Off the Wire

Off The Wire Archive

News items for June 2006

Installing a firewall on Ubuntu
Ubuntu's desktop install provides a bunch of useful software for desktop users, but it doesn't install a firewall by default. Luckily, it's really simple to get a firewall up and running on Ubuntu. [more]
Friday, 30 June 2006, 8:10 PM CET

Securing wireless, remote and mobile computing - quick fixes
The rapid growth of wireless, remote and mobile computing is creating a significant increase in the risks that organisations face. All the indications are that this growth will continue, and indeed accelerate. It is clearly time to review what actions are required to manage access risks from these forms of computing. Fortunately, there are some quick fixes that are available. [more]
Friday, 30 June 2006, 8:06 PM CET

EMC to acquire RSA Security for almost US$2.1 billion
In a deal that marries one of the IT industry's biggest data storage vendors and one of its best-known security companies, EMC Thursday unveiled plans to acquire RSA Security. [more]
Friday, 30 June 2006, 10:35 AM CET

FBI Recovers Stolen VA Laptop
"The worst-case scenario may have been averted this time, but an even greater tragedy would be if this type incident was allowed to happen again because of complacency in the workplace," said Joe Davis, a spokesperson for the Veterans of Foreign Wars. [more]
Friday, 30 June 2006, 1:50 AM CET

Employees more honest with Big Brother watching
"I was really surprised by how big the effect was, as we were expecting it to be quite subtle," said Melissa Bateson, a behavioral science researcher based at Newcastle University who led the study. "But the statistics show that the eyes had a strong effect on our tea and coffee drinkers." [more]
Friday, 30 June 2006, 1:14 AM CET

Spammers using images to fool filters
Earlier this year, tools began circulating among spammers to automatically vary images ever so slightly -- a change in color here, a slightly larger border there. That changes the signature, helping it escape detection. [more]
Friday, 30 June 2006, 1:07 AM CET

IT centralization at VA key to security
'Cultural impediments' have slowed past efforts to change. [more]
Friday, 30 June 2006, 12:49 AM CET

Online scams: Top 5 best of the worst
According to recent studies, there is a trend of more targeted, monetarily driven malware attacks. [more]
Friday, 30 June 2006, 12:45 AM CET

Two men sentenced to prison on piracy charges
Men receive 12- and 18-month prison terms for online software piracy. [more]
Friday, 30 June 2006, 12:15 AM CET

Microsoft patches security patch
Original fix nobbled Windows. [more]
Thursday, 29 June 2006, 1:26 PM CET

Data brokers and buyers anger Congress
Almost every piece of personal information that Americans try to keep secret - including bank account statements, e-mail messages and telephone records - is semi-public and available for sale. [more]
Thursday, 29 June 2006, 1:24 PM CET

Checklist -patching Windows servers
Patching a server is fundamentally different from patching a workstation, both in terms of the scope of the patches and the process involved. [more]
Thursday, 29 June 2006, 1:14 PM CET

Draft standards released for smartcard rollout
Draft standards and an interoperability framework for all public sector agencies has been released in preparation for the federal government's billion dollar smartcard rollout. [more]
Thursday, 29 June 2006, 1:13 PM CET

Researcher publishes details of, MSN holes
Frustrated with what he calls a lack of response from Microsoft and, a security researcher has gone public with details of flaws on the two companies' Web sites. [more]
Thursday, 29 June 2006, 1:11 PM CET

Microsoft makes anti-piracy tool less intrusive
The company upgraded its Windows Genuine Advantage tool to communicate less with Microsoft and changed its end-user license agreement to make it more clear what the tool does. [more]
Thursday, 29 June 2006, 1:10 PM CET

Say hello to voice phishing
Hi-tech fraudsters have begun using recorded telephone messages in a bid to trick users into handing over confidential account information. [more]
Thursday, 29 June 2006, 1:09 PM CET

Security flaw found in Nokia PC Suite
ActiveX error could compromise users' PCs. [more]
Thursday, 29 June 2006, 1:09 PM CET

U.S. gov't mandates laptop security
The Bush Administration is giving federal civilian agencies just 45 days to comply with new recommendations for laptop encryption and two-factor authentication. [more]
Thursday, 29 June 2006, 1:08 PM CET

Apple fixes vulnerabilities In OS X update
The vulnerabilities allow attackers to launch a denial-of-service attack, view the names of files and folders in search results, or execute code with elevated privileges. [more]
Thursday, 29 June 2006, 1:06 PM CET

Virgin France fined over piracy
French music retailer Virgin France has been fined 600,000 euros ($754,266; £414,147) for music piracy. [more]
Thursday, 29 June 2006, 1:05 PM CET

IE blighted by flaw duo
A brace of new Internet Explorer vulnerabilities have been disclosed on a security mailing list.
Thursday, 29 June 2006, 12:49 PM CET

The ten most critical wireless and mobile security vulnerabilities
Inspired by the SANS Top 20, this list is a consensus of industry experts on wireless and mobile vulnerabilities that require immediate remediation. It is offered as a public service by the Mobile Antivirus Researcherís Association. [more]
Thursday, 29 June 2006, 12:55 AM CET

Studies question e-voting security
A series of new reports have again raised questions about the security of electronic voting machines, with one report identifying multiple vulnerabilities. [more]
Wednesday, 28 June 2006, 11:46 AM CET

Ajax security basics
Though Ajax applications can be more difficult to test, security professionals already have most of relevant approaches and tools needed. [more]
Wednesday, 28 June 2006, 11:42 AM CET

Security software slaps IE in "Sandbox"
GreenBorder Pro uses virtualisation-like technologies to separate IE from the rest of the system, so that if malicious software does execute, it doesn't actually touch the computer. [more]
Wednesday, 28 June 2006, 11:33 AM CET

MySpace case opens security can of worms
A fourteen-year old girl is suing MySpace for £30m after she was allegedly assaulted by a man she met on the popular teen hangout site. [more]
Wednesday, 28 June 2006, 11:32 AM CET

Security needs vary for each industry vertical
IT managers cannot ignore secure content management (SCM), but needs vary greatly for each industry vertical, according a new report from research firm IDC.
Wednesday, 28 June 2006, 11:30 AM CET

Windows Genuine program revised following uproar
Microsoft has bowed to public pressure, releasing a version of WGA that no longer validates Windows using a server-side configuration. [more]
Wednesday, 28 June 2006, 1:16 AM CET

Concerns arise over voter database security
File this in the "seemed like a good idea at the time" drawer. The Help America Vote Act (HAVA) was passed in 2002, partially in response to the controversy surrounding the 2000 presidential election. [more]
Wednesday, 28 June 2006, 12:58 AM CET

Password-protected bullets
Safety catches do not always prevent firearm accidents and even newfangled biometric guns, which check the identity of a user by their fingerprint, cannot stop thieves from using stolen ammunition in other weapons. [more]
Wednesday, 28 June 2006, 12:49 AM CET

Remote authentication: four tips for improving security
Remote users are a problem for a lot of us whose jobs are to keep our networks secure. [more]
Wednesday, 28 June 2006, 12:37 AM CET

Data security grabs attention of lawmakers
An increase in data security breaches is prompting the creation of new laws. [more]
Wednesday, 28 June 2006, 12:28 AM CET

Three held over computer virus spam
Police in Britain and Finland have arrested three men suspected of conspiring to spread computer viruses through spamming, Metropolitan Police said. [more]
Wednesday, 28 June 2006, 12:17 AM CET

When access management becomes rocket science
NASA's challenges are hardly limited to launching rockets and getting men to Mars. [more]
Tuesday, 27 June 2006, 4:50 PM CET

SQL injection weaknesses found in Mambo, Joomla
Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible. [more]
Tuesday, 27 June 2006, 4:20 PM CET

Nokia joint venture to secure electronic payments
Nokia teams with smart card vendor to secure payments that use short-range wireless technology. [more]
Tuesday, 27 June 2006, 3:52 PM CET

What to do if a security flaw is reported
You've worked hard and long for months to get the software out the door. You think you've covered all the bases -- it performs well and it's completely secure. There is absolutely no way it can be hacked. [more]
Tuesday, 27 June 2006, 3:51 PM CET

Microsoftís real test with Vista is vulnerabilities
Vista, the solution to all our problems: Microsoft portrays Vista as anything from the end of software vulnerabilities to the end of spyware. [more]
Tuesday, 27 June 2006, 3:17 PM CET

NHS slammed for ignoring mobile data security
The National Health Service is failing to provide adequate security for potentially sensitive data held on mobile storage devices, research claimed today. [more]
Tuesday, 27 June 2006, 3:13 PM CET

List of data breaches grows
The dizzying pace of security breach notifications shows no signs of abating, with companies such as American International Group Inc. and ING U.S. Financial Services adding themselves to the list of businesses disclosing data compromises. [more]
Tuesday, 27 June 2006, 2:18 PM CET

USB drives pose insider threat
In a recent test of a credit union's network security, consultants working for New York-based security audit firm Secure Network Technologies scattered 20 USB flash drives around the financial group's building. [more]
Tuesday, 27 June 2006, 2:02 PM CET

You can never be too secure
When I think about our security strategy, I have to ask myself if we've done enough. Have we covered all the bases? If we haven't, do we have a work-around or some other risk-mitigation plan in place? [more]
Tuesday, 27 June 2006, 2:01 PM CET

Linux hackers re-claim the Linksys WRT54G
As predicted, the open source community has come up with a way to convert VxWorks-based LinkSys wireless WRT54G routers to Linux. The process does not require hardware hacking, and installs a recent version of "DD-WRT micro." [more]
Tuesday, 27 June 2006, 2:00 PM CET

IT directors fear the sack over email security
More than a third of IT directors fear losing their jobs if confidential information sent by email is leaked or accidentally read by someone other than the intended recipient, according to a report issued today. [more]
Tuesday, 27 June 2006, 1:55 PM CET

Gov't break a law? Change it
The White House is nearing an agreement with Congress on legislation that would write President Bush's warrantless surveillance program into law, the Senate Judiciary Committee chairman said Sunday. [more]
Monday, 26 June 2006, 8:22 AM CET

Designing high-availability Windows systems
Rick Cook explains the major options for designing a system with an appropriate amount of uptime. [more]
Monday, 26 June 2006, 7:40 AM CET

Striking the balance between storage security and availability
Any good strategy for data storage protection includes a strategic balance between information availability and information security. IT managers today are tasked with maintaining this balance at a reasonable cost. Itís easy to make information completely secureóby locking it up in a safe, for exampleóbut the trick is to also ensure that it is available when needed. However, by providing information access, there are always risks. [more]
Monday, 26 June 2006, 5:45 AM CET

17 mistakes Microsoft made in the Xbox security system
This article is about how easy it is to make terrible mistakes and how easily people seem to overestimate their skills. So this article is also about how to avoid the most common mistakes. [more]
Monday, 26 June 2006, 2:45 AM CET

Utility disables Microsoft's anti-piracy app
Firewall Leak Tester, which specializes in firewall stress tests, released RemoveWGA, a program that deletes the Windows Genuine Advantage Notification Tool. [more]
Monday, 26 June 2006, 2:36 AM CET

Setting technical criteria for outbound content monitoring
'Exfiltration' reports must stand up to legal scrutiny. [more]
Monday, 26 June 2006, 2:30 AM CET

Identity thieves lurking in P2P
Medical records, financial information and router passwords have all popped up on P2P networks, researchers say. [more]
Monday, 26 June 2006, 2:15 AM CET

Business leaders: US not prepared for Internet outage
The US is unprepared to deal with a major cyber emergency. That's the conclusion of a new report from the Business Roundtable, a group of 160 CEOs from the nation's largest companies. [more]
Monday, 26 June 2006, 1:58 AM CET

IT expert: I worked with 7/7 bombers and warned police
A computer expert who worked alongside two of the July 7 bombers claims today that he tried to warn the police about their activities almost two years before the suicide attacks. [more]
Monday, 26 June 2006, 1:42 AM CET

TorrentSpy names alleged MPAA attacker
TorrentSpy named the attacker who it claims broke into its computer systems on behalf of the Motion Picture Association of America (MPAA), as part of a legal request that would force the MPAA to turn over documents stolen from the Internet file-searching company. [more]
Monday, 26 June 2006, 1:12 AM CET

Watergate echoes in NSA courtroom
It was perhaps inevitable that someone would compare President Bush's extrajudicial wiretapping operations to Richard Nixon's 1970s-era surveillance of journalists and political enemies. Both were carried out by Republican presidents; both bypassed the courts; both relied on the cooperation of U.S. telecommunications companies. [more]
Monday, 26 June 2006, 1:05 AM CET

FreeNode has been hijacked
The world's largest FOSS IRC network, FreeNode, has been (for lack of a better word) hijacked. [more]
Monday, 26 June 2006, 12:52 AM CET

Symantec to exit security appliance business
About 80 staff were laid off as SGS and SNS appliances were said to be discontinued. [more]
Monday, 26 June 2006, 12:45 AM CET

Microsoft: baking security in
A Microsoft security expert explains how the company has improved its development process. [more]
Monday, 26 June 2006, 12:29 AM CET

Sailors' data posted on the web
The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website. [more]
Monday, 26 June 2006, 12:15 AM CET

Creating a safe directory with PAM and EncFS
This HowTo is about creating a user-session-safe directory which offers security on- and offline. [more]
Monday, 26 June 2006, 12:09 AM CET

Phisher catches 21-month jail term
Microsoft scores its first victory against MSN phishers. [more]
Friday, 23 June 2006, 6:40 PM CET

Next-gen bank Trojans are upon us
Banking Trojans are perhaps the most malicious form of malware today, with the express purpose of taking your money directly from your bank account. [more]
Friday, 23 June 2006, 6:36 PM CET

Secure identity begins at home
If your digital identity is going to mean anything, it has to be secured, and Shelagh Callahan of Intel's Systems Technology Lab thinks that has to start on your PC. [more]
Friday, 23 June 2006, 6:34 PM CET

JPEG flaw uncovered in Opera browser
Buffer overflow affects version 8.54 of the popular browser. [more]
Friday, 23 June 2006, 6:33 PM CET

One-stop network security: considering the options
Setting up and maintaining a reliable defense around your network takes hardware, software, diligence and a good measure of security expertise. That's a tall order for a small business. But that's exactly what it takes to track constantly evolving threats, to monitor network activity and to maintain the collection of tools required to combat attacks. [more]
Friday, 23 June 2006, 6:31 PM CET

Bill Gates' piracy confession
If you read way down to the bottom of a Wall Street Journal interview with Bill Gates, you'll discover that the Microsoft executive admitted to watching pirated movies on the Internet. The confession came as he was talking about content he had viewed on YouTube. [more]
Friday, 23 June 2006, 8:46 AM CET

Japanís web security suffers further blow
Japan's technology sector has been hit by another security breach, in the latest of a string of incidents that have raised questions about the safety of consumer internet services in the country. [more]
Friday, 23 June 2006, 8:46 AM CET

Forensics expert attempts to link UBS attack and defendant
In the ongoing UBS computer sabotage trial, the government's forensics expert testified that he connected defendant Roger Duronio's user name and home computer directly to the logic bomb that took down the company network. [more]
Friday, 23 June 2006, 8:45 AM CET

USDA says hacker may have stolen employees' data
Data thieves target notoriously security-lax agency. [more]
Friday, 23 June 2006, 8:44 AM CET

The 10 biggest security risks you don't know about
Hackers, scammers, and identity thieves are constantly coming up with new ways to attack your PC and your privacy. Here are the newest perils--and how to foil them. [more]
Friday, 23 June 2006, 8:41 AM CET

Wi-Fi hacked in 'digital drive-by'
Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver. [more]
Friday, 23 June 2006, 8:23 AM CET

MySpace tightens security
Just a few months after making headlines by hiring a chief security officer to police its millions of Web pages, is now pledging to tighten up its free-for-all social environment by limiting interaction between adults and the site's youngest users. [more]
Friday, 23 June 2006, 8:22 AM CET

Gartner blasts optimisitic security survey
Don't mistake marketing for security facts, firm warns. [more]
Friday, 23 June 2006, 8:21 AM CET

Agriculture department computers hacked
The break-in happened during the first weekend in June, the department said. Technology staff learned of the breach on June 5 but believed personal information was protected by security software, the department said. [more]
Friday, 23 June 2006, 8:21 AM CET

IBM offers free security tools for applications
IBM released free security software tools for business application developers on Thursday, a move the company said will help stem security breaches and hacker attacks. [more]
Friday, 23 June 2006, 8:20 AM CET

Code security changes in Outlook 2007
Microsoft Office Outlook 2007 enhances code security to help protect Outlook users against malicious code while reducing security warnings for developers and users. [more]
Thursday, 22 June 2006, 11:03 AM CET

Researchers hack Wi-Fi driver to breach laptop
One of many flaws found allowed them to take over a laptop by exploiting a bug in an 802.11 wireless driver. [more]
Thursday, 22 June 2006, 10:57 AM CET

Hardware, not hackers, usually causes Oracle database downtime
Despite stricter service-level agreements, few DBAs use grid, clustering solutions. [more]
Thursday, 22 June 2006, 10:41 AM CET

Tech giants form consumer privacy rights forum
The Legislative Forum makes it clear that the national standard it envisions would preempt state laws. [more]
Thursday, 22 June 2006, 10:39 AM CET

Rival calls Microsoft's security pricing 'predatory'
Microsoft's priced its consumer and enterprise security software at levels so low that it's putting the entire security software ecosystem at risk, the chief executive of a Florida company said Wednesday.

Thursday, 22 June 2006, 3:12 AM CET

Q&A: Network exec on 10G, security and getting his CCIE
Attending his second Cisco Networkers conference this week, Campbell spoke with Network World Senior Editor Phil Hochmuth about how to go about securing a 10G pipe, his voice/data QoS strategy, the rising cost of copper, and what this CCIE thing is all about. [more]
Thursday, 22 June 2006, 2:00 AM CET

AT&T rewrites rules: your data isn't yours
AT&T has issued an updated privacy policy that takes effect Friday. The changes are significant because they appear to give the telecom giant more latitude when it comes to sharing customers' personal data with government officials. [more]
Thursday, 22 June 2006, 1:22 AM CET

The pirates hold a party
A fledgling new political movement calling itself The Pirate Party of the United States has emerged from the dust of last month's police raid on The Pirate Bay in Sweden. [more]
Thursday, 22 June 2006, 1:08 AM CET

Bank to cut queues with RFID cards
Royal Bank of Scotland staff test low-value payment cards. [more]
Thursday, 22 June 2006, 12:56 AM CET

Bypassing of web filters by using ASCII
Of the tested browsers Firefox 1.5, Opera 8.5 and InternetExplorer 6, only the InternetExplorer does this correctly, the others evaluate the bit and display the characters as if they were from the character set ISO-8859-1. [more]
Thursday, 22 June 2006, 12:45 AM CET

EU issues warning on security
Member states must do more to improve online safety or risk missing Lisbon Agenda targets. [more]
Thursday, 22 June 2006, 12:15 AM CET

New Norton Security gets trial
Symantec said on Wednesday the release of its new web-based security service would depend on the response to user trials and would be held back if required tweaks meant it would miss the key holiday period in the United States. [more]
Thursday, 22 June 2006, 12:06 AM CET

Wireless security on the road without a VPN
A Virtual Private Network (VPN) is a secure way to connect to web sites and email while using wireless networks. Unfortunately, not everyone has access to a VPN, so what do you do? In this article you'll learn how to secure your online activities without a VPN. [more]
Wednesday, 21 June 2006, 6:04 PM CET

Hacker discovers second Excel attack
Latest attack deemed not as critical as the first. [more]
Wednesday, 21 June 2006, 5:49 PM CET

Testers swoop on McAfee Falcon beta
Antivirus firm McAfee has released a beta version of its next-generation security platform codenamed Falcon. [more]
Wednesday, 21 June 2006, 1:30 AM CET

Mine data not details
As new disclosures mount about government surveillance programs, computer science researchers hope to wade into the fray by enabling data mining that also protects individual privacy. [more]
Wednesday, 21 June 2006, 1:18 AM CET

How to build a low-cost, extended-range RFID skimmer
Radio-Frequency Identifier (RFID) technology, using the ISO-14443 standard, is becoming increasingly popular, with applications like credit-cards, national-ID cards, E-passports, and physical access control. [more]
Wednesday, 21 June 2006, 1:07 AM CET

Fail-Safe Techniques Erase Magnetic Storage media
After a U.S. intelligence-gathering aircraft was involved in a mid-air collision off the coast of China four years ago, the crew was unable to erase sensitive information from magnetic data storage systems before making an emergency landing in Chinese territory. [more]
Wednesday, 21 June 2006, 12:55 AM CET

Linksys introduces wireless security webcam
For small business owners worried about what goes on in their offices while they're away, Linksys has the perfect solution: the Wireless-G Pan/Tilt/Zoom (PTZ) Internet Camera with Audio. [more]
Wednesday, 21 June 2006, 12:31 AM CET

Server monitoring with BixData
BixData is a system, application, and network monitoring tool which allows you to easily monitor nearly every aspect of your servers. It can be used for general reporting, for sending notifications when problems arise, or for automatic maintenance and repairs - by executing scripts when errors or particular conditions arise. [more]
Wednesday, 21 June 2006, 12:15 AM CET

Security for websites - breaking sessions to hack into a machine
Session management ensures that the client currently connected is the same person who originally logged in. Unfortunately however, sessions are an obvious target for a malicious user, because they may be able to get access to a web server without needing to authenticate. [more]
Tuesday, 20 June 2006, 3:08 PM CET

Spoofing defense dissed by security experts
The defense in an ongoing computer sabotage trial is suggesting that a hacker used IP spoofing to impersonate his client and plant the malicious code that took down part of the UBS PaineWebber network four years ago. Security pros say that is nearly impossible to do. [more]
Tuesday, 20 June 2006, 9:02 AM CET

Bountiful firm warns of Wi-Fi's weak security
Michael Nuttall and Bryan Hadbik of Bountiful's Network Consulting Services have a warning about standard security protocols for wireless Internet setups. [more]
Tuesday, 20 June 2006, 9:00 AM CET

Google's Orkut hit by Internet worm
Internet virus, which is circulating social networking site, is capable to stealing bank information and other personal data, according to security firm. [more]
Tuesday, 20 June 2006, 8:47 AM CET

Cisco call manager flaw could invite attackers
Vulnerabilities in Cisco's Call Manager software could open the door for hackers to reconfigure VoIP settings and gain access to individual users' account information, according to researchers at FishNet Security. [more]
Tuesday, 20 June 2006, 8:47 AM CET

For better security, touch your printer
Biometric add-on ensures sensitive files donít sit around on shared printers. [more]
Tuesday, 20 June 2006, 8:42 AM CET

Microsoft offers guidance on Excel bug
Microsoft is testing a security patch that fixes the problem, but a company representative could not say whether it would be released as part of its next round of security updates. [more]
Tuesday, 20 June 2006, 8:39 AM CET

Flurry of new data breaches disclosed
More than 190 such incidents have been reported since February 2005. [more]
Tuesday, 20 June 2006, 2:12 AM CET

Microsoft France site hack leads to security rumors
The defacement led to rumors that the hackers may have used a new undisclosed vulnerability in Internet Information Services 6.0 Web server, but Microsoft says a server was misconfigured. [more]
Tuesday, 20 June 2006, 1:55 AM CET

Cracking OS X passwords (PPC)
The only aspect we actually care about is the disk drive, at this point nothing else matters. [more]
Tuesday, 20 June 2006, 1:45 AM CET

PayPal fixes URL used for fraud
"It's pretty awful, actually," said Gartner analyst Avivah Litan. "There's not much consumers can do except monitor their account and watch for visual cues, or download something like the eBay toolbar which warns you about [phishing] sites." [more]
Tuesday, 20 June 2006, 1:31 AM CET

Trojan forwards details of Oregon taxpayers
Workers at Oregonís department of revenue have been banned from using their PCs for ďnon-businessĒ purposes after a porn-hunting employee accidentally downloaded a Trojan which spirited away personal details of over 2,000 taxpayers. [more]
Tuesday, 20 June 2006, 12:58 AM CET

Simple security cuts identity theft risks
Reports of data theft often conjure up images of malicious hackers breaking into remote databases to filch Social Security numbers, credit card records and other personal information. [more]
Tuesday, 20 June 2006, 12:45 AM CET

Hacking students will need background checks
Applicants to the University of Abertay's new Ethical Hacking course will be subject to stringent background checks before being offered a place, to make sure they are not likely to abuse the knowledge they will gain. [more]
Tuesday, 20 June 2006, 12:30 AM CET

Phishing with Rachna Dhamija
Federico Biancuzzi interviews Rachna Dhamija, co-author of the paper "Why Phishing Works" and creator of Dynamic Security Skins. [more]
Tuesday, 20 June 2006, 12:15 AM CET

IT security on trial
Part of the malicious code that crippled the network at UBS PaineWebber in 2002 was found on two computers, and printed out on a hard copy found on a bedroom dresser, in the home of a former UBS systems administrator who's accused of the crime. [more]
Tuesday, 20 June 2006, 12:06 AM CET

Hackers use Google Pages to host Trojan horse
The Trojan was spotted before its authors managed to launch an attack. [more]
Monday, 19 June 2006, 5:45 PM CET

The price is right, security imperfect
Depending on how you feel about Microsoft, its new Windows Live OneCare security service either amounts to a welcome helping hand or a particularly sleazy protection racket. [more]
Monday, 19 June 2006, 5:44 PM CET

ID thieves brew up Coke spam scam
Security experts have published details of a newly discovered email-based fraud that tries to ensnare recipients with a bogus notification purporting to be a lottery win from Coca-Cola. [more]
Monday, 19 June 2006, 5:36 PM CET

Greg Kroah-Hartman on kernel hacking
This is an interview with kernel coding guru Greg Kroah-Hartman. Famous for his work on drivers and the Linux USB subsystem, Greg now works for Novell doing what he loves - hacking the kernel. [more]
Monday, 19 June 2006, 2:54 PM CET

Encryption can save data in laptop lapses
Reports of data theft often conjure up images of malicious hackers breaking into remote databases to filch Social Security numbers, credit card records and other personal information. [more]
Monday, 19 June 2006, 12:34 PM CET

First computer hacking course in Britain
A Scottish university is launching Britain's first degree course in computer hacking. [more]
Monday, 19 June 2006, 12:33 PM CET

Federal breaches spark security review push
GAO, administration officials call for look into data collection processes. [more]
Monday, 19 June 2006, 12:33 PM CET

AJAX can amplify security threats, analysts say
Worms such as this week's Yamanner mass-mailer highlight dangers. [more]
Monday, 19 June 2006, 1:25 AM CET

SCADA industry debates flaw disclosure
The outing of a simple crash bug has caused public soul-searching in an industry that has historically been closed-mouthed about its vulnerabilities. [more]
Monday, 19 June 2006, 12:56 AM CET

Vulnerability found in Microsoft Excel
Attack stems from an e-mail with a malicious Excel document attached. [more]
Monday, 19 June 2006, 12:41 AM CET

FDA ruling a boost for RFID
A new rule requiring tracking of drugs from factory to pharmacy could create business opportunities for technology firms from chip makers to database software. [more]
Monday, 19 June 2006, 12:30 AM CET

Catching a corporate rat
Use computer log event data to identify thieves responsible for inside jobs. [more]
Monday, 19 June 2006, 12:15 AM CET

Phishing scam uses PayPal secure servers
A cross-site scripting flaw in the PayPal website allows a phishing attack to masquerade as a genuine PayPal login page with a valid security certificate, according to security researchers. [more]
Friday, 16 June 2006, 8:23 PM CET

Former FBI man to lead Bank of America security
Bank of America (BofA) lured Chris Swecker from the Federal Bureau of Investigation (FBI) to head its corporate security efforts. [more]
Friday, 16 June 2006, 9:56 AM CET

10 ways to protect yourself with 'pragmatic network security'
Perimeter security alone won't protect a company's secrets. [more]
Friday, 16 June 2006, 9:55 AM CET

U.S. joins industry in piracy war
The U.S. government has joined forces with the entertainment industry to stop the freewheeling global bazaar in pirated movies and music, pressuring foreign governments to crack down or risk incurring trade barriers. [more]
Friday, 16 June 2006, 6:54 AM CET

Trojan horse captured data on 2,300 Oregon taxpayers
The Oregon Department of Revenue has been contacting some 2,300 taxpayers this week to notify them that their names, addresses or Social Security numbers may have been stolen by a Trojan. [more]
Friday, 16 June 2006, 6:32 AM CET

U.S. government recognizes Cisco's CCSP certification
Cisco Systems announced Tuesday its Cisco Certified Security Professional (CCSP) certification was certified by the U.S. National Security Agency and the Committee on National Security Systems (CNSS). [more]
Friday, 16 June 2006, 5:19 AM CET

The .NET developer's guide to identity
This is a roadmap for developers and architects who want to learn how to build identity-aware applications on the Microsoft Windows platform. [more]
Friday, 16 June 2006, 3:48 AM CET

The scariest terror threat of all
For a while now, I have been writing about our penchant for "movie-plot threats" - terrorist fears based on very specific attack scenarios. [more]
Friday, 16 June 2006, 3:32 AM CET

Microsoft: Vista most secure OS ever
Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. [more]
Friday, 16 June 2006, 3:22 AM CET

ACLU sues Pentagon for monitoring
The American Civil Liberties Union sued the U.S. Defense Department Wednesday to demand information it says the government has collected on groups opposed to the war in Iraq. [more]
Friday, 16 June 2006, 3:12 AM CET

CIOs: fear the worst
Net-telephony convergence, open-source software, and other next-gen technologies and trends will remake the IT landscape by 2015 - and drive CIOs crazy. [more]
Friday, 16 June 2006, 3:00 AM CET

Nagios offers open source option for network monitoring
Large IT shops using HP OpenView or BMC Patrol may now have an open source alternative. [more]
Friday, 16 June 2006, 2:48 AM CET

How to foil identity thieves
Data breaches and identity theft are in the headlines again following dueling stories from government agencies who together allowed outsiders to get their hands on sensitive personal information of more than 28 million government employees, reservists, soldiers and contractors. [more]
Friday, 16 June 2006, 2:36 AM CET

Execs express top security concerns
"Network access control, particularly Cisco's [Network Admission Control] is intriguing to us, but our main question is, do we want to separate out network admission control with a separate system using something like Symantec's tools or keep it in the network with Cisco. We haven't made those decisions yet," said Ryan Miller, director of global information assurance for Federal Mogul. [more]
Friday, 16 June 2006, 2:15 AM CET

Police arrest two in Japan data theft case
Thieves allegedly copied personal information of four million customers. [more]
Friday, 16 June 2006, 2:09 AM CET

Rising threats to public Wi-Fi hotspot security
Hackers are able to easily exploit vast security vulnerabilities inherent in most public hotspot deployments. [more]
Friday, 16 June 2006, 1:39 AM CET

Hacker threat to web ad revenue
Click fraud becoming more widespread, warns Google. [more]
Friday, 16 June 2006, 1:09 AM CET

Exploit code out for patched MS flaws
Exploit code has surfaced on the Web for some of the 21 issues fixed by Microsoft in its Tuesday update. [more]
Friday, 16 June 2006, 12:58 AM CET

Interlocking security
Encryption alone is not enough to keep business data safe. [more]
Friday, 16 June 2006, 12:45 AM CET

Risk analysis led to grant decisions
A Homeland Security Department official, responding to lawmakersí anger over grants cuts to New York and Washington, says the departmentís funding allocations to cities nationwide are in line with Congressí direction to distribute grants by risk. [more]
Friday, 16 June 2006, 12:30 AM CET

E-mail from MySQL includes addresses for 9,300 customers
The company apologized and said it is working to prevent a recurrence. [more]
Thursday, 15 June 2006, 5:15 AM CET

After lawsuit, Cisco embraces Black Hat
Cisco at this year's conference has signed up for "platinum" sponsor status. [more]
Thursday, 15 June 2006, 4:11 AM CET

Malware's commercialization drives security
TechEd panelists cite the difference money makes. [more]
Thursday, 15 June 2006, 3:32 AM CET

DTI raises the security stakes with its knowledge network
Industry, government and academic expertise will underpin think-tank. [more]
Thursday, 15 June 2006, 3:15 AM CET

Why isn't Europe suffering a wave of security breaches?
Did you hear the one about the German company that had the big security breach? [more]
Thursday, 15 June 2006, 2:58 AM CET

Fewer e-mails bear malware
Sophos exec says 'E-mail is safer than it was last year'. [more]
Thursday, 15 June 2006, 2:25 AM CET

Q&A: Microsoft security chief talks up Vista changes
Ben Fathi talks about the need for a 'trust ecosystem'. [more]
Thursday, 15 June 2006, 1:22 AM CET

Yahoo quashes mail bug
Yahoo says it has patched a bug that was letting attackers hijack systems through a flaw in the portal's free Web-based e-mail service. [more]
Thursday, 15 June 2006, 1:03 AM CET

Net poses dangers for soccer fans
Following your favourite football team in the World Cup via the net has its dangers, revealed research. [more]
Thursday, 15 June 2006, 12:45 AM CET

The security plan for your wireless LAN
Take advantage of the latest security tools and keep your users informed if you want to achieve wire-free bliss. [more]
Thursday, 15 June 2006, 12:34 AM CET

Brit workers love to snoop
How much money does Fred from sales make? [more]
Thursday, 15 June 2006, 12:18 AM CET

Bank to replace key IT systems globally
Standard Chartered to cut total cost of ownership of banking systems by half. [more]
Thursday, 15 June 2006, 12:09 AM CET

Ajax poses new security threat
By letting downloaded code work on a PC, Ajax can provide an opening for intruders. [more]
Wednesday, 14 June 2006, 2:09 PM CET

Homeland Security accepts fake ID
The Department of Homeland Security allowed a man to enter its headquarters last week using a fake Matricula Consular card as identification, despite federal rules that say the Mexican-issued card is not valid ID at government buildings. [more]
Wednesday, 14 June 2006, 9:11 AM CET

Microsoft leaves 98 to the hackers
Microsoft has defended its decision not to patch a critical security flaw in Windows 98. [more]
Wednesday, 14 June 2006, 9:09 AM CET

PCs to developing world 'fuel malware'
Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns. [more]
Wednesday, 14 June 2006, 8:52 AM CET

Microsoft Patch Tuesday brings eight critical vulnerabilities
Microsoft alerted us this time about 12 vulnerabilities of which eight were rated critical, three important and one moderate. [more]
Wednesday, 14 June 2006, 8:47 AM CET

Internet pioneers warn of VoIP wiretapping problems
VoIP wiretapping rules could hurt security on the internet, says Vint Cerf. [more]
Wednesday, 14 June 2006, 8:36 AM CET

IT professionals explore Microsoft Vista's security
While the gathering was intended to brief agency decision-makers on new features in Vista, the recent data breach at the Veterans Affairs Department that compromised the personal information of more than 26 million veterans provided a stark backdrop. [more]
Wednesday, 14 June 2006, 8:34 AM CET

Two vendors tie IP wiretapping tools
Narus tests its wares for interoperability with Pen-Link's data collection and reporting software for law enforcement. [more]
Wednesday, 14 June 2006, 1:21 AM CET

Microsoft calls Trojans a 'significant' threat
"It's troubling that a significant number of Windows PCs, both consumer and corporate, continue to be infected with genuinely malicious code, such as rootkits, keyloggers, and Trojan horses," said Andrew Jaquith, a senior analyst at the Yankee Group. [more]
Wednesday, 14 June 2006, 1:18 AM CET

Japanese virus spreading concern
A computer virus that targets the popular file-sharing program Winny isn't the most destructive bug or even the most widespread. But it's the most talked about in Japan as it generates headline after headline, month after month. [more]
Wednesday, 14 June 2006, 12:50 AM CET

VoIP providers must allow government wiretaps
Last week, a federal appeals court upheld an FCC ruling that requires Internet phone service providers like Vonage to provide law enforcement agencies with the ability snoop on customer communications. [more]
Wednesday, 14 June 2006, 12:44 AM CET

Changes in the antivirus industry
Over the past few years, the antivirus industry has undergone some major changes. [more]
Wednesday, 14 June 2006, 12:12 AM CET

Microsoft finds malware on 5.7M tested PCs
Still, statistics show cause for optimism. [more]
Tuesday, 13 June 2006, 3:40 AM CET

Creating a culture of security
No matter what kind of shop you run, Linux, Mac or Windows, you are exposed to a variety of security threats on a daily basis. You have to deal with potential information spills, security breaches and system compromises, as well as fighting the propensity of humans to do incredibly foolish things. [more]
Tuesday, 13 June 2006, 3:27 AM CET

More dangerous rootkits may lurk on horizon
Rootkits aren't inherently evil. But malcontents are getting better at using them, and rootkits are getting harder to detect. [more]
Tuesday, 13 June 2006, 3:12 AM CET

Microsoft corporate security client a year away
Client Security's tight integration with Microsoft's other products, including ActiveDirectory, will be a major selling point, one analyst says. [more]
Tuesday, 13 June 2006, 3:00 AM CET

Will Ethereal be devoured by Wireshark?
Ethereal has long been the tool of choice among countless network administrators for robust packet capturing and protocol analysis. Now the hugely popular open source tool has a new name, Wireshark, and a new sponsor to go along with it. [more]
Tuesday, 13 June 2006, 2:44 AM CET

Retain or restrain access logs?
A recent proposal by the U.S. Department of Justice that would mandate Internet Service Providers to retain certain records represents a dangerous trend of turning private companies into proxies for law enforcement or intelligence agencies against the interests of their clients or customers. [more]
Tuesday, 13 June 2006, 1:30 AM CET

Worm attacks Yahoo e-mail
Mass-mailing worm exploits a vulnerability in the Web-based e-mail, but its impact is low. [more]
Tuesday, 13 June 2006, 1:15 AM CET

Cisco refreshes 7600 series with new IP NGN features
At last week's GLOBALCOMM 2006 conference, Cisco Systems Inc. announced new IP NGN capabilities for its 7600 Series Router portfolio. [more]
Tuesday, 13 June 2006, 1:03 AM CET

Cybercrooks' next frontier?
Internet crooks are learning ways to make dough breaking voice over IP. [more]
Tuesday, 13 June 2006, 12:50 AM CET

Destroying the drives
Can you imagine getting your identity stolen because of information left behind on a hard drive? [more]
Tuesday, 13 June 2006, 12:42 AM CET

Talking dirty with GDB and SSH tunneling
Ever debugged a program remotely and felt like telling your computer where to go and how to get there? Hopelessly adding calls to printf() and recompiling as a steady string of explectatives flow from your over-caffeinated brain waves. [more]
Tuesday, 13 June 2006, 12:30 AM CET

Spyware dominates malware production efforts
Malware authors are shifting their production efforts towards cranking out more Trojans and spyware programs instead of more traditional computer viruses. [more]
Tuesday, 13 June 2006, 12:15 AM CET

Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London
The Information Security Group at Royal Holloway is one of the world's largest academic research groups in information security, with about 15 permanent academic staff, 50 PhD students and a thriving masters programme. They carry out research in many areas of the subject, including network security. That is one of Kenny Paterson's areas of specialism, and he teaches their masters course on the topic, and carries out research in the area. [more]
Monday, 12 June 2006, 3:51 PM CET

Microsoft security becomes 'Forefront'
Microsoft brands its security portfolio Forefront to kick off the Tech Ed conference. [more]
Monday, 12 June 2006, 3:00 PM CET

Hackers aiming at instant messages
In typical IM attacks, hackers send out e-mail or IM programs designed to find and steal computer users' "buddy lists." Using automated computers, the hackers then will send unsolicited instant messages to everybody on that person's list, masquerading as the person and luring recipients to check out a fake Web site. [more]
Monday, 12 June 2006, 11:29 AM CET

China walks out of encryption meeting
An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. [more]
Monday, 12 June 2006, 2:19 AM CET

How to set up suPHP with PHP4 and PHP5
This tutorial shows how to install and use suPHP with PHP4 and PHP5. [more]
Monday, 12 June 2006, 2:06 AM CET

Abusing Mach on Mac OS X
This paper discusses the security implications of Mach being integrated with the Mac OS X kernel. [more]
Monday, 12 June 2006, 1:47 AM CET

Pentagon sets its sights on social networking websites
"I am continually shocked and appalled at the details people voluntarily post online about themselves." So says Jon Callas, chief security officer at PGP, a Silicon Valley-based maker of encryption software. [more]
Monday, 12 June 2006, 1:29 AM CET

Microsoft's anti-piracy tool draws criticism, changes planned
In addition, the software maker has come under fire for failing to make it clear to people installing Windows Genuine Advantage that the application communicates with Microsoft on a daily basis to do things like ensure that the Windows copy being used isn't pirated. [more]
Monday, 12 June 2006, 1:12 AM CET

The pros and cons of NAC
Network access control is a simple idea: Authenticate every user connecting to the network, then enforce an access-control policy based on who they are and other information, such as endpoint security checks and wired vs. wireless access method. [more]
Monday, 12 June 2006, 12:50 AM CET

US court backs government broadband wiretap access
A U.S. appeals court on Friday upheld the government's authority to force high-speed Internet service providers to give law enforcement authorities access for surveillance purposes. [more]
Monday, 12 June 2006, 12:35 AM CET

Nuclear agency computers hacked
Stolen file contained unclassified information on 1,500 contract workers. [more]
Monday, 12 June 2006, 12:21 AM CET

Researchers eye machines to tackle malware
The reverse engineer - better known amongst security researchers by his nom de plume, Halvar Flake - created an automated system for classifying software into groups, a process for which he believes machines are much better suited. [more]
Monday, 12 June 2006, 12:17 AM CET

Symbian dismisses smartphone security risk
Mobiles can be 'keystones of security' if used correctly. [more]
Friday, 9 June 2006, 1:14 PM CET

Building a heterogeneous home network for Linux and Mac OS X
You can find plenty of information online about building heterogeneous networks involving Windows, but relatively little about connecting Macs with Linux PCs in a home or small office network. [more]
Friday, 9 June 2006, 12:50 PM CET

The top 5 ways to prevent IP spoofing
he term "spoofing" is generally regarded as slang, but refers to the act of fooling -- that is, presenting a false truth in a credible way. [more]
Friday, 9 June 2006, 12:44 PM CET

Weird "ghost spam" testing addresses
A wave of strange emails with strings of numbers as their only message are most likely a spammer's or hacker's test of his mailing list, several security companies concluded Thursday, and may presage a junk mail campaign or a malware attack. [more]
Friday, 9 June 2006, 12:43 PM CET

Help is at hand for web security
If you take your net safety seriously, you will probably have anti-virus and a firewall and perhaps even an anti-spam program to stop the malicious software and messages getting at your home PC. [more]
Friday, 9 June 2006, 12:42 PM CET

Security fixes in Microsoft's "Patch Tuesday"
Microsoft's next scheduled monthly patch update is Tuesday, June 13, and with it will come a number of security fixes for Windows as well as updates to other Microsoft products. [more]
Friday, 9 June 2006, 12:38 PM CET

The great no-ID airport challenge
In which millionaire privacy activist John Gilmore challenges a DHS advisor to attempt a cross-country plane ride without showing ID. Wired News referees the gentlemen's wager. [more]
Friday, 9 June 2006, 12:38 PM CET

Can the malware industry be trusted?
Internet security is big business. Microsoft Windows and Office vulnerabilities have made major contributions to making it -- and keeping it -- that way. [more]
Friday, 9 June 2006, 1:09 AM CET

Microsoft to tweak key Vista security feature
The next beta release will reduce the number of security pop-up boxes. [more]
Friday, 9 June 2006, 12:58 AM CET

Humans key to World Cup security
Event will be monitored by 20 agencies. [more]
Friday, 9 June 2006, 12:43 AM CET

Man accused of crashing UBS servers
A US court has heard how a disgruntled IT manager allegedly wiped out all UBS Paine Webber servers for a day leaving traders unable to trade because he was unhappy with his bonus.
Friday, 9 June 2006, 12:27 AM CET

VA chief says security reform will take time
Veterans Affairs Secretary Jim Nicholson accepted responsibility Thursday for the theft of personal information for 26.5 million military personnel and veterans. [more]
Friday, 9 June 2006, 12:13 AM CET

(IN)SECURE Magazine issue 7 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about SSH port forwarding, server monitoring with munin and monit, compliance vs. awareness, and much more. Get your copy today! [more]
Thursday, 8 June 2006, 3:25 PM CET

Gartner's magical solution
As newly-appointed "Master of the Obvious", Gartner has gone on record to tell us all that breach disclosure is expensive. Well poke my eye and call me blinky! [more]
Thursday, 8 June 2006, 3:16 PM CET

Phishing extreme
Recent advances in browsers as seen in Netscape 8 or IE7 have made it harder for the bad guys to succeed with their phishing schemes. [more]
Thursday, 8 June 2006, 3:14 PM CET

The top 9 ways to secure mobile devices
In the past six months a disturbing trend has emerged involving the theft of laptops containing sensitive personal information - most recently from the home of a U.S. Department of Veterans Affairs data analyst. [more]
Thursday, 8 June 2006, 3:09 PM CET

Social engineering, the USB way
We recently got hired by a credit union to assess the security of its network. [more]
Thursday, 8 June 2006, 3:08 PM CET

Face it: Linux is insecure
Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure. Deal with it.
Thursday, 8 June 2006, 3:07 PM CET

AOL gets active about security
New tool diagnoses PCs to locate vulnerabilities. [more]
Thursday, 8 June 2006, 2:03 PM CET

Nigerian 419 scam moves to Scotland
Minister for Culture, Tourism and Sport needs safe place to keep $40m. [more]
Thursday, 8 June 2006, 1:48 PM CET

2 charged in scheme said to defraud Internet phone providers
Federal authorities yesterday arrested a Miami man who they said made more than $1 million in a hacking scheme involving the resale of Internet telephone service. [more]
Thursday, 8 June 2006, 1:47 PM CET

Enforce your security plan
To lose a laptop may be regarded as a misfortune. To lose a laptop with 26.5 million IDs, including names, social security numbers and dates of birth, smacks of carelessness. [more]
Thursday, 8 June 2006, 1:45 PM CET

IE, Firefox sport new zero-day flaw
According to Symantec, all versions of Microsoft Internet Explorer and Mozilla Firefox browsers could be used to harvest data through a JavaScript key-filtering vulnerability. [more]
Wednesday, 7 June 2006, 11:39 AM CET

SQL injection attacks by example
"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. [more]
Wednesday, 7 June 2006, 11:37 AM CET

Secure your email communication with free software
In this article, youíll learn how to install, setup, and use the Mozilla Thunderbird email client for secure, encrypted email using GnuPG and the Enigmail Mozilla Thunderbird extension. [more]
Wednesday, 7 June 2006, 11:35 AM CET

Cleaning up data breach costs 15x more than encryption
Protecting customer records is a magnitude less expensive than paying for cleanup after a data breach or massive records loss, a research company said Tuesday. [more]
Wednesday, 7 June 2006, 11:30 AM CET

How to protect your network when outsourcing
Outsourcing, right-sourcing, best-sourcing, does anyone know what the latest buzzword is for this practice? No matter what the neologism is, it presents real issues that many of us in the network security field face every day. [more]
Wednesday, 7 June 2006, 3:34 AM CET

Pirate Bay bloodied but unbowed
The once Swedish-based Bittorent site The Pirate Bay claims the problems many visitors have noticed on the resurrected piracy hub are the result of a glut of new users, rather than recent troubles with police. [more]
Wednesday, 7 June 2006, 3:24 AM CET

RFID: sign of the (end) times?
Katherine Albrecht is on a mission from God. The influential consumer advocate has written a new book warning her fellow Christians that radio frequency identification may evolve to become the "mark of the beast" -- meaning the technology is a sign that the end-times are drawing near. [more]
Wednesday, 7 June 2006, 3:12 AM CET

Fake ID sellers dismiss tamperproof push
Sellers of fake immigration papers say they aren't worried about call for tamperproof ID cards. [more]
Wednesday, 7 June 2006, 1:55 AM CET

Cyber blackmail in the UK
Police have been investigating a case of cyber blackmail here in the UK. It appears to be an isolated incident. Nevertheless, it highlights the growing trend we've been tracking during the last year. [more]
Wednesday, 7 June 2006, 1:36 AM CET

Accelerating OpenSSH connections with ControlMaster
OpenSSH 4.0 introduced an interesting new feature called ControlMaster that allows it to reuse an existing connection to a remote host when opening new connections to that host. [more]
Wednesday, 7 June 2006, 1:20 AM CET

Microsoft takes on net nasties
executives love telling stories against each other. Here's one that platforms vice-president Jim Allchin told at a recent Windows Vista reviewers conference about chief executive Steve Ballmer. [more]
Wednesday, 7 June 2006, 12:55 AM CET

Getting on the right side of IE 7 security
Like it or loathe it, you have to know about it. [more]
Wednesday, 7 June 2006, 12:45 AM CET

Dot-com firms learn security lessons
Good defences can be an important selling point to attract customers and ensure their loyalty. [more]
Wednesday, 7 June 2006, 12:39 AM CET

Veterans groups sue government over data theft
The class-action lawsuit against the federal government is the second suit since the VA disclosed the May 3 burglary two weeks ago. It demands that the VA fully disclose which military personnel are affected by the data theft and seeks $1,000 in damages to each person -- up to $26.5 billion total. [more]
Wednesday, 7 June 2006, 12:21 AM CET

How to win friends and influence people with IT security certifications
The public and private sectors put IT Security on top of their agenda these days, and, as a result, the IT and Information Security job market is growing. At some point though, the market will saturate as businesses seek to curb their investments, security services become more standardized and IT as a whole moves to a more service-oriented business model. Is your career strategy ready? [more]
Tuesday, 6 June 2006, 9:35 PM CET

Over third of businesses employ email snoopers
Survey shows 70 per cent of companies have disciplined staff over email violations. [more]
Tuesday, 6 June 2006, 4:26 PM CET

Gummi bears can also fool fingerprint scanners
A Japanese cryptographer named Tsutomu Matsumoto has found that Gummi Bears make an even better fake fingerprint, and are the cornerstone of a do it yourself fake fingerprint lab that require bears, a digital camera, and a PC. [more]
Tuesday, 6 June 2006, 10:20 AM CET

The original 802.11 protection standard was known as WEP. This scheme has two parts: one for privacy of data through encryption, and another for the authentication of users. [more]
Tuesday, 6 June 2006, 2:42 AM CET

P.O.'s P.D. goes CSI on DVD
Brian Krebs spent some time over the weekend reviewing some free DVDs produced by the U.S. Postal Inspection Service, which is giving away the discs in a campaign to call attention to the dangers that lurk at the intersection of online crime and the U.S. mail. [more]
Tuesday, 6 June 2006, 2:32 AM CET

Medical privacy law nets no fines
In the three years since Americans gained federal protection for their private medical information, the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases. [more]
Tuesday, 6 June 2006, 2:15 AM CET

Why Web 2.0 will end your privacy
We all know the plushy, rounded, pastel-coloured faces of Web 2.0. MySpace. Digg. Flickr. The achingly trendy Silicon Valley startups that are selling for millions to big media conglomerates and making their founders into stars. Tom Anderson. Kevin Rose. These are the pinups of the Web 2.0 generation - but little do they know the monster they've created. [more]
Tuesday, 6 June 2006, 1:57 AM CET

Mobile devices not properly secured
Over a third of IT professionals admit to not adequately protecting mobile data. [more]
Tuesday, 6 June 2006, 1:45 AM CET

Discovering your network with Netdisco
Four years ago, Max Baker at the University of California, Santa Cruz, needed an easy-to-use tool that would assist in managing switch ports, show port usage and history, track inventory, and help with network debugging. [more]
Tuesday, 6 June 2006, 1:36 AM CET

Contrite former spammer touts anti-spam services
A prolific spammer has agreed to sell his house to settle a million dollar fine levied after Microsoft and the State of Texas sued him over his prolific junk mail activities. [more]
Tuesday, 6 June 2006, 1:08 AM CET

Domain 'kiting' threat on the rise
The proliferation of temporary websites being set up by criminals is a growing threat, according to web security firm MessageLabs. [more]
Tuesday, 6 June 2006, 12:26 AM CET

Storage security vendors stay busy
Kasten Chase may have closed its doors, but other storage security vendors are busy rolling out new products. [more]
Tuesday, 6 June 2006, 12:25 AM CET

Microsoft revs security service
Windows Live OneCare gains a lap on Symantec, McAfee offerings as they jockey for position in home market. [more]
Tuesday, 6 June 2006, 12:22 AM CET

Non-standard incident prediction
We are all familiar with the use of firewall logs, intrusion detection alerts, antivirus warnings, and watching for "funny" entries in our system logs as ways to indicate that somebody on the Internet is up to no good. [more]
Monday, 5 June 2006, 3:14 PM CET

Cybersecurity contests go national
It has all the makings of a B-movie plot: A corporate network targeted by hackers and a half dozen high-school students as the company's only defense. [more]
Monday, 5 June 2006, 3:13 PM CET

Mozilla confident of security lead over Microsoft
Firefox is better at security because it's open source, claims Mozilla Corp. [more]
Monday, 5 June 2006, 1:31 PM CET

EC shows leadership on security
European Commission is urging industry and the public sector to shore up security. [more]
Monday, 5 June 2006, 1:25 PM CET

Majority of consumers can't spot fake e-mails
"Online security is a shared responsibility among legitimate businesses and consumers," said Sanjay Gupta, e-commerce executive at Bank of America. "We take that obligation very seriously and work hard to provide the latest information and security." [more]
Monday, 5 June 2006, 1:04 PM CET

Security a major feature of Exchange Server 2007
Microsoft will add new built-in protection features to the next version of its Exchange messaging server in an effort to provide a more secure user environment for business customers. [more]
Monday, 5 June 2006, 1:01 PM CET

Councils give identity fraudsters a helping hand
Local planning authorities are giving identity criminals "all they need" by posting applicants' personal details online, according to the UK's fraud prevention service Cifas. [more]
Monday, 5 June 2006, 12:59 PM CET

Swedish Security Police probe suspected Web attacks
Sweden's domestic intelligence agency said it would probe why the government's Web site crashed on Sunday amid reports hackers had sought revenge for a crackdown on alleged online piracy. [more]
Monday, 5 June 2006, 2:30 AM CET

How to prepare for a CISO position
Security professionals must know the business to rise through the ranks. [more]
Monday, 5 June 2006, 1:31 AM CET customer data stolen is warning nearly a quarter of a million customers that they may have had their credit card numbers stolen, following the theft of an unencrypted laptop belonging to the travel Web site's auditor, Ernst & Young Global. [more]
Monday, 5 June 2006, 1:04 AM CET

Website back after Swedish raids
A website accused of directing users to pirated films, music and software has reopened days after Swedish authorities shut it down. [more]
Monday, 5 June 2006, 12:52 AM CET there's no virus responded Friday to claims in the media that the first virus had been discovered for the open source productivity suite. The group said that macro viruses are possible in any program that supports the feature. [more]
Monday, 5 June 2006, 12:35 AM CET

Companies read employee e-mail
Big Brother is not only watching but he is also reading your e-mail. [more]
Monday, 5 June 2006, 12:12 AM CET

The perfect setup - Ubuntu 6.06 LTS Server
This is a detailed description about how to set up a Ubuntu 6.06 LTS (Dapper Drake) based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). [more]
Monday, 5 June 2006, 12:02 AM CET

MySQL addresses SQL injection vulnerability
MySQL AB has issued updates to its MySQL 4.1 and 5.0 series to address a SQL injection vulnerability. MySQL's action follows the PostgreSQL project's release last week to address the same issues. [more]
Friday, 2 June 2006, 3:39 AM CET

Admin faces trial for computer sabotage
The trial is scheduled to start Tuesday for a former employee charged with building and planting malicious code that took down two-thirds of the company's network, hindering investment trading for several weeks and racking up $3 million in recovery costs. [more]
Friday, 2 June 2006, 3:08 AM CET

Agenciesí biggest IT security threat: employees
Federal employees pose a bigger threat to private data than the computer hackers most security systems are designed to thwart, privacy officials and lawmakers said. [more]
Friday, 2 June 2006, 2:30 AM CET

Circuit City support-site hack installed spamming program
The customer support Web site for Richmond-based Circuit City, a leading supplier of computers and other consumer electronics, was for several weeks serving up an invasive computer virus to any visitor who browsed the site with an unpatched version of Microsoft's Internet Explorer Web browser. [more]
Friday, 2 June 2006, 2:15 AM CET

Crashing the wiretapper's ball
The dingy hotel corridor was populated with suits, milling about and radiating airs of defensive hostility. [more]
Friday, 2 June 2006, 1:22 AM CET

Gartner: Skype bugs bad news for enterprise
The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned. [more]
Friday, 2 June 2006, 1:05 AM CET

Extortion virus code gets cracked
Do not panic if your data is hidden by virus writers demanding a ransom. [more]
Friday, 2 June 2006, 12:48 AM CET

Windows Vista: advancements on the security front
Microsoft published a new whitepaper, "Microsoft Windows Vista Security Advancements," that details many of Windows Vista's new security features and architectural enhancements, some of which could go a long way towards easing security administration and software development. [more]
Friday, 2 June 2006, 12:36 AM CET

Viruses at all-time low, spam at all-time high
Criminals opting for money over malware. [more]
Friday, 2 June 2006, 12:25 AM CET

F-Secure patches Web console bug
The bug affects the company's Web-based management console software. [more]
Friday, 2 June 2006, 12:15 AM CET

Manage Apache download speed and traffic limits with mod_cband
This tutorial describes how to install and configure mod_cband on an Apache2 web server. mod_cband is an Apache 2 module which provides bandwidth quota and throttling. [more]
Friday, 2 June 2006, 12:10 AM CET

Mouse jitters give away fraudsters
Fair Issac studies user quirks to spot fraud. [more]
Thursday, 1 June 2006, 3:12 AM CET

Secure, mobile e-mail bows for shared PCs
The new service, called, uses a memory stick. No browser is used in accessing the E-mail service, so no information related to the user is left on the computer. [more]
Thursday, 1 June 2006, 3:03 AM CET

Storm hits the Pirate Bay
The Swedish website was shut down Wednesday after police raided its offices, seized its servers and detained three men, according to the Associated Press and a message on the downed site. [more]
Thursday, 1 June 2006, 2:15 AM CET

China fielding cyberattack units
China is stepping up its information warfare and computer network attack capabilities, according to a Defense Department report released this week. [more]
Thursday, 1 June 2006, 1:58 AM CET

Bogus Microsoft update hides keylogger Trojan
"Even users with sound I.T. knowledge could drop their guard with offers like this," explained Luis Corrons, director of Panda Software Labs. "It is essential to be cautious of irresistible offers on the internet. Users should leave the task of deciding whether or not a program is malicious to an antimalware solution." [more]
Thursday, 1 June 2006, 1:42 AM CET

Cern seeks to tighten security for data grid
Trial could offer solutions for firms keen to share information and resources. [more]
Thursday, 1 June 2006, 1:27 AM CET

EU launches network security campaign
EC says Europe remains woefully unaware of the security risks to computer networks. [more]
Thursday, 1 June 2006, 1:12 AM CET

Post-encryption security
Last month I reviewed Voltage Security's secure email product, a worthy exercise since email is the most common method of transmitting documents from one department to another. [more]
Thursday, 1 June 2006, 12:50 AM CET

Woman targeted by web hackers
A woman from Greater Manchester has become a victim of an internet scam in which hackers hijack computer files and blackmail owners to get them back. [more]
Thursday, 1 June 2006, 12:36 AM CET

Symantec patches corporate antivirus flaw
"Symantec is a company used to responding rapidly," said Vincent Weafer, a senior director at Symantec Security Response. "In less than three days, Symantec delivered fixes for the vulnerable product." [more]
Thursday, 1 June 2006, 12:26 AM CET

Barclays steps up fraud war
A range of tools is key to bankís plans to offer greater protection for online customers. [more]
Thursday, 1 June 2006, 12:18 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Aug 28th