Off the Wire

Off The Wire Archive

News items for May 2007

Trust but verify
My first patch to Perl 5 was a quick and dirty tiny feature enhancement. It also broke a couple of tests. [more]
Thursday, 31 May 2007, 6:37 PM CET

Security analogies: the key to educating laymen
As I've spoken to groups around the country and taught classes at Washington University in St Louis over the years, I've run into ignorance. [more]
Thursday, 31 May 2007, 3:34 PM CET

A BSD rootkit primer
The first book on BSD Rootkits was recently published. Federico Biancuzzi interviewed the author, Joseph Kong, to learn more about the dark art of kernel voodoo. [more]
Thursday, 31 May 2007, 3:32 PM CET

US arrests internet 'spam king'
A man nicknamed the "spam king" for allegedly sending out millions of junk e-mails has been arrested in the US. [more]
Thursday, 31 May 2007, 3:29 PM CET

Google privacy policy 'is vague'
Elements of Google's privacy policy are "vague" and need to be made more precise, the firm's global privacy counsel has told BBC News. [more]
Thursday, 31 May 2007, 12:23 PM CET

File-sharing sites are being subverted for web attacks
Peer-to-peer (P2P) file-sharing networks, which let users trade movies, music and software online, are increasingly being used to trick PCs into attacking other machines, experts say. [more]
Thursday, 31 May 2007, 11:30 AM CET

Prepare for more mobile security threats now
Mobile security threats are a relatively minor annoyance to a handful of users in Europe and Asia. However, conditions are rapidly ripening for these threats to start overwhelming both companies and individual users in North America. [more]
Thursday, 31 May 2007, 11:24 AM CET

F-Secure hit with anti-virus vulnerabilities
Company has patched flaws that could have allowed attackers to crash or run unauthorized software on system. [more]
Thursday, 31 May 2007, 1:31 AM CET

New Hampshire officials say no to real ID
Governor set to sign bill that rejects compliance with federal law. [more]
Thursday, 31 May 2007, 1:23 AM CET

Attackers get chatty on VoIP
The hacker attacks happening via Skype will become more severe and sophisticated as businesses start adopting VoIP technologies, analysts say. [more]
Thursday, 31 May 2007, 1:22 AM CET

Increasing vulnerability research supports security
Network security breaches have cost billions of dollars in lost revenues over the years. [more]
Thursday, 31 May 2007, 1:09 AM CET

Windows Vista and XP equally (in)secure
After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP. [more]
Thursday, 31 May 2007, 12:02 AM CET

Bug disclosures decline
The bad news: The number of reported security vulnerabilities out in cyberspace is still growing. The good news: That growth has slowed significantly over last year. [more]
Thursday, 31 May 2007, 12:00 AM CET

A new vector for hackers - Firefox add-ons
Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users. [more]
Wednesday, 30 May 2007, 4:28 PM CET

RFID privacy: Why not do it right?
California trying to deal with only some RFID privacy issues. [more]
Wednesday, 30 May 2007, 1:31 PM CET

Which ISPs are spying on you?
The few souls that attempt to read and understand website privacy policies know they are almost universally unintelligible and shot through with clever loopholes. [more]
Wednesday, 30 May 2007, 11:52 AM CET

Phony BBB email dupes more than 1,400 execs
A provider of online security services has uncovered a highly sophisticated phishing scheme that has already duped at least 1,400 US executives. [more]
Wednesday, 30 May 2007, 11:45 AM CET

Exploring the Windows Firewall
Back in the days of the paleocomputing era, no one ever thought about installing firewalls on individual computers. Who needed to? [more]
Wednesday, 30 May 2007, 11:44 AM CET

Peer-to-peer networks co-opted for DOS attacks
A flaw in the design of a popular peer-to-peer network software has given attackers the ability to create massive denial-of-service attacks that can easily overwhelm corporate websites, a security firm warned last week. [more]
Wednesday, 30 May 2007, 11:41 AM CET

Apple patches two critical QuickTime for Java flaws
Apple released another software patch that the company is recommending for all users of its latest QuickTime media software. [more]
Wednesday, 30 May 2007, 12:12 AM CET

Security professionals allege RDP vulnerability
Security professionals claim it’s possible to bypass service-side security settings using RDP 6.0 clients. [more]
Wednesday, 30 May 2007, 12:06 AM CET

ID cards off to slow start
The high-tech identification card under development for federal employees and contractors comes with high expectations for better building security and simpler employee access to computer systems. [more]
Wednesday, 30 May 2007, 12:02 AM CET

Terrorism not focus of Homeland Security
Claims of terrorism represented less than 0.01 percent of charges filed in recent years in immigration courts by the U.S. Department of Homeland Security, according to a report issued Sunday by an independent research group. [more]
Wednesday, 30 May 2007, 12:00 AM CET

Survey reveals scandal of snooping IT staff
Whilst you sit at your desk working innocently away, little do you realize that one in three of your IT work colleagues are snooping through company systems, peeking at confidential information such as your private files, salary data, personal emails, just by using the special administrative passwords that give IT workers privileged and anonymous access to virtually any system. [more]
Tuesday, 29 May 2007, 6:23 PM CET

A tale of dueling anti-spyware bills
The House of Representatives last week passed a bill called the "I-SPY Act" -- a.k.a. the "Internet Spyware Prevention Act of 2007." I believe it's important to highlight the benefits and limitations of this measure. [more]
Tuesday, 29 May 2007, 3:57 PM CET

The image spammer's new bag of tricks
The latest image spam generation allows spammers to reduce the e-mail size and return to the higher volumes of mail they once enjoyed. [more]
Tuesday, 29 May 2007, 3:56 PM CET

Are security pros worrying about the right stuff?
Worrying almost seems to define the job of the CSO and CISO. [more]
Tuesday, 29 May 2007, 1:18 PM CET

Owning database forensics
Call it the bank-robber principle: if you can't stop them getting in, catch them on the way out. [more]
Tuesday, 29 May 2007, 1:16 PM CET

Hacking Firefox: The secrets of about:config
Discover more than 20 behind-the-scenes tweaks for speeding up page loads, reducing memory drain and making the interface behave the way you want it to. [more]
Tuesday, 29 May 2007, 1:16 PM CET

Backing up MySQL data
Backing up files and directories is relatively easy; databases, however, have some special quirks that you need to address. [more]
Tuesday, 29 May 2007, 1:13 PM CET

Top 10 new features in Windows Server 2008
There are a myriad of both subtle and fundamental differences in the basic architecture of Windows Server 2008, which could dramatically change not only the way it's used in the enterprise, but also the logical and physical structure of networks where it's the dominant OS.
Tuesday, 29 May 2007, 12:58 AM CET

China crafts cyberweapons
The Defense Department reports China is building cyberwarfare units and developing viruses. [more]
Monday, 28 May 2007, 9:42 PM CET

Germany passes controversial antihacking law
No data theft required for 10-year "vacation," just access. [more]
Monday, 28 May 2007, 7:00 PM CET

Writing secure WordPress plugins
WordPress has become one of the most popular blogging packages on the Internet; this is largely due to its ease of use and its object oriented design which allows the user to easily extend its capabilities in the form of WordPress Plugins. [more]
Monday, 28 May 2007, 12:11 PM CET

Minnesota gives PCI rules a legal standing
New state law will penalize merchants that store card data if breaches occur. [more]
Monday, 28 May 2007, 12:03 PM CET

Microsoft sues alleged stock scammers
Company files 'John Doe' lawsuits against spammers using Hotmail to engage in stock pump-and-dump scams. [more]
Monday, 28 May 2007, 12:03 AM CET

UK database theft hurts customers
Cable & Wireless has served an injunction against a former executive following the theft of a 100,000 customer database, the BBC has learned. [more]
Monday, 28 May 2007, 12:00 AM CET

Wi-Fi and RFID used for tracking
Wireless tracking systems could be used to protect patients in hospitals and students on campuses, backers of the technology said. [more]
Friday, 25 May 2007, 5:14 PM CET

Report slams FBI network security
FBI network vulnerable to insider attacks, government watchdog group says. [more]
Friday, 25 May 2007, 11:05 AM CET

Increase of phishing attacks
Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers. [more]
Friday, 25 May 2007, 8:37 AM CET

Apple fixes 17 Mac OS X flaws
Buffer-overflow vulnerability among those sealed off Thursday. [more]
Friday, 25 May 2007, 8:30 AM CET

University blames security breach on un-patched Symantec bug
The University of Colorado at Boulder the faulty anti-virus software exposed sensitive information on nearly 45,000 students. [more]
Friday, 25 May 2007, 12:59 AM CET

IETF backs new cryptographic scheme to battle the effects of spam
The Internet Engineering Task Force (IETF) released a new e-mail authentication specification this week in the hopes of stepping up the slowing fight against spam. [more]
Friday, 25 May 2007, 12:56 AM CET

Why are CC numbers still so easy to find?
Frequent Slashdot contributor Bennett Haselton gives the full-disclosure treatment to the widely known and surprisingly simple technique for finding treasure-troves of credit card numbers online. [more]
Thursday, 24 May 2007, 3:38 PM CET

Copying HD DVD and Blu-ray discs may become legal
Licensing agreement could prove effective DRM compromise. [more]
Thursday, 24 May 2007, 2:28 PM CET

Management, security challenges threaten virtualization's success
Immature management and security technologies could hamper virtualization implementations, say experts. [more]
Thursday, 24 May 2007, 1:47 PM CET

Big brains gather to ponder future of UK security
A group of high-profile political, academic, and military heavyweights will come together over the next 18 months to ponder the future direction of UK security strategy. [more]
Thursday, 24 May 2007, 1:46 PM CET

Ryanair check-in site exposes data
Ryanair's online check-in service fails to ensure users submit confidential details across a secure connection. [more]
Thursday, 24 May 2007, 11:45 AM CET

Lessons from a honeynet that attracted 700,000 attacks
The attacks have been thick and steady, and the relentless hackers appear hell bent on taking control of as many vulnerable systems as possible. This article will focus on providing some basic guidelines that will serve to assist you in conducting your own vulnerability management and performing scans against your own systems and networks, in the hope that you will identify and remedy any serious vulnerabilities and bugs in advance of the unyielding hackers, ultimately resulting in computer systems that are secure and protected. [more]
Thursday, 24 May 2007, 2:47 AM CET

Microsoft says licensing protects customers
At the Interop trade show, a Microsoft exec touted the company's licensing program and tied it to the company's demand for patent royalties from the open-source community. [more]
Thursday, 24 May 2007, 1:31 AM CET

New antiphishing, antispam specifications unveiled
The DomainKeys Identified Mail spec helps sort and identify legitimate e-mail. [more]
Thursday, 24 May 2007, 12:51 AM CET

Protecting against SSH brute-force attacks
Practically all UNIX-based servers run a SSH server to allow remote administration across the Internet. [more]
Thursday, 24 May 2007, 12:45 AM CET

Google-Dell browser tool 'spyware,' charges OpenDNS founder
URL errors redirect Dell users to ad-packed page, 'crappy experience,' says critic. [more]
Thursday, 24 May 2007, 12:42 AM CET

Researcher: RSA 1024-bit encryption not enough
The strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributing-computing achievement. [more]
Thursday, 24 May 2007, 12:36 AM CET

Network security vulns keep sysadmins busy
Sysadmins can look forward to clocking some overtime this week after Cisco warned of flaws in how its core operating system handles malformed SSL traffic. [more]
Thursday, 24 May 2007, 12:36 AM CET

P2P networks hijacked for DDoS attacks
Peer-to-peer networks are being hijacked to launch an increasing number of distributed denial of service (DDoS) attacks on web sites, according to security researchers and network service providers. [more]
Thursday, 24 May 2007, 12:18 AM CET

Cyber crooks hijack activities of large web-hosting firm
Organized crime groups have modified a significant share of the Web sites operated by one of the Internet's largest Web hosting companies to launch cyber attacks against visitors, Security Fix has learned. [more]
Thursday, 24 May 2007, 12:15 AM CET

The best media to archive important data?
Both CDs and DVDs are good choices for archive storage. [more]
Thursday, 24 May 2007, 12:10 AM CET

Hack my son's computer, please
Can an elderly father give police permission to search a password-protected computer kept in his adult son's bedroom, without probable cause or a warrant? [more]
Thursday, 24 May 2007, 12:06 AM CET

Why your company needs a Chief Privacy Officer
In this era of data breaches and identity theft, chief privacy officers working hand-in-hand with security groups play a crucial if little-known role in protecting identifiable personal information. [more]
Thursday, 24 May 2007, 12:03 AM CET

Drive-by Wi-Fi 'thief' heavily fined
A Michigan man who parked outside a local Wi-Fi cafe every day to check his email has been fined $400 and sentenced to 40 hours' community service. [more]
Thursday, 24 May 2007, 12:00 AM CET

Half of Windows Vista adoption driven by security
A new study shows that IT managers are intrigued about Vista's new on-board security, along with user account control and an overall sense of better safeguards. [more]
Wednesday, 23 May 2007, 1:57 PM CET

Block some Office documents to assure security
If you can't secure it then don't use it. [more]
Wednesday, 23 May 2007, 1:54 PM CET

Microsoft could fulfill security dreams with NAP
Unless third-party security develops something better -- and soon -- NAP or Cisco NAC will rule endpoint security. [more]
Wednesday, 23 May 2007, 1:51 PM CET

Spyware bill passes House
If enacted, the bill would make assuming control of a computer via spyware or other fraudulent means a federal crime. [more]
Wednesday, 23 May 2007, 4:24 AM CET

Secure coding lessons from Microsoft
As vendors start to feel customer pressure for more secure products, industry observers believe the software giant's security development lifecycle can boost secure coding practices. [more]
Wednesday, 23 May 2007, 4:23 AM CET

Raid in Missouri tied to investigation into ID thefts
Immigration agents arrest 100 at poultry plant. [more]
Wednesday, 23 May 2007, 4:21 AM CET

Companies open wallets for secure data
Amplitude's annual survey of IT admins finds an increase in satisfaction with IT spending and more companies taking steps to use secure technology and practices. [more]
Wednesday, 23 May 2007, 12:15 AM CET

Crypto boffin: writing is on the wall for 1024-bit RSA
Crypto-busting boffins have broken a new record in their quest to find the prime factors in large numbers, and may soon threaten part of the encryption system used to secure retail websites. [more]
Wednesday, 23 May 2007, 12:12 AM CET

How to educate your staff about security
You can't solve every security problem at once with what amounts to a PR campaign. [more]
Wednesday, 23 May 2007, 12:06 AM CET

Spammers plunder Plusnet e-mail
Customers of UK net provider Plusnet have been told to change the password for their account following a break-in by malicious hackers. [more]
Wednesday, 23 May 2007, 12:00 AM CET

Japan military data leak wider than previously thought
Aegis shield data swapped with co-worker. [more]
Tuesday, 22 May 2007, 12:54 PM CET

Regulators to begin SOX reviews
The financial reporting legislation may be changed in order to relax stringent regulations and reduce the cost of compliance. [more]
Tuesday, 22 May 2007, 10:28 AM CET

Darknets for application service providers
Despite mature technologies from firewalls to antivirus, and in the face of heightened user expectations and business needs, keeping your enterprise secure is harder than ever. Darknets offer an effective way to increate your security intelligence. [more]
Tuesday, 22 May 2007, 10:25 AM CET

Big firms aren't only ones hit by system hackers
Inadequately protecting sensitive information can invite intruders. [more]
Tuesday, 22 May 2007, 10:20 AM CET

Security slips down IT department priorities
Goldman Sachs survey says spending will focus on server consolidation. [more]
Tuesday, 22 May 2007, 10:18 AM CET

Office 2007 left unprotected in update snafu
Users may not have received this month's patches from Microsoft. [more]
Tuesday, 22 May 2007, 2:00 AM CET

Anti-splog evasion
One of the things that Blackhat SEO types do is they attempt to scrape other people’s sites that have original content. [more]
Tuesday, 22 May 2007, 1:30 AM CET

New police 'spy drone' takes to sky
The UK's first police "spy drone" has taken to the skies. [more]
Tuesday, 22 May 2007, 1:15 AM CET

Scammers target elderly with aid of data brokers
Consumer data broker infoUSA reaped huge profits selling lists with the names of elderly individuals and others likely to be easy targets for identity thieves and con artists, according to a harrowing story in Sunday's New York Times. [more]
Tuesday, 22 May 2007, 1:12 AM CET

Top 7 common programmers security mistakes
I've cherry picked these 7 as my personal favorites. [more]
Tuesday, 22 May 2007, 12:24 AM CET

How to fight mobile security threats
What the threats are, how to protect yourself. [more]
Tuesday, 22 May 2007, 12:21 AM CET

Spyware still cheating merchants and legitimate affiliates
Spyware vendors are trying to clean up their images. [more]
Tuesday, 22 May 2007, 12:18 AM CET

CIS "best practices" certification for Nessus audits
The CIS is a non-profit organization that produces "best practice" guides for securing a wide variety of IT infrastructure such as operating systems, applications and network devices. [more]
Tuesday, 22 May 2007, 12:15 AM CET

Bugs with no bite
The dirty little secret about security bugs is not every single vulnerability that gets reported is exploitable -- meaning there are some that an attacker can't use against you. So how do you know which threats to patch right away and which to ignore? [more]
Tuesday, 22 May 2007, 12:09 AM CET

Howto install a free NX Server on Debian 4.0
NoMachine NX is a Terminal Server and Remote Access solution based on open source technologies. [more]
Tuesday, 22 May 2007, 12:08 AM CET

Norton's firewall not fiery enough
Users of Norton Personal Firewall have been urged to update their software following the discovery of a serious vulnerability in the security package. [more]
Tuesday, 22 May 2007, 12:05 AM CET

Vulnerability and penetration testing: what's the difference?
If an enterprise turns to an outside vendor to help test security, how do they know what type of service they should ask for? [more]
Monday, 21 May 2007, 5:24 PM CET

Unpatched QuickTime is security risk
The higher risk posed by QuickTime stems from slack patching by users. [more]
Monday, 21 May 2007, 12:55 PM CET

Entrusting end users an outdated idea
Ubuntu expert leaves no segment unflamed at AusCERT. [more]
Monday, 21 May 2007, 12:04 PM CET

Encryption: do it today or pay tomorrow
The need has never been greater, and the technology is ready. [more]
Monday, 21 May 2007, 11:54 AM CET

'Data storm' blamed for nuclear plant shutdown
The US House of Representative's Committee on Homeland Security called this week for the Nuclear Regulatory Commission (NRC) to further investigate the cause of excessive network traffic that shut down an Alabama nuclear plant. [more]
Monday, 21 May 2007, 11:50 AM CET

Accused nuke engineer: I was showing off
Software downloaded had details of control rooms, reactors and designs. [more]
Monday, 21 May 2007, 12:33 AM CET

Alcatel-Lucent reports employee data lost or stolen
A CD containing personal information about thousands of Alcatel-Lucent employees and their dependants has been lost or stolen, the company said on Thursday. [more]
Monday, 21 May 2007, 12:21 AM CET

Searching for "classified" content in documents
Sensitive government and military organizations classify their documents with familiar terms like "TOP SECRET" and also less well known terms like "NOFORN" (which means the data can't be shared with any foreign nationals). [more]
Monday, 21 May 2007, 12:15 AM CET

Gen Y security threat
It's not just clever young hackers who are security problems; it's naive young users. [more]
Monday, 21 May 2007, 12:09 AM CET

The secret Iraq documents my 8-year-old found
With a couple of keystrokes, you too can read the hidden history of the Coalition Provisional Authority, America's late, unlamented occupation government in Iraq. [more]
Monday, 21 May 2007, 12:03 AM CET

The Pirate Bay moves into video streaming
The Pirate Bay, one of the largest and most controversial sites for downloading copyrighted materials via BitTorrent, confirmed today that they are preparing to launch a video streaming site. [more]
Monday, 21 May 2007, 12:00 AM CET

FCO to probe visa security lapse
The Foreign and Commonwealth Office (FCO) has closed its online service for visa applicants from India while it investigates a security breach that made the personal details of visa applicants available online. [more]
Friday, 18 May 2007, 3:48 PM CET

Microsoft security patch booby traps IE7
Microsoft investigates why some PCs affected. [more]
Friday, 18 May 2007, 3:39 PM CET

Why I hate RBLs
Anti-spam real-time block lists become a royal pain when it comes to getting innocent servers off the list. [more]
Friday, 18 May 2007, 3:38 PM CET

The fragility of road-warrior security
It is often said that the weakest link in the IT security chain is the human being. [more]
Friday, 18 May 2007, 1:46 PM CET

Gatwick gets iris recognition
Gatwick South has started using an iris recognition system - it is the ninth UK airport terminal to roll out the system. [more]
Friday, 18 May 2007, 1:45 PM CET

Adware Zango sues maker of antispyware tool
Image rehabilitation via ligitation might be the plan for former 180Solutions. [more]
Friday, 18 May 2007, 1:44 PM CET

Global net censorship 'growing'
The level of state-led censorship of the net is growing around the world, a study of so-called internet filtering by the Open Net Initiative suggests. [more]
Friday, 18 May 2007, 10:42 AM CET

Deepwater churning around unencrypted data
Project spotlighted by Cryptome really is in trouble. [more]
Friday, 18 May 2007, 12:18 AM CET

Grifters find rich pickings on social networking sites
Social networking sites are creating a means for hackers and conmen to worm their way into the confidence of users. [more]
Friday, 18 May 2007, 12:15 AM CET

OpenSEA aims for better authentication
The new OpenSEA Alliance, incorporated in California as a nonprofit, plans to focus on developing a supplicant for the 802.1X standard of port authentication. As its first project, OpenSEA plans to develop a cross-platform, open-source 802.1X supplicant using the Firefox Web browser as a model. [more]
Friday, 18 May 2007, 12:12 AM CET

Scammers gaming YouTube ratings for profit
Spyware researcher says scammers are inflating the popularity of videos on YouTube and other sharing sites, often as a lure to Web sites loaded with malicious programs. [more]
Friday, 18 May 2007, 12:09 AM CET

Latest AACS revision defeated a week before release
Despite the best efforts of the Advanced Access Content System (AACS) Licensing Administration (AACS LA), content pirates remain one step ahead. [more]
Friday, 18 May 2007, 12:06 AM CET

Why Web pirates can't be touched
As Russia seeks to join the World Trade Organization, it may be forced to step in line with international copyright licensing and stamp out sites like AllofMP3. [more]
Friday, 18 May 2007, 12:03 AM CET

Detecting SPAM from inside your network
This blog entry shows how passive network analysis and log analysis can be used to look for specific types of events that can indicate SPAM originating from inside your network. [more]
Friday, 18 May 2007, 12:00 AM CET

Estonia hit by 'Moscow cyber war'
Estonia says the country's websites have been under heavy attack for the past three weeks, blaming Russia for playing a part in the cyber warfare. [more]
Thursday, 17 May 2007, 2:10 PM CET

GAO says Homeland Security is breaking privacy laws
The Homeland Security Department is breaking the law by not telling the public exactly how personal information is used to screen international travelers, including Americans, congressional investigators said Wednesday. [more]
Thursday, 17 May 2007, 11:48 AM CET

Microsoft tweaks Patch Tuesday advance notification
The company will flesh out its vague Advanced Notification Alerts to include info on which programs and versions are being patched and the maximum severity rating. [more]
Thursday, 17 May 2007, 9:26 AM CET

Secure chips for gadgets set to soar
As the demands that content such as high-definition television programming make on the central processors in electronic devices grows, so, too, will the processing demands to keep that content secure. [more]
Thursday, 17 May 2007, 9:20 AM CET

Firefox surfers more likely patched than IE users
New statistics released today indicate that people who use Mozilla's Firefox Web browser are more likely to be cruising the Web with all of the latest security updates installed than those surfing with Microsoft's Internet Explorer. [more]
Thursday, 17 May 2007, 1:19 AM CET

IBM loses tapes with retiree data
IBM's missing-tape incident surfaced in recent weeks when IBM's human-resources department wrote to affected workers - primarily former employees - to inform them of the problem. The letter said the tapes held archival information, such as Social Security numbers, contact information, and work history. [more]
Thursday, 17 May 2007, 12:03 AM CET

Password policy management feature slipped into Longhorn
Microsoft has quietly added a password management feature to Longhorn Server that will let administrators assign password policies based on users and groups regardless of what domain they reside in. [more]
Thursday, 17 May 2007, 12:00 AM CET

Source code auditing keeps organizations on the right side of licensing
In 2000, when Theresa Friday, Ray Waldin, and Jeff Luszcz were working for dot-com startup Cacheon, they saw firsthand the power of open source software to impact a business model. [more]
Wednesday, 16 May 2007, 11:45 AM CET

IBM contractor loses sensitive employee data
An unnamed IBM Corp. vendor has lost tapes containing sensitive information on IBM employees, the computer maker confirmed Tuesday. [more]
Wednesday, 16 May 2007, 11:43 AM CET

Malware 'hijacks Windows Updates'
Virus writers may be able to smuggle malicious files onto a computer using Microsoft's security patch updates, experts say. [more]
Wednesday, 16 May 2007, 11:42 AM CET

Visa seeks security unanimity
Presses app vendors to follow its lead. [more]
Wednesday, 16 May 2007, 12:03 AM CET

Internet passes 600,000 SSL sites
Netcraft's SSL Survey has found more than 600,000 SSL sites on the Internet for the first time this month. [more]
Wednesday, 16 May 2007, 12:00 AM CET

Is penetration testing worth it?
There are security experts who insist penetration testing is essential for network security, and you have no hope of being secure unless you do it regularly. [more]
Tuesday, 15 May 2007, 4:10 PM CET

Citing security, Pentagon limits troops' Web use
Army Lt. Daniel Zimmerman, an infantry platoon leader in Iraq, puts a blog on the Internet every now and then "to basically keep my friends and family up to date" back home. [more]
Tuesday, 15 May 2007, 4:08 PM CET

Remote Home Monitoring: Passing Fad or Wave of the Future?
With an estimated 80 million households using broadband Internet by 2010, what does the future look like for remote home monitoring services? [more]
Tuesday, 15 May 2007, 3:27 PM CET

Gone in 120 seconds: cracking Wi-Fi security
Cracking the Wi-Fi security protocol WEP is a probability game. The number of packets required to successfully decrypt the key depends on various factors, luck included. [more]
Tuesday, 15 May 2007, 3:26 PM CET

Encrypted home partition in Linux
Have you ever wondered what would have happened if all the important data have been stolen from your mobile PC? [more]
Tuesday, 15 May 2007, 12:29 PM CET

No change in global piracy rates
More than one-third of business software used by companies around the world is pirated. [more]
Tuesday, 15 May 2007, 12:26 PM CET

Chinese hackers ‘launch’ glam brands’ new designs
Organized teams of Chinese hackers are breaking into the computers of Western companies to steal fashion ideas and counterfeit them before the genuine articles can hit the streets, Italy's domestic intelligence service reports. [more]
Tuesday, 15 May 2007, 9:00 AM CET

Texas mulls bill that would make PCI requirements a state law
Retailers that accept credit cards would be financially liable for data breach costs. [more]
Tuesday, 15 May 2007, 8:57 AM CET

U.S. piracy crackdown nets 50th conviction
A U.S. Department of Justice crackdown on online piracy has recorded its 50th felony conviction, the agency announced. [more]
Tuesday, 15 May 2007, 8:56 AM CET

Critical Samba vulnerability fixed
Vulns like this a relative rarity for the file-and-print software. [more]
Tuesday, 15 May 2007, 8:51 AM CET

Security Alliance Charts OpenSEA
Six security and networking companies on Monday introduced the OpenSEA Alliance, an organization that promotes the use of an open-source standard for secure wireless connections. [more]
Tuesday, 15 May 2007, 8:49 AM CET

US, EU officials hopeful for airline data privacy pact
Thirty-four pieces of passenger info requested. [more]
Tuesday, 15 May 2007, 1:00 AM CET

Should vendors close all security holes?
The reader wrote to say that his company often sits on security bugs until they are publicly announced or until at least one customer complaint is made. Before you start disagreeing with this policy, hear out the rest of his argument. [more]
Tuesday, 15 May 2007, 12:18 AM CET

Criminologists pwn AusCERT
Not-for-profit IT security organisation AusCERT has axed its annual survey of Australian computer crime. [more]
Tuesday, 15 May 2007, 12:15 AM CET

RIAA's rude awakening for college pirates
At least 500 university students nationwide have paid settlements to avoid being sued by the Recording Industry Association of America, said Jenni Engebretsen, an RIAA spokesperson. [more]
Tuesday, 15 May 2007, 12:12 AM CET

MySpace users snowed in by new blizzard of spam
In the beginning, MySpace was a place to meet new friends and get to know old ones even better by browsing their journals, photos and network of chums... [more]
Tuesday, 15 May 2007, 12:06 AM CET

Botnet management app exposed
Sophisticated Zunker app has been used to control and monitor tens of thousands of botnet PCs. [more]
Tuesday, 15 May 2007, 12:01 AM CET

Does secrecy help protect personal information?
Personal information protection is an economic problem, not a security problem. [more]
Tuesday, 15 May 2007, 12:00 AM CET

Howto install a content filtering and virus checking proxy
Commercial filters are often expensive, especially when used on a large number of computers, as would be the case in a school computer lab or in small or medium companies with computer networks. [more]
Monday, 14 May 2007, 6:35 PM CET

Chasing vulnerabilities for fun and profit II
At WhiteHat Security we spend our time hacking the world’s largest and most popular websites (a really cool job). [more]
Monday, 14 May 2007, 12:46 PM CET

Web safety warning for children
More than half of children in the UK using the internet have had an "unwanted experience", a poll suggests. [more]
Monday, 14 May 2007, 11:13 AM CET

Voice biometrics: coming to a security system near you
Note to criminals planning to use a telephone in the commission of their crimes: everyone's voice is unique. [more]
Monday, 14 May 2007, 10:59 AM CET

No security reprieve from Blizzard's Warden
Two good reasons to pass on MMORPGs in the office. [more]
Monday, 14 May 2007, 10:58 AM CET

How to prepare for a Security Information and Event Management deployment
SIEM's (Security Information and Event Management) software takes input logs and alerts from a range of systems (firewalls, routers, anti-malware, servers, etc) and informs IT teams of unusual occurrences which warrant further investigation. The system also safeguards the data for subsequent audit needs and for compliance-aligned reporting. [more]
Monday, 14 May 2007, 1:56 AM CET

Hacking Citibank's virtual keyboard
In some countries outside of the US, Citibank has a login option to enter your PIN by clicking on the display of a keyboard rather than with the physical keyboard. [more]
Monday, 14 May 2007, 12:18 AM CET

Google searches web's dark side
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC. [more]
Monday, 14 May 2007, 12:16 AM CET

CIO managing the CSO: is the fox watching the henhouse?
The chief security officer is a fairly new position. [more]
Monday, 14 May 2007, 12:12 AM CET

Is Big Brother a big deal?
Big Brother isn't what he used to be. [more]
Monday, 14 May 2007, 12:08 AM CET

Vista performance and security
Just like in XP, when a Vista system is set up with multiple user profiles, different people can log on by clicking their account icon and entering a password. [more]
Monday, 14 May 2007, 12:06 AM CET

Today is wiretap the Internet day
Congress passed CALEA in 1994 to help FBI eavesdroppers deal with digital telecom technology. The law required phone companies to make their networks easier to wiretap. [more]
Monday, 14 May 2007, 12:03 AM CET

A security tool with a message
Security experts will tell you that it isn't always about technology. [more]
Monday, 14 May 2007, 12:00 AM CET

A security tool with a message
Security experts will tell you that it isn't always about technology. [more]
Friday, 11 May 2007, 11:58 AM CET

Engineer convicted of stealing U.S. secrets
Calif. jury finds Chinese-born U.S. citizen guilty of stealing military data. [more]
Friday, 11 May 2007, 10:57 AM CET

Building trust in downloads no simple feat
Truste hopes to become a virtual clearinghouse for trustworthy software distribution. [more]
Friday, 11 May 2007, 10:56 AM CET

Why security pros use Macs
Security professionals need not hide behind the argument that avoiding Microsoft Products is the end-all solution to a secure computing environment. Security Professionals have much better reasons, and those were amplified when I talked to other folks at CEIC 2007 over the last few days. [more]
Friday, 11 May 2007, 10:52 AM CET

Is paying hackers good for business?
It’s an interesting question, I feel, and one that seems to split both the IT security business and, well, business, asunder. [more]
Friday, 11 May 2007, 12:05 AM CET

Hackers hijack Windows Update's downloader
Stealing Windows' BITS gets bad code past any firewall. [more]
Friday, 11 May 2007, 12:02 AM CET

Don't get hooked by latest phishing scam
Phone-forwarding scheme looks like a legitimate e-mail from bank. [more]
Friday, 11 May 2007, 12:00 AM CET

Vista betas, RCs can't install patches
Eight bugs remain a risk as countdown to OS expiration continues. [more]
Thursday, 10 May 2007, 4:18 PM CET

Stephen Northcutt on Security Certification and the SANS Top 20
Stephen Northcutt, the CEO of the SANS Institute, provides us with an overview of SANS activities, the Internet Storm Center, the SANS Top 20 and the evolution of the IT security market in terms of the growing need for certification. This is a video that anyone wanting to get certified will be interested in. [more]
Thursday, 10 May 2007, 3:13 PM CET

Improving wireless security
Partially for cost reasons (less money to spend versus regular wiring) and partially for convenience (users don't have to be close to a network jack), more wireless is starting to be deployed at my company [more]
Thursday, 10 May 2007, 11:52 AM CET

Microsoft Office security tool could prevent hacker attacks
Microsoft will release an enterprise tool that offers some of the security features in the new Office 2007 suite. [more]
Thursday, 10 May 2007, 10:40 AM CET

Symantec pitches rootkit tech as Veritas validation
Symantec's Raw Disk Scan rootkit search-and-remove app is an example of what kind of technology the Symantec-Veritas merger will bring forth. [more]
Thursday, 10 May 2007, 10:38 AM CET

Advanced tools to handle stolen information
When analyzing one of the latest variants of LDPinch, an information stealing trojan, the people at F-Secure found the drop-site used by the trojan to upload the stolen information. [more]
Thursday, 10 May 2007, 10:36 AM CET

Pentagon sets info-sharing strategy
The Pentagon aims to complete a plan by October or November to improve how it shares information. [more]
Thursday, 10 May 2007, 10:34 AM CET

Microsoft invites hackers back for Blue Hat
Microsoft is hosting its Blue Hat hacking conference at its Redmond, Washington, headquarters. [more]
Thursday, 10 May 2007, 10:33 AM CET

Phishing social networking sites
RSnake was able to talk to someone who was willing to sit down and write out some thoughts from a phisher’s perspective. [more]
Thursday, 10 May 2007, 12:50 AM CET

Firefox extension: secure your passwords with Master Password Timeout
We've already described the major security benefits of securing your Firefox saved passwords, but you're not perfect, and you may from time to time wonder away from your computer after you've entered your master password, leaving your saved logins at some sneaky turds sticky fingertips. [more]
Thursday, 10 May 2007, 12:45 AM CET

Chips on DVDs could prevent theft
Technology may also be used to protect electronic devices. [more]
Thursday, 10 May 2007, 12:42 AM CET

Google preparing to police web
Increasingly worried by the use of conventional web sites to distribute the viruses that turn innocent PCs into botnet "zombies," Google appears to be readying a plan to police the web. [more]
Thursday, 10 May 2007, 12:35 AM CET

Police seize laptop for sale with children's data
Info on Social Services clients turns up on eBay. [more]
Thursday, 10 May 2007, 12:18 AM CET

Six in California indicted for online bank fraud
Six California men accused of breaking in to online bank accounts and funneling out the proceeds have been indicted for bank and wire fraud and money laundering. [more]
Thursday, 10 May 2007, 12:12 AM CET

Talking security with Red Hat's Mark Cox
IT professionals spend a lot of time thinking about security, and ways to make sure their systems are patched as quickly as possible. [more]
Thursday, 10 May 2007, 12:01 AM CET

Infrastructure security powers up
Many critical infrastructure businesses are scrambling to beef up security against physical and IT threats - before the government steps in to regulate. [more]
Thursday, 10 May 2007, 12:00 AM CET

The politics of identity theft today ran an in-depth story I wrote examining the politics behind the identity theft problem in one state. [more]
Wednesday, 9 May 2007, 6:48 PM CET

Today’s biggest IT security menace and 6 ways to fight it
Reports found that insider attacks result in costly outages, lost business, legal liability and, inevitably, failed audits. In one case study, it took 115 employees 1800 hours to restore data deleted by a disgruntled insider. At the time of the attack, the perpetrator was an ex-employee of the IT department who was able to remotely access key systems. [more]
Wednesday, 9 May 2007, 2:01 PM CET

Scammed out of your domain?
Security. Protection. Backup. [more]
Wednesday, 9 May 2007, 10:24 AM CET

Man faces 10 years for fudging computer credentials
A former computer forensics expert hired to testify in court cases has pleaded guilty to federal perjury charges for falsifying his resume and lying in open court, presumably about his credentials. [more]
Wednesday, 9 May 2007, 10:23 AM CET

IRS wants data on users from Internet firms
Names, addresses, taxpayer IDs, and Social Security numbers could be collected and turned over to government under new proposal. [more]
Wednesday, 9 May 2007, 10:23 AM CET

New multimedia networks face security challenges
Telecommunication standard mayintroduce more vulnerabilities than benefits. [more]
Wednesday, 9 May 2007, 12:57 AM CET

Five security flaws in IPv6
Ready or not, IPv6 is finally visible on the horizon... And researchers are already finding major security problems with it. [more]
Wednesday, 9 May 2007, 12:54 AM CET

Hacker accesses students' personal information
A computer hacker accessed the Social Security numbers of more than 22,000 current or former students at the University of Missouri, the second such attack this year, school officials said Tuesday. The FBI is investigating. [more]
Wednesday, 9 May 2007, 12:30 AM CET

Four steps to tracking data copies
Most companies have no mechanism to ensure that data access rights are consistent. [more]
Wednesday, 9 May 2007, 12:03 AM CET

Secure your laptop with the LaptopLock
Don't let the creep who stole your computer paw through your private files, passwords and personal information. [more]
Wednesday, 9 May 2007, 12:00 AM CET

The myth of the Superuser: fear, risk, and harm online
Fear of the powerful computer user, "the Superuser," dominates debates about online conflict. [more]
Tuesday, 8 May 2007, 5:44 PM CET

Verizon says phone record disclosure is protected free speech
Verizon is one of the phone companies currently being sued over its alleged disclosure of customer phone records to the NSA. [more]
Tuesday, 8 May 2007, 5:42 PM CET

TLS and SSL in the real world
Happily, a majority of web users now know to look for the lock icon and the HTTPS in the address line to identify when their connection is secure. [more]
Tuesday, 8 May 2007, 5:37 PM CET

State data with Social Security numbers misplaced for 2 weeks
Nine million state records containing Social Security numbers and other sensitive data used to verify Medicaid claims went missing for more than two weeks, and state officials didn't know for more than half that time. [more]
Tuesday, 8 May 2007, 12:47 PM CET

British hackers attack MoD satellite
A group of computer hackers suspected of seizing control of a British military communications satellite using a home computer, triggering a "frenetic" security alert, has been traced to the south of England. [more]
Tuesday, 8 May 2007, 9:47 AM CET

Forget the Nigerian spam scam; now it's a take-off on Three Kings
'This one is much easier to fall for,' says a Symantec researcher. [more]
Tuesday, 8 May 2007, 9:46 AM CET

Activists hijack Chinese TV, broadcast messages
The signal of a government-run television station in southern China was hijacked by alleged hackers who used the frequencies to broadcast anti-government content, press reports said yesterday. [more]
Tuesday, 8 May 2007, 9:45 AM CET

How Internet criminals will evade Vista's safeguards
Unlikely that they'll just give up trying, after all. [more]
Tuesday, 8 May 2007, 12:40 AM CET

How to track and recover your Linux laptop if it gets stolen
Facing the possibility that your laptop (or even desktop) could get stolen, lost or otherwise disappear makes me think of what I’d do. [more]
Tuesday, 8 May 2007, 12:21 AM CET

RIAA "extortion": why the only RICO they fear is Suave
Since launching its legal campaign against those it suspects of file-sharing, the RIAA has been called any number of nasty things. [more]
Tuesday, 8 May 2007, 12:18 AM CET

Estonian hold suspect over 'cyber-attacks'
Police arrested Saturday a 19-year-old Tallinn resident who is suspected of involvement in a wave of attacks against Estonian computer servers. [more]
Tuesday, 8 May 2007, 12:09 AM CET

A keyhole for your system's back door
While a properly set up SSH service can give you secure remote access to a server, you might not like the idea of having an SSH server always running on your machine. [more]
Tuesday, 8 May 2007, 12:06 AM CET

Russian teacher fined in Microsoft piracy case
A Russian headmaster said today that a court has fined him half his monthly wage for using pirated copies of Microsoft software at his school in a case President Vladimir Putin has called "utter nonsense." [more]
Tuesday, 8 May 2007, 12:03 AM CET

Australia hands over man to US courts
Before he was extradited to the United States, Hew Griffiths, from Berkeley Vale in NSW, had never even set foot in America. But he had pirated software produced by American companies. [more]
Tuesday, 8 May 2007, 12:00 AM CET

Security isn't just avoiding Microsoft
We’ve all heard IT professionals imagine how secure their networks would be if they just didn’t have to use any Microsoft products. [more]
Monday, 7 May 2007, 11:41 AM CET

Securing a RADIUS server
For any corporate wireless infrastructure to remain secure, using 802.1X for authentication is a must - after all, it provides much more granular control of authentication credentials and can provide accounting for wireless LAN usage. [more]
Monday, 7 May 2007, 11:33 AM CET

(IN)SECURE Magazine issue 11 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about the security of e-passports, learn the critical steps to secure your virtualized environment, view a quantitative look at penetration testing, find out about the current state of PKI, get funky with super ninja privacy techniques for web application developers, find out how to enforce the network security policy with digital certificates, and more. [more]
Monday, 7 May 2007, 11:03 AM CET

Kerberos: highly secure single sign on authentication in Mac OS X
Mac OS X uses Kerberos to provide single sign on authentication for a wide range of technologies. Read how you can take advantage of Kerberos in your application. [more]
Monday, 7 May 2007, 12:21 AM CET

How to get strict with data surveillance
Data surveillance programs are not limited to maintaining a record of database transactions. [more]
Monday, 7 May 2007, 12:06 AM CET

How to become an exceptional security manager
Taking a cue form a successful surgeon is a path Roger A Grimes recommends. [more]
Monday, 7 May 2007, 12:03 AM CET

AOL's password puzzler
A reader wrote in Friday with an interesting observation: When he went to access his account, he accidentally entered an extra character at the end of his password. [more]
Monday, 7 May 2007, 12:00 AM CET

Interview with Harlan Carvey, Author of Windows Forensic Analysis
I started in the commercial infosec arena as a consultant doing vulnerability assessments and pen tests. At one point, I started working for a company, and a forensics guy needed some assistance. [more]
Friday, 4 May 2007, 11:36 PM CET

Stop fighting better security
These four excuses aren't good enough to exempt you from bolstering your defenses. [more]
Friday, 4 May 2007, 11:33 PM CET

Metasploit 3.0 doesn't pwn systems, black hats pwn systems
MSF is designed for automated penetration testing. [more]
Friday, 4 May 2007, 5:20 PM CET

British Gas security scare as payments page springs a leak
A British Gas website that allows homeowners to pay bills leaves consumers exposed by inviting them to submit credit card information across an unencrypted link. [more]
Friday, 4 May 2007, 4:30 PM CET

Firms hit rivals with web attacks
Legitimate businesses are turning to cyber criminals to help them cripple rival websites, say security experts. [more]
Friday, 4 May 2007, 3:24 PM CET

How to check if your WebMail account has been hacked
WebMail accounts are a popular target for malicious hackers, law enforcement conducting investigations, and rouge insiders. [more]
Friday, 4 May 2007, 3:19 PM CET

The Future of Spam
In the 1930s, the US psychologist Abraham Maslow formulated a theory that according to which, everybody has a series of basic needs that must be covered in a certain order, so that until one has been covered, the next cannot be fulfilled. Spammers target several layers of the Maslow pyramid with a wide range of email messages. If you stop for a moment to think about the history of spam, you will be able to see what messages users have received. It is highly possible that in the near future; spam aimed at social networks will appear, targeting the maximum level of the Maslow pyramid: achieving the final aims in life, even if it is in Second Life. [more]
Friday, 4 May 2007, 3:11 PM CET

Scammers randomly target checking accounts
An alarming report published this week on the official Internet news service of the U.S. Air Force highlights the need for consumers to keep a close eye on their bank account statements for signs of fraud. [more]
Friday, 4 May 2007, 12:00 AM CET

What's eskimo for security?
Reducing costs and staying competitive is more important to the typical business executive than information security, and not addressing these concerns is the cause of many failures. [more]
Thursday, 3 May 2007, 4:20 PM CET

Rootsh terminal logger keeps watch on root users
Rootsh is a shell that logs everything a root user sees on his terminal. [more]
Thursday, 3 May 2007, 4:16 PM CET

Masters of their domain
Computer security is a complex issue, and there is no simple cure-all. But one thing that continues to baffle me is the way we bank online. [more]
Thursday, 3 May 2007, 4:14 PM CET

Interview with Rain Forest Puppy
A oftware security researcher and member of the ush team interviews Rain Forest Puppy, famous bug hunter, specialized in web application assessment. [more]
Thursday, 3 May 2007, 9:38 AM CET

Do we really need a security industry?
The primary reason the IT security industry exists is because IT products and services aren't naturally secure. [more]
Thursday, 3 May 2007, 9:30 AM CET

Hacking the online ballot box
Today, some councils will offer voting via the internet. But exactly how accountable, secure, and desirable are the online polling systems? Danny Bradbury investigates. [more]
Thursday, 3 May 2007, 9:29 AM CET

Document shell code attacks loom large
Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. [more]
Thursday, 3 May 2007, 12:24 AM CET

Google: privacy vs. open government
At the Center for Digital Democracy, CEO Jeff Chester has been tracking the privacy implications of Google's growth, particularly in light of Google's plans to index data from government Web sites. [more]
Thursday, 3 May 2007, 12:15 AM CET

Cisco revamps security cert
Cisco this week announced that it is revamping its midlevel Cisco Certified Security Professional (CCSP) certification, as well as adding two new specialty security certifications. [more]
Thursday, 3 May 2007, 12:12 AM CET

Data breaches seen to threaten IT job security
A majority of IT professionals believe they will lose their jobs if their organization suffers a security breach. [more]
Thursday, 3 May 2007, 12:09 AM CET

Nokia to fight refiled patent infringement case
Technology in dispute is used in nearly all of the Finnish manufacturer's mobile phones. [more]
Thursday, 3 May 2007, 12:03 AM CET

New bug-a-day project targets Microsoft's ActiveX
Another bug-a-day campaign surfaced yesterday as the "Month of ActiveX Bugs" debuted. Although some researchers have already dismissed the project as copycat, others are warning its findings might put Windows users at risk of attack. [more]
Thursday, 3 May 2007, 12:00 AM CET

WiFi security - do not rely on any single system
A further boom is expected in WiFi adoption as broadband providers lower connectivity costs but security will remain an issue. [more]
Wednesday, 2 May 2007, 2:23 PM CET

Hi-def DVD security is bypassed
The encryption on high-definition DVDs has been bypassed, the consortium backing the copy protection system on discs has confirmed. [more]
Wednesday, 2 May 2007, 2:22 PM CET

Security fear over internet voting
The government yesterday admitted that it was aware of security concerns about internet votes being cast in local elections in England tomorrow. [more]
Wednesday, 2 May 2007, 1:31 PM CET

The RFID Guardian: a firewall for your tags
A new tool from a graduate student at the Vrije Universiteit in Amsterdam offers the first real-time cloak of protection to users concerned about security, and no hammer blows are required. [more]
Wednesday, 2 May 2007, 10:53 AM CET

Federal watchdog says Wall Street isn't prepared for a pandemic
GAO calls on regulators to set planning deadlines for financial markets. [more]
Wednesday, 2 May 2007, 9:56 AM CET

Hackers set traps on broad websites
Cybercrooks are corrupting Web pages by the tens of thousands. [more]
Wednesday, 2 May 2007, 9:54 AM CET

The color of information security
Risk rarely is so polite as to allow itself to be answered discretely. [more]
Wednesday, 2 May 2007, 9:54 AM CET

Phone taps in Italy spur rush toward encryption
Drumming up business would seem to be an easy task for those who sell encrypted cellphones in Italy. All they have to do is browse the major newspapers for likely customers. [more]
Wednesday, 2 May 2007, 2:03 AM CET

Lip reading surveillance cameras to stop terror
Shouting, face scanning, eavesdropping, X-Ray firing and now lip reading CCTV, do you still feel free? [more]
Wednesday, 2 May 2007, 2:00 AM CET

How to detect security vulnerabilities in your systems
Exploiters on the Internet have caused billions of dollars in damages. [more]
Wednesday, 2 May 2007, 12:30 AM CET

Gartner: Hack contests bad for business
Firm that paid bounty for critical QuickTime bug says it's under lock and key. [more]
Wednesday, 2 May 2007, 12:11 AM CET

Cisco monitoring tool vulnerable to attack
Cisco Systems Inc. last week warned of a no-brainer vulnerability in its Cisco Network Services (CNS) NetFlow Collection Engine (NFC) which could expose that product to attack. [more]
Wednesday, 2 May 2007, 12:09 AM CET

GAO report targets data breach guidelines
A U.S. Government Accountability Office (GAO) report issued Monday in response to a May 2006 data breach at the Department of Veterans Affairs says federal agencies should have uniform guidelines governing when to offer credit monitoring to individuals whose personal information is exposed. [more]
Wednesday, 2 May 2007, 12:06 AM CET

Hotmail's antispam measures snuff out legit emails, too
Hotmail users and email server admins, beware: you may be unknowingly caught in the crossfire of Microsoft's war on spam. [more]
Wednesday, 2 May 2007, 12:03 AM CET

Implementing SmartCard authentication with ASP.NET
This is a more complete follow-up article on how to implement Smart Card Authentication in ASP.NET using Http Modules. C# and VB.Net Projects to be posted soon. [more]
Wednesday, 2 May 2007, 12:02 AM CET

Privacy advocates critical of dual purpose Checkpoint RFID-based label
Checkpoint is rolling out a new line of RFID enabled labels that it boasts can be used to both support advanced inventory control and help catch shoplifters, allowing retailers to consolidate its use of the technology. [more]
Wednesday, 2 May 2007, 12:00 AM CET

NSA gives military students lesson in cyberdefense
Deep within the bowels of a Lockheed Martin building in Hanover, Md., a group of trained security experts do their best to penetrate the networks of five military academies. And they don’t mind being mocked. [more]
Tuesday, 1 May 2007, 3:30 AM CET

Child porn investigations keep FBI agents busy
A Virginia man has pleaded guilty to receiving child pornography using peer-to-peer software provided by iMesh. [more]
Tuesday, 1 May 2007, 2:27 AM CET

Twelve nations on piracy watch list
In addition to Russia and China, the 10 countries placed on priority piracy watch were Argentina, Chile, Egypt, India, Israel, Lebanon, Thailand, Turkey, Ukraine, and Venezuela. The 12 nations were put on a "priority watch list" in the area of copyright piracy, which costs the American industry billions of dollars in lost sales annually. [more]
Tuesday, 1 May 2007, 2:06 AM CET

Security slowly comes to the party
Watcher of the IT security war Patrick Gray says the battle has escalated in the past five years. [more]
Tuesday, 1 May 2007, 1:09 AM CET

Google gets a grip on government data
In its mission to organize and distribute the world's information, Google has partnered with four state governments to ease the task of finding public info online. [more]
Tuesday, 1 May 2007, 1:03 AM CET

Risk, not security
Dealing with security piecemeal is like putting out a thousand fires. Now, are you a fireman or a CIO? [more]
Tuesday, 1 May 2007, 1:00 AM CET

Microsoft spurns specific security goals for Office 2007
It plans to push some of the suite's security features into Office 2003. [more]
Tuesday, 1 May 2007, 12:09 AM CET

Lords investigate 'unconstitutional' surveillance society
The House of Lords will investigate whether the UK's "surveillance society" is unconstitutional. [more]
Tuesday, 1 May 2007, 12:06 AM CET

Filling the gaps in application security
Our manager never had to know very much about it, but the need for HIPAA compliance means she’d better get on it. [more]
Tuesday, 1 May 2007, 12:05 AM CET

Microsoft's guru: malware and viruses will evolve on Vista
Better late than never, here's a fascinating tidbit from Microsoft's own Mark Russinovich (how odd is it to write that!): malware may very well be subject to a kind of digital survival of the fittest. [more]
Tuesday, 1 May 2007, 12:03 AM CET

Cisco blade boosts security control
New Catalyst 6500 blade improves wiring closet security; 7200 series gets smaller. [more]
Tuesday, 1 May 2007, 12:00 AM CET


What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 22nd