shows that security breaches are on the increase. Could a skills shortage be to blame? [more]
Wednesday, 28 April 2004, 3:27 PM CET

Time to marry network and physical security
They are one and the same - security is security is security... [more]
Wednesday, 28 April 2004, 3:26 PM CET

The trends in information security spending
According to the latest industry research comissioned by Cisco Systems, businesses still don't spend enough money on information security. [more]
Wednesday, 28 April 2004, 11:26 AM CET

Australian banks targeted in Windows attack
Internet hackers based in Brazil, Germany and the Netherlands have launched attacks against some of Australia’s largest financial institutions over the Anzac Day long weekend. [more]
Wednesday, 28 April 2004, 10:41 AM CET

Fighting back against spyware
Microsoft estimates spyware is responsible for half of all PC crashes. [more]
Wednesday, 28 April 2004, 10:39 AM CET

Signs point to worm attack on SSL vulnerability
Security experts on Tuesday said they are seeing evidence of what appears to be a worm exploiting the recently announced vulnerability in the Windows implementation of the Secure Sockets Layer (SSL) protocol. [more]
Wednesday, 28 April 2004, 10:34 AM CET

Agencies slow to meet online privacy criteria
A few more agency Web sites now have machine-readable privacy policies, but the adoption rate should be faster, according to a new report from Ernst and Young LLP. [more]
Wednesday, 28 April 2004, 10:33 AM CET

Worm with embedded poetry
The author of the Bagle worm apparently has a softer side, security experts said Tuesday as their analysis uncovered -- believe it or not -- a poem embedded in most recent variant, which went wild on Monday. [more]
Wednesday, 28 April 2004, 10:31 AM CET

Companies team on ubiquitous, secure mobile/wireless system
Users of notebooks and other mobile data devices could benefit from a new chip-card-based system offering ubiquitous, secure connectivity between mobile and wireless LAN networks. [more]
Wednesday, 28 April 2004, 10:30 AM CET

Bagle turns to verse
The latest variant of the worm includes a poem in the attachment that hides the worm. [more]
Tuesday, 27 April 2004, 3:14 PM CET

Computer attacks on UK businesses double
DTI security breaches survey finds firms more vulnerable now than in 2002. [more]
Tuesday, 27 April 2004, 3:13 PM CET

Europe drags heels in war on spam
The shortcomings of Europe's war against spam are highlighted in a study of anti-spam legislation published today. [more]
Tuesday, 27 April 2004, 3:09 PM CET

Document security fears grow
Problems with maintaining the confidentiality of electronic documents and preventing document tampering are on the rise, according to a security manager at Adobe Systems Inc. [more]
Tuesday, 27 April 2004, 11:47 AM CET

Virus warning: Bagle.Z gets poetic
The author of the latest variant of the Bagle worm has gone beyond penning just a piece of code - the writer has also included a poem in the document attachment on which the worm piggybacks. [more]
Tuesday, 27 April 2004, 11:46 AM CET

'Burnt out' IT staff losing virus battle
Failure to centralise antivirus software management exhausts IT workers. [more]
Tuesday, 27 April 2004, 11:43 AM CET

Common security vulnerabilities in e-commerce systems
This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. [more]
Tuesday, 27 April 2004, 11:42 AM CET

Cyber-cops rrest trio in piracy xrackdown
Nearly 100 individuals worldwide, many of whom are alleged to be leaders or high-level members of various international piracy organizations, have been identified by Operation Fastlink to date. [more]
Tuesday, 27 April 2004, 11:40 AM CET

Microsoft warns of SSL attacks
Hackers preparing to exploit Secure Socket Layer vulnerabilities in Windows. [more]
Tuesday, 27 April 2004, 11:39 AM CET

Code exists to exploit TCP flaw
Symantec has confirmed that malicious code that can take advantage of the Transmission Control Protocol flaw reported this week exists but says that the risk of real problems is remote. [more]
Friday, 23 April 2004, 3:43 PM CET

Spamhaus breaches great firewall of China
Monitoring project works with Chinese authorities to crack down on spammers. [more]
Friday, 23 April 2004, 3:42 PM CET

Hacker profile: Peiter Mudge Zatko
It's hard to tell if Peiter Mudge Zatko was born eccentric or whether he's just a stickler for privacy. [more]
Friday, 23 April 2004, 3:36 PM CET

Linux/Windows security debate rolls on
No overall winner as analysts ponder pros and cons of both operating systems. [more]
Friday, 23 April 2004, 3:19 PM CET

Network Associates adopts new name
The security firm will change its name to reflect its most prominent product line. [more]
Friday, 23 April 2004, 3:16 PM CET

Super worms on the way?
The threat from malicious Internet worms is about to explode exponentially, a security expert said Thursday as he predicted release of an especially menacing "super worm" in the near future. [more]
Friday, 23 April 2004, 3:14 PM CET

Managing the patch process
A software developer who began his career with Microsoft at its Melbourne operation is now at the nerve centre of one of the company's most important divisions - its security response centre. [more]
Friday, 23 April 2004, 10:07 AM CET

Who should keep out the hackers?
The calm of a few months without a major attack of a computer worm, virus or other form of cyber-harassment was rattled hard this week. [more]
Friday, 23 April 2004, 10:05 AM CET

Securing a fresh Linux install, part 3
In the previous article in this series we looked at ways to secure files and monitor system logs on a Linux server. To finish the series we'll look at security considerations for some important networking tools. [more]
Friday, 23 April 2004, 10:03 AM CET

The enemy within
On March 23, 2004, an employee at an Anaheim, Calif.-based insurance company was indicted on federal wiretapping charges for allegedly installing an electronic device onto a company computer to record every keystroke made on one keyboard. [more]
Friday, 23 April 2004, 9:58 AM CET

Consumer grade *nix
Consumer grade *nix is a powder keg looking for a place to happen. [more]
Thursday, 22 April 2004, 2:46 PM CET

Securing the IP telephony perimeter
Can Application-layer firewalls deliver the security and reliability network managers need to build out tomorrow's IP telephony networks? [more]
Thursday, 22 April 2004, 2:44 PM CET

Cisco warns of more critical software holes
Cisco Systems Inc. warned its customers about two critical security holes that affect almost every product the company makes. [more]
Thursday, 22 April 2004, 2:42 PM CET

The need for security will not go away
Company management will always believe that security is a temporary problem which given time will subside. [more]
Thursday, 22 April 2004, 2:37 PM CET

Cyber crime is right under your nose
A company's worst nightmare is when a trusted employee with access to sensitive data simply vanishes. It gets worse when the employee turns up at a competitor's firm. [more]
Thursday, 22 April 2004, 10:11 AM CET

Tower Records settles hacker attack suit
The company that operates the Web site for music retailer Tower Records has settled complaints by U.S. regulators that it allowed hackers in 2002 to steal personal information about thousands of its online customers. [more]
Thursday, 22 April 2004, 10:08 AM CET

Military cadets play cybercops
U.S. Military Academy cadets participated in an exercise testing how well cadets could defend a military computer network from hackers. [more]
Wednesday, 21 April 2004, 10:02 AM CET

Worst security problem: attachments
Want to ruin a security manager’s day? Open an attachment—any unknown attachment will do. [more]
Wednesday, 21 April 2004, 9:51 AM CET

Five signs your enterprise needs distributed security
After years of merely reacting to new vulnerabilities, a centralized security model can no longer counter today's threats. [more]
Wednesday, 21 April 2004, 9:47 AM CET

Training will turn receptionists into security gurus
UK businesses think that their staff could be the weak link in the fight against cybercrime - and a new course has been launched to turn everyone from CEOs to receptionists into security whizzkids. [more]
Wednesday, 21 April 2004, 9:40 AM CET

Phishers using smarter hooks
Fraud attempts grow with Trojans, keystroke loggers and stolen screenshots. [more]
Wednesday, 21 April 2004, 9:06 AM CET

Onionlike polymer particles ideal for secure encryption
Clever geometry is the basis of a new material that is said to be ideal for secure data encryption and dense optical information storage. [more]
Wednesday, 21 April 2004, 9:05 AM CET

Exploit for Windows SSL flaw circulating
Exactly a week after Microsoft announced a SSL vulnerability affecting key Windows products, malicious hackers unveiled exploits that could lead to widespread denial-of-service attacks. [more]
Wednesday, 21 April 2004, 1:38 AM CET

The more basic the better, security report recommends
A coalition of public- and private-sector organizations today called on hardware and software vendors to pay more attention to basic security in products for the public. [more]
Wednesday, 21 April 2004, 1:37 AM CET

HNS learning session: session hijacking explained
This eleven minute audio shows you all the important characteristics of session hijacking and presents a number of practical examples of these attacks on online e-commerce sites. [more]
Wednesday, 21 April 2004, 1:22 AM CET

Review - STAT Scanner 5.27
A security scanner is one of the most important software tools in a network administrator's toolbox. Read the review and find out how this scanner can empower your arsenal. [more]
Wednesday, 21 April 2004, 1:16 AM CET

Linux: unfit for national security?
Days after an embedded-industry CEO stirred up a firestorm by charging that Linux poses a threat to U.S. security, two prominent computing-security experts said last week that some developers are already inappropriately using Linux in critical security applications where it isn't suitable. [more]
Tuesday, 20 April 2004, 3:04 AM CET

The Trojan that wasn't
Fear, uncertainty and doubt swirled through the Macintosh community last week as an antivirus software company said it had uncovered the first Trojan horse software to hit Mac OS X. [more]
Tuesday, 20 April 2004, 2:57 AM CET

The economics of information security
We asked Lawrence A. Gordon, a renowned economics professor, and Robert Richardson, editorial director at our sister organization Computer Security Institute and a former systems developer and WAN manager, to explore the subject of information security from an economics angle. [more]
Tuesday, 20 April 2004, 2:53 AM CET

Security threats increase demand for protection
With internet security attacks on the increase and events such as the BT cabling tunnel fire in Manchester, IT security and disaster recovery skills are in demand. There is now growing support for a British Standard on business continuity. [more]
Tuesday, 20 April 2004, 2:48 AM CET

Putting the 'enterprise' into wireless LANs
While a basic, single access point WLAN servicing a handful of clients is simplicity itself, expanding that network with a second access point causes an immediate spike in complexity. [more]
Tuesday, 20 April 2004, 12:25 AM CET

Solaris 10 security
This article discusses the many new security features in Sun's Solaris 10 operating system, as well as Sun's holistic approach to security. [more]
Tuesday, 20 April 2004, 12:20 AM CET

'Phishing' scams luring more users
The number of "phishing" e-mails circulating on the Web has increased from 279 to 215,643 over the past six months, according to e-mail security company MessageLabs. [more]
Tuesday, 20 April 2004, 12:17 AM CET

Next on FTC's hit list: spyware
After moving to curb spam with new legislation last year, federal regulators are poised to take on the newest scourge of the Internet: spyware. [more]
Tuesday, 20 April 2004, 12:15 AM CET

The silly privacy fears about Google's e-mail service
Gmail isn't an invasion of privacy, and its ads are preferable to the giant blinking banners for diets and dating services that are splashed across my other Web mail accounts. [more]
Tuesday, 20 April 2004, 12:14 AM CET

Microsoft picks up hackers' gauntlet
New security strategy aims to 'blunt impact of cybercriminals'. [more]
Tuesday, 20 April 2004, 12:12 AM CET

Wireless security tops U.S.-China trade talks
China's wireless-networking protocol — known as Wireless LAN Authentication and Privacy Infrastructure, or WAPI — has most grabbed the spotlight. The scheme is aimed at boosting security but is incompatible with the industry standard developed by the IEEE 802.11 working group. [more]
Monday, 19 April 2004, 5:00 PM CET

Creating a password system that works
The all-too-human penchant for using the same password everywhere drives computer security firms crazy. [more]
Monday, 19 April 2004, 4:17 PM CET

Everday hackers
If you think all "hackers" are computer criminals, think again: A new generation is reclaiming a creative, do-it-yourself approach to everything from home electronics to home improvements. [more]
Monday, 19 April 2004, 4:15 PM CET

Climbing firewalls
In the past, if you were looking for a mental image for the ubiquitous firewall you could have pictured it as that old western film stand-by, the circled wagon train. [more]
Monday, 19 April 2004, 4:08 PM CET

How secure is your handheld?
The No. 1 threat to the sensitive data stored on your handheld device or smart phone remains physically losing the device, but other threats are looming on the handheld horizon. [more]
Monday, 19 April 2004, 4:07 PM CET

Data security: expect the unexpected
With the proliferation of operating systems, applications and internet access points (both broadband and Wi-Fi), demand for data backup and storage has grown at an unbelievable rate. [more]
Monday, 19 April 2004, 4:04 PM CET

US shows way for security
New US proposals for minimum corporate security standards could foster similar measures in the UK. [more]
Monday, 19 April 2004, 4:00 PM CET

Sending IPv6 packets to check firewall rules
This article describes netwox toolbox which can be used to send IPv6 packets. [more]
Monday, 19 April 2004, 11:12 AM CET

Cyber security could be up to bosses
Chief executive officers of U.S. corporations and their boards of directors should assume direct responsibility for securing their computer networks from worms, viruses and other attacks, an industry task force working with the federal government said. [more]
Monday, 19 April 2004, 10:23 AM CET

EarthLink uncovers rampant spyware and trojans
Internet service provider EarthLink and Webroot Software released a report that said an average of almost 28 spyware programs are running on each computer. [more]
Monday, 19 April 2004, 8:46 AM CET

Company to license smart-card security tools
Now that it has received needed patents, Cryptography Research will embark on a more aggressive effort to license technology that can protect devices from differential power analysis, a type of decryption attack. [more]
Monday, 19 April 2004, 8:42 AM CET

How cooperation can beat viruses
Prevention truly is better than cure - and there are steps that can be taken to teach a new computing generation to protect themselves. [more]
Friday, 16 April 2004, 5:58 PM CET

U.K. spammers elude shutdown
Legislation passed last year to clamp down on U.K. companies that send unsolicited e-mail over the Internet is unlikely to result in any prosecutions until 2005. [more]
Friday, 16 April 2004, 5:57 PM CET

Pushing to wiretap 'push to talk'
U.S. cell phone service providers are willing to wiretap "push to talk" phone calls, but only one has the technological capability to do so, according to sources familiar with the situation. [more]
Friday, 16 April 2004, 5:22 PM CET

Watch out - there's an ID thief about
When someone says 'get a life', they don't generally mean 'take mine'. But that's exactly what happened to more than 100,000 people in the UK last year. [more]
Friday, 16 April 2004, 5:22 PM CET

Audio interview with Greg Hoglund and Gary McGraw, authors of "Exploiting Software: How to Break Code"
The authors voice their opinion on close source vs. open source security, the most ridiculous mistakes they've seen while analyzing code, provide some insight into their book and more. [more]
Thursday, 15 April 2004, 2:24 PM CET

No silver bullet for security
Phil Cracknell, chief technology officer at NetSurity, considers the need for continued corporate management investment in security. [more]
Thursday, 15 April 2004, 2:09 PM CET

Network vulnerabilities
Basic network security issues have changed very little over the past decade. [more]
Thursday, 15 April 2004, 2:02 PM CET

IT security has never been so necessary
IT security is very much in the spotlight at the moment. And, unlike some IT trends, there is no danger that it is merely enjoying its 15 minutes of fame. [more]
Thursday, 15 April 2004, 2:00 PM CET

HIPAA security: you can run, but you can't hide
This short course targets physicians who need to handle the looming HIPAA security deadlines. [more]
Thursday, 15 April 2004, 11:38 AM CET

The front on Internet terrorism
With attacks from spam, worms, malware, adware, and hackers, Internet security will become so tight that nothing will get through, not even the good data. [more]
Thursday, 15 April 2004, 11:34 AM CET

Feds to use 'federated' ID checks
Federal government officials will rely on other organizations to verify users' identities when they apply online for government loans or jobs. [more]
Thursday, 15 April 2004, 11:33 AM CET

9/11 'entrepreneur' on fraud rap
A Californian man who claimed to be developing post-9/11 face recognition system has been arrested by Feds probing allegations of fraud. [more]
Thursday, 15 April 2004, 11:01 AM CET

Auditors working on cyber-risk standard
Plans by an industry consortium to develop a checklist to assess cyber-threats could help IT directors justify security spending and help protect companies against hackers, according to IT directors and industry experts. [more]
Thursday, 15 April 2004, 10:52 AM CET

Basic web session impersonation
This article gives a basic introduction to common flaws in web applications that allow a malicious user to hijack a legitimate user's web session. Some practical countermeasures that reduce this threat are also discussed. [more]
Thursday, 15 April 2004, 10:50 AM CET

Stiff spam penalties urged
Spammers convicted under a recently enacted national antispam law could face stiff sentences under newly finalized government recommendations. [more]
Thursday, 15 April 2004, 10:43 AM CET

Security body supports biometrics
SIA uses fingerprint authentication to boost security. [more]
Wednesday, 14 April 2004, 7:32 PM CET

More to blame for virus epidemic
There is an interesting new dynamic to the recent malicious code outbreaks that have plagued corporations. [more]
Wednesday, 14 April 2004, 7:31 PM CET

Linux 2.6: compiling and installing
This article looks at the process of compiling and installing a new kernel safely, without overwriting the existing kernel. [more]
Wednesday, 14 April 2004, 1:49 PM CET

UK firms failing security challenge
Despite repeated warnings, many British businesses haven't come to grips with the security needed for wireless networks or remote access. [more]
Wednesday, 14 April 2004, 1:48 PM CET

Wi-Fi security still poor
Wireless network protection neglected by more than half of UK businesses. [more]
Wednesday, 14 April 2004, 1:24 PM CET

USDA to certify security
Officials at the Agriculture Department, with 29 agencies and more than 500 computer information systems, expects to spend as much as $60 million to certify and accredit those systems during the next five years. [more]
Wednesday, 14 April 2004, 1:22 PM CET

Microsoft warns of a score of security holes
Microsoft released on Tuesday fixes that cover at least 20 Windows flaws, several of which could make versions of the operating system vulnerable to new worms or viruses. [more]
Wednesday, 14 April 2004, 10:37 AM CET

Attackers infiltrating supercomputer networks
Unknown attackers have compromised a large number of Linux and Solaris machines in high-speed computing networks at Stanford University and other academic research facilities, according to a university advisory. [more]
Wednesday, 14 April 2004, 10:35 AM CET

User access system to improve IT security
Northumbrian Water is responding to demands from industry regulators to demonstrate best practice in IT security by rolling out software to control the access rights of 2,000 staff to the firm's Windows and Unix systems. [more]
Tuesday, 13 April 2004, 4:07 AM CET

Software warfare
The debate over security is an interesting one, as both the Linux community and Microsoft claim to have the more secure technology. [more]
Tuesday, 13 April 2004, 4:04 AM CET

Photo recognition software gives location
For a small fee, photo recognition software on a remote server works out precisely where you are, and sends back directions that will get you to your destination. [more]
Tuesday, 13 April 2004, 4:03 AM CET

Chat, copy, paste, prison
When a New Hampshire judge threw out chat-log evidence against an accused pedophile, he illustrated just how jumbled and confused Internet privacy law can be. [more]
Tuesday, 13 April 2004, 3:20 AM CET

Threats give security boost
Widespread fear of hacking, viruses and worms loosens company purse strings. [more]
Tuesday, 13 April 2004, 3:19 AM CET

Mail scanning with Exim and the Exiscan ACL
With all the spam and viruses circulating the Internet these days, any network admin worth his or her salt will have appropriate filters in place to prevent these irritants from getting to users and customers. [more]
Tuesday, 13 April 2004, 3:07 AM CET

Interview with Paul Zimski, Harris Corporation's STAT Computer Security Unit
Paul Zimski, CISSP, discusses government security, security scanning as well as online security problems. [more]
Tuesday, 13 April 2004, 2:46 AM CET

Securing wireless LANs with PEAP and passwords
This is the second security solution guide for WLANs from Microsoft. [more]
Tuesday, 13 April 2004, 1:47 AM CET

Security task force to CEOs: make improvement, or else
A computer industry task force working on cybersecurity with the Homeland Security Department urged top corporate management to initiate robust security measures now or face possible regulation on the issue later. [more]
Tuesday, 13 April 2004, 1:43 AM CET

Concern grows over browser security
Browser-based security threats are on the rise and may pose the next significant risk to information technology operations, according to a technology trade association. [more]
Tuesday, 13 April 2004, 1:40 AM CET

New Intel chips ensure better security
The next generation of Intel Corp. microprocessors for cell phones and handheld computers will, for the first time, include hard-wired security features that can enforce copy protection and help prevent hackers from wreaking havoc on wireless networks. [more]
Tuesday, 13 April 2004, 1:36 AM CET

Cybersecurity task force sparks debate
Rift develops over who decides standards. [more]
Monday, 12 April 2004, 11:24 AM CET

OS X Trojan horse is a nag
The first Trojan for Mac OS X is anything but, experts say, and Thursday's warning from antivirus company Intego was unnecessarily alarmist. [more]
Monday, 12 April 2004, 11:15 AM CET

Security focus or not, can an unrepentant Microsoft be trusted?
Microsoft is working hard to make good on the promises making security job #1, and with Windows XP Service Pack 2 just a few months away we're all looking forward to this very important first step. [more]
Monday, 12 April 2004, 11:09 AM CET

An antitrust antidote for software security
Lawmakers have focused much attention on information security issues during the past year amid a spike in identity theft, viruses and other online criminal activity. The White House approved a national cybersecurity plan more than a year ago but it contains no requirements for businesses to improve their electronic security practices. [more]
Monday, 12 April 2004, 11:07 AM CET

Improving web application security
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. [more]
Friday, 9 April 2004, 5:23 AM CET

DB2 Web Service Provider security
This article explains how to enable security for a DB2 Web Service Provider application, which includes enabling authentication, setting authorization and making sure that messages are encrypted. [more]
Friday, 9 April 2004, 5:10 AM CET

Expert releases Cisco wireless hacking tool
Tool compromises Cisco's authentication protocol. [more]
Friday, 9 April 2004, 5:01 AM CET

Plug-in flaw leaves RealPlayer users open to attack
RealNetworks has issued a patch for a security flaw in one of its plug-ins that could let an attacker gain control of computers running any of several versions of the company's popular media player software. [more]
Friday, 9 April 2004, 5:00 AM CET

Security tool more harmful than helpful?
The common wisdom in the security world is that easy-to-use scripts to circumvent security--called "exploits"--are a threat to the Internet. [more]
Friday, 9 April 2004, 4:57 AM CET

Security issues move Linksys routers off the short list
Linksys is apparently having some engineering difficulties that are leaving its customers exposed to potential security problems. [more]
Friday, 9 April 2004, 4:55 AM CET

Humans to blame for security breaches
84 per cent of breaches caused by human error, survey finds. [more]
Friday, 9 April 2004, 4:53 AM CET

Experts talk up text security
Mobile phone users concerned that David Beckham's much publicised troubles mean their text messages are not safe from prying eyes can stop worrying, say experts. [more]
Friday, 9 April 2004, 4:47 AM CET

Hunting down virus writers
"The biggest sin Microsoft has ever done is simply that they've become too popular, making them target number one," F-Secure director of antivirus research Mikko Hypponen told the E-Commerce Times. [more]
Thursday, 8 April 2004, 5:33 PM CET

Is there a rootkit hunter in your arsenal?
Michael Boelen was motivated to create the rootkit hunter one day after he and a friend accidentally scanned a machine with a brand new installation of FreeBSD 5.0. The machine had no Internet connection, and yet the tool they used, chkrootkit, reported "backdoored" binaries. [more]
Thursday, 8 April 2004, 3:24 PM CET

The issue of compliance - it’s here and it’s expanding!
By now, most high-tech conferences have devoted at least one 30-minute session to the topic of Sarbanes-Oxley (aka "Sarbox"). Complexity of language aside, Sarbox has wide-ranging implications that span the breadth of the high-tech industry. It has become increasingly important to know which portions of the law apply to your organization, and to the organizations that you do business with. [more]
Thursday, 8 April 2004, 2:08 PM CET

KaZaA and eDonkey brace for NetSky-Q onslaught
Zombie PCs infected with the NetSky-Q worm are set to launch distributed denial of service attacks against P2P and warez sites tonight. [more]
Thursday, 8 April 2004, 2:07 PM CET

Oasis advances web services security
Big step forward for connected apps. [more]
Thursday, 8 April 2004, 1:58 PM CET

Hacking Windows Server
Here are three hacks from the Windows Server Hacks book by Mitch Tulloch. [more]
Thursday, 8 April 2004, 1:46 AM CET

Witty extinction
The Witty worm set a dangerous precedent on the Internet because it introduced a number of evil new "firsts" in the ever-changing world of modern worms and viruses. [more]
Thursday, 8 April 2004, 1:43 AM CET

Microsoft on its security response
MCP Magazine asked Stephen Toulouse, security program manager, Microsoft Security Response Center, about the flaw and resulting controversy about the time delay. [more]
Thursday, 8 April 2004, 1:39 AM CET

Gmail takes heat for privacy fears
"What we are getting from Google is that they are just not listening. They are just defending. We were really surprised that Google did not appear to be receptive whatsoever to the privacy community concerns. What they've been saying is, 'Just get used to it -- it won't hurt long.'" [more]
Thursday, 8 April 2004, 1:35 AM CET

Microsoft takes security class on the road
Microsoft's on a mission to get technology pros to think harder about security. [more]
Thursday, 8 April 2004, 1:32 AM CET

Experts offer Unix virus warnings
Killer worms continue to steal Internet bandwidth and clog Mac user's email boxes, and the problem seems set to intensify. Meanwhile, virus writers are "showing increased interest in Unix," experts told Macworld. [more]
Thursday, 8 April 2004, 1:31 AM CET

Better living through mod security
ModSecurity is an open source intrusion detection and prevention engine for web applications. [more]
Wednesday, 7 April 2004, 12:02 PM CET

A mysterious solution to your security?
When is a new computer technology like a riddle wrapped in a mystery inside an enigma? [more]
Wednesday, 7 April 2004, 11:58 AM CET

Security scare for business laptops
Business travellers are unwittingly making company secrets available to rivals by ignoring the risks of local wireless networks, known as wi-fi hotspots, security experts warn. [more]
Wednesday, 7 April 2004, 11:31 AM CET

Joint statement about GNU/Linux security
GNU/Linux vendors Debian, Mandrake, Red Hat, and SUSE have joined together to give a common statement about the Forrester report entitled "Is Linux more Secure than Windows?". [more]
Wednesday, 7 April 2004, 11:13 AM CET

The Joe Job DoS attack
A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch "mail bomb" denial of service attacks. [more]
Wednesday, 7 April 2004, 11:11 AM CET

I fought the scammer... and I won
the following is a report on a successful attempt to stop and catch a 419 scammer. [more]
Wednesday, 7 April 2004, 11:03 AM CET

Disaster and disaster recovery
As a veteran of Operating System experimentation, I can personally vouch that I have flubbed things up more often than I have gotten it right on the first time. [more]
Wednesday, 7 April 2004, 10:58 AM CET

Outlawing spyware?
Utah regulates surveillance software while several states and Congress also consider restrictions. [more]
Wednesday, 7 April 2004, 10:55 AM CET

Firm invites experts to punch holes in ballot software
VoteHere, a maker of security software for voting machines, published the source code for its product online in hopes of garnering additional analysis of its method for verifying the integrity of electronic votes. [more]
Wednesday, 7 April 2004, 10:53 AM CET

Start-up takes a crack at blocking hackers
A Silicon Valley start-up launched on Tuesday with the goal of helping software companies shut out hackers. [more]
Wednesday, 7 April 2004, 10:45 AM CET

Arrests key win for NSA hackers
A computer hacker who allowed himself to be publicly identified only as ''Mudhen'' once boasted at a Las Vegas conference that he could disable a Chinese satellite with nothing but his laptop computer and a cellphone. [more]
Tuesday, 6 April 2004, 4:16 PM CET

Top ten tips to make attackers’ lives hell
This article is a breakdown of top ten tips for all network administrators, to protect your networks from opportunistic threats and make it hard for the more determined attackers to get anywhere fast. [more]
Tuesday, 6 April 2004, 3:48 PM CET

Introduction to enterprise Linux
What is Enterprise Linux? Who has it? What does it cost? Are there any viable free alternatives? These are all questions that this article will address and try to answer. [more]
Tuesday, 6 April 2004, 3:38 PM CET

Canning spam
Unfortunately most of us are seeing more and more of it each day, despite the growing use of anti-spam measures at the desktop, server and ISP levels. [more]
Tuesday, 6 April 2004, 2:46 PM CET

Running BIND9 in a chroot cage using NetBSD 1.6.2
This document does not explain anything more than successfully running BIND9 in a chroot cage under NetBSD. [more]
Tuesday, 6 April 2004, 2:28 PM CET

The Internet surveillance cash cow
A few large companies and entrepreneurs stand to profit from the FBI's bid for a wiretap-friendly Internet. [more]
Tuesday, 6 April 2004, 2:27 PM CET

Possio's PX30 hackable wireless router
The Possio PX30 is a hackable Linux-based wireless router featuring WLAN, Bluetooth, OSGi (Open Services Gateway Initiative), and Java support. [more]
Tuesday, 6 April 2004, 1:54 PM CET

Students compromised by Internet intrusions
Colleges across the country, through computer security failure and human error, have exposed confidential information about hundreds of thousands of students and employees over the Internet. [more]
Tuesday, 6 April 2004, 1:53 PM CET

Revenues match rise in security threats
Vendors profit from growth in antivirus and network security spending. [more]
Tuesday, 6 April 2004, 1:50 PM CET

MSBlast not to blame for blackout, report says
A U.S. and Canadian task force investigating the August 2003 blackout that cut power to an estimated 50 million North Americans published its final report Monday, finding that institutional, human and computer failures--not the MSBlast worm--led to the outage. [more]
Tuesday, 6 April 2004, 1:41 PM CET

Large enterprise application security
Large enterprises use a different class of software than small companies. This software and the environment it is purchased in is subject to particular constraints that often require a different strategy. This paper presents the problems with concrete and current examples and suggests some solutions. [more]
Monday, 5 April 2004, 5:35 PM CET

Malicious hackers - the sophisticated adversary
Malicious hackers are known for staying one step ahead of the good guys; lately, it's more like a half-a-mile. [more]
Monday, 5 April 2004, 3:37 PM CET

Windows Server 2003 security questioned
A technology analyst is disputing Microsoft's claims that Windows Server 2003 is more secure than its predecessors. [more]
Monday, 5 April 2004, 3:23 PM CET

The future of phishing
This article examines how attackers are likely to respond to the current move towards 2-factor authentication as a defence against phishing scams, and describes an alternative approach, available today, that provides a longer-term solution. [more]
Monday, 5 April 2004, 2:38 PM CET

HNS Newsletter issue 207 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. Sponsored by SPI Dynamics. [more]
Monday, 5 April 2004, 2:37 PM CET

Forrester questions Linux security
A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. [more]
Monday, 5 April 2004, 1:34 PM CET

Bookies race to beat net attacks
The Grand National may be popular with the British public but, so far, it is not a favourite with online criminals. [more]
Monday, 5 April 2004, 1:14 PM CET

Chrooting daemons and system processes
You've probably encounted a chroot jail before, if you've ever ftped into a public system. [more]
Monday, 5 April 2004, 1:13 PM CET

Watchdogs push for RFID laws
Companies push to keep RFID tags active once they are out of the store, but critics say that won't play well with privacy advocates and foreign markets. [more]
Monday, 5 April 2004, 1:12 PM CET

US experts outline security initiative
National Cyber Security Partnership advocates putting security at the heart of software development. [more]
Monday, 5 April 2004, 1:08 PM CET

9-11 Commission keeps network secure
Tech managers with the commission have set up a VPN. [more]
Monday, 5 April 2004, 1:07 PM CET

Why I'm not sending you viruses
E-mail spoofing is common these days--so much so that innocent people are getting blamed for spreading the latest wave of viruses. Here's what you need to know about spoofing. [more]
Monday, 5 April 2004, 11:29 AM CET

The economics of information security
Security measures are costly -- so is picking up the pieces after a security breach. Consequently, more economists are turning their attentions to the study of cybercrime. If you're an InfoSec manager, you can benefit from their research. [more]
Monday, 5 April 2004, 11:27 AM CET

IP spoofing - understanding the basics
Get a grip on the basics of IP spoofing with this comprehensive article. [more]
Friday, 2 April 2004, 11:21 AM CET

Programmers told to put security over creativity
Certification for programmers, better education and even new laws are needed to improve software security, stated a report published Thursday by a coalition of corporate security experts, academic researchers and government agencies. [more]
Friday, 2 April 2004, 3:46 AM CET

Howto setup SSH keys between machines
SSH keys can provide a relief to system administrators. Are you tired of typing in strong passwords over and over again to connect machines you admin? [more]
Friday, 2 April 2004, 3:42 AM CET

Wiping old hard disks clean
Swapping out disks or complete systems is common, but I wonder whether you wipe clean your old disks before sending them off for recycling or resale. If you do wipe the disks, are you sure that data can't be recovered from them? [more]
Friday, 2 April 2004, 3:32 AM CET

Bug hunters go open source
A project to catalogue and describe security vulnerabilities, derived from the ideals of the open source movement, opened to the public on March 31st. [more]
Friday, 2 April 2004, 3:09 AM CET

Host integrity monitoring: best practices for deployment
The purpose of this article is to highlight the important steps and concepts involved in deploying a host integrity monitoring system. These applications can be very helpful with detecting unauthorized change, conducting damage assessment, and preventing future attacks. [more]
Friday, 2 April 2004, 3:08 AM CET

More police needed to tackle e-crime
Improved enforcement of existing laws – rather than more regulations – should be a government priority in the fight against crime on the Net. [more]
Friday, 2 April 2004, 2:58 AM CET

Who's more secure than whom?
Many thanks to my colleague Steven J. Vaughan-Nichols, editor of our Linux & Open Source Center, for referring a recent Forrester Research report to my attention. [more]
Friday, 2 April 2004, 2:57 AM CET

Study: virus attacks up but infections hold steady
Last year more - and more dangerous - viruses raced across the Internet than ever, according to a new study. [more]
Friday, 2 April 2004, 2:53 AM CET

Using the PuTTY SSH client on Nokia Series 60 phones
Here's a demonstration on how the new version of PuTTY works on a Nokia 6600, complete with photos. [more]
Thursday, 1 April 2004, 7:45 PM CET

Securing systems with the Solaris Security Toolkit
This book is part of an on-going series of books known as the Sun Blueprints Program. What this publication wants to provide are best practices for securing the Solaris Operating Environment by using the Solaris Security Toolking software. [more]
Thursday, 1 April 2004, 2:07 PM CET

Competing authors pump up virus statistics
Although NetSky was the more prolific worm last month, Bagle variants were not far behind, according to Sophos. [more]
Thursday, 1 April 2004, 1:03 PM CET

Cool tools for remote administration
Let's have a look at a couple of cool remote administration tools that are both useful and easy to use. [more]
Thursday, 1 April 2004, 1:02 PM CET

Passport safety, privacy face off
An international aviation group is completing new passport standards this week, setting the groundwork for all passports issued worldwide to include digitized photographs that a computer can read remotely and compare to the face of the traveler or to a database of mug shots. [more]
Thursday, 1 April 2004, 12:37 PM CET

Red Hat brings SE Linux to Fedora
Red Hat Inc. took the first step this week toward the inclusion of Security Enhanced Linux in its enterprise offerings when it released Fedora Core 2, test2. [more]
Thursday, 1 April 2004, 12:35 PM CET

Govt intervention needed for software security
In a surprise shift, leading software companies acknowledged in a report to the Bush administration that the government might need to force the US technology industry to improve the security of US computer networks. [more]
Thursday, 1 April 2004, 12:30 PM CET

Gates updates customers on Microsoft security push
Once again, Microsoft's chief software architect is beating the drum on security. [more]
Thursday, 1 April 2004, 12:29 PM CET

Firewall failover with pfsync and CARP
Once again, Microsoft's chief software architect is beating the drum on security. [more]
Thursday, 1 April 2004, 12:24 PM CET

Basic Slackware security
This article is meant to be a crash course in Slackware security. It will detail some basic steps that should be taken before you consider Slackware to be fully installed. [more]
Thursday, 1 April 2004, 12:21 PM CET

So much for secure storage
With information security figuring so prominently in the headlines, you might assume that people in their right mind wouldn't still ignore security. But examine the latest goings-on in the storage industry and you'll trip across a very different reality. [more]
Thursday, 1 April 2004, 12:19 PM CET

Security: the threats that lie within organisations
When people talk about security, they more often than not consider the greatest threats to be those coming from the outside. [more]
Thursday, 1 April 2004, 12:18 PM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Aug 27th