Off the Wire

Off The Wire Archive

News items for April 2005

Critical flaw reported in Netscape
Security firm says users should switch to another browser. [more]
Thursday, 28 April 2005, 12:17 PM CET


How to handle bad news
You install a new system that gets DoS'ed the next day. What do you do? [more]
Thursday, 28 April 2005, 12:15 PM CET


Evidence of new forensic tool
Researchers at the Queensland University of Technology have devised the digital equivalent of fingerprinting, providing investigators with a new tool to narrow the search for evidence of crime. [more]
Thursday, 28 April 2005, 12:10 PM CET


Enabling TCP wrappers in Solaris 10
TCP Wrappers has been around for many, many years. It is used to restrict access to TCP services based on host name, IP address, network address, and so on. [more]
Thursday, 28 April 2005, 12:10 PM CET


Cleanliness next to rootliness
Linspire's arguments to only run a desktop system as root has everything to do with privilege seperation, privilege escalation, and some design choices made along the way. [more]
Thursday, 28 April 2005, 12:08 PM CET


Security product outbreak hits InfoSec Europe
Vendors show off their new wares at security show. [more]
Thursday, 28 April 2005, 12:06 PM CET


Detecting suspicious network traffic with psad
Have you ever wondered how many people are scanning your server looking for weaknesses? [more]
Thursday, 28 April 2005, 12:01 PM CET


Extending enterprise LANs beyond the firewall
From end users requiring new services, persistent need for increases in bandwidth, shrinking IT budgets, and now new regulatory requirements governing the way critical data is stored and maintained, the challenges facing enterprises are myriad. [more]
Thursday, 28 April 2005, 12:00 PM CET


64-bit Windows wide open to viruses
Norton or McAfee software will not work with XP Pro x64 Edition. [more]
Thursday, 28 April 2005, 11:58 AM CET


Bastille Linux: hardening the OS with help from Uncle Sam
Project leader Jay Beale took some time to tell NewsForge readers what's been going on recently with Bastille. [more]
Thursday, 28 April 2005, 11:57 AM CET


Banks weigh up biometrics
Extra authentication could be needed for high-value financial transactions. [more]
Thursday, 28 April 2005, 11:54 AM CET


Microsoft reveals hardware security plans
Can trusted computing hardware deliver security without locking out competition, asks SecurityFocus's Robert Lemos. [more]
Wednesday, 27 April 2005, 3:08 PM CET


Sony Ericsson hacker appeals imprisonment
Csaba Richter hacked into computer systems, admitted to stealing documents. [more]
Wednesday, 27 April 2005, 3:08 PM CET


Web services promise new security headaches
Perimeter security no longer enough. [more]
Wednesday, 27 April 2005, 3:07 PM CET


Specialist gets eight months for hacking
Jerome T. Heckenkamp also admitted he broke into San Diego-based Qualcomm Inc.'s computers in late 1999 and installed more so-called "Trojan" programs. At the time, he was a student at the University of Wisconsin at Madison. [more]
Wednesday, 27 April 2005, 3:06 PM CET


New virus count nearly triples
The number of new viruses has almost tripled in the last six months, an anti-virus vendor said Tuesday, the spike fed by hackers releasing scads of variants to overwhelm defenses. [more]
Wednesday, 27 April 2005, 3:02 PM CET


Hackers plot more phishing, mobile viruses
Mass-mailer viruses like Bagle, Netsky and MyDoom are so passe. [more]
Wednesday, 27 April 2005, 3:01 PM CET


Failing UK cyber defences need overhaul
The UK's National Infrastructure Security Co-ordination Centre (NISCC) needs more powers to enforce security best practices in order to safeguard the nation's critical systems against cyber-attack, according to a former chairman of the Metropolitan Police Authority. [more]
Wednesday, 27 April 2005, 2:56 PM CET


IT security perimeters 'limiting growth'
Companies losing out by hiding behind firewalls. [more]
Wednesday, 27 April 2005, 2:55 PM CET


Security for the paranoid
Something strange happened to me recently: a friend told me I was too paranoid when it comes to security. [more]
Wednesday, 27 April 2005, 2:55 PM CET


Infosecurity Europe 2005 - first Issue of (IN)SECURE Magazine available for download
During the second day of Infosecurity Europe 2005 Conference, HNS announced the first issue of (IN)SECURE Magazine, a freely available, freely distributable digital security magazine in PDF format. Get your copy today! [more]
Wednesday, 27 April 2005, 2:50 PM CET


Infosecurity Europe 2005 - showcase video
Take a walk through the Infosecurity Europe 2005 conference in London. The video is 2:58 minutes in length, available for download in Windows Media 9 256K (5.5 MB) and 64K (1.3 MB). [more]
Wednesday, 27 April 2005, 2:33 PM CET


Infosecurity Europe 2005 - ZyXEL launches the first stand-alone single user firewall
The ZyWALL is designed to enable remote workers to connect to any corporate VPN securely, without the need for VPN client software. [more]
Tuesday, 26 April 2005, 5:58 PM CET


The Ten Commandments of system administration, part 1
In this series, I'll present what I feel are the 10 most important steps a systems administrator can take to ensure that when that dreaded 3 a.m. page hits, you're prepared to react quickly, assess the situation, and make everything right again. [more]
Tuesday, 26 April 2005, 3:26 PM CET


Infosecurity showgoers place law above technology
Information security is legislative and law enforcement problem, not just a technology issue. [more]
Tuesday, 26 April 2005, 3:24 PM CET


Computer scientist sentenced to eight months for hacking
A former Los Alamos National Laboratory computer specialist was sentenced to eight months in prison Monday for hacking into and damaging the computers of several high-tech companies, including online auction giant eBay. [more]
Tuesday, 26 April 2005, 3:22 PM CET


Most computer hacking an 'inside job'
The vast majority of computer hacking is done by current and former employees, according to the Metropolitan Police. [more]
Tuesday, 26 April 2005, 3:21 PM CET


Ten tips to prevent identity theft
How much information does someone really need to know in order to impersonate you to a 3rd-party? Your name? Birth date? Address? [more]
Tuesday, 26 April 2005, 12:33 PM CET


Feds rethinking RFID passport
In the wake of privacy concerns about the government's new RFID passports, the State Department is reconsidering a plan it previously rejected. The plan would offer privacy protection, including encryption. [more]
Tuesday, 26 April 2005, 12:19 PM CET


Online crime spirals out of control
New threats demand new practices, warns security expert. [more]
Tuesday, 26 April 2005, 12:18 PM CET


Encryption: the key to secure data?
Is there such a thing as totally secure encryption? And which technologies are commercially viable? [more]
Tuesday, 26 April 2005, 11:32 AM CET


How does security fit with engineering?
Integrating security into software development is an interesting challenge. [more]
Tuesday, 26 April 2005, 11:30 AM CET


Firewall request gets third degree
Our security manager must conduct due diligence before allowing a partner company to transfer data. [more]
Tuesday, 26 April 2005, 11:29 AM CET


Hushmail hit by DNS attack
Surfers trying to visit the web site of popular secure email service Hushmail were redirected to a false site early Sunday following a hacking attack. [more]
Tuesday, 26 April 2005, 11:26 AM CET


Will new Longhorn security work?
Microsoft's finally coming forward with more detail on how it plans to fortify the latest version of its bread-and-butter operating system, so that all those nasty viruses, worms, and whatever can't get in and eat the bread and butter. [more]
Tuesday, 26 April 2005, 11:24 AM CET


E-mail worms squashed but new threats emerging
Businesses' IT systems have been less prone to internet e-mail worms this year, according to a quarterly report from security software company Kaspersky Labs. [more]
Tuesday, 26 April 2005, 11:22 AM CET


Government regulation driving ID management
But fewer than one in 10 IT directors can define an identity management system. [more]
Tuesday, 26 April 2005, 11:20 AM CET


Security roulette
On any given day, CSOs come to work facing a multitude of security risks. [more]
Monday, 25 April 2005, 9:15 AM CET


Hotspot hacking and how to fight it
Use of public wireless hotspots is increasing, giving mobile workers and others access to essential data. The bad news: Security threats against hotspot users also are increasing. [more]
Monday, 25 April 2005, 9:03 AM CET


Wireless security starts at the endpoint
The new wireless security paradigm starts at the endpoint, combining inspection and remediation tools with network-based dynamic access controls to let colleagues take full advantage of wireless network ease and convenience, while keeping competitors and other digital vermin out. [more]
Monday, 25 April 2005, 5:36 AM CET


Carnegie Mellon business school reports data breach
It notified 19,000 students, faculty, alumni and staff of the incident. [more]
Friday, 22 April 2005, 3:14 PM CET


House panel elevates cybersecurity position
A bill that would create a high-level cybersecurity official in the U.S. Department of Homeland Security (DHS) was approved yesterday by a House of Representatives subcommittee. [more]
Friday, 22 April 2005, 3:13 PM CET


Canvassing all security cracks
If Dave Aitel finds using assembly language second nature today, he has a grandparent to thank for it. [more]
Friday, 22 April 2005, 3:11 PM CET


Army of zombies invades China
CipherTrust reports 20 percent of new zombies are in China. [more]
Friday, 22 April 2005, 3:08 PM CET


Experts urge wireless security integration
Technology managers must defend wired network against new threats from the wireless world. [more]
Friday, 22 April 2005, 2:49 PM CET


Privacy watchdog warns job seekers to beware
Would-be workers need to be more cautious with resume services and posting their personal information online. Online fraudsters and scammers are waiting. [more]
Friday, 22 April 2005, 2:48 PM CET


'Researchware' watches where you click
Is it spyware? Company says no; critics aren't so sure. [more]
Friday, 22 April 2005, 2:47 PM CET


The facts and fiction around Windows security
With spyware, worms, and viruses continuing to grow in number, questions have arisen whether Microsoft has been doing enough to protect their users from these threats. [more]
Friday, 22 April 2005, 2:41 PM CET


What price security?
How do you measure ROI for security? This article looks at new ways that businesses are making the ROI case for this critical investment. [more]
Friday, 22 April 2005, 2:40 PM CET


Apple mythology and desktop security
If security concerns are your most important driver for desktop change, and Microsoft Office compatibility is your most significant barrier, then switching to Macs actually offers you the best of all possible worlds: Microsoft Office on Unix/Risc with a better GUI, longer product life, some cash savings and a performance bonus thrown in. [more]
Friday, 22 April 2005, 2:35 PM CET


Who can you trust?
Companies have traditionally adopted a fortress mentality with network perimeter security to protect corporate applications and assets. But things are changing, driven by increasing threats from inside the LAN and more company laptops and mobile devices moving in and out of the network. This means that IT managers must now treat every connection on the internal network as ‘dirty’. In effect, there is no longer a trusted enterprise. [more]
Thursday, 21 April 2005, 4:13 PM CET


Sober worm back with trickier message
The worm is spreading in Europe; by this morning there had been 88,000 reports of infections in England alone. If the attachment is opened, it will scan files on the infected computer looking for e-mail addresses and then report them back to the worm's author. [more]
Thursday, 21 April 2005, 1:48 PM CET


IPTV security: content is king
IPTV content streams - like other IP services, such as VOIP - are subject to spoofing, spamming, content theft, and other types of hacks. [more]
Thursday, 21 April 2005, 1:45 PM CET


Cyber attack early warning center begins pilot project
A fledgling nonprofit group is working to develop an automated cyber-attack early warning system. [more]
Thursday, 21 April 2005, 1:43 PM CET


EU task force to study IT critical infrastructure
One issue is a reluctance to share information. [more]
Thursday, 21 April 2005, 1:42 PM CET


AOL develops anti-phishing plan
When AOL decides to block a site, a member who tries to access the page will instead receive a notice explaining why the page has been blocked. Part of the difficulty with phishing is the ease with which legitimate sites can be mimicked. [more]
Thursday, 21 April 2005, 1:41 PM CET


Ameritrade warns clients about potential data breach
A computer backup tape containing account information of more than 200,000 Ameritrade clients was apparently lost or accidentally destroyed while being shipped, prompting the online investment brokerage to notify the clients of a potential breach. [more]
Thursday, 21 April 2005, 1:38 PM CET


WiPhishing hack risk warning
You've heard of war driving and phishing but now there's yet another reason to wear a tin-foil hat every time you surf the net. [more]
Thursday, 21 April 2005, 1:33 PM CET


Securing Linux, Part 3: hardening the system
How several configurations can keep your system safe from attack. [more]
Thursday, 21 April 2005, 1:31 PM CET


Password protect your webserver pages
Beginner's guide to .htaccess and protecting web pages. [more]
Thursday, 21 April 2005, 1:26 PM CET


Five Linux security myths you can live without
Before I wrote this article, I went to some Linux newsgroups to find out what typical concerns among security-conscious Linux users might be. I asked, simply, what they felt were the biggest myths surrounding Linux security. [more]
Thursday, 21 April 2005, 1:23 PM CET


Attackers learn to 'Think Different'
Attackers are learning to "think different," so to speak, and now might be targeting Macintosh computers. [more]
Thursday, 21 April 2005, 12:05 PM CET


Smartphone viruses: 52 and counting
Virus writers have not been deterred by their failed attempts at widely infiltrating smartphone platforms because they have their eye on a bigger prize: developing the capabilities to infect standard cell phones. [more]
Thursday, 21 April 2005, 12:00 PM CET


State websites' security shaky?
Reacting to revelations that the state motor vehicle website is vulnerable to attackers, legislators worried Wednesday that more government online sites might be vulnerable to penetration, and their fears were not allayed by the state official who uncovered the weakness. [more]
Thursday, 21 April 2005, 11:57 AM CET


Fact, fiction, and Firefox security
For a piece of software, familiarity breeds more than just contempt--and open-source code is no magic shield. [more]
Thursday, 21 April 2005, 11:56 AM CET


E-commerce sites forced to adopt security standards
Credit card industry introduces rules to tackle theft of customer data. [more]
Thursday, 21 April 2005, 11:54 AM CET


Police fail to cope with e-crime
Firms expected to improve their own security. [more]
Wednesday, 20 April 2005, 3:43 PM CET


Symantec readies anti-spyware products
Symantec this month is scheduled to make spyware protection available as part of its anti-virus software products, joining anti-virus competitors McAfee, Trend Micro and Computer Associates in looking to help users eradicate the problem. [more]
Wednesday, 20 April 2005, 12:44 PM CET


Helpful users face virus danger
The first UK fruit of an alliance of three major international IT security organisations formed earlier this year will be a "security day" in London on 10 May. [more]
Wednesday, 20 April 2005, 12:42 PM CET


A taxonomy of privacy
Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from "an embarrassment of meanings." [more]
Wednesday, 20 April 2005, 11:04 AM CET


New Sober variant tricks users in German
A new Sober mass mailer worm is slithering its way around the 'Net and tricking users into opening attachments with clever messages in both English and German, anti-virus companies warned Tuesday. [more]
Wednesday, 20 April 2005, 10:54 AM CET


Virus writers turn from worms
Easier pickings elsewhere. [more]
Wednesday, 20 April 2005, 10:53 AM CET


Performance monitoring and tuning
In this article, learn how performance-monitoring technology initially developed for mainframes can help you improve your own code's performance. [more]
Wednesday, 20 April 2005, 10:50 AM CET


Where's the Firefox security button?
Anyone who has spent more than a minute or two administering a Microsoft Windows PC knows about Internet Options. [more]
Wednesday, 20 April 2005, 10:49 AM CET


Telephony convergence poses security risks
Integration of new and legacy communications technologies demands safeguards. [more]
Wednesday, 20 April 2005, 10:41 AM CET


Security concerns for migrations to Windows Active Directory
Most organizations are either at Windows Active Directory or they are contemplating that move now. [more]
Tuesday, 19 April 2005, 5:12 PM CET


2005: the year of internal security
Internal security attacks can happen either maliciously or inadvertently. But regardless of what prompts an internal security breach, one thing is for certain: The impact of internal security issues causes negative results on an organization from both a technical and business perspective. [more]
Tuesday, 19 April 2005, 3:24 PM CET


Security in new Opera browser fights phishing
Opera 8 gains features for tighter security, ability to surf the Web with voice commands. [more]
Tuesday, 19 April 2005, 3:18 PM CET


Virus writers turn from worms
Easier pickings elsewhere. [more]
Tuesday, 19 April 2005, 3:16 PM CET


Teenagers struggle with privacy, security issues
High-schools students have a message for their parents: Trust us with technology. Security and privacy? We have it covered. [more]
Tuesday, 19 April 2005, 12:02 PM CET


Check your DNS records with dig
Here's how to check your DNS records with a tool called dig. [more]
Tuesday, 19 April 2005, 11:55 AM CET


Malware evolution: January - March 2005
Kaspersky Lab presents its quarterly report on malware evolution by Alexander Gostev, Senior Virus Analyst. [more]
Tuesday, 19 April 2005, 11:48 AM CET


Attention shifts to spam containment
There's a new strategy in the spam battle: Call it containment. [more]
Tuesday, 19 April 2005, 11:46 AM CET


Microsoft security initiative bears fruit?
Microsoft's vice-president of Trusted Computing talks goals and progress. [more]
Tuesday, 19 April 2005, 11:46 AM CET


Macromedia delivers secure Flash video
On the same day that Adobe revealed it was purchasing Macromedia for $3.4 billion, Macromedia unveiled secure Flash delivery at The National Association of Broadcasters (NAB) show in Las Vegas. [more]
Tuesday, 19 April 2005, 11:45 AM CET


Consumers make it easy for e-commerce hackers
Users still the weakest link. [more]
Monday, 18 April 2005, 3:33 PM CET


U.S. military's elite hacker crew
The armed forces assembles a clandestine cadre of hackers capable of launching cyberwar against enemy networks. [more]
Monday, 18 April 2005, 12:00 PM CET


How vulnerable is the 'Net?
13 DNS root servers resolve Internet naming and addressing. If they were knocked out, Internet sites would become inaccessible. [more]
Monday, 18 April 2005, 11:28 AM CET


The art of computer virus research and defense
If you want to know what viruses really are, how they attack, how they are activated, and much more, this is the book to consider. This book promises to be a comprehensive guide to virus threats and defense techniques and it's written by an antivirus expert from Symantec. Does it deliver? Read on and find out. [more]
Monday, 18 April 2005, 11:18 AM CET


Identity thieves spying on your WiFi?
If you don't protect your wireless computer network from hackers, you could discover neighbors or strangers snooping around your personal computer files—like I did. [more]
Monday, 18 April 2005, 10:14 AM CET


Vendors call for more gov't cybersecurity focus
Members of the Cyber Security Industry Alliance (CSIA), meeting in Washington, D.C., Thursday, repeated their call for Congress to create an assistant secretary for cybersecurity position at the U.S. Department of Homeland Security (DHS). [more]
Monday, 18 April 2005, 10:12 AM CET


Blocking adverts and malware
While browsing the Internet the quality of the service you receive may be degraded by various factors such as adverts & malware most of these undesirable elements are simply annoying, and to dial-up users in particular are costly, but some may be serious security threats. [more]
Monday, 18 April 2005, 10:08 AM CET


Introduction to traceroute
How can you possibly follow the path a packet takes to get from your computer to another one in the maze of networks that make up the Internet? [more]
Monday, 18 April 2005, 10:05 AM CET


Configuring an untrusted wireless DMZ on the ISA firewall - part 2
Now you’re ready to install the ISA firewall software... [more]
Monday, 18 April 2005, 9:59 AM CET


Reuters shuts down system to fight Kelvir IM worm
Reuters Group was able to bring its instant messaging (IM) system back online early on Friday morning, after an outbreak of the Kelvir worm led the company to shut down the system for most of Thursday. [more]
Monday, 18 April 2005, 9:55 AM CET


Mitigating identity theft
Identity theft is the new crime of the information age. A criminal collects enough personal data on someone to impersonate a victim to banks, credit card companies, and other financial institutions. [more]
Monday, 18 April 2005, 9:51 AM CET


How to build a secure wireless solution
Wireless networking is rapidly becoming a victim of its own success. [more]
Monday, 18 April 2005, 9:46 AM CET


Unisys predicts security pitfalls for 2005
This year is no different and Unisys' security consultants have revealed what they predict will be the top challenges in 2005. [more]
Monday, 18 April 2005, 9:44 AM CET


Pre interaction debugger code execution
This paper will demonstrate methods that may be used by malware to execute code, simply by being loaded into a debugging session. This code execution occurs before the debugger passes control back to the user and therefore cannot be prevented. [more]
Friday, 15 April 2005, 11:28 AM CET


Privacy groups assail future passport technology
Will the wireless chip in next-generation passports act as a beacon identifying Americans to terrorists or are privacy fears overblown? [more]
Friday, 15 April 2005, 11:03 AM CET


An introduction to buffer overflow vulnerabilities
This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities. [more]
Friday, 15 April 2005, 10:03 AM CET


Home workers 'pose security risk'
Working from home could pose a security threat to British businesses, costing an estimated £8.5bn a year, an IT security company has warned. [more]
Friday, 15 April 2005, 9:36 AM CET


Secure collection of Web form data using SSL and PGP
The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. What can you do? [more]
Friday, 15 April 2005, 8:17 AM CET


Windows XP SP2 and the damage done
The results of a study released last week offered still more proof of just how unenthused IT administrators are about Microsoft's Service Pack 2 (SP2) for Windows XP. [more]
Friday, 15 April 2005, 7:18 AM CET


Privacy from the trenches
The recent string of high profile security breaches doesn't even hit the radar of the average user worried about the privacy of his personal information. [more]
Friday, 15 April 2005, 6:08 AM CET


Password protection not enough to protect trade secrets
You have to do more - says the Court. [more]
Friday, 15 April 2005, 5:17 AM CET


Network monitoring with Nagios
How can a system administrator monitor a large number of machines and services to proactively address problems before anyone else suffers from them? The answer is Nagios. [more]
Friday, 15 April 2005, 3:46 AM CET


Scope of credit card security breach expands
HSBC Bank is just one of several institutions whose customers may be affected. [more]
Friday, 15 April 2005, 3:01 AM CET


Exploit code published for unpatched Office flaw
Security researchers this week reported a flaw in the memory handling of the Microsoft Jet Database Engine that powers the Microsoft Office Access database. [more]
Friday, 15 April 2005, 2:10 AM CET


Arrests highlight offshore risks
Outsourced services need fraud detection systems. [more]
Friday, 15 April 2005, 1:24 AM CET


Networks on yellow alert over ICMP flaw
ISPs and enterprises were this week advised to update their internet communications infrastructure following the discovery of a vulnerability affecting a raft of major suppliers including Cisco, Juniper, Microsoft and IBM to varying degrees. [more]
Friday, 15 April 2005, 12:15 AM CET


A federated crypto guy
When budgets get tight, R&D is often one of the first departments to feel the squeeze. [more]
Thursday, 14 April 2005, 5:26 PM CET


E-commerce: it's all about trust
There is no silver bullet that will stop all security breaches, thwart all hackers and thieves, and ensure strong customer loyalty. However, by employing a layered series of defenses, companies can demonstrate that they adhere to a standard of prudent care and thereby increase trust among their clientele. [more]
Thursday, 14 April 2005, 5:17 PM CET


Security, privacy, reliability among risks of VoIP
Inexpensive as the service may be, VoIP carries risks not encountered with conventional landline and cell phone services. [more]
Thursday, 14 April 2005, 1:25 PM CET


Spamming the wrong message
Imposing a jail sentence on one of the world's top spammers feels good, but it's really attacking the problem from the wrong end. [more]
Thursday, 14 April 2005, 12:28 PM CET


Cisco warns of ICMP-based attacks on routers
In its second IOS security bulletin in a week, Cisco warned that a common management protocol used on the Internet could be used to launch denial-of-service attacks against Cisco routers and other IP-based gear. [more]
Thursday, 14 April 2005, 11:31 AM CET


Anti-spyware group collapses
An anti-spyware consortium has collapsed weeks after its decision to admit 180solutions, the controversial adware firm to its ranks. [more]
Thursday, 14 April 2005, 11:25 AM CET


Protecting the corporate network using firewalls
To protect the internal network from external networks like the Internet, most companies employ some sort of firewall. [more]
Thursday, 14 April 2005, 11:22 AM CET


Hacking Linspire
Linspire 5.0 (Five-0) is a Debian GNU/Linux-based distribution with a pretty interface, proprietary video drivers and browser plug-ins, and a pricey desktop software subscription model. [more]
Thursday, 14 April 2005, 11:16 AM CET


IT the 'whipping boy' for security breaches
IT departments can end up being the whipping boy for security breaches if they don't drive a cultural change within their organization, IDC warned last week. [more]
Thursday, 14 April 2005, 11:10 AM CET


Hackers use blogs to spread worms, keyloggers
Blogs aren't just for blabbing to friends and family, but increasingly are being used as a safe haven by hackers for storing and distributing malicious code. [more]
Thursday, 14 April 2005, 11:09 AM CET


Developers still take dim view of Windows security
Most developers say poor training, design, coding practices are the root cause of software security failures. [more]
Thursday, 14 April 2005, 11:07 AM CET


Liberty Alliance strengthens ID-based web services
The Liberty Alliance today published its latest interface specifications which have been expanded to support presence, contact book and geo-location web services. [more]
Wednesday, 13 April 2005, 2:36 PM CET


Italian virus scammer jailed for 14 months
A 39-year-old Italian man convicted of running a dialler scam was last week jailed for 14 months on fraud and virus distribution charges. [more]
Wednesday, 13 April 2005, 12:20 PM CET


LexisNexis: 280,000 more possible data theft victims
An in-depth review and analysis of two years' of search activity uncovered 59 incidents of unauthorized access to information, LexisNexis said in a statement. [more]
Wednesday, 13 April 2005, 12:18 PM CET


UK to use passports to build national fingerprint database
Mandatory fingerprinting of new UK passport applicants is to begin next year, as a "building block" for a future ID card scheme. [more]
Wednesday, 13 April 2005, 12:10 PM CET


Using a Linux failover router
In this article we will look at setting up an existing Linux machine as a failover router to provide quick and automatic switchover from a dead Internet connection (the primary connection) to one that is operational (the secondary connection). [more]
Wednesday, 13 April 2005, 12:07 PM CET


Linux commands for beginning server administrators
My hope is that this focused list of the basic administration commands will help you quickly become self sufficient and well versed in server use. [more]
Wednesday, 13 April 2005, 11:59 AM CET


The two-edged sword: Legal computer forensics and open source
Although open source tools are not the only ones available for computer forensics, they are among the most widely used. [more]
Wednesday, 13 April 2005, 11:54 AM CET


Strategic security
Treat information security as an operational risk management issue, not as a tactical function. [more]
Wednesday, 13 April 2005, 11:52 AM CET


French may have to buy compulsory biometric ID cards
Plan for compulsary ID card could go into effect in 2007. [more]
Wednesday, 13 April 2005, 11:45 AM CET


UC-Berkeley leads college consortium on cybersecurity
University of California, Berkeley, experts will lead a consortium of colleges in a far-reaching effort to keep the nation's computer data safe from cyberattack. [more]
Wednesday, 13 April 2005, 11:43 AM CET


Eight patches - five critical - in MS April patch batch
Microsoft issued eight patches - five critical - to deal with 12 vulnerabilities on Tuesday. Fixes for Windows, Internet Explorer, Word, MSN Messenger and an update for Microsoft Exchange (2000 and 2003) all featured in Microsoft's latest patch batch. [more]
Wednesday, 13 April 2005, 11:37 AM CET


Wipe your deleted data away: using cipher.exe
In this article we will look at how to use a tool called ‘cipher’ which is a command line tool included with Windows 2000 and XP. [more]
Wednesday, 13 April 2005, 5:59 AM CET


Tom Ridge says RFID boosts security
The former head of the Department of Homeland Security says RFID will help make the United States safer, but critics aren't so sure. [more]
Tuesday, 12 April 2005, 1:30 PM CET


Server and domain isolation using IPSec and Group Policy
The logical isolation approach using server and domain isolation techniques enables the development of a flexible, scalable, and manageable isolation solution that provides the security of isolation without the cost or inflexibility of physical boundaries. [more]
Tuesday, 12 April 2005, 1:28 PM CET


Configuring an untrusted wireless DMZ on the ISA Firewall
In this, part 1 of a two part series, we'll go over the details of the DMZ infrastructure and how to configure a split DNS to provide enhanced support for the solution. [more]
Tuesday, 12 April 2005, 11:15 AM CET


Stopping spam
What can be done to stanch the flood of junk e-mail messages? [more]
Tuesday, 12 April 2005, 11:05 AM CET


Cleaning up disclosure
A new federal law requires all U.S. financial institutions to notify their customers when a sensitive database breach has occurred. Newly proposed state laws may go even further. [more]
Tuesday, 12 April 2005, 10:55 AM CET


Rootkit web sites fall to DDOS attack
Two prominent Web sites that specialize in remote access software known as "rootkits" have been taken offline by a large distributed denial of service (DDOS) attack. [more]
Tuesday, 12 April 2005, 10:21 AM CET


Storage managers cite data security as top concern
Few cite regulations such as Sarbanes-Oxley and HIPPA as a major worry. [more]
Tuesday, 12 April 2005, 10:01 AM CET


Hackers, Windows, Linux and Knoppix
Being the kind of technical person you are, you most likely identify with the old-time hacker ethic and disdain the popular use of the word "hacker" when "cracker" would be more apropos. [more]
Tuesday, 12 April 2005, 9:30 AM CET


Venezuelan arrested for '01 Airforce hacks
"RaFa" charged with attacking Department of Defense servers. [more]
Tuesday, 12 April 2005, 9:06 AM CET


Microsoft: Government should fund security study for business
Governments should fund long-term security research that could be transferred to the private sector for commercial deployment, said Microsoft's global security chief. [more]
Tuesday, 12 April 2005, 7:06 AM CET


Pew survey: Internet users accept spam more readily
"This shows some level of tolerance that people are manifesting," said Deborah Fallows, a senior research fellow at Pew and the study's author. "Maybe it's their getting used to it. Maybe it's like other annoying things in life -- air pollution, traffic -- they are just learning to live with it." [more]
Tuesday, 12 April 2005, 7:04 AM CET


Protect your firm against the newest email threats
The battleground in the ongoing fight against spam by organizations worldwide is shifting based on new tactics from spammers and hackers designed to defeat conventional anti-spam content filtering solutions. [more]
Monday, 11 April 2005, 3:45 PM CET


Mississippi joins list of colleges leaking data
Surfer stumbles on 700 names, Social Security Numbers. [more]
Monday, 11 April 2005, 3:30 PM CET


Golden padlock no promise of security
Security certificates sell out consumers. [more]
Monday, 11 April 2005, 3:27 PM CET


Brits fail online phishing test
Fewer than one in 10 score top marks. [more]
Monday, 11 April 2005, 3:27 PM CET


Be secure: think like bad guys
Security managers at last week's InfoSec World conference say they're combating the risks posed by outsider attacks and insider exploits by thinking - and sometimes acting - like hackers. [more]
Monday, 11 April 2005, 1:13 PM CET


djbdns: an alternative to BIND
djbdns is easy to install and configure, and is much less complex than BIND, with essentially the same functionality. [more]
Monday, 11 April 2005, 1:12 PM CET


Absolute security is a myth
No operating system is completely immune to security threats, and that includes Apple's OS X. [more]
Monday, 11 April 2005, 10:46 AM CET


Balancing security and privacy is the goal
New Homeland Security advisory committee on privacy looks at feds' use of personal data. [more]
Monday, 11 April 2005, 10:45 AM CET


Defeating honeypots: system issues, part 2
This paper will explain how an attacker typically proceeds in order to attack a honeypot for fun and profit. [more]
Monday, 11 April 2005, 10:43 AM CET


Setting the bar for security
From annual security audits to the use of sophisticated Web scanning technologies, banks lead the battle against identity theft. [more]
Monday, 11 April 2005, 10:32 AM CET


Training a new breed of hacker
The traditional approach to fight hacking is to ban it. In Barcelona however, the war against the hackers has taken a new turn. [more]
Monday, 11 April 2005, 10:30 AM CET


Underencrypted and overexposed
Do you know where your pictures are? A stolen hard drive teaches a lesson. [more]
Friday, 8 April 2005, 4:50 PM CET


Paranoid penguin - Linux VPN technologies
Which virtual private network is right for you? Mick runs down the options and comes up with some winners and some warnings. [more]
Friday, 8 April 2005, 4:47 PM CET


Eight patches lined up for MS April patch batch
Microsoft is due to publish critical updates for Office and MSN Messenger when it delivers its next batch of security updates next Tuesday (12 April). [more]
Friday, 8 April 2005, 4:28 PM CET


Phoney Microsoft mail causes concern
Trojan attack spreading. [more]
Friday, 8 April 2005, 1:54 PM CET


DNS attacks attempt to mislead consumers
Employees at more than 500 companies have fallen victim to domain attacks in the last month, underscoring the increasing popularity of the tactic among Internet fraudsters, security experts said this week. [more]
Friday, 8 April 2005, 10:53 AM CET


Will Sony crackdown on PSP hacks?
Less than two weeks after Sony released its long-anticipated PlayStation Portable, a handheld gaming device with multimedia capabilities, the device's most ardent fans began spreading details about their successful hacks. [more]
Friday, 8 April 2005, 10:50 AM CET


Dressing up for security success
Linux PAM (Pluggable Authentication Modules) is a wonderful authentication application library that's used by essential programs like 'login' and 'passwd', and, so, is included in virtually every Linux distribution. [more]
Friday, 8 April 2005, 10:49 AM CET


Security in the palm of your hand
While the number of corporate employees that work remotely has grown significantly during the past several years, the number of threats and ability to cause significant damage to the corporate network has also skyrocketed. [more]
Friday, 8 April 2005, 10:48 AM CET


Market analysis: storage security
You wouldn't hire any old security service to guard your company's important physical assets, would you? We outline areas of vulnerability and present questions to get you thinking about the level of protection your organization needs. [more]
Friday, 8 April 2005, 10:47 AM CET


Check Point to roll out secure wireless access point
Check Point next week will announce a security appliance for large numbers of remote sites that are part of corporate VPNs. [more]
Thursday, 7 April 2005, 2:19 PM CET


Fewer permissions are key to Longhorn security
Questions remain about Microsoft's plans for a new user privileges model. [more]
Thursday, 7 April 2005, 1:51 PM CET


How 20% effort can get you 80% security
To manage risk, maintain razor-sharp security architecture and still enjoy a peaceful night's sleep, security professionals at this week's InfoSec World conference offered this advice: Know your limits, speak the boss's language and embrace change. [more]
Thursday, 7 April 2005, 1:51 PM CET


RFID policy panel raises privacy concerns
Lack of authentication means identity thieves could set up fake readers. [more]
Thursday, 7 April 2005, 1:50 PM CET


Opening eyes to hackers
Europeans bracing for rise in data theft. [more]
Thursday, 7 April 2005, 12:51 PM CET


Does security run in your veins?
Fujitsu's system uses palm vein patterns to identify bank customers in Japan. [more]
Thursday, 7 April 2005, 12:50 PM CET


IT managers ignore mobile security
Blame the user instead. [more]
Thursday, 7 April 2005, 12:49 PM CET


Virus attacks up 50 per cent
The number of virus attacks on enterprises increased by half between 2003 and 2004, according to ICSA Labs, an independent division of internet security company Cybertrust. [more]
Thursday, 7 April 2005, 12:47 PM CET


Germany's Postbank is hit by new phishing attack
Germany's Postbank has been the target of another phishing attack, its third after two back-to-back assaults last year. [more]
Wednesday, 6 April 2005, 2:06 PM CET


More sophisticated cyber crime costs UK billions
National Hi-Tech Crime Unit puts cost at $4.61 billion. [more]
Wednesday, 6 April 2005, 1:55 PM CET


University system works to thwart hackers
The state university system's computing service building, which is at UNLV, is one of the most protected buildings on campus -- or so local legend goes. [more]
Wednesday, 6 April 2005, 1:06 PM CET


The invisible threat from mobile devices
With the increasing convergence of phone and network aware devices, come new and often unnoticed threats. Features such as built-in cameras, wireless networking, Bluetooth, calendars, phone books, all present their own particular problems, and associated risks. [more]
Wednesday, 6 April 2005, 12:05 PM CET


The wireless security balance game
Making sure that your wireless LAN network is secure is clearly important, but with the technology changing so rapidly, it appears that many are sticking with the "good enough" approach. [more]
Wednesday, 6 April 2005, 11:42 AM CET


Woman to lead UK fight against cybercrime
Detective chief superintendent Sharon Lemon has been appointed head of the National Hi-Tech Crime Unit. [more]
Wednesday, 6 April 2005, 10:20 AM CET


Mabir mobile virus on the prowl
While the Mabir virus can spread by Bluetooth, there appears to be a flaw in the virus program. [more]
Wednesday, 6 April 2005, 6:34 AM CET


Web postcards hide Trojan horse programs
SANS Institute warns of attacks that trick users into installing Trojan remote access programs. [more]
Wednesday, 6 April 2005, 5:01 AM CET


In praise of Windows 2003 SP1
Usually I get to use this space to complain about Microsoft's poor security practices, but not this time -- with last week's release of Windows 2003 Service Pack 1, this time they get praise. [more]
Wednesday, 6 April 2005, 4:13 AM CET


Making the Microsoft Operations Manager more secure
Microsoft Operations Manager (MOM) 2005 is a great solution for managing your Exchange, SQL and other servers - but what about security? [more]
Wednesday, 6 April 2005, 3:09 AM CET


The Feds can own your WLAN too
This article will be a general overview of the procedures used by the FBI team. [more]
Wednesday, 6 April 2005, 2:29 AM CET


Interview with Jon Lech Johansen
Depending on your point of view, Jon Lech Johansen is either your hero or adversary. To the copyright industry, Jon Lech Johansen has been a detriment to their policy of control since the advent of De_CSS (Decrypt Content Scrambling System.) [more]
Wednesday, 6 April 2005, 1:38 AM CET


Server and domain isolation using IPsec and Group Policy
This article demonstrates how IPsec transport mode can be leveraged as one of the best means currently available to protect corporate networks. [more]
Tuesday, 5 April 2005, 12:55 PM CET


Computer crime cost to business soars
NHTCU figures put cost at £2.4bn in 2004. [more]
Tuesday, 5 April 2005, 12:04 PM CET


March 2005 DNS poisoning summary
This report is intended to provide useful details about this incident to the community. [more]
Tuesday, 5 April 2005, 9:49 AM CET


The day after: your first response to a security breach
What can you do to prevent this from ever happening again? [more]
Tuesday, 5 April 2005, 9:47 AM CET


Sybase invokes licence gag in flaw disclosure row
Database maker Sybase will likely drop legal threats against a UK-based security company this week, allowing the company to publish details on six flaws, a source familiar with the negotiations said on Monday. [more]
Tuesday, 5 April 2005, 9:42 AM CET


Carjackers swipe biometric Merc, plus owner's finger
A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system. Accountant K Kumaran, the BBC reports, had at first been forced to start the S-class Merc, but when the carjackers wanted to start it again without having him along, they chopped off the end of his index finger with a machete. [more]
Tuesday, 5 April 2005, 9:41 AM CET


The price of restricting vulnerability publications
As in other fields of science, there is a real danger that publication restrictions will inhibit the advancement of the state of the art in computer security. [more]
Tuesday, 5 April 2005, 9:35 AM CET


Handheld security too expensive for the enterprise?
If your enterprise relies on PDAs and smartphones to get business done, you may be paying too much to secure it. [more]
Tuesday, 5 April 2005, 9:31 AM CET


Enterprise I.T. still wary of XP SP2
On April 12th, the tool that Microsoft provided to block updates will be deactivated and PCs around the world will begin downloading the 266-MB upgrade. Only seven percent of those questioned in the AssetMetrix survey had already installed the software. [more]
Tuesday, 5 April 2005, 9:25 AM CET


Local authorities under great web security threat
Local authorities and small government departments are at the greatest risk of IT security breaches in the public sector according to web management specialists, System Associates. [more]
Tuesday, 5 April 2005, 9:22 AM CET


Allowing the ISA 2004 Server to use Windows Update Services
Steve Moffat provides a step by step walkthrough on allowing the ISA firewall to use Windows Update Services. [more]
Tuesday, 5 April 2005, 9:19 AM CET


Red Hat Linux 4.0 offers power, security
In our Clear Choice test of Red Hat Enterprise Linux 4.0, (we tested RHEL 4.0 Advanced Server, Red Hat’s most robust Linux distribution), we found huge performance gains over previous editions, beefed up security options and vastly improved hardware detection mechanisms. [more]
Monday, 4 April 2005, 2:23 PM CET


Database rootkit menace looms
Crackers are developing more sophisticated techniques for take over the control of corporate databases using malicious code akin to malware already common on Unix platforms. [more]
Monday, 4 April 2005, 1:25 PM CET


New bugs puts Outlook and IE users at risk
Software flaws ranked high risk. [more]
Monday, 4 April 2005, 1:24 PM CET


Old viruses still going strong
Security vendor Sophos has published a report revealing the top ten viruses causing problems for businesses around the world during the month of March 2005. [more]
Monday, 4 April 2005, 1:23 PM CET


Stolen voices - the challenge of securing VoIP
Though securing VoIP calls brings with it a set of new and often unique challenges, businesses should give as much serious consideration to securing their voice traffic as they do to their data today. [more]
Monday, 4 April 2005, 11:12 AM CET


Google yourself to identify security holes
Google your own network or sites to identify possible security holes. [more]
Monday, 4 April 2005, 10:59 AM CET


Hot spots for hackers: wireless networks
War drivers are people who ride in their cars with laptop computers and scout for wireless Internet, or WiFi, connections. [more]
Monday, 4 April 2005, 10:15 AM CET


IT security task force sets deadlines
An interagency task force charged with identifying federal IT security functions that could be provided centrally has set an ambitious timeline for completing its work. [more]
Monday, 4 April 2005, 9:06 AM CET


Microsoft ex-employee sentenced for software theft
A former employee of Microsoft was sentenced to two years in prison and ordered to pay more than $5 million in restitution for selling the world's largest software maker's products for personal gain, federal prosecutors said. [more]
Monday, 4 April 2005, 3:03 AM CET


Review: programs that manage passwords
Don't think taking your passwords with you on a USB drive solves all your security problems. A computer with a surreptitious keylogging program can still capture your passwords. [more]
Monday, 4 April 2005, 2:35 AM CET


Smartcards move a step closer
Eftpos network operator ETSL has successfully processed its first smartcard transactions, another step on the road to retirement for conventional debit and credit cards that store information on magnetic stripes. [more]
Monday, 4 April 2005, 1:09 AM CET


Secure remote access to Outlook Web Access web sites
In this article we'll dive into a key ISA firewall OWA security technology - SSL to SSL Bridging. [more]
Monday, 4 April 2005, 12:46 AM CET


March's bug story: old worms maintain grip
Older worms and viruses continued to dominate March's list of Top 10 baddest apples, security firms say. [more]
Friday, 1 April 2005, 10:25 AM CET


Securing your online privacy with Tor
The Tor project can help you keep your online communication private. [more]
Friday, 1 April 2005, 9:21 AM CET


Microsoft files 117 phishing lawsuits
Software giant seeking to identify large-scale operations, collect damages. [more]
Friday, 1 April 2005, 8:04 AM CET


Lawsuits drive 'Spam King' Richter to bankruptcy
The received wisdom in libertarian circles is that email anti-spam laws don't work, so they're not worth trying. [more]
Friday, 1 April 2005, 7:34 AM CET


Identity theft: are organizations obliged to notify clients?
Although identity theft is not a new offense, the Internet has provided perpetrators with new means to misappropriate personal data. [more]
Friday, 1 April 2005, 6:01 AM CET


EU pushes for safeguards on biometric technologies
Report examine effects of EU's decision to use biometric passports, visas, resident permits. [more]
Friday, 1 April 2005, 5:01 AM CET


Blogger catches identity thieves
This morning, I found out that thousands of dollars of charges had been made on two of my credit cards in the past two days. Now, the identity thieves are sitting in jail. This is how it happened. [more]
Friday, 1 April 2005, 4:34 AM CET


Grid computing can allow security threats
Security experts on Wednesday recommended that IT administrators clearly identify and understand the security risks associated with large-scale grid computing deployments. [more]
Friday, 1 April 2005, 3:27 AM CET


Enterprise security boom continues
The market for enterprise security is growing at its highest rate ever in Europe, according to analyst firm Canalys. [more]
Friday, 1 April 2005, 2:21 AM CET


IM users go private to get secure
A quarter of surveyed readers are using private enterprise instant messaging systems which are more secure than the pubic systems. [more]
Friday, 1 April 2005, 2:04 AM CET


Mozilla bug bounty pays fault-finders
Users who find flaws offered $500 per bug plus a free T-shirt. [more]
Friday, 1 April 2005, 1:14 AM CET


US intel agencies 'incompetent'
US intelligence agencies suffer from a poor analytical process influenced by presumptions and biases, and poor data collection capabilities, according to an unclassified report just out from the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. [more]
Friday, 1 April 2005, 12:10 AM CET



Spotlight

Review: Logging and Log Management

Posted on 22 May 2013.  |  Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.


Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
  
Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
  

 
DON'T
MISS
Thu, May 23rd
    COPYRIGHT 1998-2013 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //