Off the Wire

Off The Wire Archive

News items for May 2002

Korea setting up info center to prevent cybercrime
Korea is opening "Information Sharing and Analysis Center" to provide enhanced protection for the financial sector from hacking and other forms of cyber terrorism. [more]
Friday, 31 May 2002, 8:17 PM CET

Brit boffin patents 'perfect' password
A British inventor has developed a way of making computer passwords more secure. [more]
Friday, 31 May 2002, 12:02 PM CET

Hi-tech security flaws exposed
A series of exposes and tests have exposed the shortcomings of systems that use face recognition, iris scanning and fingerprints to improve security. [more]
Friday, 31 May 2002, 12:01 PM CET

Security bug closes Inland Revenue site
An Inland Revenue spokeswoman said that the service was suspended after users reported seeing information about other taxpayers. [more]
Friday, 31 May 2002, 11:59 AM CET

RSA Security enhances RSA Keon
RSA Security announced that its RSA Keon digital certificate management software is designed to provide seamless integration support for secure email with Microsoft Exchange Server and Outlook clients. [more]
Friday, 31 May 2002, 11:56 AM CET

A look at HIPAA and security standards
Rothke describes the measures outlined by the Health Insurance Portability & Accountability Act and discusses their ramifications for IT and security administrators within healthcare organizations. [more]
Friday, 31 May 2002, 10:20 AM CET

Intrusion detection: running a hacker simulation
The most common type of hacker simulation is a remote scan of a company's network, which gives the target company an idea of what its networks look like to a hacker on the Internet. [more]
Friday, 31 May 2002, 10:19 AM CET

Japan space hackers nabbed for spying
Three workers at a major Japanese aerospace company have been arrested for allegedly hacking into the computer network of Japan's space agency to spy on a rival company. [more]
Friday, 31 May 2002, 10:16 AM CET

FBI and CIA coming on-line with new powers
The FBI has assumed new powers to investigate people and organizations not even suspected of crime, with blessings from the US Department of Justice and John Ashcroft. [more]
Friday, 31 May 2002, 10:14 AM CET

US TurboLinux security severely out of date
There is a lack of security updates by TurboLinux team and their security announce list is inactive for 4 months. Japanese server has the updates, but the main site is out of sync. [more]
Friday, 31 May 2002, 2:02 AM CET

AOL Plans Secure AIM Services
According to the their web site, AOL will guarantee confidential IM'ing for the enterprise with Secure AIM Services, as the system will seamlessly issue security credentials. [more]
Thursday, 30 May 2002, 7:19 PM CET

Security Advisories Week: 22-29 May 2002
This is an overview of security advisories released by Linux vendors in the past seven days. [more]
Thursday, 30 May 2002, 7:14 PM CET

CERT Summary CS-2002-02 released
Each quarter, CERT issues a summary to draw attention to the types of attacks reported them and on noteworthy incident and vulnerability information. [more]
Thursday, 30 May 2002, 1:41 PM CET

Glitch exposes Fidelity accounts
A design flaw at a Fidelity Investments online service accessible to 300,000 people allowed Canadian account holders to view other customers' account activity. [more]
Thursday, 30 May 2002, 9:44 AM CET

Handling firewalls
Regardless of the size of your business, if you are connected to the Internet you'll want to know the best way to manage your firewall. [more]
Thursday, 30 May 2002, 9:40 AM CET

Cypherpunks aim to torpedo RIP key seizure plan
Privacy activists plan to undermine forthcoming UK Government regulations on the surrender of encryption keys through the release of an open-source cryptography project, called m-o-o-t. [more]
Thursday, 30 May 2002, 9:29 AM CET

PortSentry for Attack Detection - Part Two
This article by Ido Dubrawsky will focus on building, installing, and operating PortSentry. [more]
Thursday, 30 May 2002, 9:26 AM CET attacked
The online store alerted the FBI, credit card companies and customers that someone claiming to be a well-known hacker has broken into its site and stolen customer information. [more]
Thursday, 30 May 2002, 9:20 AM CET

Hearing set on California hacking incident
State senators said they would investigate why it took weeks for 260,000 government employees to be notified that a hacker accessed a computer system containing their personal financial information. [more]
Thursday, 30 May 2002, 9:18 AM CET

Secure your network against viruses and spam
Are you doing enough to control the viruses and spam coming in across your mail servers? Here are some tips for protecting your enterprise from virus attacks and spam. [more]
Thursday, 30 May 2002, 9:17 AM CET

Philippines' landmark hacking case goes to trial
The first hacking case to be filed under Philippine laws went to trial today, starting a groundbreaking legal process that is being viewed as a test case for Internet-related crimes in the country. [more]
Wednesday, 29 May 2002, 4:50 PM CET

Beyond intrusion detection
Liz Simpson talks about intrusion detection and uses two security companies - Counterpane and Securify - to describe the difference in their approach. [more]
Wednesday, 29 May 2002, 4:43 PM CET

Kimble convicted of insider trading
Yesterday we forgot to mention that Kim 'Kimble' Schmitz was convicted of insider trading and sentenced to 20 months probation and a Ä100,000 fine. [more]
Wednesday, 29 May 2002, 4:35 PM CET

Scott Charney interview on eWeek
eWeek's Senior Writer Dennis Fisher spoke with Scott Charney, Microsoft's chief security strategists, about the challenges of his new job and what his priorities will be for the future. [more]
Wednesday, 29 May 2002, 4:31 PM CET

IT Pros: the new porn police?
There's no argument that child pornography is despicable. Should IT pros be forced to notify authorities when they encounter it on the job? [more]
Wednesday, 29 May 2002, 4:19 PM CET

Cyclone: A Safe Dialect of C
Cyclone is a safe dialect of C. This paper examines safety violations enabled by Cís design, and shows how Cyclone avoids them. [more]
Wednesday, 29 May 2002, 3:40 PM CET

Newest IT job title: chief hacking officer
While companies don'l like hiring IT security personnel with prior criminal records, there are advantages to hiring an experienced hacker. [more]
Wednesday, 29 May 2002, 3:37 PM CET

EU law turns ISPs into spies?
Civil liberties groups are vigorously opposing an EU proposal to require detailed and indefinite record-keeping of citizens' phone and Net use, saying it would put ISPs in the "spy business." [more]
Wednesday, 29 May 2002, 12:59 PM CET

Linux vendors to standardize on single distribution
A number of Linux vendors will announce that they have agreed to standardize on a single Linux distribution to try to take on Red Hat Inc.'s dominance in the industry. [more]
Wednesday, 29 May 2002, 12:35 PM CET

FBI's Carnivore-lies may have blown bin Laden inquiry
Fundamental design flaws in Carnivore have led to the destruction of evidence related to a suspect possibly involved in the Al Qaeda network which had been obtained legally. [more]
Wednesday, 29 May 2002, 12:32 PM CET

OpenSSH 3.2.3 released
OpenSSH 3.2.3 has been released. This version was released to fix several problems from the 3.2.2 version that was released earlier this month. [more]
Tuesday, 28 May 2002, 5:58 PM CET

Corporate Security Overview: 21-28 May 2002
Security companies send us their press releases, which we republish in our press section. This is an overview of interesting developments in the corporate security world during the past week. [more]
Tuesday, 28 May 2002, 2:49 PM CET

Security researchers warn of worm blitzkriegs
Security researchers are warning of the availability of more powerful virus writing techniques, which call for a more co-ordinated approach to combat next generation worms. [more]
Tuesday, 28 May 2002, 10:47 AM CET

Three leading Web server shields got tested for security, performance, flexibility and more. [more]
Tuesday, 28 May 2002, 10:38 AM CET

Worms crawl toward instant messaging
IM users should become more security-conscious as IM spreads across devices and invites viruses. [more]
Tuesday, 28 May 2002, 10:16 AM CET

Net effect: antiterror eavesdropping
In the seven months since the passage of a sweeping law to combat terrorism, Internet and telecommunications companies have seen a surge in law enforcement requests to snoop on subscribers. [more]
Tuesday, 28 May 2002, 7:41 AM CET

SQL injection walkthrough
The following article will try to help beginners with grasping the problems facing them while trying to utilize SQL Injection techniques, to successfully utilize them, and to protect themselves from such attacks. [more]
Tuesday, 28 May 2002, 7:26 AM CET

An education in hacking
At Dan Clements' Fraud Museum, businesses can see how online scamsters operate. It's all very informative - maybe too much so. [more]
Tuesday, 28 May 2002, 6:51 AM CET

Security hole strip tease
By letting the public catch a tantalizing peek at unannounced security holes, one bug-finder turns up the heat on vendors to close them. [more]
Tuesday, 28 May 2002, 6:47 AM CET

E-security complacency hounds Asian firms
Most companies in Asia still lack expertise in network security despite spending billions of dollars upgrading and maintaining network systems, according to a speaker at the 2002 Conference on Security. [more]
Tuesday, 28 May 2002, 6:32 AM CET

SANS Security Policy Project
SANS Security Policy Project is a consensus research project of the SANS community. It offers everything you need for development and implementation of information security policies. [more]
Monday, 27 May 2002, 7:30 PM CET

Apple, security, marketing etc.
A survey of Mac users found that more than three quarters of them think their platform is more secure than a PC. [more]
Monday, 27 May 2002, 7:24 PM CET

Opera vulnerability gives up local files
A vulnerability in Opera 6.01 and 6.02 for Windows allows a malicious Web site to grab any file off a client's local drive with ease. [more]
Monday, 27 May 2002, 7:14 PM CET

Klez.H becomes the biggest virus
The computer virus Klez.H has become the biggest of all time, surpassing SirCam, according to Message Labs. [more]
Monday, 27 May 2002, 7:12 PM CET

NAI pulls the plug on CyberCop product line
Products reaching end of life on July 1 include the CyberCop Scanner 5.5, distributed CyberCop Scanner 2.0 and the CyberCop Monitor 2.5. [more]
Monday, 27 May 2002, 5:28 PM CET

HNS Newsletter issue 112 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 27 May 2002, 12:25 PM CET

Slackware 8.1 RC1 now available
The first release candidate for Slackware 8.1 is now available on Recent additions to -current include Mozilla-1.0rc3, KDE-3.0.1, and gcc-3.1. [more]
Monday, 27 May 2002, 12:15 PM CET

Microsoft's monopoly XP fix
The first product changes dictated by a proposed antitrust settlement with Microsoft will appear in a software patch for Windows XP. [more]
Monday, 27 May 2002, 12:06 PM CET

E-gov security gateway in works
The General Services Administration plans to take bids on the development of a security gateway that will provide a single point for users to sign on to access services that require authentication. [more]
Monday, 27 May 2002, 11:56 AM CET

Preventive security needed in today's insecure world
Each year more money is spent on information systems security, and each year there are more incidents, more losses, and greater average losses. This year is expected to be worse. [more]
Monday, 27 May 2002, 11:50 AM CET

Hackers gain entry to California state database
Hackers have cracked into the California state's personnel database and gained access to financial information for all 265,000 state workers, including Governor Gray Davis. [more]
Saturday, 25 May 2002, 11:10 PM CET

ActiveState announced PerlMx 2.0
ActiveState, yesterday announced the 2.0 release of PerlMx, which blocks more than 98% of unsolicited email at the gateway level. [more]
Saturday, 25 May 2002, 3:20 AM CET

Denial of Service vulnerabilities in CBOS
Three new Denial of Service vulnerabilities are identified in Cisco Broadband Operating System (CBOS), an operating system for the Cisco 600 family of routers. [more]
Friday, 24 May 2002, 2:45 PM CET

Updated version of SSH Secure Shell available
SSH advises all users of commercial and non commercial versions of SSH Secure Shell (various versions) to upgrade their software. [more]
Friday, 24 May 2002, 2:39 PM CET

Basic security with passwords
If you're using a password than there must be something worth protecting, so why not make this protection a good one? [more]
Friday, 24 May 2002, 1:18 PM CET

Qwest glitch exposes customer data
Long-distance phone bills and subscriber credit card numbers were wide open when the company's Web-based billing payment system stopped verifying passwords. [more]
Friday, 24 May 2002, 12:18 PM CET

E-mail appending erodes privacy
It can be argued that businesses should be paid for the information they give up to gain e-mail addresses. But they don't realize what they are doing in most cases. [more]
Friday, 24 May 2002, 12:15 PM CET

Linux firewalls
Linux firewalls can be a robust, cost-effective solution for almost any organization, as long as the system is properly configured. [more]
Friday, 24 May 2002, 12:09 PM CET

PDA users disregard security risks
A new UK survey shows that many people do not secure data stored on their PDAs, leaving private and corporate secrets unprotected. [more]
Friday, 24 May 2002, 11:57 AM CET

A vulnerability scan plan
In this article eWeek Labs examines the state of the art in security vulnerability detection from several angles. [more]
Friday, 24 May 2002, 11:53 AM CET

State wiretap usage up 40 percent in 2001
State courts authorized a dramatic increase in the use of electronic surveillance last year, mostly to listen in on cell phones, pagers and other wireless devices. [more]
Friday, 24 May 2002, 11:50 AM CET

Analysis of neural cryptography
This analyzes the security of a new key exchange protocol which is based on mutually learning neural networks. [more]
Friday, 24 May 2002, 11:39 AM CET

Mystery service will "eliminate all viruses"
A secretive new company has boldly claimed that its new service will protect its users from all email viruses. [more]
Thursday, 23 May 2002, 5:08 PM CET

Staying ahead in the security game
Find out about the latest SQL Server security patch, which you can download from Microsoft's Web site, and learn how to sign up for Microsoft's security bulletin service. [more]
Thursday, 23 May 2002, 5:07 PM CET

Securing Microsoft Services
To master Windows security, administrators must master Windows services. They must understand how services work, how they are exploited and how services are secured. [more]
Thursday, 23 May 2002, 5:02 PM CET

A test of the 'Email Security Testing Zone'
GFI Email Security Testing Zone is a place for testing your system for vulnerabilities embedded in the e-mail messages you receive. Here is how it works. [more]
Thursday, 23 May 2002, 3:54 PM CET

Six arrested over 'Nigerian email' frauds
South African police have made a breakthrough against organised criminals who spam Internet users in an attempt to defraud them of thousands of pounds. [more]
Thursday, 23 May 2002, 12:55 PM CET

Act would OK snail mail searches
The House overwhelmingly approves the Customs Border Security Act, which says mail can be searched at the border "without a search warrant." [more]
Thursday, 23 May 2002, 12:52 PM CET

Klez worm hits US State Department
The US State Department has admitted that it has been infected with the Klez virus. [more]
Thursday, 23 May 2002, 12:42 PM CET

Biometric sensors beaten senseless in tests
Have biometric systems developed to the point where they could be a viable alternative to passwords and PINs? [more]
Thursday, 23 May 2002, 12:38 PM CET

Comment: Web sites insecure as ever
Most corporate web sites are fundamentally insecure. This insecurity can allow attackers to access databases, delete or change information, and cause chaos with very little effort or technical know how. [more]
Thursday, 23 May 2002, 12:26 PM CET

Multiple Vulnerabilities in CISCO VoIP Phones
Johnathan Nightingale did a research on CISCO VoIP Phones and found several security vulnerabilities in CP-7960, CP-7940, and CP-7910 phones. [more]
Thursday, 23 May 2002, 12:05 PM CET

Computer crime on the rise
Research firm Computer Economics predicts computer crime will more than double this year while virus incidents are expected to increase by 22 percent. [more]
Wednesday, 22 May 2002, 4:19 PM CET

Psst. I know your password
When a regional health care company called in network protection firm Neohapsis to find the vulnerabilities in its systems, the Chicago-based security company knew a sure place to look. [more]
Wednesday, 22 May 2002, 3:54 PM CET

Symantec announces VelociRaptor 1.5
VelociRaptor 1.5 is a popular firewall and VPN appliance. The new version now provides support for Advanced Encryption Standard and new proxy functions to best secure video conferencing. [more]
Wednesday, 22 May 2002, 1:52 PM CET

Waging war on computer viruses
New net technologies present opportunities for more than just entrepreneurs and venture capitalists. Virus writers like them, too. [more]
Wednesday, 22 May 2002, 1:23 PM CET

The beauty and grace of a worm
The code that makes up malicious e-mail viruses and worms is not only a beautiful thing, but instrumental to growing Internet culture. Hence, an art exhibit in Germany glorifying the little buggers. [more]
Wednesday, 22 May 2002, 1:19 PM CET

Worm targets SQL server software
SQLsnake aka SQL Spida is spreading via Microsoft SQL servers and is responsible for large amounts of Internet traffic as well as millions of TCP/IP probes. [more]
Wednesday, 22 May 2002, 11:44 AM CET

Understanding the motives of malicious coders
The writer draws upon his experiences as a virus writer and as a member of the virus (and anti-virus) community to explore some of the reasons that people would devote their time to developing viruses. [more]
Wednesday, 22 May 2002, 11:39 AM CET

Odyssey makes wireless LANs a safe trip
Funk Software markets its Odyssey network-security product as an end-to-end 802.1x system for enterprise wireless LANs. [more]
Wednesday, 22 May 2002, 11:31 AM CET

A closer look at SNMP
This excerpt from Essential SNMP begins a detailed examination of SNMP and provides graphic illustrations of key concepts. [more]
Wednesday, 22 May 2002, 11:23 AM CET

House passes child-sex crime wiretap bill
The U.S. House of Representatives approved legislation that would give law enforcement new powers to eavesdrop on the telephone conversations of suspected child-sex predators. [more]
Wednesday, 22 May 2002, 11:19 AM CET

Turning pictures into passwords
If your password is as simple as the word, password, then logging on via a picture might be the answer. [more]
Tuesday, 21 May 2002, 5:09 PM CET

Corporate Security Overview: 15-20 May 2002
Security companies send us their press releases, which we republish in our press section. This is an overview of interesting developments in the corporate security world during the past week. [more]
Tuesday, 21 May 2002, 4:03 PM CET

Evolution of Cross-Site Scripting Attacks
This paper predicts that fully and semi-automated techniques will begin to emerge for targeting and hijacking web applications using XSS, thus eliminating the need for active human exploitation. [more]
Tuesday, 21 May 2002, 7:41 AM CET

Cadets keep NSA crackers at bay
Cadets and midshipmen from the nation's military service academies used all their skills to keep production networks up and running while under attack by NSA experts. [more]
Tuesday, 21 May 2002, 7:39 AM CET

The Cross Site Scripting FAQ
This is a FAQ covering Cross Site Scripting. This paper also provides examples of practicle cookie theft, along with public tools for use with testing. [more]
Tuesday, 21 May 2002, 7:18 AM CET

Business continuity plans embrace networks, people
Business needs and the events of Sept. 11 are driving changes on the business continuity and disaster recovery fronts. [more]
Tuesday, 21 May 2002, 7:14 AM CET

Alan Cox talks about laws... and Linux
This set of interview responses from Linux hacker Alan Cox is overtly political. Alan doesn't just talk about problems here but proposes sensible solutions for them. [more]
Tuesday, 21 May 2002, 7:12 AM CET

Security in web services: an evolving threat model
The threat to web services is not about something like root access - it's more about repeated violations and exploitations of the service. [more]
Tuesday, 21 May 2002, 7:02 AM CET

Survey: security remains top priority
Security issues are consuming network executives' thoughts, although not necessarily dictating their spending priorities, according to the ninth annual Network World 500 survey. [more]
Tuesday, 21 May 2002, 6:55 AM CET

Police swoop on 30+ in UK pedo raids
More than 30 people in the United KIngdom have been arrested on suspicion of accessing US-based paedophile Web sites. [more]
Tuesday, 21 May 2002, 2:23 AM CET

Sharp rise in computer crime in Australia
Computer crime in Australia has jumped sharply, despite record spending on IT security, a survey has found. [more]
Monday, 20 May 2002, 7:02 PM CET

CSION Call For Papers
The Computer Security + Intelligence Conference is a three day conference running from August 19-21 focusing on security concepts, security research, and intelligence. [more]
Monday, 20 May 2002, 6:52 PM CET

Information and removal for Kazaa worm
The worm called Benjamin is an "advertiser" worm which is spreading over Kazaa P2P network. Here you can find information on the worm, removal tool and scan your computer for viruses. [more]
Monday, 20 May 2002, 6:21 PM CET

Bad company
You don't have much choice in anti-virus products if you make your purchasing decisions based on Consumer Reports. [more]
Monday, 20 May 2002, 5:14 PM CET

Introduction to cryptography
This article, first published in Linux Magazine France, expains what cryptography is and how it works. [more]
Monday, 20 May 2002, 5:02 PM CET

Enforcer keeps far-flung systems in check
PoliVec Inc. unveiled Enforcer, the third piece of its security policy automation software suite. [more]
Monday, 20 May 2002, 4:55 PM CET

Klez worm refuses to die
A month after it started spreading, the Klez.h worm isn't slowing down - plus it's creating a flood of warnings from gateway antivirus software telling the wrong people they're infected. [more]
Monday, 20 May 2002, 4:50 PM CET

Government buys virus blocking from MessageLabs
The British Government has signed up MessageLabs to protect Whitehall departments against mass-mailing viruses. [more]
Monday, 20 May 2002, 4:46 PM CET

HNS Newsletter issue 111 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. The PDF version has a new look! [more]
Monday, 20 May 2002, 4:03 AM CET

OpenBSD 3.1 has been released
OpenBSD is freely available from FTP sites, and also available in an inexpensive 3-CD set. This release started shipping May 19, 2002. [more]
Monday, 20 May 2002, 3:23 AM CET

OpenSSH 3.2.2 released
OpenSSH 3.2.2 has just been released. There are five security changes and ten support improvements and bug fixes. [more]
Saturday, 18 May 2002, 6:52 PM CET

Tips on Avoiding Computer Worms
Here is a list of 13 tips which covers the usual routines of worm propagation and tells you what you shouldn't do to get yourself infected. Tips are provided by F-Secure. [more]
Saturday, 18 May 2002, 1:47 PM CET

Cumulative Patch for Internet Explorer flawed
Microsoft Security Bulletin MS02-023 - Cumulative Patch for Internet Explorer released on 15 May 2002 contains a few "severe" errors. [more]
Friday, 17 May 2002, 4:34 PM CET

Microsoft hits out at Passport privacy slur
Microsoft has come in for fierce criticism this week from users for changing the settings in its Passport sign on service, a claim the company has now furiously denied. [more]
Friday, 17 May 2002, 12:54 PM CET

Ford Credit warns customers about identity theft
The thieves gained access to a database used by Experian, a credit reporting agency, to download the personal information of 13,000 consumers. [more]
Friday, 17 May 2002, 12:39 PM CET

Could hackers derail wireless LANs?
WLANs may be hot in the small home office and consumer markets, but some issues - primarily security - are slowing their adoption by the enterprise. [more]
Friday, 17 May 2002, 12:22 PM CET

Fanatics with laptops: the coming cyber war
A next-generation cyber terrorist will likely not represent an aggressive world power. In fact, such a terrorist could simply be a lone fanatic wielding a laptop. And the damage could be staggering. [more]
Friday, 17 May 2002, 12:12 PM CET

How to get the most out of your security software
Before companies invest more of their budgets on new security technologies, they should make sure they're properly using what they already have. [more]
Friday, 17 May 2002, 12:11 PM CET

Europe to let nations decide on financial spam
The European Parliament approved a directive that will leave individual member nations with the decision as to whether financial services spam should be an opt-out or opt-in choice for consumers. [more]
Friday, 17 May 2002, 11:26 AM CET

Defense agency using unsecure WLAN security cameras
The agency responsible for the U.S. Defense Department's global networks, classified command and control systems has security cameras connected to a nonsecure and unencrypted wireless LAN. [more]
Friday, 17 May 2002, 11:13 AM CET

Linux system administration tools
There are four major players in the world of Linux system administration tools: COAS, Linuxconf, Webmin and YaST. [more]
Friday, 17 May 2002, 11:08 AM CET

Sun, RSA team on digital identity
Sun and RSA Security plan to deliver an integrated network-identity platform that will give enterprises everything they need to manage access and profiles internally and across the Web. [more]
Friday, 17 May 2002, 11:04 AM CET

Spam Wars - Rise of the Spam
Spam is one of the biggest problems to Internet users these days. This first part in the series of six spam related articles, talks about the history of spam. [more]
Thursday, 16 May 2002, 5:58 PM CET

Securing Linux
This article covers various aspects of securing and running linux. By combining different utilities and aspects of keeping your system secure you'll reap multiple benefits. [more]
Thursday, 16 May 2002, 3:50 PM CET

A critical IE security patch has been released
This cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates six newly discovered vulnerabilities. [more]
Thursday, 16 May 2002, 3:45 PM CET

Is your monitor glow revealing your data?
Now there's a way law enforcement agents can read data displayed on a user's computer monitor, even when they can't see the screen. [more]
Thursday, 16 May 2002, 2:52 PM CET

Gummi bears defeat fingerprints sensors
A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera. [more]
Thursday, 16 May 2002, 2:47 PM CET

The Defense Department is tightening security buys
In an effort to improve the security of the commercial software it buys, the DOD will restrict its purchase of information assurance products to those certified by the National Information Assurance Partnership. [more]
Thursday, 16 May 2002, 2:45 PM CET

Commentary on Ferrari "hacks"
Giordani Rodrigues noted on the Defaced Commentary mailing list that the Ferrari web sites defaced a few days ago, weren't connected to Ferrari at all. [more]
Thursday, 16 May 2002, 12:43 PM CET

PortSentry for attack detection, part one
This article will describe in detail how Portsentry works from both a theoretical and a technical point of view. [more]
Thursday, 16 May 2002, 12:33 PM CET

FBI raids "Deceptive Duo" suspects
FBI agents confiscated computer equipment from Robert Lyttle aka Pimpshiz and The-Rev, a former member of the Sm0ked Crew. [more]
Thursday, 16 May 2002, 12:28 PM CET

Antivirus solutions for Linux
With proper setup and administration, viruses in Linux are the least of your worries, but you still need to worry about Windows clients that connect to your Linux servers. [more]
Thursday, 16 May 2002, 12:24 PM CET

Overview of personal firewalls
There are a lot of products out there so here is a brief overview of some of the personal firewalls offered. [more]
Wednesday, 15 May 2002, 2:39 PM CET

Hackers turn on open source
The hacker underground appears to be moving away from targeting Microsoft, as May turns out to be a hot month for attacks on open source security. [more]
Wednesday, 15 May 2002, 2:37 PM CET

Apache 2.0.36: who should upgrade?
You don't need to race out and upgrade to the latest version unless you need to fix the specific bugs addressed in the new version. [more]
Wednesday, 15 May 2002, 1:54 PM CET

ISPs seek to void ruling on police searches
Yahoo! Inc. and several Internet trade associations filed papers seeking to overturn a court ruling which could fill the offices of Internet companies with police officers overseeing the execution of search warrants. [more]
Wednesday, 15 May 2002, 1:46 PM CET

EDS postpones instant message ban
EDS has postponed its proposed ban on instant messaging after staffers said that it was an important tool for communicating with clients. [more]
Wednesday, 15 May 2002, 1:44 PM CET

r* programs going away from OpenBSD
Theo de Raadt: "We've deployed ssh to the entire Internet so that we can kill these crappy protocols. Have you not seen the tombstone t-shirt? We mean it." [more]
Wednesday, 15 May 2002, 1:39 PM CET

UK fights back against cybercrime
Business organisations are gearing up to help firms combat the danger posed by hi-tech crime, which is thought to cost Britain billions of pounds each year. [more]
Wednesday, 15 May 2002, 1:36 PM CET

First steps in achieving network security
The security-aware manager will support hiring someone with security expertise to work with the IT team to create a secure network. [more]
Wednesday, 15 May 2002, 11:27 AM CET

Why hackers escape
The nightmare for Ecount, an online gift certificate service, began last year when a hacker broke in to the company's system and stole personal information belonging to its customers. [more]
Wednesday, 15 May 2002, 11:26 AM CET

Marker pens, sticky tape crack music CD protection
Music disc copyright protection schemes such a Cactus Data Shield 100/200 and KeyAudio can be circumvented using tools as basic as marker pens and electrical tape, crackers have discovered. [more]
Wednesday, 15 May 2002, 11:24 AM CET

One more ticket for Privacy and Data conference
We have one more ticket for Privacy and Data Security Conference that will be held next month in Regal Knickerbocker, Chicago. [more]
Tuesday, 14 May 2002, 6:58 PM CET

Flowgo pop-up secretly downloaded malware
Popular family site, contained a pop-up advert which directed visitors to a web site with malicious code. [more]
Tuesday, 14 May 2002, 6:56 PM CET

Online fraud special report has a special report on hackers and online fraud, that according to Gartner, gave e-tailers $700 million in lost merchandise last year. [more]
Tuesday, 14 May 2002, 6:50 PM CET

Tips on basic Linux server security
If you just put your web server online, and are thinking into making the first step in your system security, this article will help you do that. [more]
Tuesday, 14 May 2002, 1:37 PM CET

Canadian spooks to hire hackers
Canada's electronic spy agency is recruiting hackers to be the next cyber James Bond. [more]
Tuesday, 14 May 2002, 12:45 PM CET

Virus Algorithm Analysis
In practice, when analyzing a file virus, it is convenient to have several different infected, but not too large in size, files. [more]
Tuesday, 14 May 2002, 12:22 PM CET

Top five Linux lessons for Windows admins
For Windows admins, introducing Linux systems into their organisations might be a little intimidating at first. But, with a few pointers, administering and supporting Linux is not as difficult as it seems. [more]
Tuesday, 14 May 2002, 10:12 AM CET

Officials: lack of trust undermines security
The private sector manages more than 85 percent of the nation's critical infrastructure and must therefore collaborate with the government to protect those resources, officials said at a Senate hearing. [more]
Tuesday, 14 May 2002, 10:09 AM CET

ISP protects Its IP backbone from DDoS attacks
Telus Corp. will announce that it is the first major ISP in North America to deploy an anti-DDoS solution on its entire IP backbone. [more]
Tuesday, 14 May 2002, 10:06 AM CET

O'Reilly leaks geeks' docs
Techie publishing house O'Reilly offers textbook example of insecure Web code. [more]
Tuesday, 14 May 2002, 10:04 AM CET

Ever growing virus problem
One of the great ironies of infosecurity is that almost every organization uses AV, yet viruses and worms continue to wipe us out. [more]
Monday, 13 May 2002, 7:03 PM CET

Argentine judges want law update after crackers walk free
Argentina's top judges are calling for an update in the country's laws on computer crime after the collapse of a trial involving crackers who allegedly defaced the country's Supreme Court Web site. [more]
Monday, 13 May 2002, 6:26 PM CET

Does new Europe law mean slammer for DRM crackers?
Forthcoming EU legislation could criminalise Europeans who circumvent copyright protection. [more]
Monday, 13 May 2002, 3:42 PM CET

Virus writers get behind Gigabyte
The virus-writing community made something of an about-turn as an increasing number of authors gave their support to female virus writer, Gigabyte. [more]
Monday, 13 May 2002, 1:58 PM CET

Protecting the WLAN
A WLAN standards debate is pitting security against performance and leaving users operating wireless systems having to choose between one or the other. [more]
Monday, 13 May 2002, 1:29 PM CET

Getting secure about e-shopping
A "new initiative" has been unveiled that will make online payments "secure" and give a "boost" to e-commerce. Sound familiar? [more]
Monday, 13 May 2002, 12:28 PM CET

Free tickets for Privacy and Data conference
If you live in the Chicago area and would like to visit Privacy and Data Conference in June, we have a few free tickets to give out. [more]
Monday, 13 May 2002, 12:24 PM CET

Information on Klez and its removal
This is a synopsis on Klez family of viruses, infection statistics from 3 AV vendors and few ways to remove Klez. [more]
Monday, 13 May 2002, 12:17 PM CET

HNS Newsletter Issue 110 is here
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 13 May 2002, 11:40 AM CET

AOL tests secure IM
VeriSign Inc and America Online are testing a secure version of AOL's instant messaging service to sell into enterprises. [more]
Monday, 13 May 2002, 11:32 AM CET

Xbox emulator is a trojan
An "Xbox emulator" currently being offered for free on the Web is actually a Trojan horse designed to covertly rack up money for its authors. [more]
Saturday, 11 May 2002, 5:44 PM CET

Real time virus reports
A new section was added to the viruses zone - RTVR. Provided by BitDefender, now you can see real time statistics about virus infections (past 24 hours, week, month and year). [more]
Saturday, 11 May 2002, 12:21 PM CET

MSN Chat ActiveX Control buffer overflow
Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger. A buffer overflow exists in this control that may permit a remote attacker to execute arbitrary code. [more]
Saturday, 11 May 2002, 12:10 PM CET

Tracking foreign students
Attorney General John Ashcroft said that a new Internet-based system will start to better track the 1 million foreign students in USA. [more]
Saturday, 11 May 2002, 2:10 AM CET

Cutting spam at a cost
Spam is not only an annoyance, it also drains productivity and leaves companies open to threats, such as well-disguised denial-of-service attacks. [more]
Friday, 10 May 2002, 1:58 AM CET

Astaro Security Linux 3.0 announced
At the Networld + Interop Conference, Astaro Corporation announced version 3 of Astaro Security Linux. [more]
Friday, 10 May 2002, 1:53 AM CET

'Operation Web Sweep' targets porn
Federal and state officials said that they were targeting up to 200 suspects in what they called the first undercover computer sting operation to combat child pornography. [more]
Friday, 10 May 2002, 1:32 AM CET

Sharing seen as critical for security
Industry must collaborate with the government to protect the nation's critical infrastructure, experts say. [more]
Friday, 10 May 2002, 1:30 AM CET

Understanding security threats: you are a target!
Just as armies have developed standard ways of discussing and thinking about war, IT professionals should develop common ways of thinking about information threats. [more]
Friday, 10 May 2002, 1:28 AM CET

"Cute" trojan horse spreading by e-mail
The worm has been rated low risk, but it could damage firewall and security programs on infected PCs. [more]
Friday, 10 May 2002, 1:02 AM CET

The boy who cried worm
Hoaxes can be just as damaging to resources and reputations as real viruses. Natasha Staley, anti-virus consultant at Sophos speaks. [more]
Friday, 10 May 2002, 12:56 AM CET

Team tackles Windows security
Government, industry and academia have teamed up to secure the most popular system being deployed on servers in the public and private sectors: Windows 2000. [more]
Friday, 10 May 2002, 12:55 AM CET

OpenBSD local DoS and root exploit
Because of a flaw in the way the kernel checks closed file descriptors 0-2 when running a setuid program, it is possible get root access on OpenBSD. [more]
Friday, 10 May 2002, 12:48 AM CET

iKey for Windows 2000 USB security token
Rainbow eSecurity recently developed a new offering in their iKey 2032 USB security token series - iKey for Windows 2000. [more]
Thursday, 9 May 2002, 11:10 AM CET

Linux and Free Software Festival - Ankara 2002
The Linux Users' Association of Turkey is helding the 1st Linux and Free Software Festival between 16-19 May 2002. [more]
Thursday, 9 May 2002, 10:52 AM CET

Security vulnerability in ISC DHCPD
Next Generation Security Technologies found a remote root compromise in ISC DHCPD. [more]
Thursday, 9 May 2002, 10:40 AM CET

Simplicity and Awareness Ė Keys to Network Security
The modern networking environment is destroying both simplicity and awareness. The purpose of this article is to explain how security professionals can deal with this hostile situation. [more]
Thursday, 9 May 2002, 10:25 AM CET

Experts envision graphics-based passwords
Many people have trouble remembering passwords like XY$Z4(NU)T. So they keep passwords down near their computer or replace them with simpler combinations, making their systems vulnerable to attack. [more]
Thursday, 9 May 2002, 10:20 AM CET

Cable modem hacking goes mainstream
An ambitious hackware project promises to bring illicit broadband "uncapping" to the masses, and with it the risks that come with high-speed hijinks. [more]
Thursday, 9 May 2002, 10:18 AM CET

House panel OKs stiffer cybercrime penalties
Computer criminals would face increased penalties, and Internet users would face greater surveillance by access providers, under a bill approved by a House of Representatives panel. [more]
Thursday, 9 May 2002, 10:14 AM CET

A CanSecWest 2002 presentation
Ivan Arce, CTO at CORE SECURITY TECHNOLOGIES, discussed automated penetration testing tools and CORE's new CORE IMPACT product. [more]
Thursday, 9 May 2002, 10:11 AM CET

MAPS sues its own anti-spam guru
What happens if you create software, bring it with you to an organization and then want to take an enhanced version of it when you leave? [more]
Thursday, 9 May 2002, 10:08 AM CET

Judge: Elcomsoft case can proceed
A federal judge says the case against Elcomsoft, the company that employs Dmitri Sklyarov, can continue because a controversial copyright law is constitutional. [more]
Thursday, 9 May 2002, 10:06 AM CET

Who goes there? eBay wants to know
eBay is to announce a pact with VeriSign to confirm that sellers are who they say they are. But will it stop online fraud? [more]
Wednesday, 8 May 2002, 4:06 PM CET

The dangers of monoculture
It is common for PC software to be loaded from a standard disk image. This makes support cheaper and easier but leaves the PCs open to the latest virus. [more]
Wednesday, 8 May 2002, 3:59 PM CET

MS: Remedies a bonus for crackers
Hackers, crackers and pirates would have a feast if the proposed sanctions against Microsoft go into effect. [more]
Wednesday, 8 May 2002, 3:14 PM CET

GnuPG 1.0.7 released
This new release has a lot of features beyond OpenPGP which will be included in a soon to be published RFC2440 successor. [more]
Wednesday, 8 May 2002, 2:26 PM CET

Preparing for the Sair 202 Apache Exam
Dulaney provides a study guide for the Apache/Webservers exam, which is one of two electives leading to Sair Linux and GNU Level II (Engineer) certification. [more]
Wednesday, 8 May 2002, 11:48 AM CET

The pop-up ad campaign from hell
It's the latest in Web marketing innovation: Hijacked Web surfers, exploited Web browser vulnerabilities and malicious spyware all wrapped up together. [more]
Wednesday, 8 May 2002, 11:45 AM CET

Red Hat 7.3 has been released
This version has new productivity tools, personal firewall configuration at installation, video conferencing software and more. [more]
Wednesday, 8 May 2002, 11:40 AM CET

EDS bans IM
EDS, the computer arm of the British government, has banned its staff from using Instant Messenger products in the workplace. It cites security concerns, especially over virus transmissions. [more]
Wednesday, 8 May 2002, 11:33 AM CET

Wireless LANs - Standards and security
This article describes recent standards affecting WLAN technologies, the standard components of a typical WLAN solution and the issue of security on a WLAN. [more]
Wednesday, 8 May 2002, 11:32 AM CET

IBM report cites mobile phone hacking risks
The majority of GSM phones can be cloned in just a minute or two according to IBM. [more]
Wednesday, 8 May 2002, 11:29 AM CET

Cisco IDS gets faster
Cisco has boosted the speed and added better management capabilities to its line of intrusion detection products. [more]
Tuesday, 7 May 2002, 2:44 PM CET

Upcoming security conferences in 2002
These are some of top security conferences that would be very interesting to visit in the next few months. [more]
Tuesday, 7 May 2002, 2:00 PM CET

First, Do No Harm - A Hippocratic Oath for Coders?
With the increase in spyware, spam, etc, is it time for a Hippocratic Oath for Programmers? [more]
Tuesday, 7 May 2002, 11:39 AM CET

"Deceptive Duo" claims altruistic motive
A pair of hackers who have been penetrating U.S. government computer systems say they're trying to call attention to vulnerabilities in national security. [more]
Tuesday, 7 May 2002, 11:34 AM CET

VeriSign focuses on managed security services
VeriSign will announce a series of new and enhanced managed services aimed at enterprises that want to outsource the complexity of their security infrastructure. [more]
Tuesday, 7 May 2002, 11:26 AM CET

A new degree of security
The University of Texas at Dallas has joined forces with businesses and law-enforcement officials to create a center for cybercrime education and research. [more]
Tuesday, 7 May 2002, 10:58 AM CET

Chernobyl virus hitches a ride
The pesky Klez worm is now helping revive the Chernobyl virus, according to a new report from Symantec. [more]
Tuesday, 7 May 2002, 10:56 AM CET

Aging worms still crawl, threaten net
Should unwitting carriers of Nimda, Code Red be penalized for not securing their servers? [more]
Tuesday, 7 May 2002, 10:52 AM CET

IDS Evasion Techniques and Tactics
This article explains basic IDS evasion techniques as well as suggest fixes or what to look for in many of these attacks. [more]
Tuesday, 7 May 2002, 10:10 AM CET

Firestarter: 5 minutes to a Linux firewall
This article looks at a front-end graphical user interface you can use not only for iptables but for ipchains as well. [more]
Tuesday, 7 May 2002, 10:06 AM CET

The new and improved HNS website
We finally made it. After several months of work the result is what you are looking at. [more]
Monday, 6 May 2002, 5:00 PM CET

A new issue of the HNS Newsletter is here
Issue 109 has been released. You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 6 May 2002, 2:30 PM CET

Wireless Internet
This tutorial introduces the reader to the Wireless Internet, WAP, WML, Wireless Protocol Stack and more. [more]
Monday, 6 May 2002, 11:01 AM CET

Fix for Mozilla XMLHttpRequest
Frank Hecker noted that the fix for the XMLHttpRequest file disclosure vulnerability in Mozilla is available. [more]
Monday, 6 May 2002, 10:59 AM CET

Name Services: Another View
McCarty discusses several name server topologies as well as the BIND 9.2.0 new view feature. [more]
Monday, 6 May 2002, 10:54 AM CET

Patch Management Done Right
How good is Microsoft's might-maligned MBSA security tool? It even tells you about the patches Redmond tries to slip under the radar. [more]
Monday, 6 May 2002, 10:50 AM CET

Reverse Challenge Binary released
As we mentioned earlier, Honeynet Project is sponsoring the Reverse Challenge. The binary has now been officially released. [more]
Monday, 6 May 2002, 10:45 AM CET

Book review: Linux Administration Handbook
This book is a must-have addition to any system administrator repertoire. Not only is the book aimed at the advanced user but also the intermediate and beginner. [more]
Monday, 6 May 2002, 10:42 AM CET

Online banking: Anatomy of a hacking
Electronic break-ins can be the work of technological skill, or the result of carelessness with passwords. [more]
Monday, 6 May 2002, 10:39 AM CET

Security to steal show
At the NetWorld+Interop conference, Cisco, Intruvert Networks, and Recourse Technologies will unveil products armed with improved performance to flag attacks that sift through network defenses. [more]
Monday, 6 May 2002, 10:35 AM CET

Hacking in the shadow of 9/11
David Dittrich, senior security engineer for the University of Washington, discusses the newest tools of the trade with K2. [more]
Friday, 3 May 2002, 12:21 PM CET

Wireless (In)Security
Dubrawsky discusses weaknesses in the Wired Equivalent Privacy protocol and notes security factors to keep in mind when deploying a wireless LAN. [more]
Friday, 3 May 2002, 12:20 PM CET

How to install PureSecure, the painless IDS
PureSecure is much more polished, more complete, and more fully featured than its free software counterpart ACID. It's not free for commercial use, however. [more]
Friday, 3 May 2002, 10:17 AM CET

IT Security Efforts 'Poor'
According to Gartner, the real lack of security stems from bad habits that include poor password management, unintentional data exposure and careless software installations. [more]
Friday, 3 May 2002, 10:13 AM CET

Fault found in .Net security
Microsoft needs to iron some problems out of the .Net Web services infrastructure, suggests H.D. Moore, a hacker and senior security analyst for Digital Defense. [more]
Friday, 3 May 2002, 10:11 AM CET

Honeynet Project: the Reverse Challenge
The goal of this challenge is to develop reverse engineering skills amongst the security community. [more]
Thursday, 2 May 2002, 5:39 PM CET

No crisis over 1,024-bit encryption
Security firm RSA has hit back at cryptography experts' claims that 1,024-bit encryption is no longer secure. [more]
Thursday, 2 May 2002, 4:41 PM CET

How to stay one step ahead of hackers
Malicious code can take many forms and attack your enterprise in many ways. Though such "blended" threats are nothing new, the code within them is learning new tricks. [more]
Thursday, 2 May 2002, 2:54 PM CET

Biometric security not quite ready to replace passwords
Biometrics vendors are doing their best to supplant passwords as the chief form of computer security, but Government Computer News Lab tests indicate that many of their products are not quite ready. [more]
Thursday, 2 May 2002, 2:53 PM CET

Interior security flagged again
A month after getting permission to reconnect some of its sites to the Internet, the Interior Department's Minerals Management Service is back in the hot seat. [more]
Thursday, 2 May 2002, 2:52 PM CET

Solaris 9 to beef up OS, application security
With Sun getting ready to launch Solaris 9, sometime between now and the end of June, everyone is scrambling to try to figure out what will make Solaris 9 different from the existing Solaris 8. [more]
Thursday, 2 May 2002, 2:50 PM CET

Surveillance cameras to predict behaviour
CCTV cameras that can predict behaviour could play a vital role in the fight against crime. [more]
Thursday, 2 May 2002, 1:15 PM CET

Music player bug could let in MP3 viruses
The code inside Winamp contains a bug that could allow computer viruses to be concealed within MP3 files. [more]
Thursday, 2 May 2002, 1:13 PM CET

DEF CON 10 Call for Papers Announcement
Papers and presentations are now being accepted for DEF CON TEN, the largest "hacking" convention on the planet. [more]
Thursday, 2 May 2002, 11:55 AM CET

Melissa virus creator jailed
The creator of a computer virus which caused millions of dollars of damage by disrupting networks all over the world has been jailed for 20 months by a United States court. [more]
Thursday, 2 May 2002, 11:49 AM CET

Security certificates offer little guarantee
As the IT training market becomes flooded with security courses and certifications, experts have warned that qualifications may be leading companies into a false sense of security. [more]
Thursday, 2 May 2002, 11:48 AM CET

Security threats changing
The Department of Trade and Industry released the findings of a survey of one thousand people responsible for IT Security in UK business during the recent InfoSec show. The results are not encouraging. [more]
Thursday, 2 May 2002, 11:44 AM CET

Where's SDMI? Code to battle piracy is MIA
Four years ago the record industry and some technology companies banded together to match wits in a combined effort to stamp out Internet music piracy... [more]
Wednesday, 1 May 2002, 1:21 PM CET

Authentication of user accounts on OpenBSD
This article shows the steps for configuring OpenBSD to authenticate user accounts against an LDAP directory via the RADIUS protocol. [more]
Wednesday, 1 May 2002, 11:33 AM CET

Online banks: Prime targets for attacks
Instead of a note and a gun, high-tech bank robbers use a program and an e-mail. Security firms are working overtime to ward off the mounting number of hack attacks. [more]
Wednesday, 1 May 2002, 10:44 AM CET

Klez: Don't Believe 'From' Line
Why are Catholic priests sending porn spam? Why is a Grammy Award-winning band's e-mail list automatically subscribing unwitting users? These are just some of the victims of the raging Klez virus. [more]
Wednesday, 1 May 2002, 10:31 AM CET

Astaro: A "Swiss-Army Knife" of Security Software
ASL brings together Astaro's proprietary middleware, user interface, and Web-based administration tools with a hardened Linux kernel and several open source security components. [more]
Wednesday, 1 May 2002, 10:18 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd