Off the Wire

Off The Wire Archive

News items for April 2004

Linux vulnerable to infiltration
Linux source code could be infiltrated by dubious elements, including spies, according to a white paper released by Dan O'Dowd, chief executive officer of Green Hills Software Inc. [more]
Thursday, 29 April 2004, 4:25 PM CET


Hack your way to Hollywood
Heather Robinson, 25, sure has moxie. She turned her youthful indiscretions with a stolen credit card into a movie deal. Now she's trying to land another, this one based on her electronic snooping through AOL's customer database. [more]
Thursday, 29 April 2004, 4:21 PM CET


Multinational team cracks crypto puzzle
RSA Security on Tuesday said that over three months of consistent effort helped a team of mathematicians from Europe and North America solve the company's latest encryption puzzle. [more]
Thursday, 29 April 2004, 4:20 PM CET


Computer hacking 'costs billions'
Three-quarters of UK companies have been hit by security breaches in their computer systems over the past year, costing billions to industry. [more]
Thursday, 29 April 2004, 4:19 PM CET


Spying software watches you work
Spyware is rampant on computers in US businesses, a survey has found. [more]
Thursday, 29 April 2004, 4:16 PM CET


Hackers? What about rising damp?
A water leak or a failure in temperature control are just as likely to cause computer downtime as malicious attackers. But such so-called environmental issues are neglected until disaster strikes. [more]
Thursday, 29 April 2004, 2:56 PM CET


Poll: Most 'security conscious'
Macworld Online readers are far more security conscious than the rest of the UK population – 70 per cent of whom would reveal their computer password "for a bar of chocolate", a new survey concludes. [more]
Thursday, 29 April 2004, 2:55 PM CET


Infosecurity Europe 2004 showcase video
The video is 4:53 minutes in length, available for download in Windows Media 9 256K (9.08 MB) and 64K (2.27 MB). Check out the great atmosphere in London. [more]
Wednesday, 28 April 2004, 3:56 PM CET


Skills shortage threatens security
A recent survey shows that security breaches are on the increase. Could a skills shortage be to blame? [more]
Wednesday, 28 April 2004, 3:27 PM CET


Time to marry network and physical security
They are one and the same - security is security is security... [more]
Wednesday, 28 April 2004, 3:26 PM CET


The trends in information security spending
According to the latest industry research comissioned by Cisco Systems, businesses still don't spend enough money on information security. [more]
Wednesday, 28 April 2004, 11:26 AM CET


Australian banks targeted in Windows attack
Internet hackers based in Brazil, Germany and the Netherlands have launched attacks against some of Australia’s largest financial institutions over the Anzac Day long weekend. [more]
Wednesday, 28 April 2004, 10:41 AM CET


Fighting back against spyware
Microsoft estimates spyware is responsible for half of all PC crashes. [more]
Wednesday, 28 April 2004, 10:39 AM CET


Signs point to worm attack on SSL vulnerability
Security experts on Tuesday said they are seeing evidence of what appears to be a worm exploiting the recently announced vulnerability in the Windows implementation of the Secure Sockets Layer (SSL) protocol. [more]
Wednesday, 28 April 2004, 10:34 AM CET


Agencies slow to meet online privacy criteria
A few more agency Web sites now have machine-readable privacy policies, but the adoption rate should be faster, according to a new report from Ernst and Young LLP. [more]
Wednesday, 28 April 2004, 10:33 AM CET


Worm with embedded poetry
The author of the Bagle worm apparently has a softer side, security experts said Tuesday as their analysis uncovered -- believe it or not -- a poem embedded in most recent variant, which went wild on Monday. [more]
Wednesday, 28 April 2004, 10:31 AM CET


Companies team on ubiquitous, secure mobile/wireless system
Users of notebooks and other mobile data devices could benefit from a new chip-card-based system offering ubiquitous, secure connectivity between mobile and wireless LAN networks. [more]
Wednesday, 28 April 2004, 10:30 AM CET


Bagle turns to verse
The latest variant of the worm includes a poem in the attachment that hides the worm. [more]
Tuesday, 27 April 2004, 3:14 PM CET


Computer attacks on UK businesses double
DTI security breaches survey finds firms more vulnerable now than in 2002. [more]
Tuesday, 27 April 2004, 3:13 PM CET


Europe drags heels in war on spam
The shortcomings of Europe's war against spam are highlighted in a study of anti-spam legislation published today. [more]
Tuesday, 27 April 2004, 3:09 PM CET


Document security fears grow
Problems with maintaining the confidentiality of electronic documents and preventing document tampering are on the rise, according to a security manager at Adobe Systems Inc. [more]
Tuesday, 27 April 2004, 11:47 AM CET


Virus warning: Bagle.Z gets poetic
The author of the latest variant of the Bagle worm has gone beyond penning just a piece of code - the writer has also included a poem in the document attachment on which the worm piggybacks. [more]
Tuesday, 27 April 2004, 11:46 AM CET


'Burnt out' IT staff losing virus battle
Failure to centralise antivirus software management exhausts IT workers. [more]
Tuesday, 27 April 2004, 11:43 AM CET


Common security vulnerabilities in e-commerce systems
This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. [more]
Tuesday, 27 April 2004, 11:42 AM CET


Cyber-cops rrest trio in piracy xrackdown
Nearly 100 individuals worldwide, many of whom are alleged to be leaders or high-level members of various international piracy organizations, have been identified by Operation Fastlink to date. [more]
Tuesday, 27 April 2004, 11:40 AM CET


Microsoft warns of SSL attacks
Hackers preparing to exploit Secure Socket Layer vulnerabilities in Windows. [more]
Tuesday, 27 April 2004, 11:39 AM CET


Code exists to exploit TCP flaw
Symantec has confirmed that malicious code that can take advantage of the Transmission Control Protocol flaw reported this week exists but says that the risk of real problems is remote. [more]
Friday, 23 April 2004, 3:43 PM CET


Spamhaus breaches great firewall of China
Monitoring project works with Chinese authorities to crack down on spammers. [more]
Friday, 23 April 2004, 3:42 PM CET


Hacker profile: Peiter Mudge Zatko
It's hard to tell if Peiter Mudge Zatko was born eccentric or whether he's just a stickler for privacy. [more]
Friday, 23 April 2004, 3:36 PM CET


Linux/Windows security debate rolls on
No overall winner as analysts ponder pros and cons of both operating systems. [more]
Friday, 23 April 2004, 3:19 PM CET


Network Associates adopts new name
The security firm will change its name to reflect its most prominent product line. [more]
Friday, 23 April 2004, 3:16 PM CET


Super worms on the way?
The threat from malicious Internet worms is about to explode exponentially, a security expert said Thursday as he predicted release of an especially menacing "super worm" in the near future. [more]
Friday, 23 April 2004, 3:14 PM CET


Managing the patch process
A software developer who began his career with Microsoft at its Melbourne operation is now at the nerve centre of one of the company's most important divisions - its security response centre. [more]
Friday, 23 April 2004, 10:07 AM CET


Who should keep out the hackers?
The calm of a few months without a major attack of a computer worm, virus or other form of cyber-harassment was rattled hard this week. [more]
Friday, 23 April 2004, 10:05 AM CET


Securing a fresh Linux install, part 3
In the previous article in this series we looked at ways to secure files and monitor system logs on a Linux server. To finish the series we'll look at security considerations for some important networking tools. [more]
Friday, 23 April 2004, 10:03 AM CET


The enemy within
On March 23, 2004, an employee at an Anaheim, Calif.-based insurance company was indicted on federal wiretapping charges for allegedly installing an electronic device onto a company computer to record every keystroke made on one keyboard. [more]
Friday, 23 April 2004, 9:58 AM CET


Consumer grade *nix
Consumer grade *nix is a powder keg looking for a place to happen. [more]
Thursday, 22 April 2004, 2:46 PM CET


Securing the IP telephony perimeter
Can Application-layer firewalls deliver the security and reliability network managers need to build out tomorrow's IP telephony networks? [more]
Thursday, 22 April 2004, 2:44 PM CET


Cisco warns of more critical software holes
Cisco Systems Inc. warned its customers about two critical security holes that affect almost every product the company makes. [more]
Thursday, 22 April 2004, 2:42 PM CET


The need for security will not go away
Company management will always believe that security is a temporary problem which given time will subside. [more]
Thursday, 22 April 2004, 2:37 PM CET


Cyber crime is right under your nose
A company's worst nightmare is when a trusted employee with access to sensitive data simply vanishes. It gets worse when the employee turns up at a competitor's firm. [more]
Thursday, 22 April 2004, 10:11 AM CET


Tower Records settles hacker attack suit
The company that operates the Web site for music retailer Tower Records has settled complaints by U.S. regulators that it allowed hackers in 2002 to steal personal information about thousands of its online customers. [more]
Thursday, 22 April 2004, 10:08 AM CET


Military cadets play cybercops
U.S. Military Academy cadets participated in an exercise testing how well cadets could defend a military computer network from hackers. [more]
Wednesday, 21 April 2004, 10:02 AM CET


Worst security problem: attachments
Want to ruin a security manager’s day? Open an attachment—any unknown attachment will do. [more]
Wednesday, 21 April 2004, 9:51 AM CET


Five signs your enterprise needs distributed security
After years of merely reacting to new vulnerabilities, a centralized security model can no longer counter today's threats. [more]
Wednesday, 21 April 2004, 9:47 AM CET


Training will turn receptionists into security gurus
UK businesses think that their staff could be the weak link in the fight against cybercrime - and a new course has been launched to turn everyone from CEOs to receptionists into security whizzkids. [more]
Wednesday, 21 April 2004, 9:40 AM CET


Phishers using smarter hooks
Fraud attempts grow with Trojans, keystroke loggers and stolen screenshots. [more]
Wednesday, 21 April 2004, 9:06 AM CET


Onionlike polymer particles ideal for secure encryption
Clever geometry is the basis of a new material that is said to be ideal for secure data encryption and dense optical information storage. [more]
Wednesday, 21 April 2004, 9:05 AM CET


Exploit for Windows SSL flaw circulating
Exactly a week after Microsoft announced a SSL vulnerability affecting key Windows products, malicious hackers unveiled exploits that could lead to widespread denial-of-service attacks. [more]
Wednesday, 21 April 2004, 1:38 AM CET


The more basic the better, security report recommends
A coalition of public- and private-sector organizations today called on hardware and software vendors to pay more attention to basic security in products for the public. [more]
Wednesday, 21 April 2004, 1:37 AM CET


HNS learning session: session hijacking explained
This eleven minute audio shows you all the important characteristics of session hijacking and presents a number of practical examples of these attacks on online e-commerce sites. [more]
Wednesday, 21 April 2004, 1:22 AM CET


Review - STAT Scanner 5.27
A security scanner is one of the most important software tools in a network administrator's toolbox. Read the review and find out how this scanner can empower your arsenal. [more]
Wednesday, 21 April 2004, 1:16 AM CET


Linux: unfit for national security?
Days after an embedded-industry CEO stirred up a firestorm by charging that Linux poses a threat to U.S. security, two prominent computing-security experts said last week that some developers are already inappropriately using Linux in critical security applications where it isn't suitable. [more]
Tuesday, 20 April 2004, 3:04 AM CET


The Trojan that wasn't
Fear, uncertainty and doubt swirled through the Macintosh community last week as an antivirus software company said it had uncovered the first Trojan horse software to hit Mac OS X. [more]
Tuesday, 20 April 2004, 2:57 AM CET


The economics of information security
We asked Lawrence A. Gordon, a renowned economics professor, and Robert Richardson, editorial director at our sister organization Computer Security Institute and a former systems developer and WAN manager, to explore the subject of information security from an economics angle. [more]
Tuesday, 20 April 2004, 2:53 AM CET


Security threats increase demand for protection
With internet security attacks on the increase and events such as the BT cabling tunnel fire in Manchester, IT security and disaster recovery skills are in demand. There is now growing support for a British Standard on business continuity. [more]
Tuesday, 20 April 2004, 2:48 AM CET


Putting the 'enterprise' into wireless LANs
While a basic, single access point WLAN servicing a handful of clients is simplicity itself, expanding that network with a second access point causes an immediate spike in complexity. [more]
Tuesday, 20 April 2004, 12:25 AM CET


Solaris 10 security
This article discusses the many new security features in Sun's Solaris 10 operating system, as well as Sun's holistic approach to security. [more]
Tuesday, 20 April 2004, 12:20 AM CET


'Phishing' scams luring more users
The number of "phishing" e-mails circulating on the Web has increased from 279 to 215,643 over the past six months, according to e-mail security company MessageLabs. [more]
Tuesday, 20 April 2004, 12:17 AM CET


Next on FTC's hit list: spyware
After moving to curb spam with new legislation last year, federal regulators are poised to take on the newest scourge of the Internet: spyware. [more]
Tuesday, 20 April 2004, 12:15 AM CET


The silly privacy fears about Google's e-mail service
Gmail isn't an invasion of privacy, and its ads are preferable to the giant blinking banners for diets and dating services that are splashed across my other Web mail accounts. [more]
Tuesday, 20 April 2004, 12:14 AM CET


Microsoft picks up hackers' gauntlet
New security strategy aims to 'blunt impact of cybercriminals'. [more]
Tuesday, 20 April 2004, 12:12 AM CET


Wireless security tops U.S.-China trade talks
China's wireless-networking protocol — known as Wireless LAN Authentication and Privacy Infrastructure, or WAPI — has most grabbed the spotlight. The scheme is aimed at boosting security but is incompatible with the industry standard developed by the IEEE 802.11 working group. [more]
Monday, 19 April 2004, 5:00 PM CET


Creating a password system that works
The all-too-human penchant for using the same password everywhere drives computer security firms crazy. [more]
Monday, 19 April 2004, 4:17 PM CET


Everday hackers
If you think all "hackers" are computer criminals, think again: A new generation is reclaiming a creative, do-it-yourself approach to everything from home electronics to home improvements. [more]
Monday, 19 April 2004, 4:15 PM CET


Climbing firewalls
In the past, if you were looking for a mental image for the ubiquitous firewall you could have pictured it as that old western film stand-by, the circled wagon train. [more]
Monday, 19 April 2004, 4:08 PM CET


How secure is your handheld?
The No. 1 threat to the sensitive data stored on your handheld device or smart phone remains physically losing the device, but other threats are looming on the handheld horizon. [more]
Monday, 19 April 2004, 4:07 PM CET


Data security: expect the unexpected
With the proliferation of operating systems, applications and internet access points (both broadband and Wi-Fi), demand for data backup and storage has grown at an unbelievable rate. [more]
Monday, 19 April 2004, 4:04 PM CET


US shows way for security
New US proposals for minimum corporate security standards could foster similar measures in the UK. [more]
Monday, 19 April 2004, 4:00 PM CET


Sending IPv6 packets to check firewall rules
This article describes netwox toolbox which can be used to send IPv6 packets. [more]
Monday, 19 April 2004, 11:12 AM CET


Cyber security could be up to bosses
Chief executive officers of U.S. corporations and their boards of directors should assume direct responsibility for securing their computer networks from worms, viruses and other attacks, an industry task force working with the federal government said. [more]
Monday, 19 April 2004, 10:23 AM CET


EarthLink uncovers rampant spyware and trojans
Internet service provider EarthLink and Webroot Software released a report that said an average of almost 28 spyware programs are running on each computer. [more]
Monday, 19 April 2004, 8:46 AM CET


Company to license smart-card security tools
Now that it has received needed patents, Cryptography Research will embark on a more aggressive effort to license technology that can protect devices from differential power analysis, a type of decryption attack. [more]
Monday, 19 April 2004, 8:42 AM CET


How cooperation can beat viruses
Prevention truly is better than cure - and there are steps that can be taken to teach a new computing generation to protect themselves. [more]
Friday, 16 April 2004, 5:58 PM CET


U.K. spammers elude shutdown
Legislation passed last year to clamp down on U.K. companies that send unsolicited e-mail over the Internet is unlikely to result in any prosecutions until 2005. [more]
Friday, 16 April 2004, 5:57 PM CET


Pushing to wiretap 'push to talk'
U.S. cell phone service providers are willing to wiretap "push to talk" phone calls, but only one has the technological capability to do so, according to sources familiar with the situation. [more]
Friday, 16 April 2004, 5:22 PM CET


Watch out - there's an ID thief about
When someone says 'get a life', they don't generally mean 'take mine'. But that's exactly what happened to more than 100,000 people in the UK last year. [more]
Friday, 16 April 2004, 5:22 PM CET


Audio interview with Greg Hoglund and Gary McGraw, authors of "Exploiting Software: How to Break Code"
The authors voice their opinion on close source vs. open source security, the most ridiculous mistakes they've seen while analyzing code, provide some insight into their book and more. [more]
Thursday, 15 April 2004, 2:24 PM CET


No silver bullet for security
Phil Cracknell, chief technology officer at NetSurity, considers the need for continued corporate management investment in security. [more]
Thursday, 15 April 2004, 2:09 PM CET


Network vulnerabilities
Basic network security issues have changed very little over the past decade. [more]
Thursday, 15 April 2004, 2:02 PM CET


IT security has never been so necessary
IT security is very much in the spotlight at the moment. And, unlike some IT trends, there is no danger that it is merely enjoying its 15 minutes of fame. [more]
Thursday, 15 April 2004, 2:00 PM CET


HIPAA security: you can run, but you can't hide
This short course targets physicians who need to handle the looming HIPAA security deadlines. [more]
Thursday, 15 April 2004, 11:38 AM CET


The front on Internet terrorism
With attacks from spam, worms, malware, adware, and hackers, Internet security will become so tight that nothing will get through, not even the good data. [more]
Thursday, 15 April 2004, 11:34 AM CET


Feds to use 'federated' ID checks
Federal government officials will rely on other organizations to verify users' identities when they apply online for government loans or jobs. [more]
Thursday, 15 April 2004, 11:33 AM CET


9/11 'entrepreneur' on fraud rap
A Californian man who claimed to be developing post-9/11 face recognition system has been arrested by Feds probing allegations of fraud. [more]
Thursday, 15 April 2004, 11:01 AM CET


Auditors working on cyber-risk standard
Plans by an industry consortium to develop a checklist to assess cyber-threats could help IT directors justify security spending and help protect companies against hackers, according to IT directors and industry experts. [more]
Thursday, 15 April 2004, 10:52 AM CET


Basic web session impersonation
This article gives a basic introduction to common flaws in web applications that allow a malicious user to hijack a legitimate user's web session. Some practical countermeasures that reduce this threat are also discussed. [more]
Thursday, 15 April 2004, 10:50 AM CET


Stiff spam penalties urged
Spammers convicted under a recently enacted national antispam law could face stiff sentences under newly finalized government recommendations. [more]
Thursday, 15 April 2004, 10:43 AM CET


Security body supports biometrics
SIA uses fingerprint authentication to boost security. [more]
Wednesday, 14 April 2004, 7:32 PM CET


More to blame for virus epidemic
There is an interesting new dynamic to the recent malicious code outbreaks that have plagued corporations. [more]
Wednesday, 14 April 2004, 7:31 PM CET


Linux 2.6: compiling and installing
This article looks at the process of compiling and installing a new kernel safely, without overwriting the existing kernel. [more]
Wednesday, 14 April 2004, 1:49 PM CET


UK firms failing security challenge
Despite repeated warnings, many British businesses haven't come to grips with the security needed for wireless networks or remote access. [more]
Wednesday, 14 April 2004, 1:48 PM CET


Wi-Fi security still poor
Wireless network protection neglected by more than half of UK businesses. [more]
Wednesday, 14 April 2004, 1:24 PM CET


USDA to certify security
Officials at the Agriculture Department, with 29 agencies and more than 500 computer information systems, expects to spend as much as $60 million to certify and accredit those systems during the next five years. [more]
Wednesday, 14 April 2004, 1:22 PM CET


Microsoft warns of a score of security holes
Microsoft released on Tuesday fixes that cover at least 20 Windows flaws, several of which could make versions of the operating system vulnerable to new worms or viruses. [more]
Wednesday, 14 April 2004, 10:37 AM CET


Attackers infiltrating supercomputer networks
Unknown attackers have compromised a large number of Linux and Solaris machines in high-speed computing networks at Stanford University and other academic research facilities, according to a university advisory. [more]
Wednesday, 14 April 2004, 10:35 AM CET


User access system to improve IT security
Northumbrian Water is responding to demands from industry regulators to demonstrate best practice in IT security by rolling out software to control the access rights of 2,000 staff to the firm's Windows and Unix systems. [more]
Tuesday, 13 April 2004, 4:07 AM CET


Software warfare
The debate over security is an interesting one, as both the Linux community and Microsoft claim to have the more secure technology. [more]
Tuesday, 13 April 2004, 4:04 AM CET


Photo recognition software gives location
For a small fee, photo recognition software on a remote server works out precisely where you are, and sends back directions that will get you to your destination. [more]
Tuesday, 13 April 2004, 4:03 AM CET


Chat, copy, paste, prison
When a New Hampshire judge threw out chat-log evidence against an accused pedophile, he illustrated just how jumbled and confused Internet privacy law can be. [more]
Tuesday, 13 April 2004, 3:20 AM CET


Threats give security boost
Widespread fear of hacking, viruses and worms loosens company purse strings. [more]
Tuesday, 13 April 2004, 3:19 AM CET


Mail scanning with Exim and the Exiscan ACL
With all the spam and viruses circulating the Internet these days, any network admin worth his or her salt will have appropriate filters in place to prevent these irritants from getting to users and customers. [more]
Tuesday, 13 April 2004, 3:07 AM CET


Interview with Paul Zimski, Harris Corporation's STAT Computer Security Unit
Paul Zimski, CISSP, discusses government security, security scanning as well as online security problems. [more]
Tuesday, 13 April 2004, 2:46 AM CET


Securing wireless LANs with PEAP and passwords
This is the second security solution guide for WLANs from Microsoft. [more]
Tuesday, 13 April 2004, 1:47 AM CET


Security task force to CEOs: make improvement, or else
A computer industry task force working on cybersecurity with the Homeland Security Department urged top corporate management to initiate robust security measures now or face possible regulation on the issue later. [more]
Tuesday, 13 April 2004, 1:43 AM CET


Concern grows over browser security
Browser-based security threats are on the rise and may pose the next significant risk to information technology operations, according to a technology trade association. [more]
Tuesday, 13 April 2004, 1:40 AM CET


New Intel chips ensure better security
The next generation of Intel Corp. microprocessors for cell phones and handheld computers will, for the first time, include hard-wired security features that can enforce copy protection and help prevent hackers from wreaking havoc on wireless networks. [more]
Tuesday, 13 April 2004, 1:36 AM CET


Cybersecurity task force sparks debate
Rift develops over who decides standards. [more]
Monday, 12 April 2004, 11:24 AM CET


OS X Trojan horse is a nag
The first Trojan for Mac OS X is anything but, experts say, and Thursday's warning from antivirus company Intego was unnecessarily alarmist. [more]
Monday, 12 April 2004, 11:15 AM CET


Security focus or not, can an unrepentant Microsoft be trusted?
Microsoft is working hard to make good on the promises making security job #1, and with Windows XP Service Pack 2 just a few months away we're all looking forward to this very important first step. [more]
Monday, 12 April 2004, 11:09 AM CET


An antitrust antidote for software security
Lawmakers have focused much attention on information security issues during the past year amid a spike in identity theft, viruses and other online criminal activity. The White House approved a national cybersecurity plan more than a year ago but it contains no requirements for businesses to improve their electronic security practices. [more]
Monday, 12 April 2004, 11:07 AM CET


Improving web application security
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. [more]
Friday, 9 April 2004, 5:23 AM CET


DB2 Web Service Provider security
This article explains how to enable security for a DB2 Web Service Provider application, which includes enabling authentication, setting authorization and making sure that messages are encrypted. [more]
Friday, 9 April 2004, 5:10 AM CET


Expert releases Cisco wireless hacking tool
Tool compromises Cisco's authentication protocol. [more]
Friday, 9 April 2004, 5:01 AM CET


Plug-in flaw leaves RealPlayer users open to attack
RealNetworks has issued a patch for a security flaw in one of its plug-ins that could let an attacker gain control of computers running any of several versions of the company's popular media player software. [more]
Friday, 9 April 2004, 5:00 AM CET


Security tool more harmful than helpful?
The common wisdom in the security world is that easy-to-use scripts to circumvent security--called "exploits"--are a threat to the Internet. [more]
Friday, 9 April 2004, 4:57 AM CET


Security issues move Linksys routers off the short list
Linksys is apparently having some engineering difficulties that are leaving its customers exposed to potential security problems. [more]
Friday, 9 April 2004, 4:55 AM CET


Humans to blame for security breaches
84 per cent of breaches caused by human error, survey finds. [more]
Friday, 9 April 2004, 4:53 AM CET


Experts talk up text security
Mobile phone users concerned that David Beckham's much publicised troubles mean their text messages are not safe from prying eyes can stop worrying, say experts. [more]
Friday, 9 April 2004, 4:47 AM CET


Hunting down virus writers
"The biggest sin Microsoft has ever done is simply that they've become too popular, making them target number one," F-Secure director of antivirus research Mikko Hypponen told the E-Commerce Times. [more]
Thursday, 8 April 2004, 5:33 PM CET


Is there a rootkit hunter in your arsenal?
Michael Boelen was motivated to create the rootkit hunter one day after he and a friend accidentally scanned a machine with a brand new installation of FreeBSD 5.0. The machine had no Internet connection, and yet the tool they used, chkrootkit, reported "backdoored" binaries. [more]
Thursday, 8 April 2004, 3:24 PM CET


The issue of compliance - it’s here and it’s expanding!
By now, most high-tech conferences have devoted at least one 30-minute session to the topic of Sarbanes-Oxley (aka "Sarbox"). Complexity of language aside, Sarbox has wide-ranging implications that span the breadth of the high-tech industry. It has become increasingly important to know which portions of the law apply to your organization, and to the organizations that you do business with. [more]
Thursday, 8 April 2004, 2:08 PM CET


KaZaA and eDonkey brace for NetSky-Q onslaught
Zombie PCs infected with the NetSky-Q worm are set to launch distributed denial of service attacks against P2P and warez sites tonight. [more]
Thursday, 8 April 2004, 2:07 PM CET


Oasis advances web services security
Big step forward for connected apps. [more]
Thursday, 8 April 2004, 1:58 PM CET


Hacking Windows Server
Here are three hacks from the Windows Server Hacks book by Mitch Tulloch. [more]
Thursday, 8 April 2004, 1:46 AM CET


Witty extinction
The Witty worm set a dangerous precedent on the Internet because it introduced a number of evil new "firsts" in the ever-changing world of modern worms and viruses. [more]
Thursday, 8 April 2004, 1:43 AM CET


Microsoft on its security response
MCP Magazine asked Stephen Toulouse, security program manager, Microsoft Security Response Center, about the flaw and resulting controversy about the time delay. [more]
Thursday, 8 April 2004, 1:39 AM CET


Gmail takes heat for privacy fears
"What we are getting from Google is that they are just not listening. They are just defending. We were really surprised that Google did not appear to be receptive whatsoever to the privacy community concerns. What they've been saying is, 'Just get used to it -- it won't hurt long.'" [more]
Thursday, 8 April 2004, 1:35 AM CET


Microsoft takes security class on the road
Microsoft's on a mission to get technology pros to think harder about security. [more]
Thursday, 8 April 2004, 1:32 AM CET


Experts offer Unix virus warnings
Killer worms continue to steal Internet bandwidth and clog Mac user's email boxes, and the problem seems set to intensify. Meanwhile, virus writers are "showing increased interest in Unix," experts told Macworld. [more]
Thursday, 8 April 2004, 1:31 AM CET


Better living through mod security
ModSecurity is an open source intrusion detection and prevention engine for web applications. [more]
Wednesday, 7 April 2004, 12:02 PM CET


A mysterious solution to your security?
When is a new computer technology like a riddle wrapped in a mystery inside an enigma? [more]
Wednesday, 7 April 2004, 11:58 AM CET


Security scare for business laptops
Business travellers are unwittingly making company secrets available to rivals by ignoring the risks of local wireless networks, known as wi-fi hotspots, security experts warn. [more]
Wednesday, 7 April 2004, 11:31 AM CET


Joint statement about GNU/Linux security
GNU/Linux vendors Debian, Mandrake, Red Hat, and SUSE have joined together to give a common statement about the Forrester report entitled "Is Linux more Secure than Windows?". [more]
Wednesday, 7 April 2004, 11:13 AM CET


The Joe Job DoS attack
A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch "mail bomb" denial of service attacks. [more]
Wednesday, 7 April 2004, 11:11 AM CET


I fought the scammer... and I won
the following is a report on a successful attempt to stop and catch a 419 scammer. [more]
Wednesday, 7 April 2004, 11:03 AM CET


Disaster and disaster recovery
As a veteran of Operating System experimentation, I can personally vouch that I have flubbed things up more often than I have gotten it right on the first time. [more]
Wednesday, 7 April 2004, 10:58 AM CET


Outlawing spyware?
Utah regulates surveillance software while several states and Congress also consider restrictions. [more]
Wednesday, 7 April 2004, 10:55 AM CET


Firm invites experts to punch holes in ballot software
VoteHere, a maker of security software for voting machines, published the source code for its product online in hopes of garnering additional analysis of its method for verifying the integrity of electronic votes. [more]
Wednesday, 7 April 2004, 10:53 AM CET


Start-up takes a crack at blocking hackers
A Silicon Valley start-up launched on Tuesday with the goal of helping software companies shut out hackers. [more]
Wednesday, 7 April 2004, 10:45 AM CET


Arrests key win for NSA hackers
A computer hacker who allowed himself to be publicly identified only as ''Mudhen'' once boasted at a Las Vegas conference that he could disable a Chinese satellite with nothing but his laptop computer and a cellphone. [more]
Tuesday, 6 April 2004, 4:16 PM CET


Top ten tips to make attackers’ lives hell
This article is a breakdown of top ten tips for all network administrators, to protect your networks from opportunistic threats and make it hard for the more determined attackers to get anywhere fast. [more]
Tuesday, 6 April 2004, 3:48 PM CET


Introduction to enterprise Linux
What is Enterprise Linux? Who has it? What does it cost? Are there any viable free alternatives? These are all questions that this article will address and try to answer. [more]
Tuesday, 6 April 2004, 3:38 PM CET


Canning spam
Unfortunately most of us are seeing more and more of it each day, despite the growing use of anti-spam measures at the desktop, server and ISP levels. [more]
Tuesday, 6 April 2004, 2:46 PM CET


Running BIND9 in a chroot cage using NetBSD 1.6.2
This document does not explain anything more than successfully running BIND9 in a chroot cage under NetBSD. [more]
Tuesday, 6 April 2004, 2:28 PM CET


The Internet surveillance cash cow
A few large companies and entrepreneurs stand to profit from the FBI's bid for a wiretap-friendly Internet. [more]
Tuesday, 6 April 2004, 2:27 PM CET


Possio's PX30 hackable wireless router
The Possio PX30 is a hackable Linux-based wireless router featuring WLAN, Bluetooth, OSGi (Open Services Gateway Initiative), and Java support. [more]
Tuesday, 6 April 2004, 1:54 PM CET


Students compromised by Internet intrusions
Colleges across the country, through computer security failure and human error, have exposed confidential information about hundreds of thousands of students and employees over the Internet. [more]
Tuesday, 6 April 2004, 1:53 PM CET


Revenues match rise in security threats
Vendors profit from growth in antivirus and network security spending. [more]
Tuesday, 6 April 2004, 1:50 PM CET


MSBlast not to blame for blackout, report says
A U.S. and Canadian task force investigating the August 2003 blackout that cut power to an estimated 50 million North Americans published its final report Monday, finding that institutional, human and computer failures--not the MSBlast worm--led to the outage. [more]
Tuesday, 6 April 2004, 1:41 PM CET


Large enterprise application security
Large enterprises use a different class of software than small companies. This software and the environment it is purchased in is subject to particular constraints that often require a different strategy. This paper presents the problems with concrete and current examples and suggests some solutions. [more]
Monday, 5 April 2004, 5:35 PM CET


Malicious hackers - the sophisticated adversary
Malicious hackers are known for staying one step ahead of the good guys; lately, it's more like a half-a-mile. [more]
Monday, 5 April 2004, 3:37 PM CET


Windows Server 2003 security questioned
A technology analyst is disputing Microsoft's claims that Windows Server 2003 is more secure than its predecessors. [more]
Monday, 5 April 2004, 3:23 PM CET


The future of phishing
This article examines how attackers are likely to respond to the current move towards 2-factor authentication as a defence against phishing scams, and describes an alternative approach, available today, that provides a longer-term solution. [more]
Monday, 5 April 2004, 2:38 PM CET


HNS Newsletter issue 207 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. Sponsored by SPI Dynamics. [more]
Monday, 5 April 2004, 2:37 PM CET


Forrester questions Linux security
A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. [more]
Monday, 5 April 2004, 1:34 PM CET


Bookies race to beat net attacks
The Grand National may be popular with the British public but, so far, it is not a favourite with online criminals. [more]
Monday, 5 April 2004, 1:14 PM CET


Chrooting daemons and system processes
You've probably encounted a chroot jail before, if you've ever ftped into a public system. [more]
Monday, 5 April 2004, 1:13 PM CET


Watchdogs push for RFID laws
Companies push to keep RFID tags active once they are out of the store, but critics say that won't play well with privacy advocates and foreign markets. [more]
Monday, 5 April 2004, 1:12 PM CET


US experts outline security initiative
National Cyber Security Partnership advocates putting security at the heart of software development. [more]
Monday, 5 April 2004, 1:08 PM CET


9-11 Commission keeps network secure
Tech managers with the commission have set up a VPN. [more]
Monday, 5 April 2004, 1:07 PM CET


Why I'm not sending you viruses
E-mail spoofing is common these days--so much so that innocent people are getting blamed for spreading the latest wave of viruses. Here's what you need to know about spoofing. [more]
Monday, 5 April 2004, 11:29 AM CET


The economics of information security
Security measures are costly -- so is picking up the pieces after a security breach. Consequently, more economists are turning their attentions to the study of cybercrime. If you're an InfoSec manager, you can benefit from their research. [more]
Monday, 5 April 2004, 11:27 AM CET


IP spoofing - understanding the basics
Get a grip on the basics of IP spoofing with this comprehensive article. [more]
Friday, 2 April 2004, 11:21 AM CET


Programmers told to put security over creativity
Certification for programmers, better education and even new laws are needed to improve software security, stated a report published Thursday by a coalition of corporate security experts, academic researchers and government agencies. [more]
Friday, 2 April 2004, 3:46 AM CET


Howto setup SSH keys between machines
SSH keys can provide a relief to system administrators. Are you tired of typing in strong passwords over and over again to connect machines you admin? [more]
Friday, 2 April 2004, 3:42 AM CET


Wiping old hard disks clean
Swapping out disks or complete systems is common, but I wonder whether you wipe clean your old disks before sending them off for recycling or resale. If you do wipe the disks, are you sure that data can't be recovered from them? [more]
Friday, 2 April 2004, 3:32 AM CET


Bug hunters go open source
A project to catalogue and describe security vulnerabilities, derived from the ideals of the open source movement, opened to the public on March 31st. [more]
Friday, 2 April 2004, 3:09 AM CET


Host integrity monitoring: best practices for deployment
The purpose of this article is to highlight the important steps and concepts involved in deploying a host integrity monitoring system. These applications can be very helpful with detecting unauthorized change, conducting damage assessment, and preventing future attacks. [more]
Friday, 2 April 2004, 3:08 AM CET


More police needed to tackle e-crime
Improved enforcement of existing laws – rather than more regulations – should be a government priority in the fight against crime on the Net. [more]
Friday, 2 April 2004, 2:58 AM CET


Who's more secure than whom?
Many thanks to my colleague Steven J. Vaughan-Nichols, editor of our Linux & Open Source Center, for referring a recent Forrester Research report to my attention. [more]
Friday, 2 April 2004, 2:57 AM CET


Study: virus attacks up but infections hold steady
Last year more - and more dangerous - viruses raced across the Internet than ever, according to a new study. [more]
Friday, 2 April 2004, 2:53 AM CET


Using the PuTTY SSH client on Nokia Series 60 phones
Here's a demonstration on how the new version of PuTTY works on a Nokia 6600, complete with photos. [more]
Thursday, 1 April 2004, 7:45 PM CET


Securing systems with the Solaris Security Toolkit
This book is part of an on-going series of books known as the Sun Blueprints Program. What this publication wants to provide are best practices for securing the Solaris Operating Environment by using the Solaris Security Toolking software. [more]
Thursday, 1 April 2004, 2:07 PM CET


Competing authors pump up virus statistics
Although NetSky was the more prolific worm last month, Bagle variants were not far behind, according to Sophos. [more]
Thursday, 1 April 2004, 1:03 PM CET


Cool tools for remote administration
Let's have a look at a couple of cool remote administration tools that are both useful and easy to use. [more]
Thursday, 1 April 2004, 1:02 PM CET


Passport safety, privacy face off
An international aviation group is completing new passport standards this week, setting the groundwork for all passports issued worldwide to include digitized photographs that a computer can read remotely and compare to the face of the traveler or to a database of mug shots. [more]
Thursday, 1 April 2004, 12:37 PM CET


Red Hat brings SE Linux to Fedora
Red Hat Inc. took the first step this week toward the inclusion of Security Enhanced Linux in its enterprise offerings when it released Fedora Core 2, test2. [more]
Thursday, 1 April 2004, 12:35 PM CET


Govt intervention needed for software security
In a surprise shift, leading software companies acknowledged in a report to the Bush administration that the government might need to force the US technology industry to improve the security of US computer networks. [more]
Thursday, 1 April 2004, 12:30 PM CET


Gates updates customers on Microsoft security push
Once again, Microsoft's chief software architect is beating the drum on security. [more]
Thursday, 1 April 2004, 12:29 PM CET


Firewall failover with pfsync and CARP
Once again, Microsoft's chief software architect is beating the drum on security. [more]
Thursday, 1 April 2004, 12:24 PM CET


Basic Slackware security
This article is meant to be a crash course in Slackware security. It will detail some basic steps that should be taken before you consider Slackware to be fully installed. [more]
Thursday, 1 April 2004, 12:21 PM CET


So much for secure storage
With information security figuring so prominently in the headlines, you might assume that people in their right mind wouldn't still ignore security. But examine the latest goings-on in the storage industry and you'll trip across a very different reality. [more]
Thursday, 1 April 2004, 12:19 PM CET


Security: the threats that lie within organisations
When people talk about security, they more often than not consider the greatest threats to be those coming from the outside. [more]
Thursday, 1 April 2004, 12:18 PM CET


Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //