Off the Wire

Off The Wire Archive

News items for June 2004

Magold virus writer sentenced
Sophos is reporting that the creator of the Magold worm has been found guilty and sentenced to two years of probation as well as a fine equivalent to around £1300 to cover court costs. [more]
Wednesday, 30 June 2004, 11:33 PM CET

BHO scanning tool and new scam targets bank customers
On June 24th, a visitor to the SANS Internet Storm Center reported that his company was "in the middle of a very disturbing ... issue regarding the adware/spyware/IE exploit genre". [more]
Wednesday, 30 June 2004, 11:32 PM CET

Seven habits of highly secure companies
Companies, like the humans who make them run, are creatures of habit. Some of those habits can make information systems more secure, rather than less. The seven best practices of highly secure companies are a standard against which CEOs can measure their organizations. [more]
Wednesday, 30 June 2004, 3:41 PM CET

Learn computer forensics at Bradford University
The University of Bradford has introduced a postgraduate course in Forensic Computing, in response to "growing demand for computer scientists" with specialist skills to investigate high tech crimes. [more]
Wednesday, 30 June 2004, 3:40 PM CET

UK lawmakers want more computer hackers behind bars
Computer hacking, an offence police once dismissed as a teenage prank, would carry a maximum two-year prison term as part of a revised cybercrime law proposed by British MPs on Wednesday. [more]
Wednesday, 30 June 2004, 3:39 PM CET

Virus hits Indian BPO networks
Infosys Technologies, a leading Bangalore-based software and business process outsourcing (BPO) company, had to bring down its network, following detection of a virus attack on some machines on the network. [more]
Wednesday, 30 June 2004, 3:38 PM CET

HNS audio learning session: SQL injection attacks
Caleb Sima, SPI Dynamics CTO, discusses SQL injection attacks, offers practical examples of these vulnerabilities and provides tips on both how to find and how to immunize SQL injection vulnerabilities. [more]
Wednesday, 30 June 2004, 3:32 PM CET

Sevenfold increase in phishing attacks
Online fraud watchers reported nearly 1,200 new phishing attacks in May, and warned that the number is rising. [more]
Tuesday, 29 June 2004, 7:21 PM CET

Patent filed for voice spam blocking technology
A patent application has been filed for a method to identify and block SPIT - spam over Internet telephony, or VoIP spam. [more]
Tuesday, 29 June 2004, 7:21 PM CET

Windows XP Service Pack 2: "A victory for the security guys"
Microsoft has hailed Windows XP Service Pack 2 (SP2) as a "victory for the security guys" and its new features have been welcomed by users at the software giant's annual Tech Ed conference in Amsterdam this week. [more]
Tuesday, 29 June 2004, 7:20 PM CET

ARM, TI enter technology security collaboration
In an effort to combat the results of phone theft, ARM said it will collaborate with Texas Instruments Inc. for a security solution using its TrustZone technology. [more]
Tuesday, 29 June 2004, 7:19 PM CET

NIST aims to ease XP security setup
Officials at the National Institute of Standards and Technology hope their new publication will help simplify the process of setting security controls on Microsoft Corp.'s Windows XP Professional operating system. [more]
Tuesday, 29 June 2004, 7:19 PM CET

HP plans new security conscious PCs
Free software that backs up your hard drive automatically will be built into three new PC ranges from Hewlett Packard scheduled for release later this summer. [more]
Tuesday, 29 June 2004, 12:46 PM CET

Anti-phishing group backs email authentication
A group attempting to stop the new scourge of phishing fraud on the Web says email authentication technology could do the job, a concept backed by Microsoft. [more]
Tuesday, 29 June 2004, 12:44 PM CET

Microsoft blames hackers, not vulnerability, for web attack
The evidence now is leading them to accept Microsoft's explanation that the IIS 5.0 servers were hacked manually and that the server software doesn't have an unknown vulnerability. [more]
Tuesday, 29 June 2004, 12:44 PM CET

Authors of the last viruses are Russians
The authors of the last malicious action to spread computer viruses exploiting earlier unknown flaw in the Internet browser are people of Archangelsk, Russia. [more]
Tuesday, 29 June 2004, 12:40 PM CET

IBM announces e-mail security management services
IBM has announced E-mail Security Management Services, a new managed security service designed to help companies reduce the risks inherent with email communications. [more]
Tuesday, 29 June 2004, 12:39 PM CET

Gates dishes out security promises
At a news conference in Sydney, Microsoft's chairman said computer systems must become more secure and must be at least as reliable as essential physical infrastructure like electricity and water systems. [more]
Monday, 28 June 2004, 7:39 PM CET

ISO endorses key security certification
The International Standards Organization last week gave its stamp of approval to the CISSP security certification for IT workers, and a half-dozen security managers said the endorsement should help enhance the certification's legitimacy and acceptance. [more]
Monday, 28 June 2004, 7:38 PM CET

Exploit used to spread virus could be used again
Computer experts warn that now that a new way to spread computer viruses has gotten a foothold, it won't be long before others try similar attacks. [more]
Monday, 28 June 2004, 7:36 PM CET

CERT recommends anything but IE
US Computer Emergency Readiness Team is advising people to ditch Internet Explorer and use a different browser after the latest security vulnerability in the software was exposed. [more]
Monday, 28 June 2004, 7:35 PM CET

VeriSign service takes on spam
VeriSign on Monday announced a new e-mail security service designed to stop viruses and spam. [more]
Monday, 28 June 2004, 7:34 PM CET

Cookie path best practice
Cookies are often used to maintain a Session ID (SID), through which an individual user can be identified throughout their interaction with the site. If an attacker can use a mechanism to gain access to the SID, then potentially they can incorporate it within their own session to successfully assume the users identity. [more]
Sunday, 27 June 2004, 3:15 PM CET

Could search sites spawn worms?
Worm attacks are bad enough by themselves, but some experts warn of an even more devastating variation: one that strikes at the application level instead of targeting network infrastructure, and spreads to Web sites through Web-based search engines. [more]
Friday, 25 June 2004, 7:46 AM CET

Interview with Gene Hodges, Network Associates President
Before the latest wave of speculation about the potential sale of Network Associates, company President Gene Hodges discussed the security software vendor's future and the current security market with CRN Editor in Chief Michael Vizard. [more]
Friday, 25 June 2004, 7:45 AM CET

Security breaches, congestion found at trade show WLAN
Attendees of this week's Supercomm trade show in Chicago faced a variety of wireless LAN security breaches, according to a firm that specializes in wireless security. [more]
Friday, 25 June 2004, 7:43 AM CET

Mac OS X security myth exposed
Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia.
Friday, 25 June 2004, 7:42 AM CET

How to use cryptography in computer security
Cryptography is the mathematics underlying computer security. While a Ph.D. in cryptography is hardly a requirement for keeping one's systems secure, an understanding of the basics helps in decision making about security, both for system administrators and IT managers. [more]
Friday, 25 June 2004, 7:41 AM CET

OASIS approves security spec for apps, web services
To help companies better handle the influx of application and Web service security alerts, the OASIS standards consortium on Wednesday announced the ratification of a new standard. [more]
Friday, 25 June 2004, 7:39 AM CET

Ethical hacking is no oxymoron
Sporting long sideburns, a bushy goatee and black baseball cap, instructor Ralph Echemendia has a class of 15 buttoned-down corporate, academic and military leaders spellbound. The lesson: hacking. [more]
Friday, 25 June 2004, 7:38 AM CET

When spyware crosses the line
Kelly Martin is the content editor for SecurityFocus, gives her opinion on malicious "spyware" applications. [more]
Thursday, 24 June 2004, 1:44 PM CET

Bugwatch: Reducing downtime at the data centre
Paul Smith, UK country manager with KVM switching and connectivity company Avocent, considers how to minimise potential physical security threats to data servers. [more]
Thursday, 24 June 2004, 1:41 PM CET

Wi-Fi gets much-needed security boost
A Wi-Fi security standard awaiting final approval is intended to restore confidence in a market damaged by previous weak specifications. [more]
Thursday, 24 June 2004, 1:39 PM CET

AOL engineer sold 92 million screen names to spammer
Jason Smathers, an America Online engineer, has been arrested and charged with stealing tens of millions of AOL screen names and then selling them to several people. [more]
Thursday, 24 June 2004, 1:38 PM CET

Tips for removing spyware from your PC
Has your PC been sluggish lately, with a lot more pop-up ads? It could be spyware. [more]
Wednesday, 23 June 2004, 10:55 AM CET

MasterCard tackles phishing
Credit card giant MasterCard announced on Tuesday a new initiative aimed at fighting the growing problem of online fraud, specifically the emerging threat of "phishing" schemes. [more]
Wednesday, 23 June 2004, 10:52 AM CET

US Robotics on the route to improved security
US Robotics has launched a new router, which offers a plethora of security features and what the firm claims are unique file server capabilities. [more]
Wednesday, 23 June 2004, 10:46 AM CET

HackNotes Network Security Portable Reference
This book is perfectly suited for two different types of readers: those who are working within the Information Security field and need to catch up with some of the most common security issues and procedures, and for those who need to show their upper management the magnitude of possible security risks in a network environment. [more]
Wednesday, 23 June 2004, 9:35 AM CET

IM worms could spread in seconds
Using public IM networks poses some special problems for enterprises. [more]
Wednesday, 23 June 2004, 6:42 AM CET

Microsoft, AOL, Yahoo unveil antispam guidelines
An industry organization representing heavyweight e-mail providers Yahoo Inc., Microsoft Corp., America Online Inc. and EarthLink Inc. released recommendations for ending unsolicited commercial ("spam") e-mail, according to a statement by the group. [more]
Wednesday, 23 June 2004, 6:41 AM CET

Windows XP SP2 can break things
Learn about the plethora of security enhancements that Microsoft has included in Windows XP Service Pack 2, as well as how these security features could impair the functionality of some applications. [more]
Wednesday, 23 June 2004, 6:28 AM CET

Blind get earful of spam daily
It's annoying to read spam. It's even worse to hear it. Blind users rely on text-to-speech programs to hear what's on their screens, and they face an aural assault daily. [more]
Wednesday, 23 June 2004, 6:27 AM CET

Network admins get peek at Microsoft's security
Microsoft's top network security manager appeared at a company road show Tuesday to let other administrators know what the software giant is doing to help keep corporate networks safe. [more]
Wednesday, 23 June 2004, 6:23 AM CET

Wi-Fi security standard nears approval
Industry sources said the IEEE 802.11i specification could be ratified this Thursday, adding a needed layer of security to the Wi-Fi standard. [more]
Wednesday, 23 June 2004, 6:22 AM CET

Four criteria for evaluating a security vendor
When evaluating security products for your enterprise, make sure you also evaluate the vendors themselves using these criteria. [more]
Wednesday, 23 June 2004, 6:15 AM CET

Network Associates denies sale rumors
Security company Network Associates said Tuesday that there's no truth to rumors that it is considering an offer to be bought by a large company, possibly Microsoft. [more]
Tuesday, 22 June 2004, 9:58 PM CET

HNS audio learning session: the benefits of SSL VPNs
Rob Lane, AEP Systems VP of Product Management, discusses SSL VPNs in general, shares his point of view on the benefits of using SSL VPNs for secure remote access and talks about the difference between SSL and IPSec VPNs. [more]
Tuesday, 22 June 2004, 8:37 PM CET

Foremost: a Linux computer forensics tool
Computer sleuths interested in running forensic PC operations on a Linux machines should take a look at an open source tool called Foremost. [more]
Tuesday, 22 June 2004, 2:49 PM CET

Network Associates up for sale, sources say
Network Associates is for sale, and Microsoft is rumored to be the buyer. [more]
Tuesday, 22 June 2004, 2:39 PM CET

Microsoft security flaw moderate this month
Microsoft Corp. recently issued a security update for a 'Denial of Service' vulnerability that exists in the IDirectPlay4 application programming interface (API) of its DirectPlay, according to a statement on the company's website. [more]
Tuesday, 22 June 2004, 10:49 AM CET

Gadgets secure PCs on public Wi-Fi
Seclarity of San Francisco is introducing this week its SiNic Wireless network interface card. [more]
Tuesday, 22 June 2004, 10:43 AM CET

Handy wireless networking with Knoppix Linux
Few LiveCD distros come configured with support for the Linksys WPC55AG adapter, which requires the MadWiFi modules with a correctly configured kernel. [more]
Monday, 21 June 2004, 5:54 PM CET

Outlook's security compromised by spammers
Spammers have found a way to bypass Outlook 2003's anti-spam security by embedding images into their emails. [more]
Monday, 21 June 2004, 5:39 PM CET

Cisco raising router security
Cisco will announce availability of its Network Admission Control security technology for Cisco routers this week and lay out a road map for adding NAC capabilities to its lines of LAN switches. [more]
Monday, 21 June 2004, 5:39 PM CET

New gadgets take on 'Starbucks' security threat
Two companies offer plug-in devices that secure info, communications over wireless networks. [more]
Monday, 21 June 2004, 5:37 PM CET

Senate debates cybercrime treaty
A controversial treaty that is the first to focus on computer crime is inching toward ratification in the U.S. Senate. [more]
Monday, 21 June 2004, 12:42 PM CET

Feds face numerous encryption schemes for securing e-mail
Government agencies face a communications dilemma. On one hand, officials are asked to share more information with other agencies, businesses and citizens. [more]
Monday, 21 June 2004, 12:39 PM CET

Secure development framework
This whitepaper focuses on why a secure development framework is needed, touches on its benefits and provides an overview of how organisations can implement such strategies successfully. [more]
Monday, 21 June 2004, 11:29 AM CET

Stealth wallpaper could keep WLANs secure
Keeps outsiders off your wired or wireless network. [more]
Monday, 21 June 2004, 11:14 AM CET

Experts worry about tech retaliation
A Texas company wants to bring vigilante justice to cyberspace. [more]
Monday, 21 June 2004, 11:13 AM CET

US moves towards anti-spyware law
A US House subcommittee on Thursday (17 May) approved what would be the first federal law to specifically target Internet spyware. [more]
Monday, 21 June 2004, 12:55 AM CET

TSA tries biometric checks
Frequent travelers at five airports who submit biometric data and pass a background check will be able to breeze through security checkpoints as part of the Transportation Security Administration's Registered Traveler Pilot program. [more]
Friday, 18 June 2004, 4:23 PM CET

IT security is a top priority at the Olympics
Yan Noblot reassures Mark Samuels that his Olympic Games IT security strategy is sound. [more]
Friday, 18 June 2004, 4:21 PM CET

Time to dump Internet Explorer
It's time to tell our users, our clients, our associates, our families, and our friends to abandon Internet Explorer. [more]
Friday, 18 June 2004, 1:31 PM CET

IP phones can create network security risk
The increasing adoption of Internet telephony may be opening up a significant security risk for companies. [more]
Friday, 18 June 2004, 1:28 PM CET

Q&A with SecurityFocus' Alfred Huger
The cybersecurity expert on why its early-warning system is so hot: "People are sick and tired of being hit blind". [more]
Friday, 18 June 2004, 11:29 AM CET

Brody to lead Energy cybersecurity
Bruce Brody, the cybersecurity chief at the Department of Veterans Affairs, is moving to the Energy Department to help that agency toughen its security against viruses and hacker attacks. [more]
Friday, 18 June 2004, 11:06 AM CET

Free hotspots need free security
Wi-Fi security is getting more attention these days, but most of the solutions are focused on the enterprise or paid-hotspot market. Now one group is trying to tackle the problem for free hotspots as well. [more]
Friday, 18 June 2004, 9:45 AM CET

Symbol buys into stronger mobile security
Symbol Technologies Inc. wants to help secure data and applications on handheld devices via the acquisition of Trio Security Inc., a privately held software vendor. [more]
Friday, 18 June 2004, 8:38 AM CET

XML digital signatures in a nutshell
Digital signatures are widely used as security tokens, not just in XML. In this article, we look at how to create a digital signature and the way that digital signatures are constructed. [more]
Friday, 18 June 2004, 8:30 AM CET

Ready? Secure? Disclose
Are you ready to declare your company secure against attacks from cyberterrorists? If you're not, get moving. [more]
Friday, 18 June 2004, 8:27 AM CET

No swan song for open source IPsec
Internet protocol security (define) for Linux got a boost today from Novell, which announced that it would be officially sponsoring and contributing to the Openswan open source project. [more]
Thursday, 17 June 2004, 5:04 PM CET

Security spending to peak within three years
Eight to 12 per cent of European IT budgets by 2007, says Meta. [more]
Thursday, 17 June 2004, 11:40 AM CET

Application Denial of Service attacks
Denial of Services attacks aimed at disrupting network services range from simple bandwidth exhaustion attacks and those targeted at flaws in commercial software to complex distributed attacks exploiting specific commercial off-the-shelf software flaws. [more]
Thursday, 17 June 2004, 11:36 AM CET

Judge tosses online privacy case
The dismissal of lawsuits brought against Northwest Airlines has online privacy advocates renewing calls for federal privacy legislation. [more]
Thursday, 17 June 2004, 11:11 AM CET

Wardriving for WLAN security
The 4th Annual Worldwide Wardrive is under way this week, with volunteers scanning the airwaves in a neighborhood near you for WLAN access points. [more]
Thursday, 17 June 2004, 12:21 AM CET

Spammer prosecutions waste time and money
The recent US Federal Trade Commission (FTC) report on the futility of establishing a national 'do not email' registry contains a number of interesting observations related to spam control and to the so-called CAN-SPAM Act. [more]
Thursday, 17 June 2004, 12:19 AM CET

Online thieves empty bank accounts
Online thieves known as "phishers" have been gouging unsuspecting consumers by emptying their bank accounts and making fraudulent credit-card purchases. Research firm Gartner conducted a survey of 5,000 adult Web users in the U.S. and found that checking-account theft is the fastest-growing financial consumer fraud in the country. [more]
Thursday, 17 June 2004, 12:17 AM CET

'Sasser' worm informant under investigation
The informant who tipped Microsoft Corp. to the identity of the "Sasser" computer worm's creator last month is among five people under investigation as possible accomplices, prosecutors said Wednesday. [more]
Thursday, 17 June 2004, 12:15 AM CET

Feds' IT security spending growth set for slowdown
Government market-research firm Input says spending on IT security products and services will drop to 2% next year, down from 10% this year and 50% in 2003. [more]
Thursday, 17 June 2004, 12:14 AM CET

Analyst: mobile security is a top priority
With the detection of a virus that could worm its way onto smartphones, security has once again come to the forefront of people's minds. [more]
Thursday, 17 June 2004, 12:13 AM CET

Web vulnerability assessment for SMBs
One modest-priced and nicely featured solution SMBs must consider is Syhunt's Sandcat Suite. This security software suite includes a security hardening tool, a vulnerability scanner, data mining and log analysis tools, and more. [more]
Thursday, 17 June 2004, 12:08 AM CET

Security officials play nice
Federal agencies are deploying more sophisticated network scanning tools than ever before. [more]
Wednesday, 16 June 2004, 12:13 PM CET

Iris scans at UK airports
The Home Office is to install iris scanning technology in major UK airports. It says this will speed up immigration times for those who register on the scheme, as well as providing a "substantial increase in security". [more]
Wednesday, 16 June 2004, 10:33 AM CET

Akamai blames 'global DNS attack' for disruptions
A global attack on the DNS (domain name system) caused disruptions affecting customers of Internet hosting company Akamai Technologies Inc., including search engine sites, said Jeff Young, an Akamai spokesman. [more]
Wednesday, 16 June 2004, 5:14 AM CET

FTC says no to antispam registry
The Federal Trade Commission tells Congress that a "do not e-mail" registry would be ineffective at stopping spam. In fact, it could make the problem worse. [more]
Wednesday, 16 June 2004, 5:03 AM CET

Microsoft: no antivirus product yet
Microsoft intends to create an antivirus service in the near future, but has not finalized its plans yet, a company executive said Tuesday. [more]
Wednesday, 16 June 2004, 5:00 AM CET

Avoiding identity theft: a primer
Your identity is arguably your most valuable possession. A clean legal record and credit history open the door for work, mortgage loans and other day-to-day privileges that most people take for granted. [more]
Wednesday, 16 June 2004, 4:59 AM CET

A security tale: from vulnerability discovery to disaster
It's one of the largest wireless companies in the United States. It has billions of dollars in the bank. And last week, it had a colossal security problem on its hands. [more]
Tuesday, 15 June 2004, 4:26 PM CET

HNS audio learning session: alternatives to passwords
In this 8 minutes long audio learning session, John Stuart, Signify CEO, discusses what are the alternatives to passwords: one time passcodes (token based systems), digital certificates and biometrics. He provides background and benefits on each of these security systems. [more]
Tuesday, 15 June 2004, 3:16 PM CET

Ease the security burden with a central logging server
Many administrators fall short of spending the necessary time monitoring log files. Because this is a critical security task, one of the best ways to accomplish it is with a central logging server. These tips will help you get started. [more]
Tuesday, 15 June 2004, 3:03 PM CET

Inside the insider threat
Mudge, the security expert and chief scientist at Intrusic Inc., details some of the ways that malicious hackers can slip into computer networks undetected. [more]
Tuesday, 15 June 2004, 2:55 PM CET

Worm cuts off antivirus programs
A new worm can shut down antivirus applications, according to security firm F-Secure. [more]
Tuesday, 15 June 2004, 2:53 PM CET

Email viruses are more annoying than spam
I've had my primary email address for many years, and I also get email through a number of work-related aliases. So I get spam. Tons of spam. And I filter it all. I filter viruses, too, not because they can affect my Linux computer, but because they suck up bandwidth. [more]
Tuesday, 15 June 2004, 2:51 PM CET

Google's Gmail: spook heaven?
Google's plans to run targeted advertising with the mail that you see through its new Gmail service represents a potential break for government agencies that want to use autobots to monitor the contents of electronic communications travelling across networks. [more]
Tuesday, 15 June 2004, 2:39 PM CET

Russian firm reports first mobile phone worm
Antivirus company Kaspersky Labs Ltd. said on Monday that it discovered the first-ever computer virus capable of spreading over mobile phone networks. [more]
Tuesday, 15 June 2004, 9:10 AM CET

New Linux security hole found
A Linux bug was recently uncovered by a young Norwegian programmer that, when exploited by a simple C program, could crash most Linux 2.4 or 2.6 distributions running on an x86 architecture. [more]
Tuesday, 15 June 2004, 8:58 AM CET

WLANs vulnerable to hacking
Wireless security is fraught with problems, but there are advanced technology solutions for many of them, says research firm Gartner. Fixed wireless intrusion-detection sensors can block hackers from breaching networks and masquerading as legitimate users. [more]
Tuesday, 15 June 2004, 8:54 AM CET

Microsoft releases security-minded Windows code
Microsoft on Monday released what it hopes is a nearly final test version of a security-oriented Windows upgrade. [more]
Tuesday, 15 June 2004, 8:48 AM CET

Executive conversation: why Cloudmark took the path less traveled
Spam, spim, spoofs…will it ever end? Cloudmark believes that spam and all of its incarnations will indeed disappear through a combination of carefully harvested human feedback and ground-breaking tools. [more]
Monday, 14 June 2004, 3:28 PM CET

Growing need for wireless security policies
The escalating use of wireless technology demands formal corporate security policies governing that use, according to users and analysts at a Gartner security conference in Washington DC. [more]
Monday, 14 June 2004, 1:16 PM CET

Time to apply a patch
A renewed debate about patch management has highlighted a flaw in federal officials' views on information security. [more]
Monday, 14 June 2004, 1:14 PM CET

Internet Explorer holes causing alarm
Four new holes have been discovered in the Internet Explorer (IE) Web browser that could allow malicious hackers to run attack code on Windows systems, even if those systems have installed the latest software patches from the Redmond, Washington company, security experts warn. [more]
Monday, 14 June 2004, 1:08 PM CET

Shortage of computer security experts hampers agencies
Bush administration officials and information technology industry experts on Thursday identified areas of cybersecurity that need to be addressed, including more research and development and the training of the next generation of cyber experts in government. [more]
Monday, 14 June 2004, 1:05 PM CET

Using Jabber as a log monitor
Jabber, the streaming XML technology mainly used for instant messaging, is well-suited to its most common task. However, Jabber is a far more generic tool. [more]
Monday, 14 June 2004, 1:01 PM CET

Backdoor program gets backdoored
The author of a free Trojan horse program favored by amateur computer intruders found himself with some explaining to do to the underground. [more]
Monday, 14 June 2004, 1:00 PM CET

Microsoft's SP1 for Server 2003 packs a security punch
Microsoft is working on a set of security upgrades for Windows Server 2003 that executives said will deliver on the company's promise to make its products more secure by default. [more]
Monday, 14 June 2004, 12:55 PM CET

Pre-emptive security prompts alarms
Early warning systems are the latest tactic in security professionals' war on malware. [more]
Monday, 14 June 2004, 12:52 PM CET

Apple makes its case for security
Stung by criticism of its handling of vulnerabilities in Mac OS X, Apple says it's serious about security and vows to be more attentive. [more]
Monday, 14 June 2004, 12:52 PM CET

Security pays off as cybercrime costs fall
The number of cybercrimes and hacker attacks, and the cost attributed to such intrusions, declined for the fourth straight year, according to data released by the Computer Security Institute. [more]
Monday, 14 June 2004, 12:46 PM CET

Euro 2004 worms target footy fans
Security experts have warned football fans to watch out for virus-infected emails that contain attachments masquerading as Euro 2004 goodies. [more]
Thursday, 10 June 2004, 12:14 PM CET

More security sought for electronic voting
The head of a federal voting commission called Tuesday for tougher security measures for electronic voting by the November elections, but said the issue of requiring paper receipts as backup needs further study. [more]
Thursday, 10 June 2004, 12:11 PM CET

Security worries threaten voice over IP future
Security experts are becoming worried that Voice over IP technology may be too insecure for many companies.
Thursday, 10 June 2004, 12:09 PM CET

VPN/Firewall market up 11% in 1Q04, driven by Cisco’s strong quarter
Worldwide VPN and firewall hardware and software revenue was up 11% at $733 million in 1Q04 from 4Q03, and will grow 12% to $823 million by 1Q05, according to Infonetics Research. [more]
Thursday, 10 June 2004, 12:08 PM CET

Vendors unveil WLAN security products
A tool to detect rogue access wireless devices and a wireless security product aimed at small and medium businesses were unveiled Wednesday at the Wi-Fi Planet Conference in Baltimore. [more]
Thursday, 10 June 2004, 12:07 PM CET

Ten guidelines for deploying secure XML Web services
The rise of internetworking was enabled by the use of network-level security technologies such as Secure Sockets Layer, IPsec and firewall filtering to create a secure perimeter around an enterprise network. [more]
Thursday, 10 June 2004, 12:06 PM CET

Who's Getting Rich on Computer Viruses?
Computer viruses cost businesses and consumers around the world billions of dollars each year. So who -- if anyone -- is profiting from viruses? [more]
Thursday, 10 June 2004, 12:05 PM CET

Cingular patches customer security glitches
Cingular Wireless, which is set to become the biggest U.S. mobile service when it buys AT&T Wireless this year, said on Wednesday it was fixing security problems that exposed customer account details and could potentially have resulted in fraudulent credit card use. [more]
Thursday, 10 June 2004, 12:04 PM CET

Internet Security Systems CTO steps down
Chris Klaus, the founder of Internet Security Systems, has decided to relinquish his role as chief technology officer, but is staying on with the company in the newly created position of chief security adviser. [more]
Thursday, 10 June 2004, 12:02 PM CET

Cyber-cops to patrol Internet chatrooms
Police plan to patrol Internet chatrooms as part of a multinational crackdown on pedophile rings. They will also seize the finances of Web site operators who peddle child pornography and freeze the credit cards of their customers. [more]
Wednesday, 9 June 2004, 7:49 PM CET

Feds want e-voting source code disclosed
Electronic voting machine vendors should make their source code available for scrutiny by state elections officials, the head of a federal voting commission said Tuesday. [more]
Wednesday, 9 June 2004, 7:47 PM CET

The Wi-Fi explosion: a virus writer's dream
With the consumer Wi-Fi explosion, launching a virus into the wild has never been easier and more anonymous than it is today. [more]
Wednesday, 9 June 2004, 7:45 PM CET

Preview of Windows XP Service Pack 2
My normal policy is not to review beta releases of any software. But because Windows XP SP2 is so important I decided to break away from the norm. Readers should be aware that a release candidate is not a final release and this in should no way be construed as a review of the final product. [more]
Wednesday, 9 June 2004, 12:52 PM CET

Solaris 10 operating system preview
Solaris 10 Operating System, the upcoming release of the industry's leading UNIX platform, integrates revolutionary technologies and delivers extreme levels of performance, availability and security. [more]
Wednesday, 9 June 2004, 12:51 PM CET

Net needs law enforcement, author says
The Internet is a "god-awful mess," but few U.S. government officials are willing to take action against virus writers, spammers and other scammers, author Bruce Sterling said at the Gartner IT Security Summit Tuesday in Washington, D.C. [more]
Wednesday, 9 June 2004, 12:48 PM CET

Best practices for storage security
IT professionals have learned the hard way in recent years that disaster can strike at anytime and that they must be prepared. [more]
Wednesday, 9 June 2004, 10:10 AM CET

Spam-fighting theories far from practice
Filters and sender authentication protocols are not likely to do much to stem the spam flood around the world, at least for the time being, according to Gartner analysts. [more]
Wednesday, 9 June 2004, 6:57 AM CET

Four-fifths of networks bleeding Wi-Fi data
Most businesses routinely broadcast company information over the airwaves. [more]
Wednesday, 9 June 2004, 6:55 AM CET

Microsoft patches a pair of flaws
Microsoft released two security patches for Windows, plugging holes in an online gaming feature and a third-party program the company includes with several applications. [more]
Wednesday, 9 June 2004, 6:47 AM CET

Tech jobs: systems administration
Systems administrators find themselves taking on responsibility for additional technologies, such as security and wireless. "The position has evolved into being more than just a systems administrator," says Terry Phillips of Robert Half International. [more]
Wednesday, 9 June 2004, 6:45 AM CET

Striking back at spyware
States, feds consider regulating intrusive software. [more]
Tuesday, 8 June 2004, 4:19 PM CET

Encrypting partitions using dm-crypt and the 2.6 series kernel
This article looks at how to set up an encrypted partition using dm-crypt. [more]
Tuesday, 8 June 2004, 4:16 PM CET

The Witty worm: a new chapter in malware
The Witty worm was a big deal. It represented some scary malware firsts and is likely a harbinger of worms to come. IT professionals need to understand Witty and what it did, writes Bruce Schneier, CTO of Counterpane. [more]
Tuesday, 8 June 2004, 1:34 PM CET

Confusion surrounds Cisco-Linksys wireless hole
A report last week about a security hole in a wireless broadband router made by Cisco Systems Inc.'s Linksys division overstated the severity of the vulnerability, according to the man who first warned of the problem. [more]
Tuesday, 8 June 2004, 10:51 AM CET

Passwords can sit on hard disks for years
Typing your password or credit card number into a computer is a moment's work. But if you think your personal details disappear as soon as you hit the Return key, think again: they can sit on the computer's hard disk for years waiting for a hacker to rip them off. [more]
Tuesday, 8 June 2004, 10:17 AM CET

Firm accidentally eBays customer database
A customer database and the current access codes to the supposedly secure Intranet of one of Europe's largest financial services group was left on a hard disk offered for sale on eBay. [more]
Tuesday, 8 June 2004, 10:13 AM CET

Security spending will increase
Spending on security-related technology is expected to increase over the next couple of years, leveling off at 5 percent to 8 percent of the IT budget of global 2000 companies. [more]
Tuesday, 8 June 2004, 10:10 AM CET

Apple patches 'critical' OS X flaw
Apple Computer on Monday released a security patch that fixes what the company called the first "critical" Mac OS X flaw. [more]
Tuesday, 8 June 2004, 10:09 AM CET

TruSecure updates security-compliance manager
TruSecure unveiled Risk Commander 2.0, a set of software tools that does double duty by measuring how effectively IT defenses are working [more]
Tuesday, 8 June 2004, 10:08 AM CET

Ten guidelines for deploying secure XML Web services
Eugene Kuznetsov, CTO of DataPower, offers these field-proven steps for protecting company resources by applying XML Web services security. [more]
Monday, 7 June 2004, 4:15 PM CET

New armor to thwart hacks
A small cadre of vendors is set to release a new class of host-based security technologies that protect applications and processes running in memory. [more]
Monday, 7 June 2004, 3:15 PM CET

Secure development: a polarised response
Secure development is the process of authoring software in such a way as to embrace information security at every stage of the cycle. By addressing information security issues at the design and prototype stages, huge savings in development costs can be made. [more]
Monday, 7 June 2004, 2:43 PM CET

US wardriver pleads guilty to Wi-Fi hacks
In a rare wireless hacking conviction, a Michigan man entered a guilty plea last Friday in federal court in Charlotte, North Carolina for his role in a scheme to steal credit card numbers from the Lowe's chain of home improvement stores by taking advantage of an unsecured Wi-Fi network at a store in suburban Detroit. [more]
Monday, 7 June 2004, 2:38 PM CET

Report: Juniper Networks/NetScreen EMEA press summit
Two weeks ago in Marbella, Spain, the company managed to take us on an interesting journey. Speakers covering a broad range of topics illustrated the evolution of Juniper Networks and introduced their vision for the future after the acquisition of NetScreen. [more]
Monday, 7 June 2004, 2:21 PM CET

RSA pumps up passwords
Forthcoming Sign-On Manager will ease aithentication, toughen security. [more]
Monday, 7 June 2004, 1:56 PM CET

Microsoft's swift response nabbed Sasser suspect
When indications of a worm exploiting the LSASS vulnerability in Windows surfaced April 30, the staff at Microsoft Corp.'s Security Response Center didn't hesitate; they knew exactly what to do. [more]
Monday, 7 June 2004, 1:55 PM CET

Linux gains virus armour
Red Hat and Intel have developed software that supports the antivirus NX security technology. [more]
Monday, 7 June 2004, 1:54 PM CET

Recognition keys access
Passwords are a problem. To be secure, a password must be non-obvious and changed often. [more]
Monday, 7 June 2004, 4:27 AM CET

Microsoft calls for outbound filtering against spam
In its continuing fight against unsolicited commercial e-mail, Microsoft Corp. plans to filter outgoing messages on its consumer mail services and is busy developing new "proofing" technologies. [more]
Monday, 7 June 2004, 4:23 AM CET

IT security hits the stage
Following are some of the notable technology-related events scheduled for the week of June 6. [more]
Monday, 7 June 2004, 4:20 AM CET

Little brothers like IP cameras
New surveillance cameras allow anyone with a broadband Internet connection to keep a 24-hour watch on nearly anything -- from anywhere. Parents can monitor kids, the boss can keep an eye on the office. [more]
Monday, 7 June 2004, 4:19 AM CET

Security time bomb is triggered by 'rogue laptops'
Notebook PCs that have missed the regular patching cycle are vulnerable to security threats such as the recent Korgo worm, warn security experts. [more]
Friday, 4 June 2004, 8:38 PM CET

New worm targets two MS vulnerabilities
Antivirus software companies are warning customers about a new e-mail worm that targets unpatched Microsoft Corp. Windows machines with either of two recently disclosed software vulnerabilities. [more]
Friday, 4 June 2004, 8:36 PM CET

Sendmail's security
Some might say that security starts at the server. Some of these servers process millions of messages during a week’s time. How do you know if the server is secure? [more]
Friday, 4 June 2004, 2:21 PM CET

Worm steals credit card details
Windows users are being warned about a virus that is "aggressively stealing" credit card numbers and passwords. [more]
Friday, 4 June 2004, 2:04 PM CET

GAO: Feds can improve critical cybersecurity
Although the private sector owns most of the nation's critical infrastructures, the federal government has several options to improve cybersecurity of such assets. [more]
Friday, 4 June 2004, 2:03 PM CET

Harry Potter virus targets children
Virus authors have tapped into excitement over the latest Harry Potter film to spread an old worm. [more]
Friday, 4 June 2004, 2:01 PM CET

Security vendor says offshore development needs checks
An executive from Citadel Security Software Inc. pointed to offshore software development as one reason for security vulnerabilities in a hearing before a U.S. House Subcommittee Wednesday. [more]
Thursday, 3 June 2004, 2:47 PM CET

Windows gets 'strong' passwords as SecurID trials kick off
RSA Security and Microsoft have started beta testing a product designed to kill off the traditional password. [more]
Thursday, 3 June 2004, 2:40 PM CET

Apple and OS security - communication is key
When it comes to security, Apple Computer's report card reads like that of a gifted child: high marks for achievement, but needs to communicate better with others. [more]
Thursday, 3 June 2004, 2:39 PM CET

Double Snorting
This article discusses running two instances of Snort — one configured for the attacks on the services he runs, and one with almost all attack rules enabled to keep him informed about the variety of attacks floating around the Internet. [more]
Thursday, 3 June 2004, 11:07 AM CET

Multiple security roles with Unix/Linux
There are some areas of security where Linux and Unix have some strong wins, and simply fit in better than anything else. [more]
Thursday, 3 June 2004, 10:47 AM CET

Phishers put surfers on the hook
Trolling for credit card numbers with phony websites and e-mails is becoming more and more popular, but enforcement is still playing catch-up. [more]
Thursday, 3 June 2004, 10:37 AM CET

RFID's secret path to ROI
"If manufacturers and retailers can get accurate, real-time demand data rather than estimates ... that would represent a sea change in demand forecasting," AMR's Kara Romanov says. "The holy grail for CPG manufacturers is real-time, clean and accurate demand data." [more]
Thursday, 3 June 2004, 8:46 AM CET

Microsoft not a threat to US national security
Microsoft's dominance of the desktop operating system market isn't a threat to U.S. national security, according to a new study by a team of researchers at the George Mason University, who said a worm or other malicious attack on Windows is unlikely to produce a catastrophic failure of the Internet. [more]
Thursday, 3 June 2004, 8:40 AM CET

When PGP signatures can be misleading
The trust that PGP signatures generates can be deceptive, one researcher, a regular poster to the full-disclosure vulnerability mailing list, has discovered. [more]
Thursday, 3 June 2004, 8:38 AM CET

Security escapes from the lab
As security threats increase, HP's researchers concentrate on management and active countermeasures. [more]
Wednesday, 2 June 2004, 3:58 PM CET

H.323 mediated Voice over IP: vulnerabilities and more
This paper provides an overview of the H.323 (VoIP) protocol suite, its known vulnerabilities, and then suggests twenty rules for securing an H.323-based network. [more]
Wednesday, 2 June 2004, 2:08 PM CET

From exposition to exploit: One security book's story
Even prior to its release in May, The Shellcoder's Handbook: Discovering and Exploiting Security Holes drew attention to the exploitive nature of the narrative. [more]
Wednesday, 2 June 2004, 1:51 PM CET

How much should you invest in IT security?
One of the main concerns of the organizers of the Olympic Games to be held in Athens this summer is security, but not only physical security, computer security as well. [more]
Wednesday, 2 June 2004, 1:29 PM CET

Simple passwords no longer suffice
To access her bank account online, Marie Jubran opens a Web browser and types in her Swedish national ID number along with a four-digit password. She then pulls out a card of scratch-off codes and uses one to log on. [more]
Wednesday, 2 June 2004, 11:40 AM CET

Secure information sharing and the data residency dilemma
One of the top priorities for companies today is information sharing with a vast ecosystem of external entities, ranging from business partners and suppliers to customers. [more]
Wednesday, 2 June 2004, 11:24 AM CET

Missing: a laptop of DEA informants
Federal investigators are frantically trying to determine what happened to a missing laptop computer that contains sensitive data. [more]
Wednesday, 2 June 2004, 11:20 AM CET

Chrooting Apache
The chroot daemon allows you to run a program and have it see a given directory as the root (/) directory. [more]
Wednesday, 2 June 2004, 11:18 AM CET

Big bucks for biometric screening
The Department of Homeland Security awards a $10 billion contract to a group of companies, led by Accenture, to build a system to screen and track foreign visitors to the United States. [more]
Wednesday, 2 June 2004, 11:03 AM CET

Early alerting - the key to proactive security
In an environment where attacks are becoming more frequent and more sophisticated, what steps can enterprises take to ensure business continuity? Increasingly, these organizations are considering implementing an early warning system. [more]
Wednesday, 2 June 2004, 11:00 AM CET

When encryption can be misleading
The trust that encryption generates can be deceptive, one researcher, a regular poster to the full-disclosure vulnerability mailing list, has discovered. [more]
Tuesday, 1 June 2004, 1:55 PM CET

Hackers 'recycling code' to spread worms
Although less new malicious code appears to be being written, viruses and worms are continuing to cause problems around the world, says Trend Micro. [more]
Tuesday, 1 June 2004, 1:54 PM CET

How to sell - a pretty kettle of phish
New technologies have brought with them a new wave of security challenges. Resellers stand to benefit if they help end-users to create and manage the systems and policies required. [more]
Tuesday, 1 June 2004, 1:52 PM CET

Putting security where it belongs
In recent years, business information systems have expanded into networks, encompassing partners, suppliers and customers. And this brings greater security challenges. [more]
Tuesday, 1 June 2004, 1:50 PM CET

Complex passwords foil hacks
As more websites demand passwords, scammers are getting cleverer about stealing them -- hence, the need for such "passwords-plus" systems. [more]
Tuesday, 1 June 2004, 6:24 AM CET

CVS exploit leads to project server compromise
Users of Concurrent Versions System (CVS) software are being urged to patch their systems against an exploit used to hack the project's web site. [more]
Tuesday, 1 June 2004, 6:21 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th