Off the Wire

Off The Wire Archive

News items for April 2007

Are rootkits the next big threat to enterprises?
Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about US$4 million per month in revenue. [more]
Monday, 30 April 2007, 3:28 PM CET

ID card will be needed to vote, says UK election watchdog
Use it to fix the bit that isn't broken... [more]
Monday, 30 April 2007, 3:26 PM CET

Web 2.0 threats and risks for financial services
Companies are tuning into Web 2.0 but are simultaneously exposing their systems to next generation threats such as Cross site Scripting, Cross Site Request Forgery and Application interconnection issues due to SOA. [more]
Monday, 30 April 2007, 11:26 AM CET

Scaling up processing beyond the firewall
Corporations from many sectors have learned that grids within organizations or departments can not only increase processing capabilities, but also cut operational costs. [more]
Monday, 30 April 2007, 11:07 AM CET

As Web 2.0 evolves, security becomes an issue
Security holes like the one that allowed the Samy worm are all too common on Web 2.0 sites. [more]
Monday, 30 April 2007, 11:00 AM CET

Book review: Writing Secure Code for Windows Vista
This agile volume (two hundred pages about) has to be considered an adjunct to Writing Secure Code. [more]
Monday, 30 April 2007, 3:39 AM CET

When it comes to security don't trust anyone
In Lancaster, the county coroner was brought to court in handcuffs. A grand jury indicted Dr. Gary Kirchner, charging him with giving out his account name and password for a county Web site that contained confidential police 911 information. [more]
Monday, 30 April 2007, 2:18 AM CET

aXXo torrents exploited by malware peddlers
When someone becomes a success by earning the admiration of their peers, there will always be the ‘hangers on’ who want to share the spoils of success. [more]
Monday, 30 April 2007, 2:03 AM CET

Quantum cryptography is hacked
A team of researchers has, for the first time, hacked into a network protected by quantum encryption. [more]
Monday, 30 April 2007, 2:00 AM CET

Google deletes rogue ads, dangers persist
Google has removed ads that appear alongside Google search results that re-directed users to malicious sites. [more]
Monday, 30 April 2007, 12:30 AM CET

Five cheap, effective security tips
While a lot of security technologies come with impressive price tags, there are some fairly inexpensive things you can do to make your enterprise more secure. [more]
Monday, 30 April 2007, 12:12 AM CET

Why companies can't kick the adware habit
Road to nasty affiliations is paved with good intentions. [more]
Monday, 30 April 2007, 12:09 AM CET

Outsourcing security: Worry about cost or focus?
Security work is a lot of fun. There’s always some new threat or technology just over the horizon, challenging our assumptions and existing controls. [more]
Monday, 30 April 2007, 12:06 AM CET

Wi-Fi laptop fears for children
Computers with wireless internet should not be placed on children's laps, says the head of the government's committee on mobile phone safety research. [more]
Monday, 30 April 2007, 12:03 AM CET

NIST completes RFID security guidelines
The National Institute of Standards and Technology's report describes the risks to data security and personal privacy that RFID deployments may pose, and provides best practices and procedures to mitigate those dangers. [more]
Monday, 30 April 2007, 12:02 AM CET

$10K hack challenge winner says Vista's code more secure than Mac's
Nine questions with Dino Dai Zovi. [more]
Monday, 30 April 2007, 12:00 AM CET

How to keep your Wi-Fi network safe
With growing numbers using Wi-Fi in their homes, Paul Rubens looks at how good security is on these networks. [more]
Friday, 27 April 2007, 2:12 PM CET

Student evades Cisco NAC and gets suspended
Cisco adjusts its default settings following student hack. [more]
Friday, 27 April 2007, 12:02 PM CET

The European Parliament approves new, stricter anti-piracy directive
The European Parliament voted yes on the new controversial directive Ipred 2 which concludes that all kinds of infringement of the intellectual copyrights will be considered criminal. [more]
Friday, 27 April 2007, 11:38 AM CET

Ten open source security apps worth considering
Are open source security tools really as secure as those available for sale? [more]
Friday, 27 April 2007, 10:49 AM CET

Breaking rules, leaking data
Computer-security expert Mike Endrizzi has a sure-fire tactic he loves to use when he's auditing businesses that hire him to make sure their networks are airtight. [more]
Friday, 27 April 2007, 10:42 AM CET

$1bn lawsuit takes novel approach in fighting spam
Harvesters of sorrow targeted. [more]
Friday, 27 April 2007, 10:27 AM CET

Five ways to defeat blog trolls and cyberstalkers
Trolling can lead to far worse things, including cyberstalking. [more]
Friday, 27 April 2007, 10:26 AM CET

CyberNET VP gets 5 years in prison for $100 million fraud case
The two-year scam included employees filling empty boxes with bricks, hooking up wires to empty server cases -- and a company president committing suicide. [more]
Friday, 27 April 2007, 4:00 AM CET

Four plead guilty in auction software piracy scheme
Combined, the men sold more than $19 million worth of pirated Rockwell Automation software on eBay. [more]
Friday, 27 April 2007, 3:30 AM CET

E-mail harvesters hit with $1B anti-spam lawsuit
The lawsuit was filed on behalf of Project Honey Pot. [more]
Friday, 27 April 2007, 2:20 AM CET

NY teen hacks AOL, infects systems
A New York teenager broke into AOL networks and databases containing customer information. [more]
Friday, 27 April 2007, 2:18 AM CET

Music industry wins UW IDs in file-sharing case
As many as 53 UW-Madison students could be slapped with lawsuits by the music recording industry after a federal judge on Wednesday ordered the university to surrender their names and other information for sharing digital music files over the Internet. [more]
Friday, 27 April 2007, 12:51 AM CET

UK government apologizes for breaching doctors' personal info
Posted data on physicians included home addresses, sexual orientations. [more]
Friday, 27 April 2007, 12:42 AM CET

Hack challenge QuickTime bug not on the loose
CanSecWest organizers now dispute claim that someone snatched exploit. [more]
Friday, 27 April 2007, 12:33 AM CET

Mobile devices to get security standard
The mobile phone industry has moved forward in its efforts to agree to a global standard for delivering secure services such as credit-card payments on handheld devices, according to an industry executive. [more]
Friday, 27 April 2007, 12:21 AM CET

0wning Vista from the boot
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. [more]
Friday, 27 April 2007, 12:12 AM CET

Ignore the US copyright bullies
Internet law professor Michael Geist says countries should resist US bullying tactics over copyright and intellectual property. [more]
Friday, 27 April 2007, 12:07 AM CET

Disgruntled employees may seek IT revenge
And security software can't detect an employee with a grudge. [more]
Friday, 27 April 2007, 12:06 AM CET

The truth about open source security
Is it better to run your company's firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let's step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in the light of practical reality. [more]
Friday, 27 April 2007, 12:03 AM CET

Pentagon 'hacker' questions US cost claims
Accused Pentagon hacker Gary McKinnon appeared on a hackers' panel at the Infosec show on Thursday. [more]
Friday, 27 April 2007, 12:00 AM CET

Colleges enhancing security
Catholic University in the District is adding sirens to its security cameras. [more]
Thursday, 26 April 2007, 12:03 PM CET

New approaches to malware detection coming into view
The traditional signature-based method to detect viruses and other malware is increasingly seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants. [more]
Thursday, 26 April 2007, 12:00 PM CET

Microsoft's happy bugfinder
Microsoft's Michael Howard is a big-time optimist who wears a "Mr. Happy" t-shirt to work that would no doubt draw nasty snickers from Microsoft security critics. [more]
Thursday, 26 April 2007, 5:56 AM CET

Cisco router emulator Linux installation tutorial
This tutorial demonstrates the installation of dynagen and dynamips on a Linux server. [more]
Thursday, 26 April 2007, 4:04 AM CET

Detective agency 'paid to spy'
A private detective firm earned tens of thousands of pounds by hacking into people's computers and bugging telephones, a court has heard. [more]
Thursday, 26 April 2007, 2:40 AM CET

Experts: U.S. vulnerable to major cyberattacks
Testifying before Congress, several security experts stated that the U.S. needs to make a major investment to tighten up its woeful cybersecurity. [more]
Thursday, 26 April 2007, 2:33 AM CET

California eyes stronger cyberstalking laws
A proposed bill would extend its antistalking laws to the Internet. [more]
Thursday, 26 April 2007, 2:18 AM CET

Municipal Wi-Fi raises privacy concerns
In a study conducted of six proposed municipal Wi-Fi systems in San Francisco, the Electronic Privacy Information Center concluded that only one of the six would adequately protect user privacy, in large part because they did not require users of the system to log in to get access to the Internet. [more]
Thursday, 26 April 2007, 2:12 AM CET

Another 419 scam ring busted
Amsterdam police this week arrested another 419 cell and confiscated computers, fake travel documents, and bogus banking documents. [more]
Thursday, 26 April 2007, 1:15 AM CET

CSO interview: when security and business lock horns
"CSOs need to demonstrate an ROI from the security operations, not just offer opinions about blue or yellow security factors," said McAfee Chief Security Officer Martin Carmichael. "They need to tell that story in business terms. This is not done easily. CSOs must communicate in the language of business, not technology." [more]
Thursday, 26 April 2007, 1:00 AM CET

RFID virus buster builds wireless firewall
Spychips, some privacy campaigners call RFID. [more]
Thursday, 26 April 2007, 12:21 AM CET

A look at BitLocker drive encryption in Windows Vista
BitLocker is a drive encryption technology designed to secure the contents of the entire hard drive from unauthorized access. [more]
Thursday, 26 April 2007, 12:18 AM CET

Yahoo China to appeal music piracy ruling
Yahoo China plans to appeal a ruling that found it guilty of abetting music piracy, the company said Tuesday. [more]
Thursday, 26 April 2007, 12:15 AM CET

Virus writers taint Google Ad links
Virus writers have been gaming Google's "sponsored links" -- the paid ads shown alongside search engine results. [more]
Thursday, 26 April 2007, 12:10 AM CET

U.K. audits government processes for protecting data
An independent reviewer will release a report next month analyzing how U.K. government agencies manage and protect information, a key issue as the U.K. government looks at ways to broaden how different agencies exchange data. [more]
Thursday, 26 April 2007, 12:08 AM CET

Heir 'hired firm to spy on wife'
American banking heir Matthew Mellon paid private detectives to hack into the e-mails of his estranged wife prior to their divorce, a court was told. [more]
Thursday, 26 April 2007, 12:06 AM CET

As Web 2.0 evolves, security becomes an issue
Researchers believe that without radical change in how browsers interact with the Web, security problems will only get worse. [more]
Thursday, 26 April 2007, 12:00 AM CET

Microsoft ups security stance with new labs
In a move to strengthen its response to security threats, Microsoft Corp. is opening two labs to study the growing amount of malicious software circulating on the Internet, security executives announced Wednesday. [more]
Wednesday, 25 April 2007, 6:59 PM CET

Time to take online security seriously
Action is not matching the torrent of words we have been hearing about the mounting risks of lax security policies, writes Emma Nash. [more]
Wednesday, 25 April 2007, 6:58 PM CET

Rogue software floods anti-spyware market
Harmful programs outnumber legitimate software by four to one. [more]
Wednesday, 25 April 2007, 2:59 PM CET

Are data leaks bleeding your company dry?
Businesses are starting to respond to the rising threat levels posed by data leakage from pocket-sized storage devices. [more]
Wednesday, 25 April 2007, 1:53 PM CET

Optical link hacking unsheathed
Optical links are not as secure as might be assumed. Techniques for extracting data flowing over fibre optic links are evolving to make the technique easier to apply. [more]
Wednesday, 25 April 2007, 1:52 PM CET

Spy act only protects vendors and their DRM
Here we go again. Congress has decided it needs to protect us from spyware, but - surprise, surprise - the bill they are most seriously considering actually offers no help in that regard. [more]
Wednesday, 25 April 2007, 11:49 AM CET

Endpoint security: 6 questions to ask before you buy
Here's a roadmap, suggestions on price points, and a guide on what you need to assess before you purchase any endpoint security product for your enterprise. [more]
Wednesday, 25 April 2007, 1:14 AM CET

Microsoft admits Vista security won't change much
Despite the fact we were told that Vista would be much more secure than XP, a top Microsoft security expert has warned that very little will change. [more]
Wednesday, 25 April 2007, 12:45 AM CET

Groups raise concerns about cybersecurity standards
Experts worry that the current cybersecurity bills wouldn't be truly voluntary for companies and that they lean too heavily on mandates rather than incentives. [more]
Wednesday, 25 April 2007, 12:33 AM CET

Symantec and Huawei prep storage and security JV
Huawei Technologies will set up a joint venture with US security software maker Symantec Corp, a bold return into the $40-billion network security and data storage sector for China's top telecom equipment maker. [more]
Wednesday, 25 April 2007, 12:27 AM CET

EU debates criminal sanctions for IP violations
At issue is the inclusion of a reference about intending to profit from the act. [more]
Wednesday, 25 April 2007, 12:22 AM CET

Personal data on 160,00 Neiman Marcus employees at risk
It was contained on computer equipment that's been stolen. [more]
Wednesday, 25 April 2007, 12:18 AM CET

.ANI attacks took swipes at Vista's security
But first OS cuts probably not the deepest in this case. [more]
Wednesday, 25 April 2007, 12:15 AM CET

What, when and how to respond to a data breach
There’s been a data breach. It happened 268 times during 2006 (according to the Privacy Rights Clearinghouse). Now, it’s happened to your organization. What do you do? [more]
Wednesday, 25 April 2007, 12:12 AM CET

Pump-and-dump scammers shill 'China' stocks
But the companies being touted have little to do with that country, regulators warn. [more]
Wednesday, 25 April 2007, 12:00 AM CET

Microsoft business client security to debut at last
Microsoft has been working on the antivirus and antispyware product for business desktops since 2003. [more]
Tuesday, 24 April 2007, 7:48 PM CET

Review: BackTrack 2 security live CD
BackTrack is a live CD Linux distribution that focuses on penetration testing. A merger of two older security-related distros -- Whax and Auditor Security Collection -- BackTrack bundles more than 300 security tools. [more]
Tuesday, 24 April 2007, 6:35 PM CET

US Army team wants second chance at hacker contest
Team of Army hackers will compete at the Hack In The Box security conference. [more]
Tuesday, 24 April 2007, 2:44 PM CET

Net firms 'could do more' to fight viruses
Internet providers could be held responsible for the spread of viruses on private computers, one of Britain's leading experts has claimed. [more]
Tuesday, 24 April 2007, 12:53 PM CET

Put your OpenSSH server in SSHjail
Jailing is a mechanism to virtually change a system's root directory. By employing this method, administrators can isolate services so that they cannot access the real filesystem structure. [more]
Tuesday, 24 April 2007, 12:06 PM CET

Security: Identity systems all about making claims
Rigid, closed identity systems will become irrelevant and a competitive disadvantage, Microsoft’s Kim Cameron says. [more]
Tuesday, 24 April 2007, 5:50 AM CET

Sweetening the honeypot
New free tools and services aimed at making honeynets more manageable are now becoming available. [more]
Tuesday, 24 April 2007, 12:30 AM CET

ID theft task force recommends stronger laws
National law-enforcement effort, less SSN use recommended. [more]
Tuesday, 24 April 2007, 12:27 AM CET

The problem with security process
When you ask most security people if they have a process for something they will answer yes. When you ask them to describe or chart the process things tend to get more than a little cloudy. [more]
Tuesday, 24 April 2007, 12:09 AM CET

Microsoft: No patch yet for DNS Server bug
But it offers help for sys admins who want to block attacks. [more]
Tuesday, 24 April 2007, 12:03 AM CET

Applying an analytical framework
Organize and reuse valuable techniques, tools, and examples. [more]
Tuesday, 24 April 2007, 12:00 AM CET

Privacy groups: double-check DoubleClick deal
The proposed purchase of DoubleClick by Google is raising two key issues for privacy advocates: the massive accumulation of individual user data by both Google and DoubleClick, and the ability to more effectively target individuals across various platforms with this user data in hand. [more]
Monday, 23 April 2007, 6:58 PM CET

Child porn case shows that an open WiFi network is no defense
The merits of leaving your wireless access point (WAP) open have been discussed and debated at length, especially when it comes to law enforcement. [more]
Monday, 23 April 2007, 5:56 PM CET

USDA admits to massive data breach
The USDA is one of many organizations to report data breaches in the first few months of 2007. [more]
Monday, 23 April 2007, 5:52 PM CET

How quickly did you type that password?
A technology which measures the speed of your keystrokes promises to provide a level of 'bio-security' during login. [more]
Monday, 23 April 2007, 3:23 PM CET

Program Names govern admin rights in Vista
Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run. Security experts said the feature might seem odd, but helps to catch out spyware. [more]
Monday, 23 April 2007, 2:11 PM CET

Bulldog gives details on break in
Bulldog Broadband has given some details of the effects of its loss of customer data, and said that it has already improved security procedures. [more]
Monday, 23 April 2007, 1:41 PM CET

Barclays' chip and PIN readers will work for other banks
Barclays Bank is introducing a handheld chip and PIN card reader for the home in an escalation of its online banking security. Other chip and PIN cards will work with the Barclays device, not just cards issued by Barclays. [more]
Monday, 23 April 2007, 1:34 PM CET

Cyberspies exploit Microsoft Office
Cyberspies have a new secret weapon: tainted Microsoft Office files. [more]
Monday, 23 April 2007, 9:13 AM CET

Be careful what you ask for
Our manager asks to be hacked, and that's exactly what he gets -- with a bit of embarrassment thrown in. [more]
Monday, 23 April 2007, 9:10 AM CET

How to configure the Windows Mail junk e-mail settings
The Outlook Express replacement for Vista - Windows Mail - includes a built in spam filter that Microsoft has called Junk E-mail. [more]
Monday, 23 April 2007, 12:45 AM CET

Google's data-storing feature fuels privacy fears
Facing worries about its tracking Web surfers' every move, Google is now offering a feature to track Web surfers' every move. [more]
Monday, 23 April 2007, 12:27 AM CET

Group asks to monitor UK e-voting next month
Variety of e-voting and counting techs to be deployed. [more]
Monday, 23 April 2007, 12:21 AM CET

Satnav hacking made simple
A pair of hackers have demonstrated a way to spoof travel information messages displayed on satellite navigation systems used by Italian drivers to bypass accidents, traffic jams and plot the most efficient routes from one point to another. [more]
Monday, 23 April 2007, 12:12 AM CET

Botconomics: The monetization of your digital assets
A decade ago IF your PC was compromised it was usually just taken for a joy ride... [more]
Monday, 23 April 2007, 12:09 AM CET

Who the heck needs security? You do!
The past isn't always indicative of what will occur in the future. [more]
Monday, 23 April 2007, 12:06 AM CET

Nortel warns of three VPN Router product flaws
Diagnostic accounts, URL tweak, DES problem addressed. [more]
Monday, 23 April 2007, 12:01 AM CET

Security breach at TJX believed to be biggest ever
For at least 17 months, someone had free rein inside TJX Cos.' computers. [more]
Monday, 23 April 2007, 12:00 AM CET

Disgruntled techie attempts Californian power blackout
A cheesed-off American IT worker was seized by an FBI Joint Terrorism Task Force on Wednesday for attacking the Californian electric power grid. [more]
Friday, 20 April 2007, 5:51 PM CET

Botnets battle over turf
More botnet-on-botnet turf wars have erupted -- and intensified -- over the past few months. [more]
Friday, 20 April 2007, 5:27 PM CET

Data breach? Here's what to do, when and how
The key is to prepare ahead of time with a contingency plan that details roles, actions and timelines. [more]
Friday, 20 April 2007, 5:26 PM CET

Google to strengthen Calendar privacy warnings
Forgetful users, including businesses, letting sensitive info slip. [more]
Friday, 20 April 2007, 10:06 AM CET

Attackers improve on JavaScript trickery
As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders' attempts at reverse engineering more difficult. [more]
Friday, 20 April 2007, 10:03 AM CET

Where's the virtual security?
Security struggles to keep up with the virtualized data centre revolution. [more]
Friday, 20 April 2007, 3:03 AM CET

Lawmakers grill U.S. agencies on cyberattacks
In the wake of last week's failing scores in cybersecurity for many government agencies, lawmakers are upset that many agencies haven't inventoried their networks. [more]
Friday, 20 April 2007, 2:00 AM CET

Apple patches 25 security holes
Apple published Security Update 2007-004 for both Mac OS X v10.4.9 and Mac OS X v10.3.9. It’s available for download from Apple’s Web site as well as through the Software Update system preference. [more]
Friday, 20 April 2007, 1:12 AM CET

European e-crime portal scheme floated
British academics and information security experts are teaming up in plans to develop a cybercrime reporting portal for Europe. [more]
Friday, 20 April 2007, 1:10 AM CET

New attack puts routers, cell phones, other gear at risk
Null pointer dereferencing errors in the spotlight. [more]
Friday, 20 April 2007, 12:45 AM CET

DOJ joins suit against HP, Sun and Accenture
HP, Sun and Accenture are charged with making false claims to the U.S. government for work done involving information technology (IT) hardware and services contracts. [more]
Friday, 20 April 2007, 12:27 AM CET

Limited attack potential from Microsoft DNS worm
While Microsoft has not yet said when it will release a patch to fix an under-attack flaw in its server software, most properly protected servers should not be vulnerable. [more]
Friday, 20 April 2007, 12:21 AM CET

Spammers, hackers seize on Virginia Tech shootings
Spam e-mails contain link which installs a Trojan horse program that collects banking details. [more]
Friday, 20 April 2007, 12:15 AM CET

Yahoo sued for providing data on Chinese dissidents
Four were arrested after Yahoo turned over e-mail information. [more]
Friday, 20 April 2007, 12:12 AM CET

US State department rooted by 0-day Word attack
A virus attack aimed at US State Department computers last May penetrated government networks after a worker in Asia opened a contaminated email. [more]
Friday, 20 April 2007, 12:08 AM CET

Mich. community college shut by online threat
Kalamazoo Valley Community College closed for rest of the week. [more]
Friday, 20 April 2007, 12:06 AM CET

Bypassing the security measures of many antivirus programs
A paper has been published that takes a look at several techniques to go over antivirus protection. [more]
Friday, 20 April 2007, 12:03 AM CET

No data stolen in 2006 computer intrusions, says Commerce Dept.
Hackers managed to get into 33 agency computers. [more]
Friday, 20 April 2007, 12:00 AM CET

Video: New Security Features in Internet Explorer 7
Markellos Diorinos from the IE team at Microsoft introduces the new security features in IE 7 and speaks about extended validation SSL certificates. He also covers the Certification Authority Browser Forum whose members apart from Microsoft include also the Mozilla Foundation, Opera Software and KDE. [more]
Thursday, 19 April 2007, 8:03 PM CET

Counter Strike firm in credit card hack claim
Valve Software, the company behind Counter Strike and Half Life, has been accused of covering up a hack of its servers which allegedly exposed the credit card details of thousands of its customers. [more]
Thursday, 19 April 2007, 4:00 PM CET

How security companies sucker us with lemons
More than a year ago, I wrote about the increasing risks of data loss because more and more data fits in smaller and smaller packages. Today I use a 4-GB USB memory stick for backup while I am traveling. I like the convenience, but if I lose the tiny thing I risk all my data. [more]
Thursday, 19 April 2007, 9:08 AM CET

Hackers invited to break into Philippine Internet voting system
Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country's Commission on Elections (Comelec) starting July 10. [more]
Thursday, 19 April 2007, 8:59 AM CET

Student loan companies illegally use US database
The US government has temporarily barred college loan firms accessing a database containing personal and financial details of nearly 60 million people after a Washington Post article reported it was being used illegally. [more]
Thursday, 19 April 2007, 8:58 AM CET

How hackers got Washington
A break-in targeting US State Department computers worldwide last year occurred after an employee in Asia opened a mysterious email that quietly allowed hackers inside the US government's network. [more]
Thursday, 19 April 2007, 8:57 AM CET

Single-victim spam attacks skyrocket
Malicious Microsoft Office documents are the weapon of choice for one-off attacks. [more]
Thursday, 19 April 2007, 12:21 AM CET

Top 10 Internet crimes of 2006
The Internet Crime Complaint Center filed its annual report last month, but didn't get the attention it deserved. A look inside offers some revealing statistics on the darker side of the Web. [more]
Thursday, 19 April 2007, 12:09 AM CET

Microsoft: DNS patch to come by May 8... maybe
Microsoft hopes to fix by May 8 a critical flaw in Windows DNS servers that is being exploited by online criminals, the company said late Tuesday. [more]
Thursday, 19 April 2007, 12:06 AM CET

Uber-rootkits challenge security community
McAfee warns that stealth malware is getting more dangerous. [more]
Thursday, 19 April 2007, 12:00 AM CET

The mushrooming menace of keyloggers
"Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. However, there is an ethical boundary between justified monitoring and monitoring for the purpose of stealing confidential user information -- a boundary marked by a very fine line," said Nikolay Grebennikov, deputy director of Kaspersky Lab's R&D department. [more]
Wednesday, 18 April 2007, 2:43 PM CET

US Navy malware infection risked submarine prang
An American contractor holding top-level security clearance has been convicted of sabotaging critical US Navy computers used for submarine traffic control. [more]
Wednesday, 18 April 2007, 2:42 PM CET

Barclays steps up online security
Barclays Bank is handing out handheld chip-and-pin card readers as part of a new online security initiative. [more]
Wednesday, 18 April 2007, 2:40 PM CET

Hackers turn to PowerPoint for virus infection
Slack patching leaves application open. [more]
Wednesday, 18 April 2007, 2:39 PM CET

Large enterprises still serving up spam
Despite lots of security measures, major corporations are still having internal IP addresses hijacked by spammers. [more]
Wednesday, 18 April 2007, 9:56 AM CET

Tragedy puts spotlight on tech and training
Higher-ed officials adopt measures pioneered after Columbine shootings. [more]
Wednesday, 18 April 2007, 9:52 AM CET

ISP ejects whistle-blowing student
A 21-year-old college student in London had his internet service terminated and was threatened with legal action after publishing details of a critical vulnerability that can compromise the security of the ISP's subscribers. [more]
Wednesday, 18 April 2007, 9:51 AM CET

Microsoft roots out Windows Home Server leak
Leak to didn't come from an MVP, says Redmond. [more]
Wednesday, 18 April 2007, 9:49 AM CET

University admins lend phishers a hand
Lax security at Indiana University appears to have played a key role in highly targeted phishing attack last year that hauled in confidential information on as many as 80 account holders of the school's credit union. [more]
Wednesday, 18 April 2007, 9:49 AM CET

Open-source project aims to erase e-voting fog
Researchers building software they hope will provide a foundation for future secure e-voting systems. [more]
Wednesday, 18 April 2007, 12:21 AM CET

California Senate fights RFID tracking
California's state Senate struck a major blow against the enemies of mankind in the inevitable war against The Machines. [more]
Wednesday, 18 April 2007, 12:21 AM CET

Facial recognition 'proven' as airport crowd filter
Facial recognition cameras have been proven as a means of spotting wanted people in crowds, claimed LogicaCMG. [more]
Wednesday, 18 April 2007, 12:15 AM CET

U.S. House to probe federal network intrusions by foreign hackers
A subcommittee hearing is set for Thursday. [more]
Wednesday, 18 April 2007, 12:06 AM CET

Two arrested over wi-fi 'theft'
Two people have been cautioned for using people's wi-fi broadband internet connections without permission. [more]
Wednesday, 18 April 2007, 12:03 AM CET

US-hosted phishing attacks drop
Phishers increasingly looking to Russia and Hong Kong. [more]
Tuesday, 17 April 2007, 12:52 PM CET

Employers warned on email spying
A new ruling, which said a college had breached a woman's privacy by secretly monitoring her emails, means employers cannot spy on staff, say legal experts. [more]
Tuesday, 17 April 2007, 9:58 AM CET

Data breach aided university phishing scam
A highly targeted phishing attack last year that scammed dozens of Indiana University students out of their personal and financial data appears to have been aided in part by a previously undisclosed hacker break-in at one of the school's main research servers, according to documents unearthed by a doctoral student there. [more]
Tuesday, 17 April 2007, 9:57 AM CET

Consumers 'shun' hacked stores
Customers of companies which lose credit card data to hackers are voting with their wallets and taking their business elsewhere, suggests a survey. [more]
Tuesday, 17 April 2007, 9:46 AM CET

Installing and configuring spamd
Yesterday we looked at spamd, a service designed to reduce the flow of spam to your email inbox. Now that we know some of its advantages, let's put it to work. [more]
Tuesday, 17 April 2007, 9:46 AM CET

U.S. man pleads guilty in p-to-p crackdown
Conviction is the fifth related to an ongoing effort to stop bootlegging and software piracy over peer-to-peer networks. [more]
Tuesday, 17 April 2007, 9:45 AM CET

V.I. Labs adds snooping to antipiracy product
Vendor joins forces with Internet Crimes Group. [more]
Tuesday, 17 April 2007, 9:44 AM CET

P2P worms get their turn
Security experts warn of dangerous new threats arising from new botnet techniques and the consolidation of fraudulent organizations. [more]
Tuesday, 17 April 2007, 12:21 AM CET

Norwegian party pushes for legal file sharing
Group seeks to replace DRM with a compensation fund that gives consumers more say in how they use downloaded music or software. [more]
Tuesday, 17 April 2007, 12:15 AM CET

Should Apple secure its iPods?
Few corporations are likely to ban iPods in the workplace, but whether Apple and other manufacturers of MP3 players shoulder some responsibility to add security to their devices - and how effective that security would be – is a growing debate. [more]
Tuesday, 17 April 2007, 12:06 AM CET

Feds see slight gain on security marks
Overall grade up to C-, but eight agencies still flunk FISMA test. [more]
Tuesday, 17 April 2007, 12:00 AM CET

Nine out of 10 UK firms have VoIP security fears
More than 90% of UK firms fear that the speed of adoption of instant messaging and Voice over IP technologies is outstripping related security measures, research has found. [more]
Monday, 16 April 2007, 5:45 PM CET

The Importance of application classification in secure application development
As organizations race to integrate security into the software development process, they are realizing that many security flaws can be fixed long before deployment. [more]
Monday, 16 April 2007, 5:30 PM CET

Video: Microsoft Information Protection
Keith Brintzenhofe, the Manager of the Information Protection Platform Team at Microsoft, discusses their approach to information protection. He talks about new security capabilities in several Microsoft products, policy creation, the challenges of the virtual workplace, the experience of seamless security for the end user, and much more. [more]
Monday, 16 April 2007, 5:06 PM CET

Notes on Vista forensics
One of the first things to note about users' data files is that they're not where they used to be! Instead of the familiar "Documents and Settings" folder we must instead look to a new folder called "Users". [more]
Monday, 16 April 2007, 4:10 PM CET

Do-it-yourself destruction
For some reason, a lot of IT folks love to try some pretty wacky stuff for themselves. The area of data destruction is no exception. [more]
Monday, 16 April 2007, 4:08 PM CET

Zombies infiltrate US military networks
Security researchers have traced spam-sending botnet clients back to networks run by the US military. [more]
Monday, 16 April 2007, 4:01 PM CET

Stalkers go high tech to intimidate victims
The case had the makings of an eerie cyber-mystery: A young Alexandria woman told local police she suspected that her ex-boyfriend was tapping into her e-mail inbox from thousands of miles away, reading messages before she could and harassing the senders. [more]
Monday, 16 April 2007, 8:37 AM CET

This is how we catch you downloading
All over Europe thousands of people are being threatened with court action for allegedly sharing games like Dream Pinball 3D on P2P networks. [more]
Monday, 16 April 2007, 12:45 AM CET

Bottom line impact of data breaches unclear
Despite dire predictions of massive financial consequences for breached companies, TJX's business has grown in the wake of its data breach. [more]
Monday, 16 April 2007, 12:33 AM CET

Student charged with hacking school computers
Robert Charles Sipes, 17, of Simpsonville told police he had warned the district months before that its system wasn't secure, according to a Mauldin police report. [more]
Monday, 16 April 2007, 12:27 AM CET

Top 10 IT priorities at the DoD
Deputy CIO David Wennergren talks about IT initiatives at the U.S. Department of Defense. [more]
Monday, 16 April 2007, 12:15 AM CET

Bloggers' search for anonymity
The internet has given the individual unprecedented power to reach out to millions but some governments are cautious, even hostile, to giving their citizens free access to ideas they deem too democratic and dangerous. [more]
Monday, 16 April 2007, 12:09 AM CET

Wi-Fi bug found in Linux
A major Linux Wi-Fi driver contains a bug that can allow an attacker to take control of a laptop--even when it is not on a Wi-Fi network. [more]
Monday, 16 April 2007, 12:03 AM CET

CA to pursue co-founder Wang for fraud
A special committee at CA Inc. on Friday released a report that blames co-founder Charles Wang for accounting fraud at the company and recommends suing him for damages and the value of company stock he received. [more]
Monday, 16 April 2007, 12:00 AM CET

Dangerous DNS server bug in Longhorn code, too
Its next-generation server beta will be patched as needed. [more]
Friday, 13 April 2007, 7:59 PM CET

ID theft knows no boundaries
Identity fraud rates are highest in major metropolitan areas. [more]
Friday, 13 April 2007, 7:58 PM CET

10 hot security startups
Some of the brightest minds in security have hitched their wagons to new companies in recent months, and Dark Reading has come up with 10 of the hottest. [more]
Friday, 13 April 2007, 6:04 PM CET

Don't trust online voting, speaker says
MIT prof keynoting Usenix is seriously underwhelmed. [more]
Friday, 13 April 2007, 12:20 PM CET

Demo neuters antiphishing measure
In the unlikely event readers needed another reason to doubt the efficacy of the sitekeys that Bank of America, Yahoo and others claim make their sites more secure, a muck-raking hacker has demonstrated a simple means of thwarting the measure. [more]
Friday, 13 April 2007, 12:27 AM CET

One-time password technology
Securing the data that employees carry around as they go about their daily business is priority No. 1 for businesses today. The stakes are high: Data loss is just the kind of incident that can give a business all kinds of publicity for all the wrong reasons. [more]
Friday, 13 April 2007, 12:24 AM CET

Microsoft: Word 2007 crashes aren't a bug, they're a feature
The Word 2007 bugs pegged as security vulnerabilities by an Israeli researcher are nothing of the sort, Microsoft said today. Instead, the application crashes reported as flaws are actually by design. [more]
Friday, 13 April 2007, 12:21 AM CET

U.S. military plans to put Internet router in space
The U.S. military plans to test an Internet router in space, in a project that could also benefit civilian broadband satellite communications. [more]
Friday, 13 April 2007, 12:15 AM CET

Windows help file flaw poses PC hijack risk
A flaw in the way Microsoft Corp.'s Windows operating system handles help files could let an attacker hijack a targeted computer, security experts say. [more]
Friday, 13 April 2007, 12:09 AM CET

OEM BIOS emulators spoof Vista, make pirated copies look legit
It's 'not our goal to stop every mad scientist,' says Microsoft. [more]
Friday, 13 April 2007, 12:03 AM CET

Xbox 360 HD DVD drive exposes volume ID
The hackers and crackers sure are persistent when it comes to the war on AACS encryption. [more]
Friday, 13 April 2007, 12:00 AM CET

Evil Trojan twins control most of world's botnets
Sdbot and Gaobot malware groups responsible for 80 per cent of botnets. [more]
Thursday, 12 April 2007, 7:47 PM CET

Federal government sees modest computer security gains
The federal government earned an overall grade of "C-minus" last year for securing its computer systems and networks from hackers, viruses and insider threats, a slight improvement from its performance in 2005. [more]
Thursday, 12 April 2007, 6:19 PM CET

Security crucial as intruders grow sophisticated
What technology gadgets do the experts love, or would love to have? is asking experts in several fields about their favorite high-tech toys. This week, we asked security expert Heath Thompson. [more]
Thursday, 12 April 2007, 6:18 PM CET

The fine art of data destruction
Peggy Jones, a business manager for the information-management team at the College of Southern Maryland, was asked recently to help dispose of what she now estimates were about 1,200 old backup tapes and cassettes her IT organization had been storing in a relatively well-fortified walk-in vault. [more]
Thursday, 12 April 2007, 6:15 PM CET

Government predicts one third of people will resist ID checks
One in three people will resist identity checks according to Government figures. [more]
Thursday, 12 April 2007, 6:14 PM CET

Invention: All-knowing browser
Ever given false information when prompted for personal details by a website? Don't worry, the US copying and computing company Xerox hopes to eliminate that kind of questioning because it believes it can get the information without even asking. [more]
Thursday, 12 April 2007, 10:23 AM CET

Ruling: double-edged sword for student privacy and search warrants
Students who connect their computers to a university network can expect a certain degree of privacy regarding their data, according to a ruling made by the US Court of Appeals for the Ninth Circuit. [more]
Thursday, 12 April 2007, 10:22 AM CET

DNA database 'will span most of the UK population'
The Government's DNA retention policy combined with increasingly sophisticated statistical techniques means that eventually most citizens in the UK will be linked to data stored on the police's DNA database, according to a privacy law expert. [more]
Thursday, 12 April 2007, 12:45 AM CET

Microsoft 'wait-and-see' on Vista BIOS hack
Microsoft has no immediate plans to tackle a reported hack to Windows Vista product activation that could allow illegal copies of Windows to be widely installed. [more]
Thursday, 12 April 2007, 12:26 AM CET

Cybersecurity group calls for new government approaches
More carrot, less stick, less DHS. [more]
Thursday, 12 April 2007, 12:26 AM CET

My RFID-embedded car numberplate has a virus
Spyware - malicious programs that covertly track surfing habits or steal confidential data - are likely to migrate onto new platforms, including mobile phones and RFID chips. [more]
Thursday, 12 April 2007, 12:00 AM CET

IRS head: All laptops to be encrypted in weeks
After an auditor found security issues, the U.S. Internal Revenue Service said all laptops will be encrypted within the next few weeks. [more]
Wednesday, 11 April 2007, 2:43 PM CET

All forensics are the same
Evidence is evidence and digital forensics are not different from the more traditional kind. [more]
Wednesday, 11 April 2007, 2:40 PM CET

Video: Hacking the Cisco NAC - NACATTACK
Two security researchers were able to hack the Cisco NAC solution by exploiting a fundamental design flaw. In this video they illustrate how they worked towards this discovery and give us some exploit details. It is not their intention to simply release a tool, they want the audience to understand how Cisco NAC works and why it is not as secure as Cisco wants us to believe. [more]
Wednesday, 11 April 2007, 9:27 AM CET

Spy chief wants expanded powers
McConnell signals more aggressive posture on surveillance authority. [more]
Wednesday, 11 April 2007, 6:58 AM CET

The secrets of laptop encryption
To maximize the effectiveness of encryption in providing effective security assurance solutions, organizations must deploy it as part of a defense-in-depth security stance. [more]
Wednesday, 11 April 2007, 12:45 AM CET

Six tips for a painless Patch Tuesday
A formal patch management process can make a big difference. [more]
Wednesday, 11 April 2007, 12:27 AM CET

Thailand intensifies Web crackdown
With Thailand blocking YouTube last week and shutting down a popular political Web site this week, there is concern that further crackdowns of political dissidents might be in the offing. [more]
Wednesday, 11 April 2007, 12:15 AM CET

Mozilla seeks security researchers to look at alpha code
Mozilla wants to get the security community involved in ironing out possible bugs with the next version of Firefox at an earlier stage. [more]
Wednesday, 11 April 2007, 12:12 AM CET

Step cautiously into an online bank
Taking advantage of virtual bank products, however, involves more than just a few clicks of the mouse. [more]
Wednesday, 11 April 2007, 12:06 AM CET

DVD security group fixes piracy hack
Hackers working late last year and early this year were able to observe computer code found on the PC-based DVD players and discover encryption keys that unlock protections on all high-def discs, so copies could be made. [more]
Wednesday, 11 April 2007, 12:03 AM CET

Hack exposes AACS 'hole'
Hackers appear to have figured out how to access one of the crucial HD DVD encryption keys without having to authorise the data - potentially rendering the latest attempt to block such activity useless. [more]
Wednesday, 11 April 2007, 12:00 AM CET

Moving security to the mainframe
If the adage “everything old is new again” applied, a company called Vanguard Integrity Professionals would join the ranks of Lincoln Logs, short haircuts, and skinny jeans. [more]
Tuesday, 10 April 2007, 4:09 PM CET

Experts eye up iris recognition
Iris recognition is destined to become most used and researched biometric technology, according to industry experts. [more]
Tuesday, 10 April 2007, 4:08 PM CET

Network measurement tool spotlights weakest links
Researchers at the University of Massachusetts, Amherst, have developed a computer-based tool that, when put to use in large distributed networks, could uncover the most used, expensive and vulnerable links. [more]
Tuesday, 10 April 2007, 4:06 PM CET

Over 2,000 sites exploit .ani security flaw
More than 2,000 unique Web sites have been rigged to exploit the animated cursor security flaw in Microsoft's software, according to security vendor Websense Inc. [more]
Tuesday, 10 April 2007, 4:06 PM CET

Hollywood hinders HD DVD, Blu-ray hack
The battle between hackers and the minds behind the security technology built into the Blu-ray Disc and HD DVD next-gen optical disc formats has begun in earnest. [more]
Tuesday, 10 April 2007, 4:05 PM CET

Shoppers risk their information online
Shoppers are willing to have information stored on web sites if it saves time. [more]
Tuesday, 10 April 2007, 12:19 PM CET

Spam makes users turn away from email
Spam volumes to reach 40bn messages in 2007, IDC predicts. [more]
Tuesday, 10 April 2007, 10:16 AM CET

Expert offers tips on cyber security
Despite spending "too much" on Internet security measures, most business owners feel increasingly vulnerable to hacking and outside attacks, according to Ed Amoroso, AT&T Inc.'s chief information security officer. [more]
Tuesday, 10 April 2007, 10:15 AM CET

Microsoft: security at the forefront
Microsoft's new ad campaign for Forefront security products may be a non-competitive event. Why is the question. [more]
Tuesday, 10 April 2007, 10:14 AM CET

Apple offers AirPort Base Station security fix
Firmware updates patch a flaw that prevented the router from acting as a firewall as well as a flaw that could let an attacker view filenames on a connected USB hard drive. [more]
Tuesday, 10 April 2007, 10:06 AM CET

Stakes are high for Vista security
There’s a lot more at stake in Microsoft’s new Vista operating system than many people realize. [more]
Tuesday, 10 April 2007, 12:00 AM CET

HNS podcast: the present state of e-mail security
Amir Lev co-founded Commtouch in February 1991 and serves as CTO and President. In this podcast he discusses the current state of e-mail security and presents an overview of the threats. [more]
Monday, 9 April 2007, 4:21 PM CET

More problems pop up with Microsoft's ANI patch
Company updates hotfix for Windows XP SP2 users. [more]
Monday, 9 April 2007, 3:18 PM CET

‘War driver’ sparks Otago DHB network security review
Anonymous tipster claims it's possible to access patient files over WiFi. [more]
Monday, 9 April 2007, 3:17 PM CET

Bandwidth monitoring with vnStat
If you want to monitor and manage your Internet bandwidth, perhaps to make sure your ISP is not overbilling you, try vnStat, an open source, Linux-based application that gives you a clear picture of your bandwidth usage. [more]
Monday, 9 April 2007, 12:11 PM CET

Easy steps can ensure that no one intercepts your Wi-Fi traffic
Almost all of us have jumped onto someone else's unsecured Wi-Fi network. There's little harm in that if you're just an honest soul looking for an Internet connection. [more]
Monday, 9 April 2007, 11:57 AM CET

Defining privacy - and its limits
A student in a public university dormitory room had a “reasonable expectation of privacy” for his personal computer and its hard drive, a federal appeals court ruled on Thursday. [more]
Monday, 9 April 2007, 11:56 AM CET

How to analyze a trillion log messages?
Somebody posted a message to a loganalysis list seeking help with analyzing a trillion log messages. Yes, you’ve heard it right - a trillion. [more]
Monday, 9 April 2007, 11:55 AM CET

IT workers back 'Nasa hacker' McKinnon
Community service or a fine a better sentence, survey claims. [more]
Monday, 9 April 2007, 11:54 AM CET

Google fixes security hole in Chinese software tool
Also replaces dictionary -- a response to Sohu suit, perhaps? [more]
Monday, 9 April 2007, 9:55 AM CET

Malware outfits put business gloss on illicit IT activities
Like many just-launched e-commerce Web sites, a security-related one that lets visitors transact business in Russian or English has a fairly functional, if somewhat rudimentary, home page. [more]
Monday, 9 April 2007, 9:49 AM CET

Boffins working on RFID super-shield
A group of Dutch researchers at Vrije Universiteit in Amsterdam, led by PhD student Melanie Rieback, is building RFID Guardian, a personal RFID firewall to allow individuals to monitor and control access to RFID tags. [more]
Monday, 9 April 2007, 9:48 AM CET

Caution urged on endpoint VPN security
Companies consider it important to check whether or not remote computers meet corporate security profiles before they gain VPN access, but endpoint checking cannot address all the problems the machines might cause. [more]
Monday, 9 April 2007, 1:00 AM CET

The rise of SSL VPNs
The growth of Secure Sockets Layer virtual private networks (SSL VPNs) has accelerated in the last 12 months due to greater awareness among users of the commercial advantages, better marketing which focuses on benefits rather than technology, and improved security features. [more]
Monday, 9 April 2007, 12:51 AM CET

How SOA increases your application security risk
Service-oriented architectures mean greater reliance on others for development — with all the worries this involves. [more]
Monday, 9 April 2007, 12:33 AM CET

Motherboard maker ASUStek's Web site hacked
Site has been infected with malicious code that exploits the Microsoft cursor animation flaw that was patched earlier this week. [more]
Monday, 9 April 2007, 12:27 AM CET

Possible DoubleClick Sale raises privacy concerns
To what extent would the acquisition of DoubleClick's vast ad-serving network be integrated into the Microsoft or Google network? [more]
Monday, 9 April 2007, 12:21 AM CET

Researchers question Vista security after ANI exploit
The flaw affected every version of Windows. [more]
Monday, 9 April 2007, 12:15 AM CET

10 tips to survive online tax hacker and phishing attacks
As tax season moves into high gear, so do the phishers who are preying on people filing their tax returns. Here are tips on how to keep your money safe. [more]
Monday, 9 April 2007, 12:06 AM CET

Finding security in Windows Mobile monoculture
While experts have long highlighted OS diversity as a major benefit to mobile device security, some enterprise users have actually been waiting to adopt Microsoft's mobile OS, based on concerns for protecting their smartphones. [more]
Monday, 9 April 2007, 12:03 AM CET

Vulnerability assessment - when do we stop looking?
This is a fair and increasingly common question in web application security. [more]
Monday, 9 April 2007, 12:00 AM CET

Security markets: Fame to fortune
It used to be that computer attacks were perpetrated mostly for fame and recognition. [more]
Friday, 6 April 2007, 2:50 PM CET

Complex service checks with Nagios
Nagios is a GPL-licensed framework that allows you to intelligently schedule little monitoring programs written in any language you choose. Nagios lets you monitor hosts, services, and networks. Here are a couple of examples of real-world monitoring scenarios. [more]
Friday, 6 April 2007, 11:39 AM CET

Set up Kerberos 5 KDC to use AES encryption
Learn how to set up a Key Distribution Center (KDC) to use Advanced Encryption Standard (AES) encryption to secure tickets. [more]
Friday, 6 April 2007, 11:36 AM CET

Spreadsheet security? What spreadsheet security!
I have written before, and will say again, that Microsoft Excel does not have security. It does actually have some security features but most users don't know about them and, if they do, they are frequently not implemented. [more]
Friday, 6 April 2007, 11:32 AM CET

IRS still losing laptops
Agency admits it misplaced almost 500 devices over the last three years, some with sensitive taxpayer data. [more]
Friday, 6 April 2007, 1:47 AM CET

Microsoft gets back on the patch train for April
Patch Tuesday to yield five bulletins. [more]
Friday, 6 April 2007, 1:46 AM CET

Tony Soprano's laptop
A columnist explores options for keeping a connected guy connected. [more]
Friday, 6 April 2007, 1:44 AM CET

Cursor hackers target WoW players
World of Warcraft players are being targeted by hackers exploiting flaws in how Windows handles animated cursors. [more]
Thursday, 5 April 2007, 5:49 PM CET

Microsoft leans on Vista SP1 site
Microsoft's legal team sent a cease-and-desist e-mail to a Web site owner who has posted more than 100 hot fixes he expects to be in the first Windows Vista service pack (SP1). [more]
Thursday, 5 April 2007, 5:48 PM CET

Vigilantism is a poor response to cyber attack
Last month Marine General James Cartwright told the House Armed Services Committee that the best cyber defense is a good offense. [more]
Thursday, 5 April 2007, 5:47 PM CET

An inside look into building and releasing MS07-017
MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. [more]
Thursday, 5 April 2007, 2:00 AM CET

UCSF computer security breach affects 46,000 (maybe)
A UCSF computer server containing confidential information on about 46,000 people may have been hacked into, the University warned today. [more]
Thursday, 5 April 2007, 1:18 AM CET

Domain name application gives phishers a new foe
Ben Jackson's goal is to stymie people who develop phishing sites -- misleading Web sites designed to steal people's personal information. [more]
Thursday, 5 April 2007, 12:30 AM CET

Hackers have their sights set on games
Gamers will be a major target for hackers this year, according to Australian computer security experts, with console users and players of online PC games such as World of Warcraft at risk of attack. [more]
Thursday, 5 April 2007, 12:21 AM CET

Hackers now offer subscription services, support for their malware
But wait, there's more! They'll even guarantee results. [more]
Thursday, 5 April 2007, 12:12 AM CET

Don't use WEP for Wi-Fi security, researchers say
The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. [more]
Thursday, 5 April 2007, 12:03 AM CET

Spammers feast on ANI vulnerability
Microsoft moved to fix the critical .ANI vulnerability that affects roughly a dozen of its most popular products, including Vista, but spammers and malware brokers are already tapping into the flaw to infect unprotected machines. [more]
Thursday, 5 April 2007, 12:00 AM CET

Wal-Mart defends but doesn't detail security measures
Wal-Mart defended its security measures after a fired employee went public Wednesday with allegations of extensive corporate surveillance of the retailer's critics, consultants and shareholders. [more]
Wednesday, 4 April 2007, 4:50 PM CET

'Talking' CCTV scolds offenders
"Talking" CCTV cameras that tell off people dropping litter or committing anti-social behaviour are to be extended to 20 areas across England. [more]
Wednesday, 4 April 2007, 4:23 PM CET

E-crime is a national concern
A key sticking point is the money - an extra job for the Met would require extra funding from the Home Office. [more]
Wednesday, 4 April 2007, 4:22 PM CET

Hackers convened in Amsterdam for Black Hat Europe
Last week an impressive crowd of security professionals, high profile speakers, hackers as well as incognito individuals going only by their first name, gathered at the Moevenpick Hotel Amsterdam City Centre in the Netherlands to attend one of the most important security events in the world - Black Hat Briefings & Training Europe. [more]
Wednesday, 4 April 2007, 12:58 PM CET

Gartner warns on virtualisation security lapses
Virtualisation will be the target of new security threats, warns analyst. [more]
Wednesday, 4 April 2007, 12:58 PM CET

Fragmented security puts eight out of 10 firms at risk
More than eight out of 10 UK businesses are at risk because their security controls are “fragmented”, new research has revealed. [more]
Wednesday, 4 April 2007, 12:57 PM CET

Firefox also vulnerable to Windows cursor exploit
Windows gets a patch but alternative browsers still at risk. [more]
Wednesday, 4 April 2007, 11:22 AM CET

Debate lingers over federal data-handling laws
As Congress mulls a handful of bills that propose national standards for consumer data protection, business leaders and privacy advocates are still contesting potential risks and benefits of the legislation. [more]
Wednesday, 4 April 2007, 11:19 AM CET

Cyber bullying threat to teachers
Teachers are calling for much tougher restrictions to protect staff from "cyber bullying" by pupils. [more]
Wednesday, 4 April 2007, 2:00 AM CET

Homeland Security grabs for net's master keys
The US Department of Homeland Security is pushing to get hold of the master keys for a proposed revision of the internet's domain name system. [more]
Wednesday, 4 April 2007, 1:21 AM CET

Web services security document published
The Web Services Interoperability Organization (WS-I) announced on Tuesday publication of its WS-I Basic Security Profile 1.0, serving as a guide to enable secure, interoperable Web services. [more]
Wednesday, 4 April 2007, 1:15 AM CET

RFID holes create security concerns
One way to gauge how much security to devote to RFID projects is by asking how much does the company value the information that is to be stored on these tags. If the information is at all sensitive -- such as personal customer or employee information -- or could be used to harm the company, say by allowing an intruder to break into the building, then security needs to top the list of requirements. [more]
Wednesday, 4 April 2007, 1:09 AM CET

Microsoft falls for Vista security hoax
April fools joke fails to catch gullible media. [more]
Wednesday, 4 April 2007, 1:00 AM CET

Schneier says full disclosure of vulns a 'damned good idea'
Opinion: Revealing flaws forces vendors to patch them. [more]
Wednesday, 4 April 2007, 12:36 AM CET

Five golden steps to stopping the sabotage of sensitive corporate data
It is essential that adequate controls are put in place to ensure that sensitive data is protected from abuse. Many organisations today have implemented solutions that guarantee that no matter how resourceful or determined someone may be, the organisation can remove this risk. At a minimum the following list can serve as a useful guideline on how to do this. [more]
Wednesday, 4 April 2007, 12:21 AM CET

Poor Wi-Fi security leaves users at serious risk
Unsecured connections creating a hackers' playground. [more]
Wednesday, 4 April 2007, 12:09 AM CET

Bad web habits risk our security
Security experts have blamed the continued prevalance of older viruses such as the Netsky and Mytob worms on people's bad habits. [more]
Wednesday, 4 April 2007, 12:02 AM CET

Virus gang warfare spills onto the Net
There might be a gang fight raging in your bedroom or study right now. There's no gunfire, no blood, and you won’t smell any smoke. But there is a battle. The fight is over your bandwidth and your PC processing power. [more]
Wednesday, 4 April 2007, 12:00 AM CET

How to fix e-mail authentication spec
Proposal would add trusted remailers to the SPF authentication spec. [more]
Tuesday, 3 April 2007, 1:30 PM CET

UK hacker loses extradition fight
A British man has lost his High Court fight against extradition to the US for allegedly carrying out the "biggest military computer hack of all time". [more]
Tuesday, 3 April 2007, 1:20 PM CET

How to import saved Firefox passwords into KeePass
The two places I store my ever-lengthening list of passwords are 1.) a KeePass database and 2.) in Firefox's password manager. [more]
Tuesday, 3 April 2007, 8:00 AM CET

Securing a new age workforce
Computer security professionals should be more proactive in protecting corporate networks, in light of business employees today being more mobile than ever. [more]
Tuesday, 3 April 2007, 7:54 AM CET

Radio Shack may have tossed 'thousands' of customer records into dumpster
Texas AG charges substantial violation of identity protection laws. [more]
Tuesday, 3 April 2007, 7:52 AM CET

JavaScript botnet code escapes ShmooCon, leaks to Web
Fast-typing attendee has a naive moment, and then Digg kicked in. [more]
Tuesday, 3 April 2007, 1:00 AM CET

Risky e-mail use: What government and corporate users need to know
Clear policies, high-tech tools can help protect organizations. [more]
Tuesday, 3 April 2007, 12:18 AM CET

JavaScript hijacking
An increasing number of rich Web applications, often called AJAX applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. [more]
Tuesday, 3 April 2007, 12:15 AM CET

Inspector lists computers with atomic secrets as missing
The office in charge of protecting American technical secrets about nuclear weapons from foreign spies is missing 20 desktop computers, at least 14 of which have been used for classified information, the Energy Department inspector general reported on Friday. [more]
Tuesday, 3 April 2007, 12:12 AM CET

Who's guarding your data in the cybervault?
More than 500 incidents ranging from TJX to the Department of Veterans Affairs have been reported, involving records lost for tens of millions individuals since 2005. [more]
Tuesday, 3 April 2007, 12:06 AM CET

With attacks increasing Windows patch coming early
Microsoft has decided to rush out a fix for a flaw in its Windows operating system, saying that the problem has become too serious to ignore. [more]
Tuesday, 3 April 2007, 12:03 AM CET

Spam: it sucks like a tarpit
Spam sucks. That is the conclusion reached by a roomful of scientists at MIT on Friday after hearing a bunch of new research papers pitched at dealing with the problem. [more]
Tuesday, 3 April 2007, 12:00 AM CET

Exploit code surfaces for CA vulnerability
Successful exploit could offer system-level access. [more]
Monday, 2 April 2007, 3:33 PM CET

Microsoft rushes out animated cursor security fix
Patch arrives one week early. [more]
Monday, 2 April 2007, 3:28 PM CET

The ‘evil side’ of the web
The war against computer viruses may no longer be winnable, with criminals and espionage agencies spreading their attacks, experts have warned at the world's biggest computing fair. [more]
Monday, 2 April 2007, 9:42 AM CET

Washington state, DHS may use RFID in licenses
The state of Washington and the U.S. Department of Homeland Security plan to jointly develop a driver’s license, likely embedded with radio frequency identification (RFID) technology, as an alternative to a passport for travel to some countries. [more]
Monday, 2 April 2007, 9:39 AM CET

A new, improved visualization for Web derver logs
Access logfiles from a web server need to be filtered before the data is passed on to gnuplot. [more]
Monday, 2 April 2007, 12:50 AM CET

Exploit-for-sale hacker pins bug on Vista’s email app
Symantec confirms the bug is exploitable by remote code. [more]
Monday, 2 April 2007, 12:36 AM CET

Common misconceptions about ARP cache poisoning
This article discusses a few misconceptions about ARP cache poisoning, even from people who know what ARP cache poisoning is and (more or less) how it works. [more]
Monday, 2 April 2007, 12:21 AM CET

A bullish outlook for Longhorn security
Vista’s security advances may be ambitious, but they could seem ho-hum in comparison with those of Longhorn when the server OS stampedes on to the scene later this year. [more]
Monday, 2 April 2007, 12:15 AM CET

Eight faces of a hacker
You fight against them every day: hackers, attackers, insiders. You know what they do, but not who they are. [more]
Monday, 2 April 2007, 12:12 AM CET

Hackers target TK Maxx customers
Hackers have stolen information from at least 45.7 million payment cards used by customers of US retailer TJX, which owns TJ Maxx, and UK outlet TK Maxx. [more]
Monday, 2 April 2007, 12:10 AM CET

A virus brings down your enterprise?
As a CIO, being at the helm while handling a crisis is like being a general who is going to war. [more]
Monday, 2 April 2007, 12:06 AM CET

Web 2.0 users open a Pandora’s box of security problems
When she can’t find the financial information she needs in the system, the vice president asks her assistant to export the raw data from the financials database into a text file and email it to her at a remote meeting. [more]
Monday, 2 April 2007, 12:03 AM CET

The pleasures of hacking the Apple TV
The Apple TV comes with a stripped-down version of Apple's OS X, but retains many of its basic features, such as directory structure and file format. [more]
Monday, 2 April 2007, 12:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st