Off the Wire

Off The Wire Archive

News items for June 2002

Violating Database - Enforced Security Mechanisms
This paper discusses the feasibility of violating the access control, authentication and audit mechanisms of a running process in the Windows server operating systems. [more]
Friday, 28 June 2002, 3:27 AM CET


Analyzing selected network attacks
Michael Pichler analyzes some interesting network attacks, explains how they work, and shows how some features included in your own software can actually be turned against you. [more]
Friday, 28 June 2002, 3:26 AM CET


Change My Password Again?
Sex, Drugs, Money...How many of these words are common passwords on your network? The answer is probably too many. [more]
Friday, 28 June 2002, 3:15 AM CET


Microsoft security: Will it be different this time?
Microsoft wants to redesign the computer so it will have built-in security and privacy functions, including some etched onto special chips. [more]
Friday, 28 June 2002, 3:12 AM CET


Searches by police, FBI target bandits of bandwidth
Authorities investigating the theft of high-speed Internet cable service yesterday seized modems and other computer equipment from homes in Toledo and surrounding suburbs. [more]
Friday, 28 June 2002, 1:31 AM CET


Irresponsible Disclosure
Internet Security Systems violated community standards and common sense with its surprise Apache bug announcement. [more]
Friday, 28 June 2002, 1:13 AM CET


Bug Watch: Developers at fault
Gunter Ollmann, manager of X-Force Security Assessment Services at Internet Security Systems, looks at the security issues faced by web application developers. [more]
Friday, 28 June 2002, 1:11 AM CET


Poland hunts hacker who penetrated NASA
Polish prosecutors are searching for a computer hacker believed by the US to have penetrated the NASA space agency, causing damage reportedly estimated at $1 million. [more]
Friday, 28 June 2002, 1:10 AM CET


Network America: Wireless security? Read it and Wep
Some guys think it's cool to drive around the San Francisco financial district with computers in the back seat, sucking down emails and web pages that fly over poorly-secured wireless networks. [more]
Friday, 28 June 2002, 1:05 AM CET


Sun signs up to rivals' security standards
A security specification for Web services submitted by Microsoft, IBM and VeriSign has won the backing of rival Sun. [more]
Friday, 28 June 2002, 12:59 AM CET


Gamespy Arcade 1.09 infected with Nimda
Stuart Udall mentioned on the Incidents mailing list that the Gamespy Arcade 1.09 linked from Download.com and downloaded for more then 100,000 times in 2 months is infected with Nimda. [more]
Thursday, 27 June 2002, 3:20 AM CET


OpenSSH remote vulnerability roundup updated
Stuff updated in the roundup include: ISS, Mandrake and OpenSSH security advisories, new OpenSSH released and SuSE Security's Olaf Kirch commentary #2 from suse-security-announce mailing list. [more]
Thursday, 27 June 2002, 2:32 AM CET


Security and open source
Security problems in software are an extremely bad thing, regardless of the business model under which the software was written. [more]
Thursday, 27 June 2002, 2:13 AM CET


OpenSSL: the cryptography Lego set
Anne Carasik uses a Lego analogy to discuss cryptography tools and digital certificates. [more]
Thursday, 27 June 2002, 2:07 AM CET


Web site exposes credit card fraud
An anti-fraud education group called CardCops has opened a Web site that will let Americans check to see if their card numbers are in the hands of thieves. [more]
Thursday, 27 June 2002, 2:05 AM CET


Lawmaker tries to foil illegal file-sharing
Copyright holders would receive carte blanche to use aggressive tactics to stop the illegal distribution of their works on online services under legislation outlined by Rep. Howard Berman. [more]
Thursday, 27 June 2002, 1:57 AM CET


Linux: feelin' secure
IT pros navigating a minefield of insecure software and systems are finding safe ground in Linux. That's because Linux has become a model of security. [more]
Thursday, 27 June 2002, 1:52 AM CET


U.S. fears Al Qaeda cyber attacks
Ron Ross, who heads an "information assurance" partnership between the NSA and the NIST said: "It's not science fiction. A cyberattack can be launched with fairly limited resources." [more]
Thursday, 27 June 2002, 1:50 AM CET


Internal IT staff pose security risk
Internal IT staff should be not be involved in the development of anti-fraud systems, consultants Detica has warned. [more]
Thursday, 27 June 2002, 1:44 AM CET


"Mod chip" for hacking Xbox discontinued
One of the companies making Xbox "mod chips" has gone out of business, possibly because of legal pressure from Microsoft. [more]
Thursday, 27 June 2002, 1:43 AM CET


Critics take aim at new filtering service
New filtering software has found favor with some of the Internet's most popular portals, but developers of commercial filtering products question the value of the system's voluntary approach. [more]
Thursday, 27 June 2002, 1:41 AM CET


OpenSSH Remote Vulnerability Roundup
Theo de Raadt yesterday noted on BugTraq that there is a serious vulnerability in OpenSSH. Latest available solutions and discussions are available in this roundup. [more]
Wednesday, 26 June 2002, 1:59 PM CET


Security overview? Read Internet Lockdown
Internet Lockdown may be too general for some, but it is a valuable and clear overview of the topic of security administration. Its user-friendly, nonbureaucratic language is one of the book's strengths. [more]
Wednesday, 26 June 2002, 12:51 PM CET


European websites face hijack risk
A "worrying" number of European websites could be at risk from hijack due to inherent security glitches in the Ripe internet address databasing system. [more]
Wednesday, 26 June 2002, 11:58 AM CET


Russian mob infiltrates university computers
The government has issued an alert about identity and credit card theft on U.S. campuses, saying individuals linked to the Russian mob tried to tap into at least five college computer systems. [more]
Wednesday, 26 June 2002, 11:56 AM CET


Buggy software costs users, vendors nearly $60B annually
The federal study also found that better testing could reduce the cost by $22.5 billion, though it wouldn't eliminate all software errors. [more]
Wednesday, 26 June 2002, 11:24 AM CET


Wireless security in this modern world
This article discusses the technological advances since WEP, the brief steps you can take in either wireless or wired and why security is such a big deal. [more]
Wednesday, 26 June 2002, 11:23 AM CET


A flawed random-number theory
There's a privacy-protection scheme that aims to eliminate the need for aliases. But it's not as comprehensive as it appears. [more]
Wednesday, 26 June 2002, 11:15 AM CET


Stay secure on the road
A secure method to retrieve and send email is essential and mail2web.com offers some convenient security features not typically available. [more]
Wednesday, 26 June 2002, 11:06 AM CET


DOD will test biometrics to secure its smart cards
The Defense Department’s Biometrics Fusion Center will begin testing software on four types of biometric devices for use on its Common Access smart cards. [more]
Wednesday, 26 June 2002, 11:04 AM CET


Software lets users manage own passwords
Avatier Corp. is shipping a password reset application - Password Station.NET 2.0 - built on Microsoft's .NET technology. [more]
Wednesday, 26 June 2002, 11:01 AM CET


Managed services undermine security threat
The need for holistic security management is crucial - the scale of compromised systems around the world has reached unprecedented heights. [more]
Tuesday, 25 June 2002, 2:04 PM CET


Security messages posted on the Net
Secret radio conversations between security guards minding royals and government ministers are being intercepted and posted on the internet by an amateur enthusiast, the BBC claimed today. [more]
Tuesday, 25 June 2002, 12:53 PM CET


Fast modems a hacker's heaven
Thousands of broadband internet modems are being installed with default passwords, making them vulnerable to hackers who can use them to surf the net at the owners' expense. [more]
Tuesday, 25 June 2002, 12:28 PM CET


CD pirates in from the cold
Australia plans to endorse CD-copying kiosks in a controversial world-first plan that legalises music piracy. [more]
Tuesday, 25 June 2002, 12:26 PM CET


All eyes are on you
Tollbooths, ATMs, doctors' offices, online chat: You leave critical personal data behind wherever you go. Let's follow one American as he scatters his digital DNA. [more]
Tuesday, 25 June 2002, 12:25 PM CET


Lotus to include new antispam tools in Notes R6
Lotus said the upcoming version of its Notes e-mail software will have server-side antispam tools, which aren't as sophisticated as some sold as add-ons by third-party vendors. [more]
Tuesday, 25 June 2002, 12:15 PM CET


Speak up for security
If plans by Optus and an Irish technology company work out, Australians will soon be able to "sign" their transactions with their voices. [more]
Tuesday, 25 June 2002, 11:57 AM CET


Mitnick testifies against Sprint in vice hack case
The ex-hacker details his past control of Las Vegas' telecom network, and raids his old storage locker to produce the evidence. [more]
Tuesday, 25 June 2002, 11:55 AM CET


Mind Games - Social Engineering
This small article is a brief overview on social engineering. It talks a bit about the psychology of social engineering, the security threat it imposes and about the methods used for it. [more]
Tuesday, 25 June 2002, 11:51 AM CET


Security: Source Access and the Software Ecosystem
The goal of this paper is to explore the relationship between the security of software and the model under which that software was produced and distributed. [more]
Monday, 24 June 2002, 11:10 AM CET


HNS Newsletter issue 116 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 24 June 2002, 11:04 AM CET


Warning over password security
Computer users are being urged to change their passwords regularly to avoid becoming a victim of internet fraud. [more]
Monday, 24 June 2002, 10:46 AM CET


Developers worry Web too controlled
The Internet's potential for promoting expression and empowering citizens is under threat from corporate and government policies that clash with the medium's long-standing culture of openness. [more]
Monday, 24 June 2002, 10:43 AM CET


Using OpenLDAP For Authentication
This article describes how to use LDAP to authenticate system logins using pam_ldap and nss_ldap for a centralized authentication system for a LAN. [more]
Monday, 24 June 2002, 10:32 AM CET


Hackers attempt to break into Russian president's site
Over the first three hours of operation of the new Presidential site, several dozen attempts were made to break into the Internet-page of the head of state. [more]
Monday, 24 June 2002, 10:28 AM CET


Users question JPEG virus, McAfee stands firm
Users and antivirus vendors are questioning the seriousness of a virus announced last week by McAfee Security, as well as the manner in which McAfee doled out details about the virus. [more]
Monday, 24 June 2002, 10:26 AM CET


Police in corporate hacker crackdown
Police have doubled the size of Greater Manchester force's computer crime unit in a bid to crack down on hackers whose security breaches have pushed some firms to the brink of closure. [more]
Monday, 24 June 2002, 10:24 AM CET


More "security" from Microsoft
A first look at Microsoft’s plan to remake the personal computer to ensure security, privacy and intellectual property rights. Will you buy it? [more]
Monday, 24 June 2002, 10:21 AM CET


Interview with Jordan Hubbard
KernelTrap has spoken with guru Jordan Hubbard, one of the creators of FreeBSD and currently a manager of Apple's Darwin project. [more]
Monday, 24 June 2002, 10:06 AM CET


TrueSign: Under the Hood
This paper gives you insight into TrueSign from the user's point of view. TrueSign is Privador's flagship PKI product. [more]
Friday, 21 June 2002, 5:38 PM CET


Reuters offers monitored IM
Reuters Group has developed an instant messaging application for the financial services industry and will incorporate monitoring technology into the software. [more]
Friday, 21 June 2002, 5:33 PM CET


School hackers may face Secret Service
Students at universities in four states may have been monitored by "spyware" placed on computers by online criminals to capture passwords and credit card numbers. [more]
Friday, 21 June 2002, 5:25 PM CET


Westcoast presents customers with a virus
The Inquirer has received complaints that UK distributor Westcoast is bombarding its customers, friends and enemies alike with virus-carrying emails. [more]
Friday, 21 June 2002, 5:23 PM CET


Security flaws continue to be issue for Microsoft
Critics say piggybacking new features on a CD of security patches shows Microsoft is not ready to abandon its feature-driven heritage. [more]
Friday, 21 June 2002, 2:06 PM CET


Building secure systems
This article provides a brief overview of some of the key issues of secure coding. [more]
Friday, 21 June 2002, 1:59 PM CET


U.S. asks allies to help cyber security efforts
U.S. officials seeking to tighten the security of U.S. data and financial networks are working with allies with close ties to the U.S. electronics industry to secure the networks against cyberattacks. [more]
Friday, 21 June 2002, 1:52 PM CET


Study: Open, closed source equally secure
A scientific paper finds that, theoretically, neither closed-source nor open-source approaches improve software security. [more]
Friday, 21 June 2002, 1:49 PM CET


Ethical hackers expose legal flaws
After a training course, journalist Roger Howorth casts his eye over the world of ethical hacking. [more]
Friday, 21 June 2002, 1:42 PM CET


Watching the gatekeepers
Industry observers are seeing pressure on systems administrators from two areas: increasing network capacities and more complex threats, both of which strain traditional security components. [more]
Friday, 21 June 2002, 1:39 PM CET


Staff training is vital for security
IT departments must keep other employees aware of security, warns a leading CIO, as laziness can put businesses at risk. [more]
Thursday, 20 June 2002, 5:42 PM CET


Hackers and porn and pirates, oh my
The Business Software Alliance asked Finnish Internet service provider Jippii Group last November to remove a customer's Web site that allegedly helped others to scam bootlegged software. [more]
Thursday, 20 June 2002, 5:41 PM CET


Game Consoles - the Next Hacker Target?
Xbox and Playstation 2 decks are coming to the Internet in droves this fall. How will they stand up against the legions of hackers waiting for them there? [more]
Thursday, 20 June 2002, 5:40 PM CET


How to practice safe B2B
Before swapping information with multiple e-commerce partners, it really pays to protect yourself by pushing partners to adopt better security practices. [more]
Thursday, 20 June 2002, 3:12 AM CET


WhiteHat Arsenal 2.0
This is a collection of basic tools that help security professionals test Web applications for common security vulnerabilities in the midrange of competitive pricing. [more]
Thursday, 20 June 2002, 3:10 AM CET


Security merger gets RedSiren noticed
A black horse in the nascent managed-security business caught up with the rest of the herd, when relative unknown RedSiren announced its merger with Veridian's security subsidiary, Veritect. [more]
Thursday, 20 June 2002, 2:50 AM CET


Book review: Essential Checkpoint Firewall-1
Ben Rothke checks out the latest book by Dameon Welch-Abernathy, who's known as the man for Firewall-1. [more]
Thursday, 20 June 2002, 12:33 AM CET


The Internet gets serious
Today, the Internet is messy, dangerous ground. Viruses and system break-ins are on the rise, while vested interests battle over what isn't allowed. [more]
Thursday, 20 June 2002, 12:08 AM CET


Experts warn of cyber security holes
At a town hall meeting on cyber security, experts warned that the risks of going online have become especially prevalent as hackers find new ways to poke holes in Internet security systems. [more]
Thursday, 20 June 2002, 12:05 AM CET


Security tools take aim at network threats
Tools designed to prevent and combat damaging attacks on enterprise networks took the spotlight here at the NetSec 2002 Computer Security Conference. [more]
Thursday, 20 June 2002, 12:04 AM CET


Update on Apache chunk handling vulnerability
Few security advisories (SGI, EnGarde Secure Linux and Debian Linux related) were released regarding the problems with Apache chunk handling. [more]
Wednesday, 19 June 2002, 2:19 PM CET


Censor secrecy okay: tribunal
Electronic Frontiers Australia had requested access under the Freedom of Information Act to a number of Australian Broadcasting Authority documents relating to censored websites. [more]
Wednesday, 19 June 2002, 1:51 PM CET


Achilles' Shield
A comprehensive look at what constitutes malicious code, the inherent weakness of all signature-based scanning methods, and the technology behind the Achilles' Shield security system. [more]
Wednesday, 19 June 2002, 1:07 PM CET


Pro-Islamic hackers join forces
There is mounting evidence that individual hacker groups connected by a pro-Islamic agenda are working together to carry out hack attacks, say experts. [more]
Wednesday, 19 June 2002, 12:29 PM CET


Hacking's not just for geeks
Blended security threats are increasing, meaning that chief information officers have more to worry about than just hackers. [more]
Wednesday, 19 June 2002, 12:01 PM CET


Report: Viruses spreading on the double
The first half of 2002 has seen worms infect PCs at twice the rate they did last year, says security company MessageLabs. And they're more malicious too. [more]
Wednesday, 19 June 2002, 11:17 AM CET


Peacefire gets under skin of anti-porn filterers
Internet activist Bennett Haselton has made a name for himself by helping minors disable filtering programs designed to block Web sites that their parents deem offensive or pornographic. [more]
Wednesday, 19 June 2002, 11:16 AM CET


Army websites expose security data
US Army websites have been criticised for publishing potentially sensitive information that could be of use to terrorists. [more]
Wednesday, 19 June 2002, 11:13 AM CET


Slackware 8.1 is released
Highlights of this release include KDE 3.0.1, GNOME 1.4.1, Mozilla 1.0, support for many new filesystems like ext3, ReiserFS, JFS, and XFS, and support for several new SCSI and ATA RAID controllers. [more]
Wednesday, 19 June 2002, 11:10 AM CET


Secure content software market grows at a lick
Market forecast data compiled by International Data Corp Inc indicates that the worldwide secure content management market will reach a level of $4.2bn by 2005, growing at an annual clip of 20%. [more]
Wednesday, 19 June 2002, 11:04 AM CET


'Mod' squad hacks away at Xbox
Soldered into an Xbox, another 'mod chip' lets owners hack into their console to play pirated games and run PC software. Microsoft is now considering a crackdown. [more]
Wednesday, 19 June 2002, 11:03 AM CET


Nigeria hoax spawns copycats
The Nigerian bank account scam, one of the best-known e-mail frauds, is taking on new forms. Recent versions involve a U.S. commando and a World Trade Center survivor, among others. [more]
Tuesday, 18 June 2002, 2:43 PM CET


Apache chunk handling roundup
There are various problems regarding Apache in the news today. Here is a roundup of all the reported problems with the, so far, available solutions and patches. [more]
Tuesday, 18 June 2002, 12:11 PM CET


Filtering E-Mail with Postfix and Procmail, Part One
This series will examine the use of Postfix and Procmail to eliminate spam before it hits the client. [more]
Tuesday, 18 June 2002, 11:57 AM CET


Boy of 17 hacks into missile secrets
The Pentagon has had its second major intelligence embarrassment in a week after a teenager in Austria hacked into secret plans, including the location of US nuclear missiles. [more]
Tuesday, 18 June 2002, 11:45 AM CET


2600 IRC server offline indefinitely
As a result of a massive Denial of Service attack of biblical proportions, irc.2600.net does not have a home anymore. [more]
Tuesday, 18 June 2002, 11:15 AM CET


Hackers do not break, they build
In the pursuit of advanced systems knowledge, hackers might indeed penetrate systems, but they're not interested primarily in breaking into a system for its own sake. [more]
Tuesday, 18 June 2002, 5:27 AM CET


EarthLink's passwords are naked
EarthLink's practice of allowing service reps to see customers' passwords could be exposing subscribers to a range of security threats. [more]
Tuesday, 18 June 2002, 5:25 AM CET


Security warning too quick for comfort?
Internet Security Systems faced criticism after it released critical security information without giving the open-source community adequate time to respond. [more]
Tuesday, 18 June 2002, 5:17 AM CET


Cisco augments wireless LAN security
Cisco Systems Inc. addressed the security of wireless LANs with a new add-on product to complement its offerings in this area. [more]
Tuesday, 18 June 2002, 5:13 AM CET


IT integration key to U.S. security
The success of the proposed Department of Homeland Security hinges on IT systems integration, security experts said last week. [more]
Tuesday, 18 June 2002, 5:11 AM CET


HNS Newsletter issue 115 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 17 June 2002, 4:19 PM CET


IM'ers get a secure chat room
Instant messaging is about as private as two people talking on the train; you never know who's listening. Encryption could change that. Of course, that might not be good news to those fighting the evildoers. [more]
Monday, 17 June 2002, 1:54 PM CET


Hottest hardware for Wi-Fi security
"If you're an enterprise, you're going to be locked into the wireless cards and the access points of one vendor," Gartner analyst Bill Clark told Wireless NewsFactor. [more]
Monday, 17 June 2002, 1:52 PM CET


Internet Law & Policy Forum Conference 2002
This year, the ILPF Conference will focus on the timely subjects of security and privacy, exploring the different legal and regulatory regimes adopted around the world. [more]
Monday, 17 June 2002, 12:09 PM CET


Sample firewall generator
Citadec Solutions Ky has a sample firewall generator at their website, give it a try. [more]
Monday, 17 June 2002, 11:52 AM CET


Foxnews.com, other sites attacked
Foxnews.com and a number of other web sites came under an apparent DoS attack, which disrupted service to hundreds of thousands of Internet users. [more]
Monday, 17 June 2002, 11:47 AM CET


Don't fight security cancers with aspirin
When it comes to security, we have met the enemy and it is most definitely us. [more]
Monday, 17 June 2002, 11:44 AM CET


Forum Systems aims At XML security space
Forum Systems Inc. becomes one of the first entrants into the emerging XML security space with its Forum Sentry appliance. [more]
Monday, 17 June 2002, 11:38 AM CET


IBM software aims to shut down "drive-by hacking"
IBM announced a technology designed to close some of the holes in corporate wireless networks and prevent outsiders from stealing data through drive-by hacking. [more]
Monday, 17 June 2002, 11:30 AM CET


Time to smarten up about security
You'd think we would have learned some important lessons about security when WEP was broken last year by products like AirSnort. Unfortunately, we did not. [more]
Monday, 17 June 2002, 11:28 AM CET


Microsoft shipments infected with Nimda
All of the Korean-language versions of Visual Studio .Net developer tool shipped with a help file that is infected with the Nimda virus. [more]
Saturday, 15 June 2002, 3:55 PM CET


Police find first illegal DVD lab on West Coast
Police uncovered the first DVD pirating laboratory on the West Coast where more than 1,200 illegal movies were found. [more]
Saturday, 15 June 2002, 3:49 PM CET


Woman charged for hacking
Massachusetts Attorney General Tom Reilly has filed charges against Wendy Sholds, accusing her of hacking into her former boss' computer system and forwarding confidential e-mails to former co-workers. [more]
Saturday, 15 June 2002, 3:44 PM CET


Sun sets pace for Web services security
Sun Microsystems, sensing it has fallen behind rivals Microsoft and IBM in Web services leadership, is launching a renewed strategy in an attempt to play catch up. [more]
Saturday, 15 June 2002, 3:36 PM CET


Best Buy: May Day Mayday for Security
The retailer's in-store wireless network exposed customers' credit card data. Best Buy has plenty of company. [more]
Saturday, 15 June 2002, 3:31 PM CET


Roundup on BIND denial of service
Few days ago we wrote about a Denial of Service vulnerability in ISC Bind. This is a roundup of security advisories covering this issue. [more]
Friday, 14 June 2002, 11:37 PM CET


Clever people can fool most sophisticated biometrics
The Fraunhofer Research Institute in Germany, set out to see whether it could fool various biometric systems. It was easy. [more]
Friday, 14 June 2002, 12:50 PM CET


'Massive abuse' of privacy feared
Plans to increase the number of organisations that can look at records of what you do online could lead to widespread abuse of personal information. [more]
Friday, 14 June 2002, 12:34 PM CET


ToorCon 2002 call for papers
Papers and presentations are now being accepted for ToorCon 2002, which is being held on the 27th-29th of September 2002 at the San Diego Concourse in San Diego, CA. [more]
Friday, 14 June 2002, 12:28 PM CET


What to do with that virus alert?
Don't pass it on, says an expert, as it may be a hoax and the creator may be exploiting your goodwill. [more]
Friday, 14 June 2002, 1:16 AM CET


Understanding the Email-Borne Threat
The popularity of email ushered in a new era of viruses for which signature-based scanners were unequipped to defeat. The mass-mailing email worm has become the largest threat confronting users. [more]
Thursday, 13 June 2002, 10:58 PM CET


Security breaches may be the next tobacco-experts
That's what computer experts are telling businesses that have been hit by a steady stream of infections from viruses and other vulnerabilities that hit their machines. [more]
Thursday, 13 June 2002, 10:51 PM CET


JPEG worm breaks new ground
Antivirus companies warned of a new virus that communicates through digital images, but security experts aren't sure how much of a threat this latest evolutionary branch of malicious code poses. [more]
Thursday, 13 June 2002, 10:44 PM CET


Watching Nato spy pictures
Nato surveillance flights in the Balkans are beaming their pictures over an insecure satellite link - and anyone can tune in and watch their operations live. [more]
Thursday, 13 June 2002, 10:42 PM CET


Feds examine ICANN officials
Congress is taking a look at the California company that administers Internet addresses after critics said it is too slow to address security holes and should be more closely regulated. [more]
Thursday, 13 June 2002, 10:39 PM CET


New Fretheme worm on the crawl
Antivirus companies are warning users to install patches and signature files to protect against a worm variant that has surfaced in the United States and Europe. [more]
Thursday, 13 June 2002, 10:35 PM CET


Wall Street aims to thwart criminals with database
Financial services firms plan to create a company that will run a central database of information on customers and potential clients to weed out those with ties to crime. [more]
Thursday, 13 June 2002, 1:25 AM CET


Comment: A taxing time for security
Inland Revenue had to shut down its online tax declaration site as its supposedly secure records were left wide open. [more]
Thursday, 13 June 2002, 12:07 AM CET


Introduction to Nessus
This article describes the basics of installing and using Nessus. Nessus operates as a client and server system. [more]
Thursday, 13 June 2002, 12:07 AM CET


Developing an Effective Incident Cost Analysis Mechanism
In this article Dave Dittrich discusses the Incident Cost Analysis Modeling Project, an attempt to develop a workable model for estimating the costs of computer security incidents. [more]
Thursday, 13 June 2002, 12:03 AM CET


Virus Protection
The purpose of this paper is to explain why we have concluded that the future of virus protection lies with architecture, rather than product, and why a multi-modal, modular approach makes most sense. [more]
Wednesday, 12 June 2002, 3:50 PM CET


Feds, Industry, Battle the Biggest Bug
A security hole in implementations of Abstract Syntax Notation One may threaten some of America's most crucial networks. Relax, the President's been briefed. [more]
Wednesday, 12 June 2002, 3:03 PM CET


The solution to spam - reverse filtering
Dynamic modification of rules is simple for people but complex for machines; indeed, it is so complex that the cost of sending spam would skyrocket, eliminating the problem. [more]
Wednesday, 12 June 2002, 2:11 PM CET


FTC vows to keep closer tabs on privacy breaches
Companies that release customer data as a result of security mistakes could find themselves in the cross hairs of the Federal Trade Commission. [more]
Wednesday, 12 June 2002, 2:08 PM CET


How hackers do it
This article describes the tricks, tools, and techniques hackers use to gain unauthorized access to Solaris Operating Environment (Solaris OE) systems. [more]
Wednesday, 12 June 2002, 1:49 PM CET


Security holes: the danger within
Significant destruction can be caused by employees, yet they continue to be overlooked as an IT security threat. [more]
Wednesday, 12 June 2002, 1:46 PM CET


High tech for homeland security: we must do more
What role will technology play in national security? If Bush's proposal for the new Department of Homeland Security is passed, not a large one. But there are two rival plans that take tech more seriously. [more]
Wednesday, 12 June 2002, 1:41 PM CET


New OpenBSD anti-trojan kernel patches
The latest version of Anti-Trojan software, V2 is available as a beta for OpenBSD 3.1 Release only at this stage with others to follow. [more]
Wednesday, 12 June 2002, 1:40 PM CET


Virus girl finds hacker boyfriend
It's a match made in heaven, or on IRC anyway. Gigabyte, the teenage, female virus writer in Belgium, has fallen in love with Nostalg1c, a notorious Belgian hacker. [more]
Wednesday, 12 June 2002, 1:39 PM CET


Consumers face wiretapping fees
FBI demand for new surveillance functions forces telecos to upgrade equipment, forego new customer services. [more]
Wednesday, 12 June 2002, 1:33 PM CET


Corporate Security Overview: 04-11 June 2002
Security companies send us their press releases, which we republish in our press section. This is an overview of interesting developments in the corporate security world during the past week. [more]
Tuesday, 11 June 2002, 4:22 PM CET


Cisco makes desktop switches more secure
Network administrators will be able to put up more safeguards against attackers from inside an enterprise with a series of enhancements to Cisco desktop switches. [more]
Tuesday, 11 June 2002, 3:41 PM CET


Sun Microsystems receives a security certificate
Sun Microsystems' "Trusted" Solaris 8 4/01 Operating Environment is the first and only operating system to receive the highest level of security certification. [more]
Tuesday, 11 June 2002, 3:14 PM CET


Super-Secure Linux
The NSA is moving close to pushing out secure additions to a module that works with Linux, and no, that's not a contradiction of ideas. [more]
Tuesday, 11 June 2002, 1:24 PM CET


Find the rogue protocols
Akonix Systems Inc is offering companies a way to monitor and regulate employees' use of insecure internet services such as instant messaging, with the launch of its first product, L7. [more]
Tuesday, 11 June 2002, 12:19 PM CET


Study: Software piracy increases
Software piracy grew last year, breaking six years of progress by software companies to stamp out illegal use, the Business Software Alliance reports. [more]
Tuesday, 11 June 2002, 11:11 AM CET


Review: hardened linux puts hackers EnGarde
If you're ready to construct your fortifications of stronger stuff, security-enhanced Linux distributions may be the answer. They offer an alternative to the patch-and-pray cycle we're stuck in today. [more]
Tuesday, 11 June 2002, 10:57 AM CET


White House stressing unorthodox in IT security fight
The Bush administration is playing "dirty" with the private sector in a roundabout attempt to fortify the nation's computer security defenses, according to Richard Clarke. [more]
Tuesday, 11 June 2002, 10:51 AM CET


Secure network spending seen over $46 bln by 2006
Spending on "virtual private networks" will grow more than 100% over the next 4 years as companies increasingly jump online and the ranks of telecommuting employees grow. [more]
Tuesday, 11 June 2002, 10:48 AM CET


Cracks in the System
Russia's cybercrime squad fears the next al-Qaeda attack may be on crucial computer networks. [more]
Monday, 10 June 2002, 5:28 PM CET


Xbox hackers preview movie player
Further Xbox hacks have shown what the machine is really capable of, as hackers reveal a prototype DivX player for the games console. [more]
Monday, 10 June 2002, 5:15 PM CET


First confirmed speakers for HiverCon 2002
HiverCon web site was updated with the first three confirmed speakers - Simple Nomad, Ofir Arkin and Rain Forrest Puppy. [more]
Monday, 10 June 2002, 4:22 PM CET


Ciboulette encryption software for OS X released
Marcadesign has released an OS X version of Ciboulette 1.5. Ciboulette is an encryption utility designed for clipboards and files. [more]
Monday, 10 June 2002, 4:14 PM CET


Usability and privacy: a study of Kazaa P2P file-sharing
The number of people that use P2P file sharing systems is growing rapidly. Does a user really know the types of files he's sharing with others? Find out more about security concerns by reading this paper. [more]
Monday, 10 June 2002, 2:43 PM CET


HNS Newsletter issue 114 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 10 June 2002, 12:19 PM CET


The Commoner's Virus
Despite its virulence, the Klez worm is ignored by the newspapers and dismissed by the digerati. Could the demographics of its victims be a factor? [more]
Monday, 10 June 2002, 12:14 PM CET


Monitoring Linux firewalls with firelogd
Monitoring firewalls on Linux can be a challenge because of the text-based nature of the OS. The firelogd program can greatly improve the monitoring process. [more]
Monday, 10 June 2002, 12:07 PM CET


Old code in Windows is security threat
Microsoft will retire old code from Windows more quickly, to plug security holes that are years old. [more]
Monday, 10 June 2002, 11:47 AM CET


First people injected with ID chips, sales drive kicks off
The 'barcoding' of people has quietly begun rolling out in the US, via Applied Digital Solutions' VeriChip. [more]
Monday, 10 June 2002, 11:45 AM CET


Historical database password retrieved
As we mentioned earlier, Norwegian educational center for cultural preservation lost the password to a vast database and asked hackers to help. Password was quickly retrieved. [more]
Sunday, 9 June 2002, 2:51 AM CET


Security vulnerabilities in Bugzilla
Various security issues of varying importance have been fixed in Bugzilla 2.14.2. Most of these were fixed already in 2.16rc1, a few were not. [more]
Sunday, 9 June 2002, 2:25 AM CET


Kazaa insecure, users oblivious
File-swapping service Kazaa is rife with security holes and may pose a risk to its users, according to research conducted by HP Labs. [more]
Sunday, 9 June 2002, 2:05 AM CET


Scan your computer for viruses
If you don't have an anti virus product installed on your computer, you should check the Online scan from HNS web site. Unfortunately, it just works with Internet Explorer, but it is a great and fast scanner. [more]
Friday, 7 June 2002, 7:45 PM CET


An Introduction to Snort
This is a presentation at the Houston ISSA Meeting in April by Ricard Bejtlich, a senior forensic consultant for Foundstone. [more]
Friday, 7 June 2002, 1:12 PM CET


Anti-virus/anti-spam mail server setup using MailScanner
Wouldn't it be great to have the ability to stop email-borne virus traffic, arguably the most ubiquitous kind, at the server level where you control the action? [more]
Friday, 7 June 2002, 12:53 PM CET


High school hackers make the grade
Two high school hackers have been caught running a racket where they charged $5 to change fellow pupils' exam grades. [more]
Friday, 7 June 2002, 12:38 PM CET


World Cup email leads to virus penalty
Fans looking for World Cup results could get more than they bargained for with an email-based virus. [more]
Friday, 7 June 2002, 12:37 PM CET


Teddy bear virus hoax causes alarm
Internet users have been warned to ignore a hoax virus alert that experts say has become a major problem. [more]
Friday, 7 June 2002, 12:34 PM CET


An idea to can the spam
The problem is that filters do not always prevent mail from bad sources, and the whole "opt-in" farce has resulted in spammers sending whatever messages they want. [more]
Friday, 7 June 2002, 11:36 AM CET


Bad guy wisdom
Who’s more open and honest, hackers or corporate America? Communicate. Organize yourselves. Talk honestly about security failures, what you’ve learned and how you’re adapting. [more]
Friday, 7 June 2002, 11:25 AM CET


Optimizing NIDS Performance
To help network intrusion detection systems keep up with the demands of today's networks there are a number of things that the NIDS administrator can do to improve the performance of their NIDS. [more]
Friday, 7 June 2002, 11:24 AM CET


Review: Engarde Secure Linux Professional 1.1
Guardian Digital's Engarde Secure Linux Professional offers a lightweight, robust, and secure Linux Distribution for small and large networks. [more]
Friday, 7 June 2002, 11:18 AM CET


Security Advisories Week: 30 May - 6 June 2002
This is an overview of security advisories that were released in the past 7 days by several Linux vendors, SUN Microsystems, Microsoft and CERT. [more]
Thursday, 6 June 2002, 1:18 PM CET


Managing information security
Last year, U.S. businesses reported 53,000 system break-ins. The true number is probably higher because concerns about negative publicity mean that almost two-thirds of all incidents actually go unreported. [more]
Thursday, 6 June 2002, 1:11 PM CET


XP Professional Security Features: An Introduction
This article will offer an overview of the security features that are available in Microsoft XP Professional. [more]
Thursday, 6 June 2002, 12:38 PM CET


Clarke warns educators about need for better security
President Bush's cybersecurity czar called on colleges and universities to beef up their own IT security and broaden the kinds of security courses offered to students. [more]
Thursday, 6 June 2002, 12:31 PM CET


Security through obsolesence
Here's an interesting way to secure an Internet-connected computer against intruders: Make sure the operating system and software it runs are so old that current hacking tools won't work on it. [more]
Thursday, 6 June 2002, 12:25 PM CET


Microsoft plans new Web services push
Microsoft is developing new security software it hopes will make its entire product lineup more appealing to big companies. [more]
Thursday, 6 June 2002, 12:24 PM CET


Our man ordered waffles, but paid for tools of war
All I wanted was a warm, crispy waffle. But I ended up sending a night-vision rifle scope to some criminal in Saudi Arabia. Such are the realities of credit card fraud and identity theft in the Internet age. [more]
Thursday, 6 June 2002, 11:19 AM CET


Computer fraud hits companies
A new computer fraud costing thousands of euro has hit at least 10 Irish companies. [more]
Thursday, 6 June 2002, 11:15 AM CET


Privacy vs. Security: a bogus debate?
Author of The Transparent Society, David Brin says what's needed are rules and tools to let citizens "watch the watchers". [more]
Thursday, 6 June 2002, 10:43 AM CET


Dead men tell no passwords
The man in charge of electronic copies of Norway's most important historical documents is dead and so is access to those archives. Hackers help is sought to crack the center's password-protected database. [more]
Thursday, 6 June 2002, 10:29 AM CET


Review: WinTasks 4 Professional
For IT professionals and software developers WinTasks 4 Professional makes resource management easier than ever before. [more]
Wednesday, 5 June 2002, 2:41 PM CET


MSNBC reporter subpoenaed in hacking case
U.S. prosecutors sent a subpoena to MSNBC demanding a reporter's notes, e-mails and other information as part of an investigation into the NYT hack earlier this year. [more]
Wednesday, 5 June 2002, 2:31 PM CET


ILPF Conference 2002: Security v. Privacy
The Annual Internet Law & Policy Forum Conference will take place on September 18-19, 2002 at the Bell Harbor International Conference Center, Seattle, WA. [more]
Wednesday, 5 June 2002, 11:54 AM CET


Securing NIS
The following is a compendium of what the people at Auburn Univeristy College of Engineering use to secure their NIS networks. [more]
Wednesday, 5 June 2002, 11:42 AM CET


Ultimate computer security devices
Yankee Group senior analyst Anil Phull told NewsFactor that the best practice for companies using biometric devices is to deploy them with other identification tools. [more]
Wednesday, 5 June 2002, 11:37 AM CET


Broadband in every home? Not until it's more secure
Senator Joseph Lieberman wants everyone to have super-fast Net access. But Robert says the plan poses some pretty serious security risks. [more]
Wednesday, 5 June 2002, 11:36 AM CET


Lack of trust holds back security
If you believe the hype, companies terrified by the prospect of electronic attack will turn to third parties to defend their businesses. [more]
Wednesday, 5 June 2002, 11:33 AM CET


Feds seek better Microsoft security
Government technology officials, tired of security holes in Microsoft's products, are discussing whether to use their collective purchasing power to force changes in the way the software giant does business. [more]
Wednesday, 5 June 2002, 11:32 AM CET


Smarts moves on ATM, frame and security
Smarts will launch a module for managing frame relay and ATM, to follow up its security and application services management software. [more]
Wednesday, 5 June 2002, 11:29 AM CET


Virus naming practices
This article will offer a brief overview of naming conventions that are used to develop names for viruses and other malware. [more]
Wednesday, 5 June 2002, 11:27 AM CET


US cops target hackers
The US Secret Service will launch task forces in eight cities to prevent and prosecute cybercrime, identity and data theft and hacking of corporate databases. [more]
Tuesday, 4 June 2002, 3:46 PM CET


Corporate Security Overview: 28 May - 4 June 2002
Security companies send us their press releases, which we republish in our press section. This is an overview of interesting developments in the corporate security world during the past week. [more]
Tuesday, 4 June 2002, 3:41 PM CET


Solving kid porn's 'real' problem
A company says it can create a database that differentiates actual child porn from the computer-generated kind. In the wake of a U.S. Supreme Court ruling, that might be a great tool for law enforcement. [more]
Tuesday, 4 June 2002, 3:12 PM CET


NSA launches ad campaign urging secrecy
The NSA has launched a flock of ads urging military personnel to protect national secrets during this time of terrorist crisis. [more]
Tuesday, 4 June 2002, 3:09 PM CET


Net fraud is tangled web for victims, police
Even when the SEC does find fraud, it has no criminal authority. As the Furr case shows, the SEC can win a multimillion-dollar civil judgment but may never collect the money. [more]
Tuesday, 4 June 2002, 1:49 PM CET


IT security breaches hit 80% of firms in Ireland
KPMG published new research showing that 80% of companies have suffered a security incident or breach, such as a virus or hacker attack, in the past year. [more]
Tuesday, 4 June 2002, 11:48 AM CET


Scan of the Month challenge #21
Three different members of the Honeynet Research Alliance received a flurry of strange UDP packets. This month's Scan of the Month challenge is to understand the purpose of these packets. [more]
Tuesday, 4 June 2002, 11:41 AM CET


Randomization - IBM's answer to Web privacy
IBM Corp's new Privacy Institute has decided that randomization may be the key to protecting consumer privacy on the web while also providing e-businesses with informative metrics on their customers. [more]
Tuesday, 4 June 2002, 11:12 AM CET


Security under the gun
Everyone predicted that IT security jobs would be hot after the Sept. 11 terrorist attacks, but the reality is quite the opposite. [more]
Tuesday, 4 June 2002, 11:08 AM CET


Wanted: great security for wired cars
Easy, reliable authentication is crucial as mobile devices - including autos - go online, execs say. [more]
Tuesday, 4 June 2002, 10:54 AM CET


Backdoored dsniff, fragroute and fragrouter
Dug Song's Monkey.org was penetrated and dsniff-2.3, fragroute-1.2, and fragrouter-1.6 were backdoored. As reported last week, ircsii was the victim of the same hack. [more]
Monday, 3 June 2002, 6:31 PM CET


VeriSign to help telecoms with wiretap orders
Security and Web address provider VeriSign Inc. unveiled a new service to help U.S. telecommunications carriers comply with wiretapping regulations. [more]
Monday, 3 June 2002, 6:27 PM CET


Sun heats up Solaris
Sun Microsystems last week unveiled the latest release of its Solaris operating system. This is a list of some security features it includes. [more]
Monday, 3 June 2002, 6:23 PM CET


Sentence in library hacking case
A Philadelphia man who hacked into a western New York library Web site was sentenced to one to three years in prison. [more]
Monday, 3 June 2002, 6:08 PM CET


Sure, security is hard, but...
The New York Times recently switched from one paid membership management system to another. Marc Hedlund notes how insecure they sent new login details to the members. [more]
Monday, 3 June 2002, 5:58 PM CET


Virus affects both Windows and Linux
Symantec has published details of the first known polymorphic metamorphic virus to infect under both Windows and Linux. [more]
Monday, 3 June 2002, 1:03 PM CET


HNS Newsletter issue 113 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 3 June 2002, 12:54 PM CET


Coming clean on patches
A high-stakes battle is brewing between software developers and security researchers over when to release discovered vulnerability data and patches. [more]
Monday, 3 June 2002, 12:48 PM CET


Europe bans spam
The European Parliament has voted to ban the sending of unsolicited commercial email. [more]
Monday, 3 June 2002, 12:44 PM CET


Startup takes on WLAN security
AirDefense Inc. is taking a new approach to the problem of WLAN security by applying the concepts of intrusion detection and constant monitoring to Wi-Fi deployments. [more]
Monday, 3 June 2002, 12:40 PM CET


Keeping Secrets in Hardware
This paper discusses the hardware foundations of the cryptosystem employed by the Xbox video game console from Microsoft. [more]
Sunday, 2 June 2002, 11:02 AM CET


When hacking competitions go wrong
A hacking contest that promised $100,000 as first prize appears to have been weighted so heavily against competitors that some decided to hack the competition rather than the target server. [more]
Sunday, 2 June 2002, 11:02 AM CET


Spotlight

What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //