Off the Wire

Off The Wire Archive

News items for May 2006

Security expert recommends 'Net diversity
Eugene Spafford, one of the leading experts on information security, is director of the Center for Education and Research in Information Assurance and Security at Purdue University. [more]
Wednesday, 31 May 2006, 9:05 AM CET

Microsoft officially launches paid security product
Security software makers, the 800-pound gorilla has landed. [more]
Wednesday, 31 May 2006, 9:04 AM CET

Card fraudsters: a world unto themselves
Run as businesses, groups cultivate government friends. [more]
Wednesday, 31 May 2006, 1:57 AM CET

Hostage threat to home PCs
Family photos and other priceless content stored in your home computer could one day be held hostage by a new breed of security threat called "ransomware". [more]
Wednesday, 31 May 2006, 1:56 AM CET

The importance of the limited user, revisited
If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use. [more]
Wednesday, 31 May 2006, 1:50 AM CET

Arizona leads U.S. in identity theft
One man arrested for identity theft in Scottsdale last December showed detectives how he simply went to the county Web site and obtained victims' names, addresses and bank account numbers, along with scans of their signatures from divorce filings. [more]
Wednesday, 31 May 2006, 12:58 AM CET

First StarOffice virus detected
Proof-of-concept virus uses macros to attack the office suite. [more]
Wednesday, 31 May 2006, 12:49 AM CET

Network auditing on a shoestring
Complete map of network shares and access rights kept business auditors happy. [more]
Wednesday, 31 May 2006, 12:30 AM CET

Piracy fears over net generation
Net freedom fighter Lawrence Lessig has called for an end to what he described as "extremism" in copyright laws. [more]
Wednesday, 31 May 2006, 12:16 AM CET

A day in the life of a security boss
Neil Hammerton knows more about viruses, spam and other e-mail-borne pests than most people. [more]
Wednesday, 31 May 2006, 12:06 AM CET

Security adviser: Schneier sensible
Have you ever had one of those moments where something you knew to be certain was turned upside down and you learned you had been wrong ... for years? A lot of Bruce Schneier's writing gives me moments like that. [more]
Tuesday, 30 May 2006, 1:30 PM CET

How 802.11w will improve wireless security
Since the ratification of the IEEE 802.11i amendment, organizations have been able to take advantage of improved security on wireless networks with WPA2-compliant hardware. [more]
Tuesday, 30 May 2006, 1:27 PM CET

Grid computing: security is king
I've noticed that although there are many different volunteer Grid computing systems, no single commercial products seems to have emerged as the dominant player. I have some thoughts to share on the obstacles preventing the advancement of Grid technology in the marketplace, and a solution for overcoming them. [more]
Tuesday, 30 May 2006, 7:53 AM CET

Backup your MySQL databases automatically with AutoMySQLBackup
If you site relies on MySQL and stores its sensitive data in a MySQL database, you will most definitely want to backup that information so that it can be restored in case of any disaster (manual mistake to delete some data, software errors, hardware errors, server compromise, etc.). [more]
Tuesday, 30 May 2006, 7:52 AM CET

Top 10 most common passwords
Life these days has become largely dependent on passwords - whether we're checking our emails, tranferring funds or shopping online, passwords have their part to play. [more]
Tuesday, 30 May 2006, 7:41 AM CET

FBI probes hacking incident at Us Weekly
The FBI searched the home of a paparazzi agency's co-owner to determine whether someone tried to hack into the computers of the gossip magazine Us Weekly, it was reported Friday. [more]
Tuesday, 30 May 2006, 7:35 AM CET

Melding search and security
Rating search results for safety could be the next battle on the security horizon. [more]
Tuesday, 30 May 2006, 7:34 AM CET

Can single sign-on be simple sign-on?
Fundamentally, Single Sign On (SSO) is a straightforward idea. You use a proxy device to authenticate a user, and the proxy then manages all the login idiosyncrasies of the applications they want to access. [more]
Tuesday, 30 May 2006, 7:32 AM CET

A secure future
Two cable industry giants, Comcast Corp. and Motorola, Inc., have formed a combined business unit locally to develop security technology for a media-savvy retail market. [more]
Tuesday, 30 May 2006, 7:32 AM CET

Where is the security for our personal data?
It's astonishing that confidential information for 26.5 million veterans has gone astray after thieves made off with a laptop that an employee of the Department of Veterans Affairs had taken home with him. [more]
Tuesday, 30 May 2006, 7:30 AM CET

Securely access your webmail using SSH tunnels on Mac OS X
I came across a number of situations where I needed to access my business e-mail from an insecure environment. [more]
Monday, 29 May 2006, 7:59 PM CET

Does installing SSH enable more exploits than it solves?
SSH, the wonder tool of the security set, is misused by your users more easily and more often than you may think. [more]
Monday, 29 May 2006, 10:17 AM CET

U.S. veterans' data theft may cost $500 million
The head of the U.S. Department of Veterans Affairs said he couldn't promise the government would cover all potential losses by veterans, but suggested Congress pass a law to do so. No losses have been reported so far. [more]
Monday, 29 May 2006, 1:38 AM CET

The new face of disaster recovery
Enterprise-size businesses typically look to replication or mirroring technologies to protect their most business-critical data. Using these technologies, customers can deploy equipment and software in local and remote locations that replicates or saves changes to data off-site, where it is protected and can be recovered in the event of a disaster. [more]
Monday, 29 May 2006, 1:17 AM CET

How to automate Spamcop submissions
Spamcop is a service which provides RBLs for mailservers in order to reject incoming mail from spammers. [more]
Monday, 29 May 2006, 1:08 AM CET

Court filing confirms spy docs
Formerly sealed documents from a lawsuit against AT&T for allegedly helping the National Security Agency spy on Americans' communications without a warrant were released in redacted form Thursday, and confirm the legitimacy of documents published earlier by Wired News. [more]
Monday, 29 May 2006, 12:53 AM CET

Oracle mending fences with security researchers
Oracle looks to improve its reputation through marketing tweaks, communication advances, and bug fixes. [more]
Monday, 29 May 2006, 12:42 AM CET

Worm could make Symantec squirm
Internet experts warn that the company's antivirus business security software contains a flaw which potentially result in an Internet worm. [more]
Monday, 29 May 2006, 12:32 AM CET

Movie industry sued for hacking
Jason Schultz, an attorney with the Electronic Frontier Foundation and not affiliated with the litigation against the MPAA, said he is concerned that the big media companies are going to take actions that are "dangerous and violate people's rights." [more]
Monday, 29 May 2006, 12:20 AM CET

Alleged hackers arrested
Operators of the Web site are charged with attempting to extort $150,000. [more]
Monday, 29 May 2006, 12:10 AM CET

Motion Picture Association accused of hacking
Valence Media, which operates the file-sharing portal site TorrentSpy, has accused the Motion Picture Association of America of hiring a computer hacker to help garner information for use in the industry group's patent infringement suit against the site. [more]
Friday, 26 May 2006, 10:24 AM CET

Hackers can crack top antivirus program
Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday. [more]
Friday, 26 May 2006, 10:18 AM CET

State of technology: beating back hackers
Collaboration, innovation help VARs keep their customers one step ahead in 'arms race'. [more]
Friday, 26 May 2006, 3:20 AM CET

World Cup worm
German-language e-mail claims to offer World Cup tickets, but instead carries a Trojan horse. [more]
Friday, 26 May 2006, 1:39 AM CET

The RFID hacking underground
They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground. [more]
Friday, 26 May 2006, 1:37 AM CET

E-Commerce in crisis: when SSL isn't safe
"It's not a problem of authentication but one of transactional authorization," says Bruce Schneier, leading security expert and CTO of Counterpane Internet Security. "No matter how hard you make the initial authentication for the end-user or hacker, the malware can just wait until the authentication is done and then manipulate the transaction." [more]
Friday, 26 May 2006, 1:36 AM CET

Host-based intrusion prevention may be last best defense
Network- and server-based intrusion prevention may still be necessary, but companies are moving IPS down to the desktop level for better protection. [more]
Friday, 26 May 2006, 1:35 AM CET

Phishing pushes e-crime further upstream
Casting an attack to millions of users can be done for as little as $300, scientist at VeriSign says. [more]
Friday, 26 May 2006, 1:33 AM CET

Is your phone company spying on you?
Is your telephone company engaging in spy activity? More specifically, spy activity on you? [more]
Friday, 26 May 2006, 1:32 AM CET

Taking steps to protect customer data
With so much attention paid to malicious attacks by hackers, worms and viruses, it's a common misconception that outside forces pose the greatest danger to a company's data. The reality, however, is that internal elements are far more dangerous when it comes to data security than anything on the outside, including natural disasters. [more]
Friday, 26 May 2006, 1:31 AM CET

Oracle's security chief lambastes faulty coding
Davidson has strong words for 'naive' developers. [more]
Friday, 26 May 2006, 1:25 AM CET

Community creators, secure your code! Part II
How does an attacker actually exploit the weaknesses found? [more]
Thursday, 25 May 2006, 12:36 PM CET

Experts offer advice to prevent ID theft
"You need an ongoing vigilance," says Paul Stephens, a policy analyst with the Privacy Rights Clearinghouse in San Diego. "We want people to be proactive, to be vigilant, but we also don't want to have people panicking." [more]
Thursday, 25 May 2006, 11:16 AM CET

More adventures in Kernel security
My kernel module of choice for this exercise was grsecurity. [more]
Thursday, 25 May 2006, 11:15 AM CET

Microsoft brings disk encryption to servers
Software vendor to extend Bitlocker technology to Longhorn Server. [more]
Thursday, 25 May 2006, 11:13 AM CET

AT&T protest photos
About 25 protesters gathered Wednesday outside AT&T's Folsom Street switching center in San Francisco to decry the company's alleged participation in an illegal National Security Agency internet surveillance program. A former company technician has asserted that AT&T maintains a secret wiretapping room on the sixth floor of the building.
Photos: Chris Becker [more]
Thursday, 25 May 2006, 10:54 AM CET

Carders scam spammers
Fraudsters who deal in stolen credit card data have devised a means to extract money from sponsors of junk mail campaigns. [more]
Thursday, 25 May 2006, 10:53 AM CET

CA does free antivirus for Vista testers
The free subscription gives Vista beta users access to daily virus updates and Web-based technical support in a bid to entice new customers. [more]
Thursday, 25 May 2006, 10:53 AM CET

Two teens charged with extortion
Two New York teenagers were in police custody Wednesday facing illegal computer access and attempted extortion charges after they allegedly threatened to shake down the popular Web site unless its operators paid them $150,000, prosecutors said. [more]
Thursday, 25 May 2006, 10:51 AM CET

Skype bug lets 'buddies' swipe files
Skype has warned of a flaw in its popular VoIP client software that creates a means for hackers to swipe files from their "buddies". [more]
Thursday, 25 May 2006, 1:27 AM CET

DoorStop X Security Suite for Mac OS X
Firewall add-on makes securing your Mac easy. [more]
Thursday, 25 May 2006, 1:04 AM CET

Botnet floods UK firms with 250 million spams
More than 150,000 spambots responsible for deluge. [more]
Thursday, 25 May 2006, 12:50 AM CET

565 arrested in global fraud schemes
In the Nigerian scam, criminals send junk e-mail to thousands of unsuspecting people offering them a share in a large fortune in exchange for a smaller amount of money up front. The con artist takes the money and then disappears. [more]
Thursday, 25 May 2006, 12:35 AM CET

HSBC steps up fight against fraudsters
Speed is crucial in battle against rising crime and bad debt. [more]
Thursday, 25 May 2006, 12:24 AM CET

MS advises users to play safe with Word
Attacks targeting an unpatched vulnerability in Microsoft Word 2002 and 2003 have prompted Microsoft to tell users they should run the application in "safe mode". [more]
Wednesday, 24 May 2006, 5:41 PM CET

Understanding technical vs. logical vulnerabilities
Only about half of the vulnerabilities (technical vulnerabilities) in web applications can be scanned for. The other half (logical vulnerabilities) must be tested for by an experienced expert. WhiteHat Security founder and CTO, Jeremiah Grossman, explains differences between the two issues and the fundamentals reasons why technology alone cannot solve the problem. [more]
Wednesday, 24 May 2006, 2:37 PM CET

The importance of security training
Security training is at the heart of writing good code, writes CIO Update guest columnist John Heimann of Oracle. [more]
Wednesday, 24 May 2006, 2:36 PM CET

MSN phisher gets 21 months behind bars
Do not pass go, but do pay $57,000 to Microsoft. [more]
Wednesday, 24 May 2006, 2:32 PM CET

Security vs. privacy: the rematch
This month USA Today reported that the National Security Agency has been compiling and searching a massive database of Americans' telephone call records and data mining it for suspicious patterns. NPR reported that this activity was part of the same eavesdropping program The New York Times revealed in April. [more]
Wednesday, 24 May 2006, 2:31 PM CET

Hacking with Nat Friedman
Want to see a really cool hack? [more]
Wednesday, 24 May 2006, 2:30 PM CET

New Yahoo Messenger worm hijacks Internet Explorer
"People have to treat instant messaging as they have been taught to treat e-mail -- with suspicion -- and not open suspicious attachments," said Natalie Lambert, an analyst at Forrester Research. "We have to start applying what we have learned with e-mail to these other applications." [more]
Wednesday, 24 May 2006, 2:30 PM CET

Cybercrime prosecutors need guidance
Australian High Tech Crime Center director Kevin Zuccato is glad to admit there is a lot to learn in prosecuting cyber miscreants. [more]
Wednesday, 24 May 2006, 2:29 PM CET

Sony BMG rootkit settlement finalized
A U.S. district court judge in New York signed off Monday on a proposed agreement to a class-action lawsuit filed against Sony BMG, which claimed that the company had surreptitiously installed, what amounted to, spyware on customers' computers. [more]
Wednesday, 24 May 2006, 2:28 PM CET

Secure USB flash drive in development
Recently, at the WinHEC Windows Engineering Conference in Seattle, Lexar announced that they are developing a secure USB Flash Drive. It will allow for protection against unwanted use of or access to the flash drive, by only displaying the contents when it is put into an authorized computer. [more]
Wednesday, 24 May 2006, 2:26 PM CET

What is a DMZ?
"DMZ" is short for demilitarized zone and is a military term meaning "is an area, usually the frontier or boundary between two or more military powers (or alliances), where military activity is not permitted, usually by peace treaty, armistice or other bilateral or multilateral agreement." [more]
Wednesday, 24 May 2006, 2:24 PM CET

Survey: Data security becoming political issue
Voters are beginning to see cybersecurity as an issue they will judge political candidates on, the Cyber Security Industry Alliance said. [more]
Wednesday, 24 May 2006, 2:23 PM CET

Reporting vulnerabilities is for the brave
I was involved in disclosing a vulnerability found by a student to a production web site using custom software (i.e., we didn’t have access to the source code or configuration information). [more]
Tuesday, 23 May 2006, 4:33 AM CET

San Francisco to push Google on privacy
Among other requests, the city will seek an "opt-in" system for users to share personal information. [more]
Tuesday, 23 May 2006, 4:25 AM CET

A malware matrioshka
Out of all instant messaging clients out there, ICQ is probably the easiest to spam, because the accounts are based on relatively small integer numbers. [more]
Tuesday, 23 May 2006, 4:12 AM CET

VA data files on millions of veterans stolen
The Veterans Affairs Department today revealed that personal, identifying data for as many as 26 million American veterans was stolen from a VA employee's home in May. [more]
Tuesday, 23 May 2006, 3:45 AM CET

Biometric whitewash gathers pace
Europe has passed the "tipping point" over which citizens fall head over heels in love with the idea of a society regulated by biometric identity scanners, according to a survey published today. [more]
Tuesday, 23 May 2006, 3:37 AM CET

Want to pass your next security audit?
ISO 27001 positions companies to move quickly when they spot a potential threat. [more]
Tuesday, 23 May 2006, 2:35 AM CET

Voice encryption may draw U.S. scrutiny
Philip R. Zimmermann wants to protect online privacy. Who could object to that? [more]
Tuesday, 23 May 2006, 2:14 AM CET

Secure Firefox and IM with PuTTY
There are times when you want to connect to the Internet through unknown and/or insecure networks such as the local Panera or other WiFi hotspot. If you aren’t careful, you might make it all too easy for someone to sniff your connection using Ettercap. [more]
Tuesday, 23 May 2006, 1:24 AM CET

Microsoft's security ambitions
Microsoft continues to reveal its security ambitions in very obvious ways. [more]
Tuesday, 23 May 2006, 1:15 AM CET

European consumers plug into biometrics
Privacy concerns sidelined as benefits emerge, says survey. [more]
Tuesday, 23 May 2006, 12:43 AM CET

Spam filtering techniques
Six approaches to eliminating unwanted e-mail. [more]
Tuesday, 23 May 2006, 12:35 AM CET

Skype patches security flaw
Users are advised to upgrade their client software to fix the problem. [more]
Tuesday, 23 May 2006, 12:14 AM CET

Commercial software opens cyber-terror backdoor
US firm warns of life-cycle attacks buried deep within millions of lines of code. [more]
Tuesday, 23 May 2006, 12:04 AM CET

Intel Macs vulnerable to 'chip level' threats
Security vendors over state danger of hackers attacking computer processors. [more]
Monday, 22 May 2006, 11:54 AM CET

Skype sick with bad bug, must be patched
VoIP provider Skype rolled out an update on Friday to quash a bug that can let attackers send a file to a recipient without his or her consent, and potentially obtain access to the computer and its data. [more]
Monday, 22 May 2006, 11:51 AM CET

Virus-prone applications burrow into networks
A snapshot of large US companies has found that 'viral' applications such as VoIP, instant messaging, webmail and P2P applications are now endemic on many networks. [more]
Monday, 22 May 2006, 11:46 AM CET

Why we published the AT&T docs
A file detailing aspects of AT&T's alleged participation in the National Security Agency's warrantless domestic wiretap operation is sitting in a San Francisco courthouse. But the public cannot see it because, at AT&T's insistence, it remains under seal in court records. [more]
Monday, 22 May 2006, 11:45 AM CET

MSN phisher sentenced to 21 months
In an effort to combat phishing, Microsoft has filed 125 civil lawsuits against phishers to date, and secured takedowns of more than 2,000 phishing web sites, the company says. [more]
Monday, 22 May 2006, 2:15 AM CET

Mobile devices: growing security threat
"The rapid uptake of advanced wireless devices by the enterprise workforce is making malware a more serious threat to telecoms and I.T. resources," said Tim Kridel, research analyst at Light Reading and author of the new report. [more]
Monday, 22 May 2006, 2:05 AM CET

Host-based intrusion prevention may be last best defense
Network- and server-based intrusion prevention may still be necessary, but companies are moving IPS down to the desktop level for better protection. [more]
Monday, 22 May 2006, 1:56 AM CET

Hacking SUSE Linux 10.1
When you're done installing SUSE Linux 10.1 OSS, your desktop system is not complete. [more]
Monday, 22 May 2006, 1:43 AM CET

Commerce signs up for security training
The Commerce Department has awarded a task order to the International Information Systems Security Certification Consortium, or (ISC)2, to provide an expanded information security education program for the department’s information security employees. [more]
Monday, 22 May 2006, 1:38 AM CET

E-mail attacks target unpatched Word hole
Antivirus companies issue warning about sophisticated phishing attacks. [more]
Monday, 22 May 2006, 1:29 AM CET

Meet the hackers
Cybercrooks are stealing billions. An inside look at law enforcement's biggest targets. [more]
Monday, 22 May 2006, 1:15 AM CET

Three sentenced for 'warez' activities
Three men were sentenced Friday on copyright-infringement charges for being leading members of warez groups, the DOJ said. [more]
Monday, 22 May 2006, 12:58 AM CET

Yahoo Messenger worm turns on IE
One of the ‘oddest and most insidious pieces of malware’. [more]
Monday, 22 May 2006, 12:50 AM CET

Whatever happened to PGP?
PGP is often thought of as an encryption system, but your private key is a digital signature that can prove who your message comes from, as well as showing that it hasn’t been tampered with. [more]
Monday, 22 May 2006, 12:35 AM CET

Mirror your web site with rsync
This tutorial shows how you can mirror your web site from your main web server to a backup server that can take over if the main server fails. [more]
Monday, 22 May 2006, 12:23 AM CET

Dining out on the ID card fiasco
When they make the film of the great ID card fiasco, it may well open with a dinner at the National Liberal Club, where the Great and Good of the IT industry warn of impending doom. [more]
Friday, 19 May 2006, 1:35 PM CET

Automate Linux installation and recovery with SystemImager
Installing and recovering systems is one of the most time-consuming tasks for any IT department. [more]
Friday, 19 May 2006, 12:26 PM CET

The RFID hacking underground
They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground. [more]
Friday, 19 May 2006, 9:35 AM CET

CIA defends unaccountable snooping
General Michael Hayden, President Bush's nominee for CIA director, has defended his secret programme of snooping on citizens' telephone calls without warrants. [more]
Friday, 19 May 2006, 9:33 AM CET

How to get through having your identity stolen
I was the victim of Identity theft 5 years ago... [more]
Friday, 19 May 2006, 1:17 AM CET

Consumers shun backups, study says
"Some people believe that a backup is making an extra copy of a file on your hard drive," said John Christopher, a data recovery engineer with DriveSavers, a data recovery company in Novato, Calif. "That's not what it's about, obviously, because hard drives are mechanical devices and every one that's made today is going to die." [more]
Friday, 19 May 2006, 1:04 AM CET

The eternal value of privacy
The most common retort against privacy advocates -- by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures -- is this line: "If you aren't doing anything wrong, what do you have to hide?" [more]
Friday, 19 May 2006, 12:50 AM CET

Government gets tough on encryption
Hand over the keys or it's two years in the slammer. [more]
Friday, 19 May 2006, 12:24 AM CET

Help Net Security Podcast: Episode 1 - Nortel's Approach To Security
This first installment of the Help Net Security podcast features Shirley O'Sullivan, Security Leader EMEA at Nortel. [more]
Thursday, 18 May 2006, 3:52 PM CET

Wanadoo in customer data security flap
UK ISP Wanadoo has fixed a serious security problem that exposed the account information of many of its subscribers. [more]
Thursday, 18 May 2006, 1:19 PM CET

Email attack decision thrown out on appeal
Court’s decision on ‘unauthorised modification’ to system overturned. [more]
Thursday, 18 May 2006, 1:17 PM CET

Cyber-crooks take aim at online gamers
Real hackers target virtual cash. [more]
Thursday, 18 May 2006, 3:45 AM CET

Physical security goes high tech
Imagine this type of technology brought to bear on border security, port security, or on any aspect of critical infrastructure. It's not a question of whether, but of when. When physical security meets cyber-security, it's a win-win. [more]
Thursday, 18 May 2006, 3:15 AM CET

Test your knowledge of more Security+ topics
Here, 50 questions are offered to test your knowledge of the topic and help you prepare for this entry-level certification from CompTIA. [more]
Thursday, 18 May 2006, 3:02 AM CET

Managing a custom shell using Active Directory
This article introduces Windows policy-based management, which provides an easy, simplified approach to securing the desktop for point of service, and it explains how to do this across a retail organization. [more]
Thursday, 18 May 2006, 2:55 AM CET

Power plant security info leaked onto Net
Security data on a thermal power plant has been leaked onto the Internet from a virus-infected personal computer, the company in charge of the plant's security said Sunday. [more]
Thursday, 18 May 2006, 2:24 AM CET

An eye on Wi-Fi security
You can read and read about Wi-Fi security, but nothing gets the point across as efficiently as actually seeing what eavesdroppers can see on an "unsecured wireless network." [more]
Thursday, 18 May 2006, 1:27 AM CET

New security threats a risk to world economy
Emma Nash reports from Symantec’s Vision 2006 user conference. [more]
Thursday, 18 May 2006, 1:19 AM CET

VoIP security: it's about implementation
Lack of equipment interoperability and confusion over who is responsible for security are to blame for the lack of security in VOIP (voice over Internet Protocol), an issue that IT administrators say is a major concern for them, experts speaking at VON Europe on Wednesday said. [more]
Thursday, 18 May 2006, 12:54 AM CET

The ultimate net monitoring tool
The equipment that former AT&T technician Ed Klein learned was installed in the NSA "secret room" in AT&T's San Francisco switching office isn't some sinister Big Brother box designed solely to help governments eavesdrop on citizens' internet communications. [more]
Thursday, 18 May 2006, 12:31 AM CET

Poker rootkit turns players into losers
Malware steals your password, then raises with 7-2 offsuit. [more]
Thursday, 18 May 2006, 12:14 AM CET

Apple closes down OS X
Client kernel has gone proprietary, but it’s not too late to set things right. [more]
Wednesday, 17 May 2006, 3:01 PM CET

Stumbling into a spy scandal
When former AT&T technician Mark Klein learned of a secret room installed in the company's San Francisco internet switching center, he was certain he had stumbled onto the Total Information Awareness program, a Defense Department research project that intended to scour databases across the country for telltale signs of terrorists. [more]
Wednesday, 17 May 2006, 12:49 PM CET

Under attack, spam fighter folds
A startup whose aggressive antispam measures drew a blistering counterattack from spammers two weeks ago that brought down the company's servers along with a wide swath of the Internet is shuttering its program that targets junk e-mailers. [more]
Wednesday, 17 May 2006, 10:58 AM CET

Can we make operating systems reliable and secure?
Microkernels—long discarded as unacceptable because of their lower performance compared with monolithic kernels—might be making a comeback in operating systems due to their potentially higher reliability, which many researchers now regard as more important than performance. [more]
Wednesday, 17 May 2006, 10:56 AM CET

Total computer security could result from unbreakable optical code
Researchers at Mitsubishi Electric, NEC and the University of Tokyo claim to have made a breakthrough in a new technique for very secure data communications. [more]
Wednesday, 17 May 2006, 10:54 AM CET

FBI special agent recounts outsourcing horror story
Also warns of the dangers of mobile computing security lapses. [more]
Wednesday, 17 May 2006, 10:52 AM CET

Love your firewall - changing is too painful
A lack of industry standards and few migration tools means that moving from one brand of gateway firewall to another can be a daunting task that can take six months or more. [more]
Wednesday, 17 May 2006, 1:30 AM CET

Poker tips site harbours Trojan
Security watchers have discovered a Trojan with built in root-kit functionality that's designed to steal the credentials of online poker players. [more]
Wednesday, 17 May 2006, 1:18 AM CET

BellSouth: no call data to NSA
BellSouth says it has no evidence it was contacted by a U.S. spy agency or gave the government access to any of its customers' phone call records, disputing a published report that sparked a national debate on federal surveillance tactics. [more]
Wednesday, 17 May 2006, 12:47 AM CET

The security implications of outsourcing
Concerns about data security and the qualifications of India's 350,000 call-center workers are starting to mount. According to John C. McCarthy, vice president for research at Forrester, some outsourcing providers forgo background checks of employees and even help applicants dress up their resumes. [more]
Wednesday, 17 May 2006, 12:47 AM CET

Malicious cryptography, part two
This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. [more]
Wednesday, 17 May 2006, 12:45 AM CET

US auditor jailed for cyber-snooping
Five months in chokey for putting spyware on the boss's computer. [more]
Tuesday, 16 May 2006, 8:17 PM CET

Blasting away security myths
During my nearly two-decade computer security career, I've always been amazed by how many security myths are propagated as fact by readers, instructors, leaders, and writers. [more]
Tuesday, 16 May 2006, 3:20 PM CET

Protection from prying NSA eyes
From the U.S. Fourth Amendment, the Stored Communications Act and U.S. wiretap laws to the Pen-register statute, Mark Rasch looks at legal protections available to the telecommunication companies and individual Americans in the wake of the NSA's massive spying program. [more]
Tuesday, 16 May 2006, 2:27 AM CET

Sponsored search results threaten security
Almost a tenth of sponsored results may pose risks. [more]
Tuesday, 16 May 2006, 2:12 AM CET

Qwest praised for declining NSA phone records request
EFF lauds company's sense of responsibility. [more]
Tuesday, 16 May 2006, 1:57 AM CET

AOL tool analyzes PCs for security flaws
Company is testing Active Security Measure, which alerts users to spyware, viruses, other malware. [more]
Tuesday, 16 May 2006, 1:46 AM CET

Banks get wise to phishing fraud
Recent reports about consumer confidence in online banking indicate that many of those who access their accounts online plan to do so less frequently as a result of concerns about security. [more]
Tuesday, 16 May 2006, 1:33 AM CET

Instant messaging a security headache
Instant messaging today is what email was 15 years ago, says Symantec. [more]
Tuesday, 16 May 2006, 1:05 AM CET

Encryption keeps secrets safe
Encryption of data to tape is becoming all the rage in business. [more]
Tuesday, 16 May 2006, 12:49 AM CET

Botnet implicated in click fraud scam
The SANS Institute has uncovered evidence that networks of compromised PCs are being used to click on banner ads, generating revenue for unscrupulous publishers. [more]
Tuesday, 16 May 2006, 12:26 AM CET

Pinch of security spoils IT recipes
Many vendors promote new security capabilities without considering the implications. [more]
Tuesday, 16 May 2006, 12:22 AM CET

Analysts, users disagree on Vista pros, cons
Enterprise reality could dampen Vista's shock. [more]
Monday, 15 May 2006, 2:08 PM CET

Vigilante Trojan attacks other malware
A "vigilante" Trojan, that attempts to protect infected PCs from the effects of malware caught while using peer-to-peer file-sharing networks, has been discovered. [more]
Monday, 15 May 2006, 1:31 PM CET

RFID in retail: an introduction
This white paper provides a general introduction to Radio Frequency Identification (RFID) technology, and discusses the benefits and challenges of this technology for organizations that are involved in the production, movement, or sale of retail goods. [more]
Monday, 15 May 2006, 1:29 PM CET

The Net's not-so-secret economy of crime
The people who want to rip you off are very polite with each other when they're buying and selling credit card numbers. [more]
Monday, 15 May 2006, 1:22 PM CET

SELinux from scratch
Build an SELinux-ready Gentoo system. [more]
Monday, 15 May 2006, 1:17 PM CET

Judges and prosecutors throw the book at hackers
Those accused of cybercrimes are facing serious charges. That could spell the end of the white-hat hacker. [more]
Monday, 15 May 2006, 1:16 PM CET

Kodak admits to spam, pays up
Photo giant agrees to pay FTC fine after sending promotional e-mails to 2 million individuals, calls incident a 'technical malfunction'. [more]
Monday, 15 May 2006, 1:10 PM CET

Online groups reveal details, legalities of NSA surveillance
Recent reports that the US National Security Agency spied on Americans expand upon allegations in federal lawsuits alleging that telecommunications companies helped the NSA secretly spy on Americans. [more]
Monday, 15 May 2006, 1:09 PM CET

Researcher: Apple patch falls short
Independent researcher Tom Ferris said there were still holes in Safari, QuickTime, and iTunes that he reported to Apple but were not patched in the latest release. [more]
Monday, 15 May 2006, 1:07 PM CET

The conman, it seems, is an endangered species
Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune. [more]
Friday, 12 May 2006, 6:39 PM CET

Ballmer talks Linux, security, SaaS
Microsoft CEO Steve Ballmer on Wednesday pegged three key areas of focus for Microsoft this year: competing with Linux in the high-end server market, software as a service (SaaS) and Internet advertising. [more]
Friday, 12 May 2006, 6:37 PM CET

Blasting away security myths
Rethinking conventional wisdom can be a smart way to bolster security. [more]
Friday, 12 May 2006, 2:27 PM CET

Security analyzers target vulnerabilities
Analyzers uses audit trails and remediation scripts to find and fix vulnerabilites before systems are deployed. [more]
Friday, 12 May 2006, 2:24 PM CET

Prison for privacy crooks
Information commissioner Richard Thomas has called for prison sentences of up to two years for the illegal buying and selling of personal information. [more]
Friday, 12 May 2006, 1:38 PM CET

The quest for ring 0
ederico Biancuzzi interviews French researcher Loïc Duflot to learn about the System Management Mode attack, how to mitigate it, what hardware is vulnerable, and why we should be concerned with recent X Server bugs. [more]
Friday, 12 May 2006, 1:37 PM CET

Ballmer talks up bullet proof Vista security
But as virusses are eliminated, phishing is set to increase, Microosft chief cautions. [more]
Friday, 12 May 2006, 10:09 AM CET

Campfire stories of SCADA insecurity
As government and industry start taking the cybersecurity of industrial control systems more seriously, shocking and funny stories are emerging. [more]
Friday, 12 May 2006, 10:07 AM CET

Why phishers don't fear SSL toolbars
Do anti-phishing toolbars in web browsers stop phishing attacks? No. Can they reduce them, even for savvy users? Yes. Are they all equally effective? No. [more]
Friday, 12 May 2006, 10:06 AM CET

CA extends tape encryption to mainframes
CA's BrightStor Tape Encryption tool encrypts data as it is written to standard label z/OS tapes, without requiring changes to job control language or apps, it said. [more]
Friday, 12 May 2006, 10:04 AM CET

Indian IT firms look for data security chief
Employee database ain't enough. [more]
Friday, 12 May 2006, 10:01 AM CET

Report: U.S. spies on everyone
Congressional Democrats demanded answers from the Bush administration Thursday about a report that the government secretly collected records of ordinary Americans' phone calls to build a database of every call made within the country. [more]
Friday, 12 May 2006, 3:05 AM CET

Devaluing the CISSP
Is the CISSP going the way of the Dodo? [more]
Friday, 12 May 2006, 2:42 AM CET

Rootkit-spreading spyware shop shuts down
ContextPlus, which spread spyware and adware, including software that hijacked searches and programs that leveled systems with pop-up ads, has posted a message on its Web site saying it's out of the business. [more]
Friday, 12 May 2006, 2:31 AM CET

Hackers slam McKinnon extradition ruling
The prosecution of alleged Pentagon uber-hacker Gary McKinnon shows that the US is failing to take even basic precautions to protect its military systems, according to a reformed computer hacker accused of similar crimes 10 years ago. [more]
Friday, 12 May 2006, 12:57 AM CET

Pace stepped up on IT security
Raising IT security as a board-level issue seems to have paid off. [more]
Friday, 12 May 2006, 12:36 AM CET

DOJ drops wiretap investigation
The government has abruptly ended an inquiry into the warrantless eavesdropping program because the National Security Agency refused to grant Justice Department lawyers security clearance. [more]
Friday, 12 May 2006, 12:26 AM CET

Nokia injects security services into new appliance
The Nokia IP390 Firewall/VPN includes unified threat management features. [more]
Friday, 12 May 2006, 12:07 AM CET

New security glitch found in Diebold system
Officials say machines have 'dangerous' holes. [more]
Thursday, 11 May 2006, 1:27 PM CET

Vista bad news for anti-spyware market?
Security firms may need to up their game. [more]
Thursday, 11 May 2006, 1:21 PM CET

Feds want hacker's genetic code
Hacker Adrian Lamo is in trouble again, this time for failing to give the federal government his DNA. [more]
Thursday, 11 May 2006, 1:20 PM CET

VoIP and security top enterprise IT priority lists
Convergence and security top the list of "hot" technologies that will have the greatest impact in 2006, according to the results of a new poll. [more]
Thursday, 11 May 2006, 1:16 PM CET

Laws won't stop cybercriminals, say experts
Instead of waiting for Congress to act, businesses should demand more secure IT products, one leading security expert said. [more]
Thursday, 11 May 2006, 3:57 AM CET

How a psychotherapist fell for a Nigerian e-mail scam
Every swindle is driven by a desire for easy money; it’s the one thing the swindler and the swindled have in common. Advance-fee fraud is an especially durable con. [more]
Thursday, 11 May 2006, 3:22 AM CET

Total failure of information security
A long-overdue wake up call for the information security community. [more]
Thursday, 11 May 2006, 3:13 AM CET

Parasitic IRCBot in the wild
Statistics show that the contemporary malware landscape is, in the main, somehow connected with Trojans: Backdoors, Trojan-Downloaders, Trojan-Droppers, etc. [more]
Thursday, 11 May 2006, 2:56 AM CET

Hacker faces wrath after pointing out security flaw
It's called Section 1030, and it's a federal law written to prevent unauthorized access to data on computers. [more]
Thursday, 11 May 2006, 2:43 AM CET

India to set up data security watchdog
Organization will focus on data security and privacy practices in India's call center and BPO industries. [more]
Thursday, 11 May 2006, 1:38 AM CET

UK hacker loses extradition appeal
Prosecutors appear to have won their appeal to extradite UK computer hacker Gary McKinnon to the United States, where he could face trial for hacking into military computer systems. [more]
Thursday, 11 May 2006, 1:14 AM CET

Hacker's work lingers years after his arrest
Two years after the arrest of a noted hacker, his creation remains at the top of the virus charts, a security company said Wednesday, proving just how long an Internet affliction can last. [more]
Thursday, 11 May 2006, 12:46 AM CET

Petrol-pump thieves go hi-tech
Tech-savvy thieves have worked out a means to obtain free petrol after hacking into electronically-controlled petrol pumps, according to US reports. [more]
Thursday, 11 May 2006, 12:27 AM CET

Hartford settles fraud probe for $20M
New York Attorney General Eliot Spitzer and Connecticut Attorney General Richard Blumenthal investigated claims into the marketing of retirement plans after tips that the company was making "secret payments" to insurance brokers to recommend Hartford group annuities to pension plans, Spitzer said. [more]
Thursday, 11 May 2006, 12:16 AM CET

FTC settles data security case
Settlement calls for real-estate firm NHC to improve its information security practices and submit to audits. [more]
Thursday, 11 May 2006, 12:02 AM CET

The illusion of invulnerability
On Saturday "Linuxtag 2006" closed in Wiesbaden (Germany). According to the organisers, it’s Europe's biggest Linux Expo. [more]
Wednesday, 10 May 2006, 12:54 PM CET

USC hacker case pivotal to future web security
Eric McCarty claims he hacked into the University of Southern California's computer system to warn of its vulnerabilities. The case could be a watershed event in the area of security research. [more]
Wednesday, 10 May 2006, 10:43 AM CET

Ex-NSA chief assails bush taps
Former National Security Agency director Bobby Ray Inman lashed out at the Bush administration Monday night over its continued use of warrantless domestic wiretaps, making him one of the highest-ranking former intelligence officials to criticize the program in public, analysts say. [more]
Wednesday, 10 May 2006, 10:41 AM CET

Privacy compliance and identity security winners
The Office of the Privacy Commissioner (OPC) has been allocated an additional $6.5 billion over four years to assist Australian businesses to comply with the Privacy Act. [more]
Wednesday, 10 May 2006, 10:32 AM CET

Spot a bug, go to jail
A new federal prosecution again raises the issue of whether computer security experts must fear prison time for investigating and reporting vulnerabilities. [more]
Wednesday, 10 May 2006, 10:31 AM CET

Cisco, T-Systems tap RFID for logistics, retail
Companies to jointly build RFID systems. [more]
Wednesday, 10 May 2006, 2:20 AM CET

Malicious cryptography, part 1
Cryptology is everywhere these days. Most users make good use of it even if they do not know they are using cryptographic primitives from day to day. [more]
Wednesday, 10 May 2006, 1:55 AM CET

Webroot uncovers thousands of stolen identities
FBI investigates as banking Trojan runs wild, claiming victims in 125 countries. [more]
Wednesday, 10 May 2006, 1:42 AM CET

Hacker gets longest ever sentence
A 21 year-old hacker has been sent to jail for almost five years for spreading malware that took control of hundreds of thousands of zombie computers. [more]
Wednesday, 10 May 2006, 1:27 AM CET

Vista's security will be pain in the neck
Windows Vista's new security features will so annoy users that Microsoft won't meet its goal of 400 million copies in two years, a research analyst said Monday. [more]
Wednesday, 10 May 2006, 1:07 AM CET

Security, the Microsoft way
Microsoft has every intention of working with networking giant Cisco on network access control protocols in its next version of Windows, the head of Microsoft's security technology unit said at an event here Monday. [more]
Wednesday, 10 May 2006, 12:54 AM CET

Hackers eyeing internet telephony
Australian businesses enjoying voice over internet protocol telephony could have less than 12 months before their networks become a target of malicious activity. [more]
Wednesday, 10 May 2006, 12:40 AM CET

F-Secure latest S60 smartphone platform
Security firm F-Secure has updated its mobile anti-virus software to support the latest version of the S60 interface, 3rd Edition, which runs on the newest version of the Symbian OS, 9.1. [more]
Wednesday, 10 May 2006, 12:19 AM CET

Ransomware rising
A relatively new form of malware may be starting to gain popularity among virus writers and Internet scam artists. [more]
Tuesday, 9 May 2006, 3:04 AM CET

Cisco's Unified Wireless Network
Network Computing tested elements of Cisco's Unified Wireless Network and were impressed with not only how well it has assimilated Airespace's technology but also its integration across the entire enterprise network. [more]
Tuesday, 9 May 2006, 2:55 AM CET

Trojan targets World of Warcraft gamers
According to Symantec, a new trojan called "Infostealer.Wowcraft" is making the rounds. Unlike many malicious programs, however, it makes no attempt to steal your credit card information. [more]
Tuesday, 9 May 2006, 2:36 AM CET

Bot herder pleads guilty to hospital hack
A 20-year-old Californian pleaded guilty last week to causing damage to computers in Seattle's Northwest Hospital when his bot software compromised systems in the healthcare facility. [more]
Tuesday, 9 May 2006, 1:55 AM CET

Compliance and security
There's a tug-of-war between satisfying regulatory requirements and handling IT security, says survey. [more]
Tuesday, 9 May 2006, 1:41 AM CET

Survey: security hot, paychecks not
A new Dark Reading survey suggests that the people riding the security wave aren't exactly raking in the dough. [more]
Tuesday, 9 May 2006, 1:30 AM CET

Ethics, hacking, and religion
What do ethics, hacking, and religion all have to do with each other? Seth Fogie takes a look at how these three subjects are interwoven. [more]
Tuesday, 9 May 2006, 1:15 AM CET

A true eBay crime story
It was the scandal that rocked the internet. A seemingly worthless painting sold on eBay in early 2000 for $135,805 -- all because buyers believed it might be the work of the 20th-century abstract painter Richard Diebenkorn. [more]
Tuesday, 9 May 2006, 12:59 AM CET

Sourcefire's Snort has s real nose for intruders
Open source intrusion detection and prevention technology is being used to bolster security in several products; new features could make it even more popular. [more]
Tuesday, 9 May 2006, 12:51 AM CET

UK hackers condemn McKinnon trial
The UK's hacking community has strongly criticised how fellow hacker Gary McKinnon has been treated. [more]
Tuesday, 9 May 2006, 12:46 AM CET

Hoodwinking the censors
Three computer geeks at the U of T are renowned developers of anti-censorship software, including a program out this month that could allow people to outwit the world's most repressive regimes. [more]
Tuesday, 9 May 2006, 12:18 AM CET

E-Mail is exhibit A
As more legal cases revolve around E-mail evidence, companies are turning to new tools to better monitor and manage E-mail usage. [more]
Tuesday, 9 May 2006, 12:03 AM CET

How companies can manage strong authentication intelligently
The most recent phishing attacks have shown how professional internet fraudsters steal passwords and identities. To exclude the growing security risk, experts recommend dual-factor authentication – also known as “strong” authentication. The use of security systems for strong authentication practically excludes the risk of passwords being deliberately stolen or cracked. [more]
Monday, 8 May 2006, 6:36 PM CET

Little Snitch 1.2.2 - acts as a great informant
When it comes to your workstation, one of the things you certainly want to be aware of is what’s happening with your outgoing network connections. [more]
Monday, 8 May 2006, 6:29 PM CET

Gone in 20 minutes: using laptops to steal cars
High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. [more]
Monday, 8 May 2006, 5:05 AM CET

Defeat spam with SpamBayes
Spam email is the plague of the 21st century; SpamBayes is its cure. This client-side application analyzes all incoming email messages and automatically sorts out those that are unwanted. [more]
Monday, 8 May 2006, 4:12 AM CET

Server monitoring with munin and monit
This article escribes how to monitor your server with munin and monit. [more]
Monday, 8 May 2006, 4:01 AM CET

Hacker hits Toronto transit message system
With a $25 remote, hacker was able to reprogram scrolling LED signs on local trains. [more]
Monday, 8 May 2006, 3:39 AM CET

Software security analysis with BogoSec
BogoSec is a source code metric tool that wraps multiple source code scanners, invokes them on its target code, and produces a final score that approximates the security quality of the code. [more]
Monday, 8 May 2006, 3:32 AM CET

Diamonds take a quantum leap to IT security
Diamond-based devices could be helping IT managers detect network snooping and prevent information theft as anti-eavesdropping technology from the University of Melbourne gets venture funding. [more]
Monday, 8 May 2006, 3:03 AM CET

Use RFID for people tracking
This article introduces one of the most popular scenarios for Radio Frequency Identification (RFID) technology - people tracking. [more]
Monday, 8 May 2006, 2:29 AM CET

Data breach notification law unlikely this year
Lawmakers have introduced more than 10 bills dealing with data breach notification. [more]
Monday, 8 May 2006, 2:19 AM CET

Piracy on the open seas
Advocates of non-proprietary software find the ultimate comeback for Microsoft. [more]
Monday, 8 May 2006, 1:42 AM CET

Microsoft preps critical Windows, Exchange patches
Microsoft on Tuesday plans to release three patches for several of its software products, including at least two critical updates for known vulnerabilities, according to the company's monthly security update. [more]
Monday, 8 May 2006, 1:34 AM CET

Dogs trained to sniff out fake DVDs
Two black Labradors have become the world's first dogs to be trained to search for counterfeit DVDs, a trade organisation have said. [more]
Monday, 8 May 2006, 1:14 AM CET

Strace - troubleshooting tool for all Linux users
Many times I have come across seemingly hopeless situations where a program when compiled and installed in GNU/Linux just fails to run. [more]
Monday, 8 May 2006, 12:53 AM CET

NIST issues draft guidance for IT security metrics
The National Institute of Standards and Technology has released the initial public draft of its Special Publication 800-80 titled Guide for Developing Performance Metrics for Information Security. [more]
Monday, 8 May 2006, 12:50 AM CET

'Spamford' Wallace fined $4m over spyware biz
Sanford 'Spamford' Wallace has been fined $4m and ordered to restrict the deceptive spyware practices of his company, Smartbot.Net, after losing a lawsuit brought by the US Federal Trade Commission. [more]
Monday, 8 May 2006, 12:48 AM CET

Malaysia welcomes the world in fight against cyber-terrorism
IMPACT is its name, and making an impact in the battle against cyber-terrorism is its mission. The Malaysian initiative seeks to bring together governments and the international private sector to deal with increasing threats in cyberspace. [more]
Monday, 8 May 2006, 12:23 AM CET

ATMs linked to IP networks vulnerable
A continuing trend by banks to take ATM machines off proprietary networks and put them on the banks' own TCP/IP networks is introducing new vulnerabilities in the ATM transaction environment. [more]
Friday, 5 May 2006, 10:11 AM CET

Spyware operator slapped with $4M fine
"Aggressive enforcement of this sort is absolutely vital if we're to continue our progress in battle against spyware," said Ari Schwartz, deputy director of the Center for Democracy and Technology. [more]
Friday, 5 May 2006, 10:10 AM CET

Diamonds take a quantum leap to IT security
Diamond-based devices could be helping IT managers detect network snooping and prevent information theft as anti-eavesdropping technology from the University of Melbourne gets venture funding. [more]
Friday, 5 May 2006, 10:07 AM CET

Games hacked for militants' jihad
The makers of combat video games have unwittingly become part of a global propaganda campaign by Islamic militants against the United States, US Defence officals say. [more]
Friday, 5 May 2006, 10:06 AM CET

Tech summit focuses on IT gap, security
From medical microchips and radio frequency identification chips to digital access to poor nations, technology leaders from around the world discussed the challenges of a fast-evolving, global digital economy at the World Congress on Information Technology this week. [more]
Friday, 5 May 2006, 10:05 AM CET

Katrina whips up data storm
Of all the unexpected consequences of Hurricane Katrina, few people expected the storm to whip up debate about the uses and abuses of personal information. [more]
Friday, 5 May 2006, 10:03 AM CET

China becomes target of cyber threats
The hunter becomes the game. [more]
Friday, 5 May 2006, 3:33 AM CET

MySQL patches buffer overflow flaws
MySQL AB this week issued a security patch for multiple vulnerabilities in its MySQL open-source database. [more]
Friday, 5 May 2006, 3:27 AM CET

FTC halts spyware operation
Judge orders Smartbot.Net to give up $4M in profits after it is sued for 'stealthy' downloads. [more]
Friday, 5 May 2006, 2:45 AM CET

Virus emails drop to record low
The number of emails carrying viruses has plummeted to fewer than one per cent of all messages sent, according to the April virus trends report from BlackSpider Technologies. [more]
Friday, 5 May 2006, 2:38 AM CET

Online privacy: nowhere to run, nowhere to hide
Consumers say they want privacy online although they often behave in ways that contradict those statements. Could it be that most of the complaints come from privacy advocates and not consumers at all? The Wharton School investigates. [more]
Friday, 5 May 2006, 1:55 AM CET

Trojan horse lurks in World Cup e-mail
Link in soccer tournament e-mail installs Trojan horse on users PCs, security experts warn. [more]
Friday, 5 May 2006, 1:37 AM CET

What could a boarding pass tell an identity fraudster about you?
This is the story of a piece of paper no bigger than a credit card, thrown away in a dustbin on the Heathrow Express to Paddington station. It was nestling among chewing gum wrappers and baggage tags, cast off by some weary traveller, when I first laid eyes on it just over a month ago. [more]
Friday, 5 May 2006, 12:47 AM CET

FCC keeps deadline for broadband wiretap access
Carriers had asked the agency to reconsider the May 14, 2007, deadline. [more]
Friday, 5 May 2006, 12:30 AM CET

Your top three security priorities
Faced with the ever-changing threat landscape and what has become a complex, confusing world of technology for IT, it's easy to lose focus and forget what otherwise would be your top priorities. [more]
Thursday, 4 May 2006, 12:21 PM CET

DDoS on Blue Security blog knocks Typepad, LiveJournal offline
The spam-fighting service Blue Security has been under siege by spammers and digital attackers in recent days. On Tuesday it wound up sharing its pain with a large chunk of the blogosphere. [more]
Thursday, 4 May 2006, 11:58 AM CET

Everyone wants to 'own' your PC
When technology serves its owners, it is liberating. When it is designed to serve others, over the owner's objection, it is oppressive. [more]
Thursday, 4 May 2006, 11:56 AM CET

Cross-site scripting worms and viruses
This paper provides an overview of XSS, defines XSS worms and examines propagation methods, infection rates, and potential impact. Most importantly, it outlines immediate steps enterprises can take to defend their websites. [more]
Thursday, 4 May 2006, 11:28 AM CET

5-month-old baby's identity stolen
Andrew is a healthy 5-month-old, but according to bill collectors, just three weeks after he was born he walked into an Edmonds family clinic on his own, got treated for a lumbar disc displacement and was given a narcotic to help ease the pain. [more]
Thursday, 4 May 2006, 2:57 AM CET

Suit levels spyware, typosquatting allegations at Yahoo
A class-action lawsuit filed Monday against Yahoo! Inc. and group of unnamed third-parties accuses the company of engaging in "syndication fraud" against advertisers who pay Yahoo to display their ads on search results and on the Web pages of partner Web sites. [more]
Thursday, 4 May 2006, 2:47 AM CET

Microsoft is pushing for privacy?
When it comes to protecting customers' privacy, Microsoft doesn't have the best record. So when the software giant backs new federal privacy legislation, onlookers suspect the company is probably protecting itself. [more]
Thursday, 4 May 2006, 2:29 AM CET

Spammer threatens anti-spam group
A company that's promoted an anti-spam "Do Not Intrude Registry" and essentially spammed spammers said Monday that many of its members have received threatening e-mails from a major junk mailer. [more]
Thursday, 4 May 2006, 1:15 AM CET

FBI sought data on thousands in '05
The FBI sought personal information on thousands of Americans last year from banks, Internet service providers and other companies without having to seek approval from a court, according to new data released by the Justice Department. [more]
Thursday, 4 May 2006, 1:11 AM CET

Malware analysis reveals families of code
A project focused on automating the process of classifying malicious software found that many programs have similar ancestors but that the names assigned by security firms don't always highlight common code. [more]
Thursday, 4 May 2006, 1:06 AM CET

An SSL trojan unmasked
Analyzing an especially dastardly trojan's inner workings produces startling - but useful - results. [more]
Thursday, 4 May 2006, 1:03 AM CET

Cutting through the OS X security rhetoric
Much has been written about future, potential problems with OS X security, but so far no widespread documented issues have occurred. [more]
Thursday, 4 May 2006, 1:01 AM CET

Ohio University reports two separate security breaches
One incident may have compromised the Social Security numbers of 137,000 alumni. [more]
Thursday, 4 May 2006, 12:42 AM CET

User group calls for IT defences rethink
Traditional network protection outdated, says Jericho Forum. [more]
Thursday, 4 May 2006, 12:35 AM CET

X marks the bug
Security researchers have discovered a critical vulnerability in the X Window system used in Unix and Linux systems. [more]
Thursday, 4 May 2006, 12:23 AM CET

'Swiss army knife' worm spreads
A new worm has been detected that is far more advanced than most malware picked up to date by investigators. [more]
Thursday, 4 May 2006, 12:14 AM CET

Network security lacking, expert says
The public is aware of many attacks on the nation's defense, but attacks they may not know about -- on information systems -- are growing even more prevalent. [more]
Wednesday, 3 May 2006, 10:57 AM CET

Firefox security bug patched
Users of Firefox 1.0 and Mozilla Suite 1.7 are not affected, but Firefox 1.5 users should receive software patches via the automatic update system. [more]
Wednesday, 3 May 2006, 10:56 AM CET

Test your knowledge of Security+ topics
The Security+ exam from CompTIA is an entry-level certification for those wanting to authenticate their knowledge of basic computer/networking security concepts. It consists of 100 multiple choice questions that need to be answered within 90 minutes. [more]
Wednesday, 3 May 2006, 10:55 AM CET

Trade groups target Russian piracy
The call for more action came after the U.S. last week decided to keep Russia on its "priority watch list" for intellectual property protection problems. [more]
Wednesday, 3 May 2006, 12:45 AM CET

Q&A: IBM exec on breach notification laws, data security push
Companies must pay attention to how they secure their data, says Harriet Pearson. [more]
Wednesday, 3 May 2006, 12:43 AM CET

Cracking the cult of hackers
"In the early days, it was all about ego. At that time, hackers just wanted to prove they were smart," said Stuart McClure, head of McAfee's Avert Labs. "Today, hacking is absolutely predominantly financial. Everything is driven by financial gain." [more]
Wednesday, 3 May 2006, 12:28 AM CET

UK retail security flap exposes 2,000 credit cards
An estimated 2,000 credit card details have been exposed by a security breach at a UK retailer. [more]
Wednesday, 3 May 2006, 12:27 AM CET

Viruses no longer top security threat
Early reports of malware distribution in April show that viruses are swiftly declining as a threat in comparison with other malicious software. [more]
Wednesday, 3 May 2006, 12:26 AM CET

'Smart' phishing attack targets Bank of Ireland
Bank of Ireland customers have been hit by yet another phishing scam in the form of an email asking users to update their security details. [more]
Wednesday, 3 May 2006, 12:25 AM CET

German agency to release open source security suite
GNU Privacy Guard for Windows enables data encryption, easy integration with Outlook 2003. [more]
Wednesday, 3 May 2006, 12:24 AM CET

Report: Internet criminals are getting faster
"We're losing the tsunami effect and instead getting wave after wave of smaller, more intense attacks to get on your machine and steal useful information," says Vincent Weafer, senior director of Symantec Security Response. [more]
Wednesday, 3 May 2006, 12:23 AM CET

Retail-safe RFID unveiled
IBM is introducing a new kind of wireless identification tag this week that it hopes will quell privacy unrest over plans to use RFID technology in retail stores. [more]
Wednesday, 3 May 2006, 12:22 AM CET

Identity theft - should you be worried?
According to recent surveys, identity theft is seeing the largest increase over any other kind of crime worldwide. Depending on what methods of security are implemented by the organization you are doing business with and what the relationship you have with them, secure access can be achieved. [more]
Tuesday, 2 May 2006, 12:25 PM CET

Protect your privacy
It’s an unwritten law that you can’t write about personal privacy without quoting Sun Microsystems CEO Scott McNealy’s infamous 1999 statement: “You have zero privacy anyway. Get over it.” [more]
Tuesday, 2 May 2006, 11:44 AM CET

Cyber criminal arrested after hacking e-commerce website
A denial of service (DoS) attacker, who had flooded a commercial website in Vietnam and caused tremendous loss, was arrested April 28th after cyber security companies homed in on him. [more]
Tuesday, 2 May 2006, 11:34 AM CET

How SSL-evading Trojans work
SSL-evading Trojans bypass the secure and authenticated tunnel mechanisms that are the safety backbone of today's Internet banking and financial institutions. As with any Trojan, this type can do anything allowed by the user's security permissions. [more]
Tuesday, 2 May 2006, 11:31 AM CET

Collaborative secure wireless sharing
University of Illinois developers have come up with a client/server multihoming protocol so that neighbors can pool and share wireless broadband access. [more]
Tuesday, 2 May 2006, 11:30 AM CET

Cisco overhauls router line to improve VoIP, security
Cisco Systems on Monday at Interop Las Vegas 2006 is expanding its integrated services story with a revamp of its 7200-series routers. [more]
Tuesday, 2 May 2006, 11:29 AM CET

White House intervenes in AT&T surveillance suit
"Even if AT&T - or the government - is successful at having the suit dismissed, the onus will be on similarly situated corporations to develop safety mechanisms ensuring that they do not face the same type of scrutiny and potential lawsuits as AT&T is facing now," said Sean P. Melvin of LaSalle University. [more]
Tuesday, 2 May 2006, 2:45 AM CET

Attacks shift to Mac, zero-day
The SANS Institute warned of a steep increase in critical security holes in Apple Computer's Mac OS X operating system and in previously undiscovered ("zero day") vulnerabilities in Web browsers. [more]
Tuesday, 2 May 2006, 2:34 AM CET

Sendmail and secure design
Sendmail's wide market share, ancient code base and long vulnerability history make it an interesting example about the need for software to start from a secure design. [more]
Tuesday, 2 May 2006, 2:21 AM CET

GM security chief gives hackers a lesson
General Motors Corp.'s chief information security officer, Eric Litt, used the chance to speak at the European Black Hat Convention in Amsterdam earlier this year to reach out to the hacker community and explain the problems large corporations face when dealing with software vulnerabilities. [more]
Tuesday, 2 May 2006, 1:57 AM CET

Secure SIP protects VoIP traffic
Session Initiation Protocol has become the call control protocol of choice for VoIP networks because of its open and extensible nature. However, the integrity of call signaling between sites is of utmost importance, and SIP is vulnerable to attackers when left unprotected. [more]
Tuesday, 2 May 2006, 1:41 AM CET

RFID security worries need a reality check
Sometimes our anxieties about security make us lose sight of how a technology is used. Such is the case with radio frequency identification, a proven technology that delivers big efficiencies and has yet to experience a confirmed hacker attack in the wild. [more]
Tuesday, 2 May 2006, 12:41 AM CET

Microsoft exec warns of rootkits
Microsoft dedicates four staffers to analyze rootkit samples found in customer computers or on the Internet. [more]
Tuesday, 2 May 2006, 12:40 AM CET

Users and IT lax about password security
After years of warning users about making sure their passwords aren't easy to guess or left on Post-It notes stuck to their monitors, it seems the message still hasn't gotten through. [more]
Tuesday, 2 May 2006, 12:39 AM CET

Mozilla readies Firefox security patch
Developers also confirm they're dropping a bookmarking feature from the next version of the browser. [more]
Tuesday, 2 May 2006, 12:38 AM CET

Neighborhood watch for network security?
Peer-to-peer approaches work for a variety of different technologies. But can P2P work for serious network security? [more]
Tuesday, 2 May 2006, 12:37 AM CET

Higher ed fears wiretapping law
Oral arguments to be heard this week in ACE vs. FCC petition over CALEA. [more]
Tuesday, 2 May 2006, 12:36 AM CET

The best person to hack your system is you
I’ve always been a firm believer in the idea of hacking yourself. After all, if you don’t hack yourself, the hackers will. [more]
Monday, 1 May 2006, 11:09 AM CET

Security - beyond the firewall
Network administrators need to look at hardware, devices, apps, access rights, and a variety of other factors. [more]
Monday, 1 May 2006, 11:07 AM CET

Firefox drops Places feature - security patch coming soon
The fix was supposed to have been released Friday. [more]
Monday, 1 May 2006, 3:38 AM CET

Boeing IT architect pushes Secure Mobile Architecture
In addition to its WLAN tracking efforts, Boeing's IT and PhantomWorks R&D groups are working on a new way to secure the company's sprawling 802.11 network with something it calls Secure Mobile Architecture. [more]
Monday, 1 May 2006, 2:35 AM CET

Firefox 2.0 bakes in anti-phish antidote
Mozilla has reached the latest development milestone for its next-generation Firefox 2.0 "Bon Echo" browser with a little anti-phishing help from Google. [more]
Monday, 1 May 2006, 2:25 AM CET

Next step in pirating: faking a company
At first it seemed to be nothing more than a routine, if damaging, case of counterfeiting in a country where faking it has become an industry. [more]
Monday, 1 May 2006, 2:22 AM CET

Darwin and spam
According to a recent CipherTrust study, consumers respond to and spend money on 5% of spam messages that link to porn sites. [more]
Monday, 1 May 2006, 1:07 AM CET

Real-world hooks add allure to phishing
Phishing attacks are increasingly using offline components to appear more trustworthy, according to security firms. [more]
Monday, 1 May 2006, 1:01 AM CET

F-Secure backtracks on mobile 'virus'
Security firm caught on tape. [more]
Monday, 1 May 2006, 12:16 AM CET

Feds drop bomb on EFF lawsuit
The federal government intends to invoke the rarely used "State Secrets Privilege". [more]
Monday, 1 May 2006, 12:01 AM CET


What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 22nd