Off the Wire

Off The Wire Archive

News items for April 2006

Automated patch management
So what’s all the fuss? Just install the security patches and you’re safe, right? Unfortunately, no. As IT professionals will attest, it can be extremely difficult to test and apply the necessary patches to every vulnerable computer within an enterprise before exploits become public. Compounding the matter, some patches can actually interfere with, or “break” existing software applications, adding to the time it takes to determine which patches can be applied and which need to be tested within a given organization’s network. [more]
Friday, 28 April 2006, 11:50 PM CET

Five common Web application vulnerabilities
This article looks at five common Web application attacks, primarily for PHP applications, and then presents a case study of a vulnerable Website that was found through Google and easily exploited. [more]
Friday, 28 April 2006, 8:08 PM CET

Secure web site access with Perl
Perl and its LWP module make it a breeze to automate Web site access; too bad the breeze becomes a storm when the Web site requires a username and password for access. [more]
Friday, 28 April 2006, 8:05 PM CET

Five face piracy charges for 'warez'
Five U.S. residents face criminal copyright charges for their alleged participation in the online "warez" file-trading community, the U.S. Department of Justice announced today. [more]
Friday, 28 April 2006, 8:04 PM CET

Cybersleuths seek to uncover click fraud artists
While Google, Yahoo and others will refund advertisers who can prove fraud, they have been criticized for being less than forthcoming about the scope of the problem.
Friday, 28 April 2006, 8:03 PM CET

Breach case could curtail web flaw finders
Security researchers and legal experts have voiced concern this week over the prosecution of an information technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission. [more]
Friday, 28 April 2006, 8:00 PM CET

Apache now the leader in SSL servers
Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft. [more]
Friday, 28 April 2006, 7:59 PM CET

Vista to handcuff firewall
Microsoft plans to turn off half the firewall in Windows Vista when the new operating system ships later this year because it doesn't think most users need all the firewall's functionality or can handle its management. [more]
Friday, 28 April 2006, 7:53 PM CET

McKinnon slams gung-ho US hacking law
lleged hacker Gary McKinnon has accused the US of " using a hammer to squash a gnat" ahead of his 10 May extradition hearing. [more]
Friday, 28 April 2006, 7:49 PM CET

Info commission calls on business to protect bio data
The UK's Information Commissioner has called for businesses to pull their socks up and protect their data. [more]
Friday, 28 April 2006, 7:48 PM CET

Core Impact puts a vise grip on vulnerabilities
A deeper look at Core Security's long-standing scanner shows the value of commercial vulnerability solutions. [more]
Friday, 28 April 2006, 7:47 PM CET

A few good metrics
Information security metrics don't have to rely on heavy-duty math to be effective, but they also don't have to be dumbed down to red, yellow, green. Here are five smart measurements—and effective ways to present them. [more]
Friday, 28 April 2006, 7:37 PM CET

A survey of DNS security
It is well-known that nameservers in the Domain Name System are vulnerable to a wide range of attacks. [more]
Thursday, 27 April 2006, 10:26 PM CET

Schneier warns Microsoft over Vista security
Security guru concerned about security info overload. [more]
Thursday, 27 April 2006, 10:19 PM CET

Major mobile virus attack 'imminent'
Mobile firms gear up slowly for virus attacks. [more]
Thursday, 27 April 2006, 10:18 PM CET

Security data swamps firms
More automated systems could help firms spot threats sooner, says Micromuse. [more]
Thursday, 27 April 2006, 10:14 PM CET

Your thoughts are your password
What if you could one day unlock your door or access your bank account by simply "thinking" your password? Too far out? Perhaps not. [more]
Thursday, 27 April 2006, 10:13 PM CET

Why no one can beat spam
"Technology solutions can only go so far," said John Mozena of the Coalition Against Unsolicited Commercial E-Mail. [more]
Thursday, 27 April 2006, 10:10 PM CET

Major mobile virus attack 'imminent'
Mobile firms gear up slowly for virus attacks. [more]
Thursday, 27 April 2006, 10:09 PM CET

AV firms rubbish MS Vista security claims
Anti-virus firms at Infosec say they expect Vista and IE7 to change nothing for the industry. Microsoft used its presence at the show to laud the security features they've been busy building in the the upcoming software. [more]
Thursday, 27 April 2006, 10:09 PM CET

Banks try to increase access, security
Going to the bank has never been easier, but the convenience of having a teller on virtually every street corner here has also given potential robbers more choices to pick from. [more]
Thursday, 27 April 2006, 10:08 PM CET

Spyware evolving faster than viruses
Darwinism in action as malicious software proliferates. [more]
Thursday, 27 April 2006, 3:47 AM CET

Firefox bug could be serious
A zero-day vulnerability in a fully-patched and most-current version of Mozilla Corp.'s Firefox could be exploited to crash the browser at the least, and at the worst, possibly introduce malicious code, a security company warned Tuesday. [more]
Thursday, 27 April 2006, 2:38 AM CET

Phishing goes international
The lingua franca of fraud. [more]
Thursday, 27 April 2006, 2:36 AM CET

How to stop Internet identity theft
Ultimately, while technology can help protect you, the fight against identity theft must be fought with common sense, informed caution, and a solid understanding of what you are up against. [more]
Thursday, 27 April 2006, 1:17 AM CET

Don't know much biology? Security researcher says it's time to learn
University of New Mexico prof says diversity could be key to beating back computer attacks. [more]
Thursday, 27 April 2006, 12:16 AM CET

Bringing more security to Wi-Fi networks
WPA2 and 802.11i incorporate the security enhancements that were part of WPA, but they use a much stronger encryption algorithm, the Advanced Encryption Standard (AES). AES so far has proved unbreakable, and meets the U.S. government's Federal Information Processing Standard for security. [more]
Wednesday, 26 April 2006, 7:08 PM CET

Sourcefire has big plans for open source Snort
Many companies incorporate Snort intrusion detection and prevention capabilities into their network-security products. Sourcefire founder and chief technology officer Martin Roesch owns Snort's General Public License, which means he drives the technology's development roadmap. [more]
Wednesday, 26 April 2006, 6:37 PM CET

Enhance boot-time security with GRUB passwords
The security of data files on your computer is at risk, and not just because you are connected to the Internet. [more]
Wednesday, 26 April 2006, 6:05 PM CET

OSVDB selected for Google’s Summer of Code 2006
We have provided a list of important projects we are currently planning for–however we are open to proposals for other projects and ideas. [more]
Wednesday, 26 April 2006, 5:16 PM CET

New VoIP phishing scams
There is a new type of email phishing scam targeting banking customers. [more]
Wednesday, 26 April 2006, 5:05 PM CET

Oracle readies database vault, secure backup
Oracle is delivering on a few database product promises. [more]
Wednesday, 26 April 2006, 5:02 PM CET

Choice of passwords prove weak security link
Businesses around the world must teach employees better password discipline, research published today concludes. [more]
Wednesday, 26 April 2006, 5:00 PM CET

Windows Server 2003 security guide
This updated technical guidance provides information about how to harden computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1). [more]
Wednesday, 26 April 2006, 4:59 PM CET

DoS threat hits Hitachi servers
A problem has been found in software shipping with Hitachi servers that could be used by a malicious attacker to cause a denial of service attack. [more]
Wednesday, 26 April 2006, 4:55 PM CET

Next-gen banking security still not safe
Two-factor authentication has major phishing flaw. [more]
Wednesday, 26 April 2006, 4:54 PM CET

Theoretical hacking for IT managers
Not everyone has "l33t skilz" or mass amounts of hardened TCP/IP stack programming experience. [more]
Wednesday, 26 April 2006, 4:53 PM CET

PGP unfazed by MS disk encryption
PGP says the whole disk encryption kit Microsoft will bundle with Vista is no threat to its position as the first port of call for forgetful laptop luggers. [more]
Wednesday, 26 April 2006, 4:51 PM CET

Phishers cast their nets wider
Almost half of all phishing attacks target online bankers outside of the UK and US. [more]
Wednesday, 26 April 2006, 4:49 PM CET

Cybercops alive and kicking
nfosec is often a challenge to the senses. Despite charging the public £20 for entry on the door this year, Olympia was crowded with people fighting to make their way through a hall packed with vendors vying for their attention. [more]
Tuesday, 25 April 2006, 8:07 PM CET

Stripping security down to the data level
Today’s security software is ineffective when it comes to protecting data, according to EMC vice president for information security Dennis Hoffman. He says data protection should be inherent in the data and be capable of being moved with it to ensure a constant level of protection. [more]
Tuesday, 25 April 2006, 8:06 PM CET

Microsoft flashes cash to fight cyber-porn
EU programme gets money, software and intelligence. [more]
Tuesday, 25 April 2006, 8:05 PM CET

UK firms beat back hack attacks
British businesses are wining the battle against malicious hackers and computer criminals, research suggests. [more]
Tuesday, 25 April 2006, 5:32 PM CET

Factory settings - insecure by default
So, you just set up a shiny new wireless router at home or at your office. As convenient as it is to have no strings, or at least wires, attached, that new router may have punched a hole in your security schema and set you up for unwanted trouble. [more]
Tuesday, 25 April 2006, 5:31 PM CET

British Library secures integrity of digital archive
Library will digitally sign each document in National Digital Library. [more]
Tuesday, 25 April 2006, 5:27 PM CET

Stolen laptops hand hackers keys to the kingdom
As web apps are becoming more secure stolen laptops have become among the easiest ways to break into corporate networks. [more]
Tuesday, 25 April 2006, 5:25 PM CET

Security risks still seen as small for Linux users
But operating system is slowly becoming a bigger target, some researchers say. [more]
Tuesday, 25 April 2006, 1:42 PM CET

Market analysis - web application firewalls
As more organizations move applications to the Web, they must defend an increasingly tangled environment full of security holes. A relatively new breed of security watchdog, Web application firewalls use deep-packet inspection to reveal the inner workings of Web applications, block attacks and harden your network. [more]
Tuesday, 25 April 2006, 1:41 PM CET

Travellers raise concerns about WiFi security
Business users wary about using WiFi hotspots on the move, research says. [more]
Tuesday, 25 April 2006, 1:40 PM CET

States removing personal data from official web sites
At least six states use redaction software, which digitally erases information. [more]
Tuesday, 25 April 2006, 1:40 PM CET

Securing UC Berkeley's network
School looks to shore up security in wake of breaches. [more]
Tuesday, 25 April 2006, 1:38 PM CET

Detecting mischievous activity
Computing magazine recently ran a major feature on security. [more]
Tuesday, 25 April 2006, 1:37 PM CET

Microsoft prepares to patch April patch
Microsoft is preparing to release a new version of a software patch on Tuesday after the first version caused problems on some systems. [more]
Monday, 24 April 2006, 10:40 AM CET

Calling for a response to digital ID
State barriers to information sharing do create problems for law enforcement when they can't identify crooks and terrorists past state lines. [more]
Monday, 24 April 2006, 10:32 AM CET

Seven unpatched OS X vulnerabilities exposed
Security researcher Tom Ferris has published details about seven security vulnerabilities in Apple's OS X operating system, including proof of concept code. [more]
Monday, 24 April 2006, 10:24 AM CET

Analysis: storage security
Cracks in our storage infrastructures put mission-critical data at risk. Here's how to harden security without increasing user burden. [more]
Monday, 24 April 2006, 2:38 AM CET

A beta look at Symantec’s Mail Security
Security is further enchanced by the products's outbound mail scanning. Not only is all inbound mail put through a series of security checks, but any mail leaving also is inspected. [more]
Monday, 24 April 2006, 2:26 AM CET

Protesters try to foil U.K. ID card plan
A U.K. group worried about the security of personal data to be collected under a new identity card plan is calling on people to renew their passports in May to avoid being part of the identity card scheme for at least 10 years. [more]
Monday, 24 April 2006, 2:09 AM CET

Five minutes to a more secure SSH
Here is a quick way to drastically improve the security of your OpenSSH server installations. [more]
Monday, 24 April 2006, 1:48 AM CET

CIA fires agent over leak to media
Information used in Pulitzer-winning story on secret prisons. [more]
Monday, 24 April 2006, 1:32 AM CET

E-mail authentication gaining steam
A host of software companies, security firms and Internet service providers met in Chicago on Wednesday to urge corporations and bulk message senders to adopt e-mail authentication technologies. [more]
Monday, 24 April 2006, 1:08 AM CET

Virus writers get into cyber-extortion
Incidence of cyber-blackmail attempts rose during the first three months of this year. [more]
Monday, 24 April 2006, 12:58 AM CET

Security myths and passwords
Consider the underlying role of passwords: authentication. [more]
Monday, 24 April 2006, 12:44 AM CET

Microsoft security patch: take two
Buggy version issued earlier this week caused applications to crash. [more]
Monday, 24 April 2006, 12:24 AM CET

Man charged with hacking USC database
"Our belief is that he knew that this was an inappropriate way to test someone's security and clearly this was computer intrusion," said Ken McGuire, an FBI supervisory special agent. [more]
Monday, 24 April 2006, 12:06 AM CET

A modular approach to data validation in web applications
Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. [more]
Friday, 21 April 2006, 2:24 PM CET

Linux desktop growth could spur new malware activity
Experts say the platform, while generally secure now, could be vulnerable. [more]
Friday, 21 April 2006, 2:10 PM CET

N.Y. county enacts wireless security law
Westchester County on Thursday enacted a law that is designed to limit identity theft by forcing local businesses to install basic security measures for any wireless network that stores customers' credit card numbers or other financial information. [more]
Friday, 21 April 2006, 2:03 PM CET

China close to being top spammer
The US is close to losing its place as the top spam sending nation on Earth. [more]
Friday, 21 April 2006, 1:52 PM CET

Security firms bust malware-for-sale racketeers
"It was a whole business model centered around selling this type of software to criminals," Sam Curry, vice president for product management for eTrust Security Managment said. [more]
Friday, 21 April 2006, 1:49 PM CET

Major banking sites insecure, researcher warns
Logins are usually encrypted, but not enough authenticate. [more]
Friday, 21 April 2006, 1:48 PM CET

Former school official indicted for E-Rate fraud
A former South Carolina school official has been indicted on mail and wire fraud charges in connection with a U.S. government program intended to bring the Internet to schools and libraries in poor areas. [more]
Friday, 21 April 2006, 1:28 PM CET

Bad karma surrounds e-mail authentication plans
This week's powwow of e-mail heavyweights in Chicago returned the IT community's attention to the issue of e-mail message authentication, but the messaging community has too little to show for a year's worth of work, some say. [more]
Friday, 21 April 2006, 1:27 PM CET

Users unfazed by Symantec’s $1B tax bill
Its Veritas subsidiary allegedly undervalued intellectual property held by an Irish subsidiary. [more]
Friday, 21 April 2006, 2:39 AM CET

Cleaning up the Net's malicious software
"There is a real threat here," according to John Palfrey, co-director of the Stop Badware Coalition and professor of law at Harvard. [more]
Friday, 21 April 2006, 2:34 AM CET

Last piece of the Kryptos puzzle?
For more than a decade, amateur and professional cryptographers have been trying to decipher an encrypted sculpture that sits on the grounds of the CIA headquarters in Langley, Virginia. Three-fourths of the sculpture has already been solved. [more]
Friday, 21 April 2006, 2:20 AM CET

Utilizing standard Microsoft tools to secure your network
Learn about tools that enable end users in your organization to lock down their own environment and help protect their desktops. [more]
Friday, 21 April 2006, 1:49 AM CET

Russia tries to unite world against cyber-crime
Internet crime as deadly as weapons of mass destruction, says Russia's interior minister. [more]
Friday, 21 April 2006, 1:36 AM CET

More Internet threats expected this year
Looking back, 2005 saw a rise in profit-driven attacks. These were reflected by phishing, which now represents as much as one percent of the global e-mail traffic and is far more effective than spamming. [more]
Friday, 21 April 2006, 1:20 AM CET

We're winning the war against hackers
Security pros are cooking on gas. [more]
Thursday, 20 April 2006, 5:56 PM CET

US tops global spamming charts
The US relays more spam than any other country, according to malware specialists Sophos. [more]
Thursday, 20 April 2006, 5:52 PM CET

Security: unpatched and doing fine?
It's been a year since the Honeynet project published the results of their study, which concluded that Linux systems can last much longer than Windows systems unpatched on the Internet. [more]
Thursday, 20 April 2006, 5:50 PM CET

Scalable DRM protects sensitive documents on the network
Clients pay high fees to law firms," says Matt Kesner, chief technology officer at Mountain View, Calif.-based Fenwick & West LLP. "They are willing to pay those fees for legal advice. They hate paying for printing, addressing and mailing documents -- the process of accessing that advice." [more]
Thursday, 20 April 2006, 5:49 PM CET

Microsoft launches new antispam portal
The antispam initiative is centered around Microsoft's Sender ID technology. In an effort to weed out forged sender addresses, the technology checks whether an e-mail's sender matches the corresponding IP address. [more]
Thursday, 20 April 2006, 5:48 PM CET

Worldwide laws fail to fight cyber crime
Nearly three-quarters of IT security experts believe that international laws are inadequate for fighting cyber criminals, according to research. [more]
Thursday, 20 April 2006, 5:47 PM CET

Optimizing DSPAM + MySQL 4.1
DSPAM is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. [more]
Thursday, 20 April 2006, 5:29 PM CET

Quantum cryptography record broken
Scientists have reported an important speed breakthrough which brings closer the day when quantum encryption becomes a usable part of communications security. [more]
Thursday, 20 April 2006, 5:28 PM CET

Lax approach to mobile security
Street-wise? When you're out in public places, there are certain things to do for reasons of personal safety and security, especially in unfamiliar locations. [more]
Thursday, 20 April 2006, 5:28 PM CET

Firefox sorts out security flaws
Computer users are being urged to update the Firefox web browser to close serious security holes in it. [more]
Thursday, 20 April 2006, 5:27 PM CET

Telecommuting security concerns grow
With home-based work on the rise, IT must adjust policies. [more]
Wednesday, 19 April 2006, 5:09 AM CET

Torvalds creates patch for cross-platform virus
Linus Torvalds has had an opportunity to examine the testing and analysis by Hans-Werner Hilse which we reported on yesterday, and has blessed it as being correct. [more]
Wednesday, 19 April 2006, 4:25 AM CET

Microsoft to push Sender ID at e-mail summit
It's also launching MSN Postmaster Services for Internet service provider. [more]
Wednesday, 19 April 2006, 4:00 AM CET

Hackers issue own 'patch' to infected computers
The gang of virus writers behind the virulent Bagle family of worms actually has issued a patch to its malicious code. [more]
Wednesday, 19 April 2006, 3:40 AM CET

Stop the bots
Botnets are a major source of evil on the Internet, from spam, phishing attacks, virus propagation and denial-of-service attacks to the stealing of financial information and other illegal activity. Does disbanding them raise legal and ethical implications? [more]
Wednesday, 19 April 2006, 3:22 AM CET

Tales from jails: How I helped network a prison
Networking promotes the communication of information, while security restricts it. Most networking professionals try hard to strike a healthy balance between the two, but what if security is tantamount and inviolate, and the needs are skewed? [more]
Wednesday, 19 April 2006, 3:08 AM CET

Stupid user tricks: Eleven IT horror stories
A long-suffering consultant and InfoWorld contributor recounts his tales of user catastrophe and lessons learned - and shares astounding stories from readers, too. [more]
Wednesday, 19 April 2006, 2:37 AM CET

Windows users: drop your rights
Security Fix has advised Microsoft Windows users in the past about the importance of running everyday software applications under user accounts that do not have the power to install programs or modify the underlying operating system in any way. [more]
Wednesday, 19 April 2006, 2:26 AM CET

Deniable file system
Some years ago I did some design work on something I called a Deniable File System. [more]
Wednesday, 19 April 2006, 2:18 AM CET

Phishing steals spotlight at MIT spam conference
Not only is phishing dangerous for potential victims, it is destroying banks' and other companies' ability to communicate with their customers in the most effective way, said Paul Judge, CTO of messaging security maker CipherTrust. [more]
Wednesday, 19 April 2006, 1:56 AM CET

Spammer faces chokey down under
Australian anti-spam law bites for the first time. [more]
Wednesday, 19 April 2006, 1:33 AM CET

Mafia boss's encrypted messages deciphered
he recently arrested "boss of bosses" of the Sicilian Mafia, Bernardo Provenzano, wrote notes using an encryption scheme similar to the one used by Julius Caesar more than 2,000 years ago, according to a biography of Italy's most wanted man. [more]
Wednesday, 19 April 2006, 1:14 AM CET

Hands-on testing of the new Linux virus
Our tests shows the code's viral nature is sometimes -- but not always -- effective on both platforms, depending on the kernel being used. [more]
Wednesday, 19 April 2006, 12:48 AM CET

Two convicted for illegal Internet pharmacy
A federal jury on Monday convicted two men in an Internet pharmacy network that authorities said illegally peddled millions of dollars worth of drugs worldwide. [more]
Wednesday, 19 April 2006, 12:38 AM CET

Securing tomorrow's networks
Securing end-point devices can be achieved by, amongst others, standardising security configurations across a business' devices; limiting administration privileges; keeping devices up-to-date with patches and upgrades; installing desktop virus protection and personal firewalls; and encrypting devices. [more]
Wednesday, 19 April 2006, 12:19 AM CET

Cyber sleuths call for new 'smart swarms'
Bees do it. And if the cyber-strategists working at such high-level organizations as the National Security Agency and the Los Alamos National Laboratory are right, 'smart swarming' may be en effective way to solve even the toughest security problems. [more]
Wednesday, 19 April 2006, 12:02 AM CET

Users feel pain after latest Microsoft patch
Security update red-flags some HP hardware. [more]
Tuesday, 18 April 2006, 4:01 PM CET

Community creators, secure your code!
Personalization is a great feature—it allows users to make their personal pages come to life by adding colors, pictures, and even sound—but as with any user input, it is a security threat if not properly sanitized. [more]
Tuesday, 18 April 2006, 3:55 PM CET

Sorting the security standards
Many companies are using standards and frameworks to deal with certain aspects of information security. These models can help protect systems and data, but each plays a very different role in an overall security plan. [more]
Tuesday, 18 April 2006, 3:54 PM CET

Firms slow to fix security flaws
Hackers are getting a helping hand from firms taking too long to fix software vulnerabilities, research shows. [more]
Tuesday, 18 April 2006, 3:53 PM CET

Social engineering: the biggest risk to Internet security
It is far easier to get vital information from a person than it is to extract it from a well organized and protected computer system. [more]
Tuesday, 18 April 2006, 3:52 PM CET

Rootkits use continues to grow
Easy access to malicious technology lower threshold for malware makers to use rootkits. [more]
Tuesday, 18 April 2006, 4:49 AM CET

Feds still struggle with sharing terrorism data
The office warns that a dearth of government-wide policies makes consistency impossible. [more]
Tuesday, 18 April 2006, 3:22 AM CET

Microsoft patch causes HP crashes
Windows patch MS06-015, part of Microsoft's latest round, can cause some HP applications to crash. [more]
Tuesday, 18 April 2006, 2:22 AM CET

How to encrypt BitTorrent traffic
More and more ISP’s are limiting throttling BitTorrent traffic on their networks. By throttling BitTorrent traffic the speed of BitTorrent downloads decrease, and high speed downloads are out of the question. [more]
Tuesday, 18 April 2006, 2:21 AM CET

Developer highway code
This concise handbook for developers provides Application Security guidance based on the Microsoft patterns & practices. [more]
Tuesday, 18 April 2006, 2:20 AM CET

Siemens enhances HiPath security
Siemens Communications this week plans to unveil new security and management features for its enterprise WLAN platform. [more]
Tuesday, 18 April 2006, 2:19 AM CET

Intelligence as the basis for proactive security risk management
There has been a significant shift recently in the sophistication of network attacks as these morph from unstructured to structured threats. Users not only face a broader variety of security challenges but also have a tougher time in dealing with them in a cost effective manner. Those organisations which found that they were unprepared to deal with unstructured threats will have no hope now that the ante has been raised. [more]
Monday, 17 April 2006, 5:33 PM CET

Hacked computers download spam tool
Bagle spam gang sending new spamming tool to thousands of hacked computers. [more]
Monday, 17 April 2006, 5:27 PM CET

QuickStudy: computer forensics
There are two categories of computer crime: criminal activity that involves using a computer to commit a crime, and criminal activity that has a computer as a target, such as a network intrusion or a denial-of-service attack. [more]
Monday, 17 April 2006, 5:26 PM CET

The fear industry
Shameless self-promoters? Fear mongerers? Sure, security researchers aren't always model citizens, but business technology pros want them on the job. [more]
Monday, 17 April 2006, 11:56 AM CET

Gateway to secure transactions
With the rising levels of security breaches and transaction fraud, biometric technology is emerging as a key enabler to enhanced security solutions in the Indian market. [more]
Monday, 17 April 2006, 2:35 AM CET

Making and breaking HDCP handshakes
Suppose you connect an HDMI-compliant next-gen DVD player to an HDMI-compliant TV, and you try to play a disc... [more]
Monday, 17 April 2006, 1:36 AM CET

Image stealing by phishers
Lazy phishers are often simply making a copy of the original bank site with some malicious modifications. As an example, take a look at this currently active phishing site targeting Chase Bank. [more]
Monday, 17 April 2006, 1:22 AM CET

IE patch breaks Siebel client
Microsoft's IE patch can cause Siebel 7 client software to become unusable; Microsoft to release a 'compatibility patch' to address the issue. [more]
Monday, 17 April 2006, 1:02 AM CET

Using epoll() for asynchronous network programming
This article describes how to implement tcp-server with synchronous connections handling using epoll() system call of Linux 2.6. kernel. [more]
Monday, 17 April 2006, 12:45 AM CET

How piracy opens doors for Windows
Bill Gates may not be entirely dismayed by software thieves. They seed the world market and make Microsoft a standard. [more]
Monday, 17 April 2006, 12:20 AM CET

Suspected Czech phishing mule busted
Law enforcement authorities in Prague charged a man with assisting in fraud, after arresting him at a bank where he allegedly attempted to pick up cash wired to him by phishing victims. [more]
Monday, 17 April 2006, 12:03 AM CET

Why piracy in China isn't going away
Software pricing needs to be commensurate with local market conditions. [more]
Friday, 14 April 2006, 7:19 PM CET

Security updates for Firefox, Opera browsers
Mozilla has issued a new version of Firefox to fix multiple, serious flaws in the open-source browser, including at least five vulnerabilities that hackers could deploy on malicious Web sites to install malware if users visited the sites with vulnerable browsers. [more]
Friday, 14 April 2006, 5:47 PM CET

Tax time opens phishing season
"With the IRS, phishers are guaranteed a very large cohort of people that will care about their messages," said Peter Cassidy, director of research for the Anti-Phishing Work Group. [more]
Friday, 14 April 2006, 12:15 PM CET

Even terrorists worry about Internet security
Web chatter shows groups advising members on spyware, privacy. [more]
Friday, 14 April 2006, 4:01 AM CET

Implementing file compression and encryption in Visual Basic 6
In this two-part article series, you'll see how you can easily add encryption and data compression (ZIP) capabilities to existing Visual Basic 6 applications using the .NET Framework. [more]
Friday, 14 April 2006, 3:50 AM CET

AOL accused of email censorship
Provider blocking all messages that refer to anti-AOL campaign. [more]
Friday, 14 April 2006, 3:40 AM CET

Implementing security policies
Implementing security policies in an unregulated user population poses unique challenges. We look at innovative -- and inexpensive -- technologies some schools have employed. [more]
Friday, 14 April 2006, 3:35 AM CET

Considering the options for data encryption
The hard part about encrypting data is not how to encrypt it - it's how to manage it. If you don't keep the keys safe, your encryption plan is ineffective. If you keep the keys too far out of reach, you can't decrypt your data, which renders your encryption plan impractical. [more]
Friday, 14 April 2006, 3:17 AM CET

The enemy inside
A realistic approach to prioritizing actions to prevent privileged user or insider security threats. [more]
Friday, 14 April 2006, 3:03 AM CET

IE 7 security update picture remains muddy
Confused users wonder whether recent patch updates apply to them. [more]
Friday, 14 April 2006, 2:25 AM CET

Can cell phones compromise your network?
Multi-device viruses such as Crossover present a significant risk to both personal data and business assets. [more]
Friday, 14 April 2006, 1:30 AM CET

Microsoft's tying IE changes in security patch sparks backlash
By packaging a functionality change for Internet Explorer with a needed security update, Microsoft has alienated some IT pros. [more]
Friday, 14 April 2006, 1:10 AM CET

Virtualization for security
Virtualization software allows you to run multiple operating systems on one machine at the same time. [more]
Friday, 14 April 2006, 12:56 AM CET

Research finds no way to beat phishing
People are stupid it seems. [more]
Friday, 14 April 2006, 12:38 AM CET

MySpace hires former cybercrime investigator
Community Web site MySpace announced this week that the company had hired Hemanshu Nigam, a security investigator at Microsoft and a former prosecutor, to strengthen what many have claimed are lax protections against cyberstalkers and online predators. [more]
Friday, 14 April 2006, 12:21 AM CET

Process your email with procmail
Mutt is a fine command-line email client, but it lags Evolution and Thunderbird in its ability to do email filtering. [more]
Friday, 14 April 2006, 12:11 AM CET

Afghans selling US army 'files'
US forces in Afghanistan are checking reports that stolen computer hardware containing military secrets is being sold at a market beside a big US base. [more]
Thursday, 13 April 2006, 3:26 PM CET

Gartner calls Windows in Mac security concerns 'hype'
Gartner analyst Michael Silver has dismissed concerns that running Windows XP on a Mac will open up the Mac OS to viruses. [more]
Thursday, 13 April 2006, 1:07 PM CET

British 'hacker' fears Guantanamo
A British man accused of being behind the largest ever hack of US government computer networks could end up at Guantanamo Bay, his lawyer has claimed. [more]
Thursday, 13 April 2006, 12:08 PM CET

10 steps for locking your wireless network
SMBs love wireless. It's fast, convenient, based on readily supported standards and it often saves you the cost of wiring. What's not to like? [more]
Thursday, 13 April 2006, 3:41 AM CET

Critics hit SF Wi-Fi plan on privacy, interference
Google has said it will erase the user's Web-surfing data after using it to target ads, but privacy watchdogs say it represents a bad trade-off for users. [more]
Thursday, 13 April 2006, 3:16 AM CET

AT&T seeks to hide spy docs
AT&T is seeking the return of technical documents presented in a lawsuit that allegedly detail how the telecom giant helped the government set up a massive internet wiretap operation in its San Francisco facilities. [more]
Thursday, 13 April 2006, 3:03 AM CET

Finance websites still not secure enough
Fewer than two thirds of UK websites that accept financial data for sales transactions encrypt the information to protect customers, according to the Department of Trade and Industry's 2006 Information Security Breaches Survey. [more]
Thursday, 13 April 2006, 2:25 AM CET

The skinny on April's batch of Microsoft patches
Microsoft on Tuesday released five updates to remedy security flaws in its software products, including a huge -- and potentially disruptive -- patch bundle that fixes eight "critical" flaws in Microsoft's Internet Explorer Web browser. [more]
Thursday, 13 April 2006, 2:12 AM CET

Getting started with Nagios 2.1
Nagios, the premier open source network monitoring program, is celebrating its 2.1 release. [more]
Thursday, 13 April 2006, 1:42 AM CET

Network monitoring with Zabbix
Zabbix has the capability to monitor just a about any event on your network from network traffic to how many papers are left in your printer. It produces really cool grahps. [more]
Thursday, 13 April 2006, 1:30 AM CET

Browsers feel the fuzz
Last month, security researcher HD Moore decided to write a simple program that would mangle the code found in Web pages and gauge the effect such data would have on the major browsers. The result: hundreds of crashes and the discovery of several dozen flaws. [more]
Thursday, 13 April 2006, 1:20 AM CET

Sick 419 scammers prey on Concorde victims
Latest emails offer share of £20m. [more]
Thursday, 13 April 2006, 12:59 AM CET

China to tackle software piracy
The Chinese government has made a fresh attempt to crack down on software piracy. [more]
Thursday, 13 April 2006, 12:45 AM CET

Military hacker faces extradition
London computer enthusiast could face 60 years in a US jail. [more]
Thursday, 13 April 2006, 12:27 AM CET

Midshipmen compete in NSA security drill
Midshipmen at the Naval Academy took part in a simulated battle Tuesday, defending their computer systems against an attack by hackers from the National Security Agency in Fort Meade. [more]
Thursday, 13 April 2006, 12:12 AM CET

Ross-Simons says security breach exposes customers
It affects those who applied for retailer's credit card. [more]
Thursday, 13 April 2006, 12:03 AM CET

US security agency scrutinises secure storage device
Meeting could hint at restrictions. [more]
Wednesday, 12 April 2006, 12:28 PM CET

CertifiedEmail will not reduce spam
Legislators and advocacy groups were surprised at a California Senate committee hearing last week when Goodmail CEO Richard Gingras said its fee-based CertifiedEmail program that AOL and Yahoo are implementing is not meant to reduce spam. [more]
Wednesday, 12 April 2006, 12:27 PM CET

Pentium computers vulnerable to cyberattack
Security experts warn of that and other risks at CanSecWest/core 06. [more]
Wednesday, 12 April 2006, 12:26 PM CET

MySpace addresses security criticism
"MySpace and other Web sites like it, such as MyFace, are not geared around safety -- they are meant to be a friendly environment to meet people," Michael Kessler, vice president of Gaggle.Net, which provides many school districts with secure e-mail and blog applications for students, told TechNewsWorld. [more]
Wednesday, 12 April 2006, 12:24 PM CET

IBM announces CPU-level security architecture
Security is a tricky thing. We all want it (well, many of us want it), but we don't want the hassle of dealing with it. [more]
Wednesday, 12 April 2006, 12:21 PM CET

Review - Eli Home Broadband security appliance
Hosted Internet security used to be the preserve of businesses as it has traditionally been too expensive for home users. [more]
Wednesday, 12 April 2006, 2:45 AM CET

Microsoft releases critical Internet Explorer patch
The company released five patches addressing a number of critical vulnerabilities in IE and Windows. [more]
Wednesday, 12 April 2006, 2:27 AM CET

Web role examined in London, Madrid bombings
Investigations into the Madrid and London bombings highlight two worrying trends for European security services - the emergence of autonomous, homegrown radical cells and their skilled exploitation of the Internet. [more]
Wednesday, 12 April 2006, 2:09 AM CET

Microsoft fixes 14 flaws
Three of the bulletins were tagged as "critical," one as "important," and the fifth as "moderate" - the last being Microsoft's second-from-the-bottom alert. [more]
Wednesday, 12 April 2006, 1:42 AM CET

Security agency scrutinizes secure storage device
Meeting could hint at restrictions. [more]
Wednesday, 12 April 2006, 1:09 AM CET

Enterprises struggling with privacy management
HP says companies face outside pressure, system complexities in securing data. [more]
Wednesday, 12 April 2006, 12:47 AM CET

Fla. residents' data exposure a statewide issue
Social Security numbers, bank info is available via county Web sites. [more]
Wednesday, 12 April 2006, 12:42 AM CET

The case of the non-viral virus
Have you heard the "news"? There's a new virus that attacks both Linux and Windows machines. [more]
Wednesday, 12 April 2006, 12:28 AM CET

Security group calls on congress
Public confidence in e-commerce will erode if Congress does not step forward and pass a meaningful national data breach disclosure law this year, according to the Cyber Security Industry Alliance (CSIA). [more]
Wednesday, 12 April 2006, 12:12 AM CET

DJ typing style used to securely distribute music
A technique used by Bletchley Park cryptographers to identify operators is being applied to distribute musical recordings to DJs securely using the internet. [more]
Wednesday, 12 April 2006, 12:03 AM CET

Europe's domain registry being hijacked?
GoDaddy CEO says registry's inept organization is resulting in 'a really large scam'. [more]
Tuesday, 11 April 2006, 5:18 PM CET

Do dedicated security vendors have a future?
McAfee proudly proclaims itself "the largest dedicated [IT] security company in the world". [more]
Tuesday, 11 April 2006, 4:52 PM CET

Oracle accidentally releases exploit code
Information was posted about an unpatched vulnerability in Oracle Database 9i and 10g. [more]
Tuesday, 11 April 2006, 4:48 PM CET

Can you recommend a checklist for a network security policy?
There are many threats that today's growing small businesses need to be concerned with. Paramount among these concerns are content-related and physical-access threats. [more]
Tuesday, 11 April 2006, 4:46 PM CET

Build your own gateway firewall
Learn how to build your own gateway firewall using FreeBSD and old PC parts. [more]
Tuesday, 11 April 2006, 3:46 PM CET

UK falls short in data protection
UK businesses are failing to protect their customers' personal information, a survey from the Department of Trade and Industry has revealed. [more]
Tuesday, 11 April 2006, 3:44 PM CET

Oracle slip-up results in leaked exploit information
Vendors typically frown upon the premature publication of vulnerability and exploit information and usually its the discoverer who is the source of the leak. [more]
Tuesday, 11 April 2006, 2:31 AM CET

Who is spying on you at work?
The rationale behind monitoring employees is that a computer at work is a corporate tool for enhancing the employee's productivity. [more]
Tuesday, 11 April 2006, 2:10 AM CET

NZ sites vulnerable to Google hacking
NZ websites more vulnerable to Google hackers than Australian websites, says study. [more]
Tuesday, 11 April 2006, 1:39 AM CET

IBM's new security chip 'one of the most paranoid devices on the planet'
IBM researchers say that unless the encryption function is performed by a computer's central processing unit, a savvy hacker can tap into the pathway between the machine's brain and the separate encryption engine. [more]
Tuesday, 11 April 2006, 1:19 AM CET

SEC must shore up IT security, says GAO
The U.S. Securities and Exchange Commission must bolster its information security to protect corporate financial data and other sensitive information stored in its IT systems, according to a report released late last month by the Government Accountability Office. [more]
Tuesday, 11 April 2006, 12:55 AM CET

Free fraud prevention training DVDs from the USPS
Good training videos are hard to come by, and usually expensive. But the United States Postal Service is offering up a series of seven DVD's that cover different aspects of fraud prevention, ranging from recovering from identity theft to work-at-home fraud to telemarketing fraud. [more]
Tuesday, 11 April 2006, 12:40 AM CET

Microsoft exec warns of rootkits
If your system gets infiltrated by a rootkit, you might as well just "waste the system entirely," a Microsoft official told fellow security professionals last week at the annual InfoSec Conference here. [more]
Tuesday, 11 April 2006, 12:20 AM CET

Factor authentication in online banking
When you set out to choose a bank, you might want to start paying as much attention to their online security systems as you do to their interest rates. Pat McKenna explores the current holes in online banking - and the future solutions. [more]
Tuesday, 11 April 2006, 12:01 AM CET

Sudoku used as bait for adware download
It's common practice for hackers to attempt to trick users into visiting maliciously constructed websites by offering either warez or smut. These pages are designed to exploit various software vulnerabilities in order to install malware onto victims' machines. [more]
Monday, 10 April 2006, 4:34 PM CET

Online security strengthened to protect consumers
Validation authorities and browser developers tighten golden padlock certificates to prevent fraud. [more]
Monday, 10 April 2006, 4:33 PM CET

Phishers are improving their chances of success with targeted attacks
Phishers are using a lesson learned from virus and worm writers to improve their chances of success. Over time virus and worm authors discovered that is was not necessarily the malicious payload of their craft that was alerting the internet community that trouble was on the way. [more]
Monday, 10 April 2006, 4:22 PM CET

Wiretapping on the increase in Europe
In Europe, Big Brother is listening — and being allowed to hear more and more. [more]
Monday, 10 April 2006, 3:40 PM CET

Some highlights from CanSecWest
Last week at the CanSecWest security conference in Vancouver, B.C., the attendees were mainly security experts who get paid to think like the bad guys and find the flaws and holes in complex communications systems and software before criminals can exploit them. [more]
Monday, 10 April 2006, 3:33 PM CET

Tips for creating strong passwords you can remember
One of the problem with passwords is that users forget them. In an effort to not forget them, they use simple things like their dog’s name, their son’s first name and birthdate, the name of the current month- anything that will give them a clue to remember what their password is. [more]
Monday, 10 April 2006, 3:32 PM CET

Building a Linux supercomputer using SSH and PVM
If you have a couple of old Linux boxes sitting around, then you've got the makings of a supercomputer. Dust them off, install Secure Shell (SSH) and Parallel Virtual Machine (PVM), and start your complex algorithms. [more]
Monday, 10 April 2006, 3:31 PM CET

All about NSA's and AT&T's Big Brother machine, the Narus 6400
The system monitors 10 billion bits per second at level four and 2500 million bits per second at level seven. [more]
Monday, 10 April 2006, 2:52 AM CET

Security tokens not a cure-all for online fraud
Security tokens aren't the panacea for online fraud that they're made out to be and are too expensive to be used by more than a handful of a bank's customers, says the head of United States security firm RSA's consumer division. [more]
Monday, 10 April 2006, 2:03 AM CET

Researchers seek to save VoIP from security threats
VoIP spam, denials of service and 911 services will be some of the research areas. [more]
Monday, 10 April 2006, 1:45 AM CET

Home network router security secrets
Ever delve inside your home network routers and use the hidden security settings that can lock down a network nice and tight? Most people never do. Andy Walker reveals 10 secrets on how to easily access your router's security settings. [more]
Monday, 10 April 2006, 1:24 AM CET

VoIP maybe not so secure?
There's been a lot of concern both here and abroad about ISPs blocking or degrading the quality of VoIP services like Skype and Vonage. [more]
Monday, 10 April 2006, 1:09 AM CET

Researchers worry over new cross-platform viruses
Security researchers worry that the malicious code may be part of a disturbing new trend of viruses that could infect both Linux and Windows PCs. [more]
Monday, 10 April 2006, 12:45 AM CET

What does it mean to build secure Linux?
As the Linux operating system makes ever-deeper inroads into government data centers, agencies need to feel comfortable that the open-source computing infrastructures they’re rolling out are indeed secure. [more]
Monday, 10 April 2006, 12:34 AM CET

Registrar's database said to have exposed data
A database problem with a U.S. domain name registrar exposed sensitive financial and personal information relating to thousands of domain name registrations, a Dutch company said Friday. [more]
Monday, 10 April 2006, 12:22 AM CET

AT&T forwards all Internet traffic into NSA
The Electronic Frontier Foundation (EFF) on Wednesday filed the legal briefs and evidence supporting its motion for a preliminary injunction in its class-action lawsuit against AT&T. [more]
Friday, 7 April 2006, 7:44 PM CET

Gearing up for hacking takedowns
Wrestling malicious phishing and bot sites into submission requires a group effort. [more]
Friday, 7 April 2006, 6:00 PM CET

IRS's inadequate security leaves taxpayer data largely unprotected
Recently, IRS has come under fire for issues related to individual privacy. Government reports have found that the agency has poor physical and electronic security, and it has had considerable trouble with its contractors improperly accessing and collecting sensitive taxpayer information. [more]
Friday, 7 April 2006, 4:39 PM CET

German Postbank uses e-signatures to curb phishing
German bank Postbank is going to introduce electronic signatures to all email correspondence with its customers in an attempt to curb phishing. [more]
Friday, 7 April 2006, 4:36 PM CET

FTC levies fine against big-league spammers
The U.S. Federal Trade Comission said it has closed down a spam operation in California that sent millions of unwanted messages to online users across the country and fined the companies involved about $2.4 million. [more]
Friday, 7 April 2006, 4:21 PM CET

Anti-piracy lobby tries softer approach in China
BSA argues the case that legal software is good for China's economy. [more]
Friday, 7 April 2006, 4:20 PM CET

Keynote video from HITBSecConf2005
Here's a professionally shot video showing the Mikko Hypponen keynote presentation in the HITBSecConf2005 security conference in Kuala Lumpur, Malaysia in September 2005. [more]
Friday, 7 April 2006, 4:18 PM CET

Web services pose growing security risk
Web application tools make it easy for users to ignore the security implications of the software they're building, researcher says. [more]
Friday, 7 April 2006, 3:26 PM CET

Compliance, not malware, drives IT budgets: survey
Chief security officers say their primary reasons for investing in security software have to do with compliance rules, not virus threats. [more]
Friday, 7 April 2006, 2:13 PM CET

Beyond rootkits: world's first standalone kernel mode bot?
A European student has just developed a Proof of Concept for what the developer believes is the world's first kernel mode IRCbot. [more]
Friday, 7 April 2006, 1:13 PM CET

Phishers ring changes with phone scam
Security experts have identified a new phishing scam that uses a toll-free telephone number rather than a bogus website to gather online banking passwords from unwary victims. [more]
Friday, 7 April 2006, 1:03 PM CET

Study shows stock spam boosts prices
Spammers that target a particular company's stock can generally reap a small profit, according to an analysis by two academic researchers presented on Thursday at the CanSecWest Security Conference. [more]
Friday, 7 April 2006, 1:02 PM CET

Airtight security out of reach
Homeland Security spends a great deal of money on advanced technology to protect the United States. How effective is it and how effective can it be? [more]
Friday, 7 April 2006, 1:00 PM CET

Nigerian e-mail scam price tag: $5,000 per victim
Half of victims of the fraud admit losing $5,000 or more, far more than any other online scam, a government report reveals. [more]
Friday, 7 April 2006, 2:25 AM CET

Lawmakers target six top copyright piracy countries
The congressional group will focus on copyright piracy in China and Russia, because the "scope and depth" of the problem in those countries, it said. [more]
Friday, 7 April 2006, 1:34 AM CET

Nigerian scammers scramble as IRS deadline looms
The tricksters increasingly are targeting events and users directly, experts say, and tax day is April 17. [more]
Friday, 7 April 2006, 12:45 AM CET

Groups argue over merits of flaw bounties
Vulnerability researchers, software makers, and security companies that buy information about software flaws found little in common during a panel discussion on Wednesday debating the merits of vulnerability-purchasing programs. [more]
Friday, 7 April 2006, 12:37 AM CET

Microsoft to issue five security fixes
Microsoft today said it plans to issue at least five free software updates next week to fix security flaws in its Windows operating system and other software products. [more]
Friday, 7 April 2006, 12:34 AM CET

Ultra-secure Linux evolves for the enterprise
Kernel modifications discussed at this week's LinuxWorld Expo. [more]
Friday, 7 April 2006, 12:20 AM CET

US security official nabbed in online sting
Brian J Doyle charged with seven counts of using a computer to seduce a child. [more]
Friday, 7 April 2006, 12:12 AM CET

Who shall we rob today?
Remember those old black and white movies, the stocking masks, the pick axe handles, the sawn off shotguns and the white 2.8 Jaguar as the getaway car? Lots of action and great car chases! A far cry from today’s highly organised and sophisticated bandits, with high performance computers, network sniffers, switched on hackers, infiltrating software and highly motivated planted operatives. [more]
Friday, 7 April 2006, 12:11 AM CET

Set up a secure IMAP/POP3 server with Dovecot
Internet Message Access Protocol (IMAP) servers such as Courier-IMAP and Cyrus IMAP may work well, but they’re complicated to install and configure. [more]
Thursday, 6 April 2006, 1:27 PM CET

On log sharing
So, it is often reported that since the “bad guys” share technology information (such as exploits, bot access, malware, etc), the “good guys” should ramp up their sharing efforts as well. But companies’ unwillingness to share data that might, under the circumstances, be considered sensitive is legendary – and understandable.
Thursday, 6 April 2006, 1:13 PM CET

Senator questions FBI on ChoicePoint contract
A top Democrat in the U.S. Senate questioned Wednesday why the U.S. Department of Justice (DOJ) continues to do business with data broker ChoicePoint Inc. a year after the company announced a data breach potentially affecting 145,000 U.S. residents. [more]
Thursday, 6 April 2006, 1:12 PM CET

Review: Network Box SME 250 security appliance
Get hassle-free protection from Internet threats. [more]
Thursday, 6 April 2006, 1:09 PM CET

Why VOIP needs crypto
There are basically four ways to eavesdrop on a telephone call... [more]
Thursday, 6 April 2006, 1:05 PM CET

HP printer users warned of critical flaw
Issue affects control software in Color LaserJet 2500 and 4600 printers. [more]
Thursday, 6 April 2006, 2:38 AM CET

More accurate on the eye
The Home Office identity cards team has reported progress in improving verification by iris scans, but problems with other biometrics apparently persist. [more]
Thursday, 6 April 2006, 2:26 AM CET

Verizon launches secure IM service
Hosted Secure IM Service provides protection against worms, viruses, and 'spim'. [more]
Thursday, 6 April 2006, 2:10 AM CET

Phishers catch Internet Explorer again
A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks. [more]
Thursday, 6 April 2006, 1:54 AM CET

Security concerns could slow RFID
The problem is that RFID chips and readers "talk to everybody", says RFID developer. [more]
Thursday, 6 April 2006, 1:41 AM CET

Agency’s e-crime push wins industry backing
The financial services industry has welcomed Tony Blair’s launch of the UK’s Serious Organised Crime Agency (SOCA), saying it will help tackle the growth of online identity theft. [more]
Thursday, 6 April 2006, 1:33 AM CET

Social engineering trumps flaws?
Good social engineering can threaten users more than a serious software flaw, Microsoft's Anti-Malware Engineering Team argued in a blog post on Tuesday. [more]
Thursday, 6 April 2006, 1:12 AM CET

Research reveals phishing hooks
Sophisticated phishing scams could be catching out 90% of those that see them, research suggests. [more]
Thursday, 6 April 2006, 12:47 AM CET

Virus writers at war
The confrontation between virus writers and the anti-virus industry is escalating, with malware authors also going after fellow VXers. [more]
Thursday, 6 April 2006, 12:37 AM CET

AJAX - is your application secure enough?
We see it all around us, recently. Web applications get niftier by the day by utilising the various new techniques recently introduced in a few web-browsers, like I.E. and Firefox. One of those new techniques involves using Javascript. More specifically, the XmlHttpRequest-class, or object. [more]
Wednesday, 5 April 2006, 3:51 PM CET

Removing a user from a Linux system
Employee turnover in most organizations runs high. So unless you run a small shop with a stable user base, you need to learn how to clean up after an employee leaves. [more]
Wednesday, 5 April 2006, 1:04 PM CET

Microsoft security manager warns of the dangers of rootkits
Spyware and malware have been an ongoing problem for personal computer users, but recently the bad guys have started to get really nasty. [more]
Wednesday, 5 April 2006, 11:32 AM CET

Report claims Yahoo may gain from adware click fraud
Harvard researcher Ben Edelman released a report tying Yahoo to adware vendors that he claimed were displaying pop-up advertising that appeared to commit click fraud. [more]
Wednesday, 5 April 2006, 11:32 AM CET

Discovering wireless networks with Kismet
Earlier this month we looked at NetStumbler, an application for surveying wireless networks. [more]
Wednesday, 5 April 2006, 11:30 AM CET

Trojan-powered scam network dismantled
Banks, telecos, hotels, airlines and international betting services were among those affected by the creation and sale of Briz Trojans, a malware-creation-for-hire scam recently uncovered by security researchers. [more]
Wednesday, 5 April 2006, 11:28 AM CET

Feds, Microsoft sign whole of govt security deal
The Australian federal government has signed a whole-of-government agreement with Microsoft to exchange information on security issues ranging from cyberterrorism and general security bulletins. [more]
Wednesday, 5 April 2006, 11:25 AM CET

Companies spooked about smart phone security
Most companies won't deploy smart phones to workers because of security worries, a survey released by the research arm of the Economist claimed Tuesday. [more]
Wednesday, 5 April 2006, 3:03 AM CET

Targeted Trojan attacks gaining momentum
While the amount of malware that hit the Internet increased in March, the number of mass-mailing worms seems to be on a downward slide, according to anti-virus experts. [more]
Wednesday, 5 April 2006, 2:50 AM CET

NY attorney general files spyware suit
The suit, which accuses Direct Revenue of secretly installing millions of pop-up ad programs and spyware, is seeking a stop order, an accounting of the company's revenues, and penalties. [more]
Wednesday, 5 April 2006, 2:04 AM CET

Security fears, cost delay mobile deployments at work
Around 60% of bsuinesses surveyed are hesitating. [more]
Wednesday, 5 April 2006, 1:40 AM CET

Stopping PC spies at the gate
"If you want to avoid spyware, there are certain parts of the Web you should stay away from. They're the dark alleys of the Internet world. Basically, you visit a game cheat site, and you're vulnerable for spyware. A kids site will open you up to adware," said Dave Cole, director of Symantec Security Response. [more]
Wednesday, 5 April 2006, 1:09 AM CET

Germany's FBI bust phishing gang
German federal police on Tuesday arrested seven members of a suspected phishing gang on fraud charges after a three-month investigation. [more]
Wednesday, 5 April 2006, 12:51 AM CET

Two attacks against VoIP
VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. [more]
Wednesday, 5 April 2006, 12:36 AM CET

Network Solutions knocked down again
A network list used by network operators indicated the company may have had an issue at a data center. [more]
Wednesday, 5 April 2006, 12:12 AM CET

Budgeting for security breaches
Losing customer data is a huge headache for which businesses must be prepared. [more]
Tuesday, 4 April 2006, 1:59 PM CET

Air transport sector gets IT security standard
Benchmark intended to bolster security within the industry. [more]
Tuesday, 4 April 2006, 1:59 PM CET

Building IT security for flexible working
In the dark ages of five years ago, we had suppliers selling us standalone security systems based on securing this platform, this data, this application, these PCs and so on. [more]
Tuesday, 4 April 2006, 1:26 PM CET

A student-hacker showdown at the collegiate cyber defense competition
Students faced off against experienced hackers at the Mid-Atlantic Regional Collegiate Cyber Defense Competition. The students' goal: lock down unfamiliar systems and secure their networks. [more]
Tuesday, 4 April 2006, 1:23 PM CET

Password recovery speeds
This document shows the approximate amount of time required for a computer or a cluster of computers to guess various passwords. [more]
Tuesday, 4 April 2006, 12:54 PM CET

Phishing steals spotlight at MIT Spam Conference
While the volume of unwanted e-mail ebbs and flows, the nature of unwanted e-mail is steadily becoming more dangerous, say spam experts. [more]
Tuesday, 4 April 2006, 12:53 PM CET

802.11w fills wireless security holes
EEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. [more]
Tuesday, 4 April 2006, 12:44 PM CET

Test: network disruption and Denial of Service
This article contains a brief self-test that should help you to consider the reality of the threat and how seriously it ought to be pursued. [more]
Tuesday, 4 April 2006, 2:43 AM CET

Real world impact of IE flaw
It is easy to write about the latest security flaw in Microsoft's Windows operating system as if it were some abstract threat that hackers may or may not get around to exploiting at some point. [more]
Tuesday, 4 April 2006, 1:33 AM CET

Optimized IE exploit speeds up infection
A security company warns of a new twist on the existing exploit of Internet Explorer's zero-day vulnerability. In this case, the exploit is optimized to take much less time to execute than the original. [more]
Tuesday, 4 April 2006, 12:29 AM CET

Pins are card security's Achilles heel
Paul A Henry, vice president for strategic accounts at Secure Computing. [more]
Tuesday, 4 April 2006, 12:29 AM CET

Are hackers going beyond zero-day attacks?
We've all, no doubt, heard about phishing attacks, but it's not as likely that most people truly understand what the real danger is. [more]
Tuesday, 4 April 2006, 12:19 AM CET

This means Warcraft!
A recent World of Warcraft case involved a WoW book by Brian Knopp that was being sold on eBay. [more]
Tuesday, 4 April 2006, 12:15 AM CET

Anonymizer software circumvents China's Great Firewall
Anti-censorship software circumvents government efforts to block access to certain Web sites. [more]
Monday, 3 April 2006, 5:29 PM CET

Attacks target DNS servers in U.S., Germany
Network Solutions, fend off denial-of-service hits. [more]
Monday, 3 April 2006, 5:27 PM CET

Internet sites must act to protect consumer IDs
Online banks and ecommerce sites should increase security, says research. [more]
Monday, 3 April 2006, 5:25 PM CET

Trend Micro data revealed due to virus
The failure of a Trend Micro Inc. employee to install his company's own antivirus software led to the uploading of some company reports to a popular Japanese peer-to-peer file-sharing network, the company said today. [more]
Monday, 3 April 2006, 5:03 PM CET

Malware Evolution: 2005, part two
This article is a continuation of a previous piece of analysis on malware evolution in 2005, published earlier this year. This second part examines the evolution of the criminal underground and provides an analysis of the current situation, together with examples and statistical data. [more]
Monday, 3 April 2006, 5:02 PM CET

State workers warned of Florida data leak
Sensitive employee data may have been compromised by offshore contractors. [more]
Monday, 3 April 2006, 4:49 PM CET

Virus alerts 'as bad as spam'
Alerts generated by antivirus software are as bad as the spam advertising messages that clog up users' email accounts, according to an industry analyst. [more]
Monday, 3 April 2006, 3:18 PM CET

HiTB to hold hacker workshop
Hack in The Box (HiTB) and its associates, Bellua Asia Pacific, will conduct a two-day, hands-on wireless security training from June 5 to 6 at the Westin Hotel, Kuala Lumpur. [more]
Monday, 3 April 2006, 3:09 PM CET

Vista poses danger to security product vendors: analyst
Microsoft can pull the consumer security software rug out from under its long-time partners and likely avoid antitrust charges by sprinkling security throughout Vista in bits and pieces, an analyst said this week. [more]
Monday, 3 April 2006, 2:39 PM CET

httplib2: HTTP persistence and authentication
Last time we covered HTTP caching and how it can improve the performance of your web service. This time we'll cover some other aspects of HTTP that, if fully utilized, can also speed up your web service. [more]
Monday, 3 April 2006, 2:04 PM CET

CAN-SPAM works but needs more muscle, says attorney
CAN-SPAM still an issue for legitimate marketers trying to stay compliant. [more]
Monday, 3 April 2006, 1:56 PM CET

Hackers use BBC story to bait IE exploit
Hackers are using excerpts from BBC news stories as a lure to trick surfers into visiting a website that exploits a new, unpatched vulnerability in Internet Explorer. [more]
Monday, 3 April 2006, 1:46 PM CET

Secure programming in GNU/Linux systems: part I
This article is a first in series that deal with secure programming and related issues. [more]
Monday, 3 April 2006, 1:12 PM CET

How to review a Linux distribution
New versions of Linux distributions crop up almost every week. On the one hand, it's great that development is so active, but on the other it can be difficult to wade through the options and find the one that suits you best. [more]
Monday, 3 April 2006, 1:09 PM CET

Identity theft hit 3.6 million in U.S.
About 3 percent of households were hit by some sort of ID theft during the first six months of 2004, according a DOJ study. [more]
Monday, 3 April 2006, 1:08 PM CET

What I learned at hacker camp
It's easy to create malicious code, penetrate firewalls, and steal personal and financial information. "Ethical hacker" Andrew Whitaker can show you how. [more]
Monday, 3 April 2006, 1:05 PM CET

A pretty good way to foil the NSA
How easy is it for the average internet user to make a phone call secure enough to frustrate the NSA's extrajudicial surveillance program? [more]
Monday, 3 April 2006, 12:58 PM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Sep 3rd