Off the Wire

Off The Wire Archive

News items for June 2007

Taking ownership of the Trusted Platform Module chip on Intel Macs
While the TPM chip is not used by any of the Apple software products, that doesn't mean that developers cannot use it for the specific purposes of their applications. While it is not the best idea to target just the computers that have TPM chips, this "perfect" customizations can be used in some organizations for instance running just the TPM-enabled Macs. [more]
Friday, 29 June 2007, 11:54 PM CET


Piracy police raid Honeywell site
The British Phonographic Industry (BPI) is investigating allegations of an extensive illegal music filesharing ring at a Honeywell plant in Scotland. [more]
Friday, 29 June 2007, 4:57 PM CET


IIS vs. Apache: re-examining the statistics
As a Microsoft employee, I try to avoid writing on areas that blatantly promote Microsoft. However, I think this question is generic enough to involve Microsoft in the discussion: Can IP addresses ever be used for statistical analysis of malicious Web sites? [more]
Friday, 29 June 2007, 1:33 PM CET


Setup an Ubuntu webcam security system
Have you ever wanted to see on what is going on in your home while you are away? [more]
Friday, 29 June 2007, 12:51 PM CET


Homeland Security to host closed-door security forum
The U.S. Department of Homeland security will host a invite-only conference two months from now that will bring together security experts from law enforcement, Internet service providers, and the technology industry. [more]
Friday, 29 June 2007, 5:31 AM CET


Like PB&J, cryptography and... inkjet cartridges
A chip technology, dubbed CryptoFirewall, is designed to be made using standard fabrication processes, reducing the cost for printer manufacturers. [more]
Friday, 29 June 2007, 5:11 AM CET


Hydra-headed 'Storm' attack starts
Web-based attack poses as greeting card, tries three exploits. [more]
Friday, 29 June 2007, 4:30 AM CET


Policy experts split on spyware laws
CDT and FTC disagree whether a trio of anti-spyware bills before Congress will result in more prosecutions. [more]
Friday, 29 June 2007, 4:30 AM CET


Core 2 Duo: Intel's insecurity blanket
A prominent software developer with a reputation for making waves in coding circles is doing it again - this time warning that Intel's celebrated Core 2 Duo is vulnerable to security attacks that target known bugs in the processor. [more]
Friday, 29 June 2007, 4:29 AM CET


Interview with Edward Z. Yang, author of HTML Purifier
Edward Z. Yang is the man behind HTML Purifier, which is a highly effective whitelist filter to prevent Cross Site Scripting. [more]
Friday, 29 June 2007, 4:25 AM CET


State charges dropped in HP spy case
But three defendants performed community service. [more]
Friday, 29 June 2007, 12:02 AM CET


How to hack Gmail Notifier to use SSL
A brief explanation as to how to make the Gmail Notifier open Gmail using SSL instead of normal HTTP. [more]
Thursday, 28 June 2007, 5:14 PM CET


Cisco IOS exploitation techniques
It's been almost two years since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyse and understand the check_heaps() attack and its impact on similar embedded devices. [more]
Thursday, 28 June 2007, 3:27 PM CET


Cyber-bullying gathers pace in US
One third of US online teenagers have been victims of cyber-bullying according to research by the Pew Internet Project. [more]
Thursday, 28 June 2007, 11:47 AM CET


Why Photoshop doesn't provide secure metadata
If the image data is accessible to someone, there's no way to force them to keep the copyright notice with it. [more]
Thursday, 28 June 2007, 11:46 AM CET


Private Facebook pages are not so private
Private Facebook profiles aren't quite as hidden as many users might think they are. Pages that are supposedly restricted are visible to anyone using searches based on religion, sexual orientation or relationship status. [more]
Thursday, 28 June 2007, 11:24 AM CET


DOJ committed to fighting piracy, cybercrime, Gonzalez says
He points to the 'spam king' indictment as an example. [more]
Thursday, 28 June 2007, 6:09 AM CET


Intel agencies accepting applicants for joint duty
Beginning Oct. 1, the intelligence directorate will start requiring most employees to have experience working with other intelligence agencies before they can be promoted to jobs where they would report directly to the head of their agency or intelligence component. [more]
Thursday, 28 June 2007, 4:18 AM CET


Mobile security: the right way and the wrong way
The team here at Freeform Dynamics has reviewed a lot of projects and gathered a lot of feedback from organisations implementing mobile technology over the years. [more]
Thursday, 28 June 2007, 1:12 AM CET


The CIA declassified Cold-War-era documents
The CIA has made public the details of its illicit Cold-War-era activities, including spy plots, assassination attempts and experiments with drugs. [more]
Thursday, 28 June 2007, 1:06 AM CET


Hans Reiser: once a Linux visionary, now accused of murder
His work was funded by the government; he was widely credited (and sometimes reviled) for rethinking the structure of the Linux operating system. Now he is known as prisoner BFP563. [more]
Thursday, 28 June 2007, 1:03 AM CET


Privatunes: a software that anonymizes iTunes Plus files
Ratiatum.com, a French website specialized in technology news and software downloads, has just launched Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. [more]
Thursday, 28 June 2007, 12:18 AM CET


HP pretexting case may wrap up today
Hearing scheduled for September may have been moved up because the defendants met the judge's requirements for dismissal. [more]
Thursday, 28 June 2007, 12:09 AM CET


Laws needed to protect personal data on RFID chips
The U.S. government is already venturing into risky territory by embedding RFID chips in passports. [more]
Thursday, 28 June 2007, 12:02 AM CET


Border agencies prep for multi-modal biometrics
The UK, Europe and the US are planning to belt and brace their border databases by using multiple forms of biometrics to identify people. [more]
Thursday, 28 June 2007, 12:00 AM CET


Video: the state of database security
Ted Julian is the VP of Marketing and Strategy at Application Security Inc. In this video he discusses the current state of database security and offers some insight on what the future holds. [more]
Wednesday, 27 June 2007, 9:31 PM CET


U.S. Appeals Court protects privacy of e-mail
Fourth Amendment applies to cyberspace, for now. [more]
Wednesday, 27 June 2007, 11:41 AM CET


Customers like SSL VPNs for ease of use, IPSec for security
So which are better, SSL or IPSec VPNs? The answer, not surprisingly, depends on what you mean by the word "better": customers tend to like SSL VPNs for ease of use, although IPSec VPNs get top marks for security. [more]
Wednesday, 27 June 2007, 11:11 AM CET


Think like a Black Hat with offensive security 101
There are plenty of malicious hackers out there, so what makes you think you know enough to stop them? [more]
Wednesday, 27 June 2007, 10:56 AM CET


A new context for data protection
To properly secure their most valuable information, enterprises must determine what types of data need to be held closely and which records don't need to be saved at all. [more]
Wednesday, 27 June 2007, 10:55 AM CET


Customers must be told of US bank transaction monitoring
Privacy chiefs have given Europe's banks a September deadline for alerting customers that their financial transactions could be tracked by US security agencies. [more]
Wednesday, 27 June 2007, 10:52 AM CET


The decline of antivirus and the rise of whitelisting
The recent acquisition of SecureWave by PatchLink was not so much an acquisition as a merger, with PatchLink being the senior partner. [more]
Wednesday, 27 June 2007, 10:52 AM CET


How to sniff out private information on Facebook
Facebook users who like to control who gets to see your account details, take note: political views, religious back ground and other sensitive details may be wide open to prying eyes even though you've configured your profile so its viewable only to designated friends. [more]
Wednesday, 27 June 2007, 1:49 AM CET


Airport fingerprint program expanding
A program being launched at 10 U.S. airports this year will expand existing identification checks for visitors, including requiring 10 digital fingerprints, but still operate under strict privacy rules. [more]
Wednesday, 27 June 2007, 1:09 AM CET


Social networking on Internet scammer forums
With social networking sites like MySpace and Facebook all the rage among the 18 to 24 set, it's not hard to see why so many young people are drawn into hacking and online crime. [more]
Wednesday, 27 June 2007, 12:45 AM CET


Microsoft security group makes 'worst jobs' list
The Microsoft Security Response Center made Popular Science's list of the worst jobs in science because the daunting work is 'hard and thankless'. [more]
Wednesday, 27 June 2007, 12:36 AM CET


HTTP DDoS attack mitigation using tarpitting
Recently, the anti-spam organization Spamhaus has come under yet another distributed denial-of-service attack. [more]
Wednesday, 27 June 2007, 12:30 AM CET


Antitrust judge favors Microsoft search agreement
She rejected an antitrust complaint filed by Google. [more]
Wednesday, 27 June 2007, 12:18 AM CET


EC threat to BBC over downloads
The BBC has been accused of forcing people to use Microsoft operating systems and has been threatened with a complaint to the European Commission. [more]
Wednesday, 27 June 2007, 12:15 AM CET


Google is watching you
Digital privacy advocate and secret smoker Kevin Bankston was outed on Google's Street View. So, what else does the Internet know about us? [more]
Wednesday, 27 June 2007, 12:12 AM CET


Security vendors question accuracy of AV tests
Symantec, F-Secure, and Panda Software design a new testing plan to better reflect the capabilities of competing products. [more]
Wednesday, 27 June 2007, 12:03 AM CET


Comparing your security budget
Just the other day I was asked again what percentage of my employer’s IT budget went toward security. [more]
Wednesday, 27 June 2007, 12:00 AM CET


Firefox security and privacy extensions
Besides offering more security than IE by default, what users appreciate is the fact that Firefox can be expanded with add-ons that offer a variety of functions not integrated in the browser upon install. This article explores useful security and privacy extensions that will add to your browsing experience. [more]
Tuesday, 26 June 2007, 4:09 PM CET


Fresh security breaches at Los Alamos
Officials at the nuclear-weapons laboratory, already struggling to calm concerns over security lapses, now have two more breaches to explain. [more]
Tuesday, 26 June 2007, 3:56 PM CET


A new type of video surveillance protects the privacy of individuals
Respectful cameras. [more]
Tuesday, 26 June 2007, 3:52 PM CET


How to be a digital detective
What every network manager should know about computer forensics. [more]
Tuesday, 26 June 2007, 3:50 PM CET


Bush on cyber war: 'a subject I can learn a lot about'
Real gov network strike might be scarier than botnet DDoS. [more]
Tuesday, 26 June 2007, 3:49 PM CET


Data breaches start at the gas station, analyst says
And you thought the Internet was a sketchy venue for commerce. [more]
Tuesday, 26 June 2007, 3:28 PM CET


Securing business file transfers
Despite the security weaknesses of FTP, there are several approaches IT can take to use the protocol safely. [more]
Tuesday, 26 June 2007, 10:15 AM CET


Can cell phones be hacked? It’s not that easy
IBM, McAfee and Symantec say cell phones can be broken into but sophisticated hacker would be needed. [more]
Tuesday, 26 June 2007, 10:13 AM CET


Converged security pays dividends
Security convergence -- integrating building- and IT-access systems --- is supposed to make life easier for everyone: IT, building security staff and employees coming into the office each day. [more]
Tuesday, 26 June 2007, 10:12 AM CET


Secret Service helps bust ID, credit card theft rings
Using information provided by the Secret Service, the French National Police arrested four men connected to an international ID theft ring. [more]
Tuesday, 26 June 2007, 9:49 AM CET


Oracle plan to tackle security
Oracle is planning to build a data centre outside the US in response to growing concerns from local companies over information protection. [more]
Tuesday, 26 June 2007, 9:46 AM CET


TorrentSpy founders create copyright filtering company
FileRights was started by some of the same people that run the Torrentspy search engine and who are fighting a copyright lawsuit brought by the major motion picture studios. [more]
Tuesday, 26 June 2007, 2:22 AM CET


Privacy rules on APEC agenda
Pathfinder projects that will ultimately lead to regional cross-border data privacy rules are being discussed by Asia-Pacific Economic Co-operation forum delegates meeting in Cairns this week. [more]
Tuesday, 26 June 2007, 2:18 AM CET


iPhone security: Nightmare for IT or no big deal?
Security experts are all over the ballpark with their predictions. [more]
Tuesday, 26 June 2007, 12:09 AM CET


The struggle to protect enterprise data
The problem of enterprise data protection is so big, companies have just begun wrapping their arms around it. Here’s how they’re discovering their vulnerabilities, and what they’re doing about them. [more]
Tuesday, 26 June 2007, 12:06 AM CET


When hacks attack
Forty-eight hours, hundreds of hackers and an endless supply of pizza: the perfect combination for a weekend of geekery. Except BBC/Yahoo! Hackday didn't go quite as planned. [more]
Tuesday, 26 June 2007, 12:02 AM CET


SSH coming to an iPhone near you, sort of
WebShell is a partial workaround that relies on a bit of Python code installed on your remote machine to provide an honest-to-goodness SSH solution. [more]
Tuesday, 26 June 2007, 12:00 AM CET


Teen arrested for hacking Belgian police website
A Belgian teenager has been arrested for hacking and temporarily shutting down the federal police website, leaving a mocking on-line note which helped identify him, police said. [more]
Monday, 25 June 2007, 1:53 PM CET


Four ways to hide information inside image and sound objects
Ever find yourself with too many passwords to remember and no idea where to keep them so that only you can find the password list? [more]
Monday, 25 June 2007, 11:47 AM CET


Microsoft sues more alleged Hotmail spammers
Microsoft has filed two lawsuits over the past weeks, looking to crack down on spam on its Windows Live Hotmail network. [more]
Monday, 25 June 2007, 11:41 AM CET


Giving your passwords the finger: a review of fingerprint scanners
The fingerprint scanners in this roundup are intended to simplify your life by eliminating the need to remember a bunch of passwords. [more]
Monday, 25 June 2007, 11:40 AM CET


U3 USB stick (In-)security
New USB sticks often come with U3 technology, which enables so called portable applications to be started directly from the USB stick. Which additional risks bear these U3 USB sticks compared to "normal" USB sticks? And how can these risks be minimized? This technical article shows possible dangers and solutions. [more]
Monday, 25 June 2007, 11:39 AM CET


Head spook kills off lame spy sat
It's an old saw in Washington that nobody takes the new guy in charge all that seriously until he's fired someone. [more]
Monday, 25 June 2007, 11:38 AM CET


Google Earth a "danger to security"?
The head of U.S. Air Force intelligence and surveillance on Thursday said data available commercially through online mapping software such as Google Earth posed a danger to security but could not be rolled back. [more]
Monday, 25 June 2007, 3:12 AM CET


FBI to restrict student freedoms
Federal agents are visiting some of the New England's top universities, including MIT, Boston College, and the University of Massachusetts, to warn university heads about the dangers of foreign spies and terrorists stealing sensitive academic research. [more]
Monday, 25 June 2007, 12:27 AM CET


When computers attack
Anyone who follows technology or military affairs has heard the predictions for more than a decade. [more]
Monday, 25 June 2007, 12:21 AM CET


Unix security: how do you know when you've been owned?
So you suspect that something strange is happening with a server, but you're not quite sure what. [more]
Monday, 25 June 2007, 12:12 AM CET


Complacent firms 'sleepwalking to a security disaster'
Martin Smith, a former head of information security at Standard Chartered Bank, says businesses have lulled themselves into a false sense of security. [more]
Monday, 25 June 2007, 12:03 AM CET


Securing wireless LANs with PEAP and passwords
This solution shows you how to plan, deploy, and manage 802.1X wireless LAN security using Microsoft Windows Server 2003. [more]
Monday, 25 June 2007, 12:00 AM CET


Extradited copyright infringer sentenced
Hew Raymond Griffiths gets 51 months in prison. [more]
Friday, 22 June 2007, 8:58 PM CET


Google looks to U.S. to curb censorship
Search engine asks gov't to treat Internet restrictions as trade barriers. [more]
Friday, 22 June 2007, 8:57 PM CET


Data breaches could take a toll on e-commerce
Customers are increasingly wary after losing data. [more]
Friday, 22 June 2007, 7:56 PM CET


Big Brother is watching you... and he's a computer
The threat of cameras combined with artificial intelligence. [more]
Friday, 22 June 2007, 4:20 PM CET


Microsoft better at patching XP than Vista?
Data revealed by company, but interpretations are differing. [more]
Friday, 22 June 2007, 12:54 PM CET


Cyber attack hits Pentagon
The Defense Department took as many as 1,500 computers off line because of a cyber attack. [more]
Friday, 22 June 2007, 12:53 PM CET


Report of CIA's wiretapping and dirty tricks to be unclassified
In its first 25 years, the Central Intelligence Agency violated its charter. [more]
Friday, 22 June 2007, 12:52 PM CET


Washington state works out $1M settlement with 'safe surf' vendor
So-called privacy service agrees to pay out for deceptive tactics, sales of personal info. [more]
Friday, 22 June 2007, 12:46 PM CET


Congress grills DHS CIO over repeated security breaches
Officials from the Department of Homeland Security faced Congressional grilling yesterday over the (lack of) security on DHS computer networks. [more]
Friday, 22 June 2007, 12:01 AM CET


Elements of efficient and secure service provisioning with Solaris
Solaris 10 presents the systems administrator with a wealth of significant advances in network performance, manageability, efficient hardware utilization, and security. [more]
Friday, 22 June 2007, 12:00 AM CET


Create password protected PDF files on your Mac
This article describes in details how to create password protected PDF files on Mac OS X by using a freely available command line utility, as well as an Automator Workflow. [more]
Thursday, 21 June 2007, 9:29 PM CET


Opinion: real-world disk failure rates offer surprises
At this year's USENIX File Systems and Storage Technology Conference in San Jose, we were treated to two papers studying failure rates in disk populations numbering over 100,000. [more]
Thursday, 21 June 2007, 3:03 PM CET


The case of the insecure security software
A little over a year ago I set out to determine exactly why, prior to Window Vista, the Power Users security group was considered by most to be the equivalent of the Administrators group. [more]
Thursday, 21 June 2007, 11:58 AM CET


Apple subdues solo IPv6 bug
Apple released Mac OS X 10.4.10 to patch a single security vulnerability and address several issues in Bluetooth and USB, add RAW image support for eight new cameras, and fix a decimal rounding error. [more]
Thursday, 21 June 2007, 11:56 AM CET


Securing IIS: it's more than a Web server
Though most people are generally referring to the Web server side of the house when they talk about IIS, many other common Internet-related services are included in that package. [more]
Thursday, 21 June 2007, 11:55 AM CET


A push to standards for network forensics
Digital forensics is still a young science. [more]
Thursday, 21 June 2007, 11:53 AM CET


Hacking WoW and the pursuit of knowledge
The hacking of online games was inevitable, as absolute a certainty as gravity. [more]
Thursday, 21 June 2007, 11:52 AM CET


Homeland Security not so secure
A Congressional subcommittee learned that the U.S. Department of Homeland Security has experienced about 800 security breaches, many in the form of computer hacking. [more]
Thursday, 21 June 2007, 4:00 AM CET


Video: the exploit development process
Alexander Sotirov is a Vulnerability Researcher at Determina Inc. In this video he discusses on a general note how exploit writers develop exploits. [more]
Thursday, 21 June 2007, 1:52 AM CET


National security risks prompt French BlackBerry ban
Use of smartphones by government and businesses could expose sensitive data, according to advisor to French Prime Minister. [more]
Thursday, 21 June 2007, 12:00 AM CET


Court prohibits access to touch-screen source code
Latest ruling in effort to find reason for 18,000 lost Florida votes in Nov. election. [more]
Wednesday, 20 June 2007, 11:16 AM CET


Snort: IDS done well (and good)
Snort is, by far, the gold standard among open source NIDS systems, with over 100,000 users and 3 million downloads to date. [more]
Wednesday, 20 June 2007, 11:13 AM CET


Users rage against China's 'Great Firewall'
Yang Zhou is no cyberdissident, but recent curbs on his Web surfing habits by China's censors have him fomenting discontent about China's "Great Firewall." [more]
Wednesday, 20 June 2007, 11:08 AM CET


Heathrow trials back biometric security
The vast majority of people who participated in the miSense biometric airport security trials at Heathrow Airport would recommend the service to their fellow travellers. [more]
Wednesday, 20 June 2007, 11:04 AM CET


HIPAA audit: The 42 questions HHS might ask
They cover everything from security to employee status to Internet use. [more]
Wednesday, 20 June 2007, 2:11 AM CET


IT compliance management: the role of PCI DSS
This Webinar will examine the commonalities among the major laws, regulations and standards and suggest some specific technologies, processes and management strategies that can save a large organization both money and time. [more]
Wednesday, 20 June 2007, 2:08 AM CET


The open-access debate over spectrum
If you've been following the developments surrounding the upcoming 700 MHz auctions, you've probably heard the term "open access" by now. [more]
Wednesday, 20 June 2007, 2:02 AM CET


Google security API spots dangerous URLs
Google's experimental API lets other programs access its blacklist of Web sites that may host malware. [more]
Wednesday, 20 June 2007, 2:01 AM CET


Tech security companies are hot targets
For sale: A technology security company. Which one? Pretty much any of them. [more]
Wednesday, 20 June 2007, 12:00 AM CET


Analysts: Microsoft flaw opened door to scammers
Microsoft fixes bug in Windows Live ID registration that lets users deceptively register a false e-mail address. [more]
Tuesday, 19 June 2007, 8:17 PM CET


PCI brush back: Banks say blame the merchants, not us
Execs note TJX breach caused by retailer, not banks. [more]
Tuesday, 19 June 2007, 7:52 PM CET


Stop users before they click on risky web sites
In a MIT-Harvard study, 36 percent of subjects logged in to their online bank accounts despite being warned that the site was not secure. [more]
Tuesday, 19 June 2007, 7:27 PM CET


IT security: lessons of a thirty-year career
IT security has changed in the last 30 years; we look back and explore what IT must do now to get a better grip on the environment. [more]
Tuesday, 19 June 2007, 6:03 PM CET


Boston police turn to text messages to fight crime
Crime Stoppers callers can now text in their tips. [more]
Tuesday, 19 June 2007, 3:02 PM CET


Lock down your Mac with DoorStop X
When it comes to security, Mac OS X has proved on numerous occasions that it is quite safe, right out of the box. However, that doesn't mean it cannot use additional security to prepare it for the Wild West we call the Internet. Enter DoorStop X - a comprehensive approach to securing your Mac. [more]
Tuesday, 19 June 2007, 2:24 PM CET


Can 'cyberinsurance' protect you from data breach catastrophe?
Business is booming after disasters like the TJX case, but policies can be expensive, complex and hard to get. [more]
Tuesday, 19 June 2007, 10:58 AM CET


Congress takes aim at spyware
Inside the Capitol, three bills designed to protect consumers from malicious spyware are duking it out. [more]
Tuesday, 19 June 2007, 10:57 AM CET


Protect your stuff with encrypted Linux partitions
Let's focus on the issue of protecting sensitive data on hard drives with encrypted file systems. [more]
Tuesday, 19 June 2007, 1:06 AM CET


Feds choose 10 vendors to secure mobile data
After extensive review, government awards encryption software contracts worth $79M. [more]
Tuesday, 19 June 2007, 12:45 AM CET


Breach at Los Alamos labs may have exposed classified data on nukes
Highly classified info was sent out over unprotected e-mail networks. [more]
Tuesday, 19 June 2007, 12:42 AM CET


Court: Feds violated privacy in e-mail search
In 'Smiling Bob' case, officials checked e-mails without a warrant. [more]
Tuesday, 19 June 2007, 12:28 AM CET


Police smash global pedophile ring
British police, aided by U.S. authorities, have smashed a global Internet pedophile ring that broadcast live-streamed videos of children being abused, investigating more than 700 suspects worldwide and rescuing 31 children in a 10-month probe, officials said Monday. [more]
Tuesday, 19 June 2007, 12:24 AM CET


PayPal to roll out buyer vetting service
In a move designed to attract more online sellers to accept its virtual payment service, PayPal this year plans to roll out a voluntary service designed to warn merchants if a transaction presents a fraud risk. [more]
Tuesday, 19 June 2007, 12:03 AM CET


House subcommittee hearing to examine cybersecurity lapses at DHS
A House committee wants changes in the Homeland Security Department’s data security efforts in response to 844 so-called cybersecurity incidents in fiscal 2005 and 2006. [more]
Tuesday, 19 June 2007, 12:00 AM CET


Interview with Joanna Rutkowska, security researcher
Joanna Rutkowska is primarily known for her contributions to Windows Vista backdoor installation and hiding techniques. She is very interested in stealth technology as used by malware and attackers to hide their malicious actions after a successful break-in. This includes various types of rootkits, network backdoors and covert channels. [more]
Monday, 18 June 2007, 9:13 PM CET


Security expert will review Ohio data theft
The state has hired a computer security expert to determine the likelihood of someone getting access to the data on a stolen backup storage device, Gov. Ted Strickland said Sunday. [more]
Monday, 18 June 2007, 6:50 PM CET


Anti-hacking laws 'can hobble net security'
Jeremiah Grossman has long stopped looking for vulnerabilities in specific websites, and even if he suspects a site to have a critical flaw that could be compromised by an attacker, he's decided to keep quiet. [more]
Monday, 18 June 2007, 3:36 PM CET


Counting the cost of cyber crime
Estimating the cost of an intrusion has never been easy. It is something that IT managers grapple with regularly, particularly when fighting for budgets. This article will attempt to explore some of the considerations when contemplating the cost of a systems breach, or indeed the cost of a possible ‘future’ breach. [more]
Monday, 18 June 2007, 11:26 AM CET


IT error opens data door at university
The University of Virginia is notifying about 6,000 current and former faculty members that their names, Social Security numbers, birth dates and other personal information may have been stolen by computer hackers between May 2005 and April of this year. [more]
Monday, 18 June 2007, 11:25 AM CET


How to create a computer-emergency response team
Incident-response teams deal with security breaches to limit damage. [more]
Monday, 18 June 2007, 11:24 AM CET


New mobile security threats emerge
Mobile phone capabilities are growing by leaps and bounds — and so are mobile security threats. [more]
Monday, 18 June 2007, 12:50 AM CET


Copyright coalition: piracy more serious than burglary, fraud, bank robbery
NBC/Universal general counsel Rick Cotton suggests that society wastes entirely too much money policing crimes like burglary, fraud, and bank-robbing, when it should be doing something about piracy instead. [more]
Monday, 18 June 2007, 12:21 AM CET


FBI ordered turn over thousands of Patriot Act abuse documents
A federal judge ordered the agency Friday to begin turning over thousands of pages of documents related to the agency's use of a powerful, but extremely secretive investigative tool. [more]
Monday, 18 June 2007, 12:09 AM CET


Online crime group logs millionth complaint
And the snits just keep coming as bad guys get worse. [more]
Monday, 18 June 2007, 12:05 AM CET


Hackers meet for coding festival
Web developers are gathering in London for the first BBC/Yahoo hackday. [more]
Monday, 18 June 2007, 12:03 AM CET


Homeland Security to detail IT attacks
Hearing will reveal findings of agency's internal investigation into risk of system attacks and other online threats. [more]
Monday, 18 June 2007, 12:00 AM CET


HIPAA audit at hospital riles health care IT
Industry on edge after feds examine data security procedures at Atlanta facility. [more]
Friday, 15 June 2007, 8:20 PM CET


Secure file upload in PHP web applications
Providing file upload function without opening security holes proved to be quite a challenge in PHP web applications. The applications we have tested suffered from a variety of security problems, ranging from arbitrary file disclosure to remote arbitrary code execution. This article points out various security holes occurring in file upload implementations and suggest a way to implement a secure file upload. [more]
Friday, 15 June 2007, 5:30 PM CET


First look: Windows Home Server RC1
Earlier this year, Microsoft announced its upcoming Windows Home Server product; a sort of beefed up NAS based on Windows Server 2003 SP2. [more]
Friday, 15 June 2007, 5:00 PM CET


Extended validation certificates
On June 12th, 2007, the CA/Browser Forum ratified the first version of the Extended Validation (EV) SSL Guidelines. [more]
Friday, 15 June 2007, 2:50 PM CET


Controlling your Linux system processes
All modern operating systems are able to run many programs at the same time. For example, a typical Linux server might include a Web server, an email server, and probably a database service. [more]
Friday, 15 June 2007, 1:48 PM CET


Video: data seepage - how to give attackers a roadmap to your network
This video discusses how the days of widespread internet attacks are long gone. What's more popular now are more directed or targeted attacks using a variety of different methods. This is where data seepage comes in. Unbeknownst to a lot of mobile professional's laptops, PDAs, even cell phones can be literally bleeding information about a company's internal network. All this information can be used by an attacker to make attacks more accurate with a higher likelihood of success. [more]
Friday, 15 June 2007, 1:06 PM CET


NATO, US gear up for cyberpunk warfare
The threat of military cyber attack must be taken seriously, according to NATO: but the alliance isn't sure what to do about it. [more]
Friday, 15 June 2007, 12:48 PM CET


Coming to America: The EU privacy directive
The Senate is finally getting around to pushing a national data breach law out of the Committee on Commerce, Science, and Transportation. [more]
Friday, 15 June 2007, 9:50 AM CET


Online bank security worsens
Banks' online security is getting worse as they rush to offer services online, according to new research. [more]
Friday, 15 June 2007, 9:46 AM CET


Sex offenders on MySpace arrested
Seven picked up in nation's 1st large-scale crackdown of MySpace predators. [more]
Friday, 15 June 2007, 9:46 AM CET


Federal government contracts need more security
With some 48,000 contracts, worth an estimated $14.8 billion, entered into by federal government departments annually, security procedures for dealing with contractors still require improvement, according to the Australian National Audit Office (ANAO). [more]
Friday, 15 June 2007, 9:43 AM CET


Using RBL and DCC for spam protection
I run a Postfix-based mail server that services a few hundred users with an average load of a couple of thousand legitimate messages a day -- but thanks to spam, the actual load on the server is much higher. [more]
Friday, 15 June 2007, 12:05 AM CET


US may require European visitors to register online
Proposal could fuel tensions over demands for data. [more]
Friday, 15 June 2007, 12:03 AM CET


FBI audit finds widespread abuse in data collection
Two-dozen violations involved illegal agent requests for information. [more]
Friday, 15 June 2007, 12:00 AM CET


Virginia Tech report cites privacy law problems
Complicated privacy laws have left education, health care, and law enforcement officials confused. [more]
Thursday, 14 June 2007, 2:22 PM CET


Free ads site could help fraudsters recruit middlemen
Popular UK-based free ads website Adzooks is inadvertently helping fraudsters by failing to properly screen job offers for obvious cons, anti-fraud activists have warned. [more]
Thursday, 14 June 2007, 12:51 PM CET


Apple goes on Safari with hostile security researchers
Security researchers have long speculated that Apple has benefited from security by obscurity, escaping attention from malicious hackers because Windows-based computers dominate in homes and offices. [more]
Thursday, 14 June 2007, 12:38 PM CET


Technical advances make your passwords practically worthless
Passwords are supposed to be kept secret, but due to continuing advances in technology, they are becoming weaker every day. [more]
Thursday, 14 June 2007, 5:24 AM CET


Exploits hot on the heels of Microsoft's patches
The exploits would let attackers run malicious code on hijacked PCs. [more]
Thursday, 14 June 2007, 5:04 AM CET


Helping retailers wipe ID data issue
When data breach investigator Bryan Sartin gets a call to check into an incident involving customer records loss at a retailer, he knows that the situation most likely involves information that has been lifted from a company's point-of-sale systems. [more]
Thursday, 14 June 2007, 1:45 AM CET


Gel sticks with 1.6TB of data are next on theft list
What a difference a decade can make when it comes to portable storage. [more]
Thursday, 14 June 2007, 1:20 AM CET


PayPal CTO: Security, mobility to spur growth
Early bets on open source, encryption are paying dividends as Internet becomes a global payments platform. [more]
Thursday, 14 June 2007, 1:03 AM CET


Radio tags could make jewelry more secure
The diamond ring of the future will radiate its unique beauty -- quite literally -- thanks to a minuscule radio-frequency identification (RFID) chip embedded in it. [more]
Thursday, 14 June 2007, 12:30 AM CET


AOL phisher nets six years' imprisonment
A California fraudster who posed as a rep from AOL's billing department in order to trick users into handing over financial details was jailed for 70 months (five years and 10 months) on Monday, Information Week reports. [more]
Thursday, 14 June 2007, 12:12 AM CET


Single source security
As traditional paper-based processes become computerised, the need to protect personal data, control access to it and protect the systems storing it becomes greater. [more]
Thursday, 14 June 2007, 12:09 AM CET


EU welcomes Google offer on privacy
Would cut data retention from 24 months to 18 months. [more]
Thursday, 14 June 2007, 12:08 AM CET


NSA 'spy room' at AT&T exposed
Agency can spy on email and web use with impunity. [more]
Thursday, 14 June 2007, 12:06 AM CET


FBI IDs identity thieves: 1 million computers affected
ABC News has learned the FBI is targeting a small number of suspected hackers who allegedly took over thousands of personal computers secretly and used them to steal identities and send out massive amounts of spy and spam ware. [more]
Thursday, 14 June 2007, 12:03 AM CET


UK security industry pleads for closer goverment ties
The hi-tech civil security industry has said it needs a cosier relationship with government if the UK is to stay ahead in the "war on terror". [more]
Thursday, 14 June 2007, 12:00 AM CET


New mobile security threats emerge
Mobile phone capabilities are growing by leaps and bounds — and so are mobile security threats. [more]
Wednesday, 13 June 2007, 11:37 AM CET


Personal data on 17,000 Pfizer employees exposed
An employee had installed file-sharing software on a company laptop. [more]
Wednesday, 13 June 2007, 5:03 AM CET


YouTube tests video fingerprints
YouTube will soon test a new video identification technology with two of the world's largest media companies, Time Warner and Walt Disney. [more]
Wednesday, 13 June 2007, 5:01 AM CET


Sony threatens to pursue legal action against PS3 hackers
Following reports that hackers have cracked PlayStation 3's anti-piracy software, SCEA has declared that it will "aggressively pursue" anyone caught engaging in such activity with legal action. [more]
Wednesday, 13 June 2007, 4:04 AM CET


Quantum effect that could secure communications holds over distance
European researchers said Tuesday they have proved an effect in quantum physics works over long distances, which means it could one day be used to make electronic communications infallibly secure. [more]
Wednesday, 13 June 2007, 3:03 AM CET


Yahoo stockholders vote against anticensorship proposal
Yahoo had recommended shareholders vote against the proposal, which would have required Yahoo to not hosting individuals' data in countries where political dissent is a crime. [more]
Wednesday, 13 June 2007, 3:00 AM CET


Is your agency failing FISMA?
Is your agency failing to meet its Federal Information Security Management Act (FISMA) requirements? [more]
Wednesday, 13 June 2007, 2:21 AM CET


How organized crime uses technology to make money
Stock scams, identity theft, you name it, this character has seen it. A fictional "CIO to the mob" explains how organized crime profits from IT. [more]
Wednesday, 13 June 2007, 2:00 AM CET


Dept. of Energy lab nails down wireless security
Energy Dept.’s Pacific Northwest National Lab deploys Cisco Airnet technology. [more]
Wednesday, 13 June 2007, 1:50 AM CET


Republican senators seek delay in patent bill
Several large tech vendors aren't happy with the Patent Reform Act. [more]
Wednesday, 13 June 2007, 1:27 AM CET


Fingerprint security for home
We all use door keys, but is there anything more outdated in our lives? [more]
Wednesday, 13 June 2007, 12:09 AM CET


Cisco leads in NAC recognition
Cisco Systems Inc. has been in the forefront of network access control (NAC) since about the time that technology first became acronym-ized. [more]
Wednesday, 13 June 2007, 12:07 AM CET


Where is your personal data?
In today's computerized world, loss of confidential information is far too common. [more]
Wednesday, 13 June 2007, 12:05 AM CET


Google slightly adjusts privacy policy
The change is in response to concerns from an EU working group. [more]
Wednesday, 13 June 2007, 12:02 AM CET


EU seeks to track visa usage in borderless zone
System will store fingerprints and photos of 70 million visa holders. [more]
Wednesday, 13 June 2007, 12:00 AM CET


ChoicePoint details data breach lessons
Assume every piece of information is “potentially fraudulent,” CIO says. [more]
Tuesday, 12 June 2007, 3:51 PM CET


Study: law puts damper on Web security research
Finding flaws will get you flak, let alone disclosing them. [more]
Tuesday, 12 June 2007, 3:46 PM CET


Embracing Microsoft Vista for enhanced network security
Effective implementation of server and domain isolation requires complete network visibility throughout the OS migration process. [more]
Tuesday, 12 June 2007, 10:14 AM CET


Google goes spear phishing on MySpace
If it seems like every Tom, Dick and Harry with a MySpace account was getting his account hijacked a couple of months ago there's a reason. [more]
Tuesday, 12 June 2007, 10:13 AM CET


Thwarting a large-scale phishing attack
In addition to targeting malware, Google is interested in combating phishing [more]
Tuesday, 12 June 2007, 12:21 AM CET


Hackers audition Yahoo Messenger exploits
Users need to patch the Windows program ASAP, say security experts. [more]
Tuesday, 12 June 2007, 12:15 AM CET


Stupid hacker tricks
Looking to enter a life of cybercrime? Beware the boneheaded miscues of these infamous cyberschnooks. [more]
Tuesday, 12 June 2007, 12:09 AM CET


Wireless networks: The burning questions
What impact will 802.11n have? Which security threats are scariest? What of wireless VoIP? [more]
Tuesday, 12 June 2007, 12:06 AM CET


Will the iPhone be a security nightmare?
So here it is, iPhone month. At last. [more]
Tuesday, 12 June 2007, 12:05 AM CET


Large-scale DOS attack menace continues to grow
Cyber warfare's collateral damage. [more]
Tuesday, 12 June 2007, 12:03 AM CET


Hackers access personal info on faculty members at Univ. of Virginia
The breaches occurred between 2005 and this past April. [more]
Tuesday, 12 June 2007, 12:00 AM CET


Hardware designed to protect data from theft
To make computers more reliable and secure, researchers at the University of Illinois at Urbana-Champaign have created hardware that configures itself to give each application a distinct signature. [more]
Monday, 11 June 2007, 1:27 PM CET


What can be done to protect IT systems?
A loss of information could put a small firm out of business. [more]
Monday, 11 June 2007, 12:32 PM CET


9 out of 10 phishers using DIY kits
According to new research from IBM Internet Security Systems (ISS), the vast majority of phishing websites have been created with a do-it-yourself kit. [more]
Monday, 11 June 2007, 9:35 AM CET


Google hostile to privacy?
Google has the most abysmal privacy policies and is leading a "race to the bottom" by the world's most renowned internet firms, a British human rights group said. [more]
Monday, 11 June 2007, 9:32 AM CET


Marriott exec shares converged network “horror story”
Hotel chain wants each property to have one network for guests, staff. [more]
Monday, 11 June 2007, 12:42 AM CET


Crypto boffins urge Belgium to withdraw early ePassports
RFID passports from Belgium remained flawed almost three years into their introduction, according to a study by cryptographic researchers. [more]
Monday, 11 June 2007, 12:27 AM CET


Retailers fume over PCI security rules
Several retailers this week bristled at having to comply with the Payment Card Industry's Data Security Standard, complaining that they carry an unfair burden in securing credit card data. [more]
Monday, 11 June 2007, 12:03 AM CET


Rsnapshot - a backup utility
There are many ways to backup Servers. One of the better ways to accomplish this is using rsnapshot. [more]
Monday, 11 June 2007, 12:02 AM CET


TorrentSpy ordered by federal judge to become MPAA spy
TorrentSpy, one of the world’s largest torrent dump sites, has been ordered by a federal judge to monitor its users in order to create detailed logs of their activities which must then be handed over to the MPAA. [more]
Monday, 11 June 2007, 12:00 AM CET


DIY kits dumb down phishing
9 out of 10 crooks use ready-made code. [more]
Friday, 8 June 2007, 11:05 PM CET


Intel budget numbers revealed on public PowerPoint slide show
Secret budget numbers apparently included accidentally within a public PowerPoint presentation may point to a widely-sought number: the annual U.S. intelligence budget. [more]
Friday, 8 June 2007, 11:04 PM CET


The security world according to vendor surveys
Let's see: Lies, damned lies, statistics, and... paid polling? [more]
Friday, 8 June 2007, 10:30 PM CET


Loose lips help exploit Hit Yahoo's IM
That will remind folks of when to shut up. [more]
Friday, 8 June 2007, 10:29 PM CET


Germany adds digital fingerprints to passports
One of several biometric datasets to be included. [more]
Friday, 8 June 2007, 9:23 PM CET


Laws threaten security researchers
What if a Web researcher found a bug on your Website today -- but was too afraid of the law to tell you? [more]
Friday, 8 June 2007, 8:48 PM CET


X11 forwarding using SSH
One way to enforce the traffic security is to use the SSH by the way of X11 tunneling or port forwarding. [more]
Friday, 8 June 2007, 8:28 PM CET


Northwestern University hit by data breach again
For the third time in just over two years, Northwestern University in Evanston, Ill., has reported a security breach involving sensitive data. [more]
Friday, 8 June 2007, 8:27 PM CET


Top10 malware registry launchpoints
Most trojans, worms, backdoors, and such make sure they will be run after a reboot by introducing autorun keys and values into Windows registry. [more]
Friday, 8 June 2007, 8:25 PM CET


Bots on your net? Look twice
Think the botnets you read about consist solely of zombies on unprotected consumer PCs? Think again. [more]
Friday, 8 June 2007, 12:51 PM CET


The slow death of AV technology
AV technology is gradually dying and being replaced by far more effective IT security technology based on whitelisting. [more]
Friday, 8 June 2007, 12:42 PM CET


Symantec tests revamp of corporate anti-virus client
Public beta of Symantec Endpoint Protection 11.0, which includes firewall, zero-day protection, and network access control features, to begin next week. [more]
Friday, 8 June 2007, 1:44 AM CET


To catch a spammer
Chris Hansen goes undercover (not really) to bust some jerks. [more]
Friday, 8 June 2007, 1:36 AM CET


Microsoft slates six patches for next week
New advance alert format reveals Vista faces three fixes, two 'critical'. [more]
Friday, 8 June 2007, 12:05 AM CET


Nonsecurity considerations in security decisions
Security decisions are generally made for nonsecurity reasons. For security professionals and technologists, this can be a hard lesson. [more]
Friday, 8 June 2007, 12:00 AM CET


The politics of wiretapping and encryption
Control of society is, in large part, control of communication. [more]
Thursday, 7 June 2007, 6:26 PM CET


CA in malformed archives malware risk
CA has updated its anti-virus software to guard against a brace of flaws that created a means for hackers to turn the security protection software against its users. [more]
Thursday, 7 June 2007, 6:25 PM CET


Video: anomaly-based unsupervised intrusion detection
At Black Hat Europe we met Stefano Zanero who talked about anomaly-based unsupervised intrusion detection. In this video he provides an overview of his research into the subject by illustrating how he worked trying to find ways to detect intruders without relying on signatures. [more]
Thursday, 7 June 2007, 11:39 AM CET


Suddenly, the paranoids don't seem so paranoid anymore
Have you noticed? We've become a people that no longer respects, or apparently desires, privacy. Our own or anybody else's. [more]
Thursday, 7 June 2007, 11:17 AM CET


US House passes another anti-spyware bill
The US House of Representatives on Wednesday overwhelmingly passed legislation designed to protect PC users from spyware despite the strong objections of internet-based businesses that warned the measure could interfere with many legitimate online activities. [more]
Thursday, 7 June 2007, 11:15 AM CET


Online shoppers will pay more for privacy
People are willing to pay more to buy items from online retailers who make their privacy policies clear, a new Carnegie Mellon University study showed. [more]
Thursday, 7 June 2007, 3:52 AM CET


Teacher in spyware case granted new trial
Judge sets aside guilty verdict in case of substitute teacher whose students were exposed to pornography on classroom computer. [more]
Thursday, 7 June 2007, 12:09 AM CET


Three minutes on Google security
Security has been a bit of a black art at Google. [more]
Thursday, 7 June 2007, 12:04 AM CET


Firm offers to patent security fixes
The market for software vulnerabilities just got even more complex with the arrival of a firm that offers security researchers a chance to profit from their work by patenting security fixes. [more]
Thursday, 7 June 2007, 12:00 AM CET


The beginning of the Arabic virus era
If a virus uses a language other than English, it is most often Chinese, German, Spanish, Portuguese or Russian, and sometimes Indonesian/Malay, Japanese or Thai. It is rare to find an Arabic-aware virus. At least we've thought so until now. [more]
Wednesday, 6 June 2007, 4:00 PM CET


Vendors seek unity on identity protocols
Microsoft and its peers starting to come together. [more]
Wednesday, 6 June 2007, 3:15 PM CET


Surviving a home data disaster
Recovering 736 missing digital images can be arduous -- and expensive. Here's the right (and wrong) way to do it. [more]
Wednesday, 6 June 2007, 1:06 PM CET


Secret Service operative moonlights as identity thief
Brett Shannon Johnson is a credit-card and identity thief. In five years of crime, the 37-year-old estimates he's stolen about $2 million - some of it while working as a paid informant for the U.S. Secret Service. [more]
Wednesday, 6 June 2007, 1:04 PM CET


Censorship 'changes face of net'
Amnesty International has warned that the internet "could change beyond all recognition" unless action is taken against the erosion of online freedoms. [more]
Wednesday, 6 June 2007, 12:58 PM CET


OS X still open to Samba vulnerabilities
Following up some recent patches to Samba, the open-source file-sharing system compatible with Windows file sharing, Symantec found some disturbing results: at least one *NIX variant, Mac OS X, is still vulnerable. [more]
Wednesday, 6 June 2007, 12:21 AM CET


Mac and Windows firewalls
Since different people have different needs when it comes to allowing traffic through the firewall, this article takes a look at the rules necessary to allow file sharing between Macs and PCs. [more]
Wednesday, 6 June 2007, 12:14 AM CET


IFPI: Ten "inconvenient truths" about file-swapping
The EU has just released its latest figures about counterfeit products seized at European borders in 2006, and the music industry's international trade group has jumped on those numbers to call for increased action against Chinese pirates. [more]
Wednesday, 6 June 2007, 12:09 AM CET


Web server software and malware
In this post, we investigate the distribution of web server software to provide insight into how server software is correlated to servers hosting malware binaries or engaging in drive-by-downloads. [more]
Wednesday, 6 June 2007, 12:03 AM CET


How secure is your security software?
Think that commercial software you just bought has been adequately tested and is ready for deployment? Think again. [more]
Wednesday, 6 June 2007, 12:01 AM CET


High court ruling could be boon for retailers
A Supreme Court ruling handed down Monday could be good news for more than 100 major retailers targeted by class-action lawsuits alleging that the companies failed to comply with a law designed to protect consumers from identity theft. [more]
Tuesday, 5 June 2007, 4:59 PM CET


Credit unions push legislation on PCI Data Security Standard
As an increasing number of states consider bills seeking to codify pieces of the Payment Card Industry (PCI) Data Security Standard into law, a common thread is emerging: the involvement of credit unions in pushing the legislation. [more]
Tuesday, 5 June 2007, 4:58 PM CET


Courts grapple with computer searches
Is it a password-protected 'locked box' or a simple container? [more]
Tuesday, 5 June 2007, 4:24 PM CET


Big pirate on campus
Citing multiple instances of extensive illicit peer-to-peer file sharing by college students using their universities' computer networks, a Congressional committee has sent a survey to several college presidents surveying them on the veracity of their schools' stances against piracy. [more]
Tuesday, 5 June 2007, 4:20 PM CET


Challenges in the age of encryption
IT management will face challenges unless it lays the groundwork for the growing ubiquity of encryption. [more]
Tuesday, 5 June 2007, 12:38 PM CET


Road to website vulnerability assessment part 1
I spend a lot of time with companies, mostly large and medium sized, who are interested in finding the vulnerabilities in their websites. [more]
Tuesday, 5 June 2007, 12:30 PM CET


Server core: small footprint, big security
A smaller footprint may reduce security risks in Windows Server 2008. [more]
Tuesday, 5 June 2007, 12:22 PM CET


Invalid SSL certificates
We all know them. But how bad are they? And what can we do to improve the situation? [more]
Tuesday, 5 June 2007, 12:15 PM CET


MySpace moves on predators
MySpace filed a request on in a Pennsylvania state court to seek guidance on how it can legally provide local authorities with the private emails of convicted sex offenders who had lurked on its service. [more]
Tuesday, 5 June 2007, 12:53 AM CET


Unofficial work at home is data security risk
It’s not federal teleworkers who are a security risk so much as employees who unofficially work from home on nights or weekends. [more]
Tuesday, 5 June 2007, 12:20 AM CET


Search engines falling down on security job
In their pursuit of the bottom line, search engines have put consumers at risk, according to findings from McAfee SiteAdvisor. [more]
Tuesday, 5 June 2007, 12:18 AM CET


Stealthy attack method causes concern
New hacking method goes to great lengths to avoid detection by security software and researchers by serving malicious code only once. [more]
Tuesday, 5 June 2007, 12:00 AM CET


Spammers try some ad-ons
Spammers have backed away, at least temporarily, from exploiting images to circumvent email filters following a massive spike earlier this year in use of the strategy of embedding text in picture files. [more]
Monday, 4 June 2007, 5:55 PM CET


Encrypt and sign Gmail messages with FireGPG
Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. [more]
Monday, 4 June 2007, 5:55 PM CET


Video: details on Microsoft Identity Lifecycle Manager 2007
Peter Houston, the Senior Director for Identity and Access Management at Microsoft speaks about Microsoft Identity Lifecycle Manager 2007 and provides details about how this product simplifies the managing of the life cycle of a user's digital identity. You'll also get information on the future version of the product that comes out in 2008. [more]
Monday, 4 June 2007, 1:33 PM CET


Stiffer cyber laws to crack down on botnets, spyware

Together, the Cyber-Security Enhancement Act and the Internet Spyware (I-SPY) Prevention Act would represent one of the more significant updates to federal computer-crime law in the last two decades. [more]
Monday, 4 June 2007, 11:30 AM CET


10 free ways to track all your passwords
With the proliferation of web services it feels like we’re always creating new accounts, each with a different username and password. [more]
Monday, 4 June 2007, 12:42 AM CET


Password-cracking contest proves theory
Winner remains anonymous. [more]
Monday, 4 June 2007, 12:35 AM CET


Signing, encrypting, and decrypting Atom
Atom is a great format for relaying information, but what about security concerns? [more]
Monday, 4 June 2007, 12:10 AM CET


Forget security and privacy: Focus on trust
Security and privacy are bad words with bad histories, evoking bad connotations with most enterprise stakeholders. For companies to succeed at safeguarding their data, these words must go away. [more]
Monday, 4 June 2007, 12:03 AM CET


Keeping compliant in a Web 2.0 world
As instant messaging, blogging and wikis move into the corporate mainstream, vendors are responding with a slew of new technologies to arm companies intent on tracking and controlling these new forms of communication. [more]
Monday, 4 June 2007, 12:02 AM CET


How to turn your Wi-Fi router into a repeater
This How-To provides step-by-step instructions for creating a Universal Wireless Repeater appliance. [more]
Monday, 4 June 2007, 12:00 AM CET


Configuring Mail to scan incoming email for malware
We may not like it, but OS X malware is on the rise. [more]
Friday, 1 June 2007, 4:43 PM CET


Google photos stir a debate over privacy
For Mary Kalin-Casey, it was never about her cat. [more]
Friday, 1 June 2007, 4:13 PM CET


40% of kids regularly visit forbidden sites
Children under the age of 16 are regularly visiting websites that have been prohibited by their parents, divulge personal details to strangers and meet up with people they met online, according to research published today. [more]
Friday, 1 June 2007, 1:42 PM CET


Wardriving in London 2007
Research was conducted in London where data was collected on 800 hotspots. The article presents an overview of transmission speeds, equipment, traffic encryption, network types and more. The survey concludes with several conclusions the most important of which is the fact that the gradual progress in terms of traffic encryption on wireless networks still leaves plenty of room for improvement. [more]
Friday, 1 June 2007, 12:35 PM CET


I have seen the future, and it is monitored
Today, if I wanted to perform surveillance against a target, I would tap his phone line. [more]
Friday, 1 June 2007, 11:57 AM CET


Spammers' use of AI only just begun
Security industry experts: Image spam tip of iceberg; tech, enterprise must target roots of problem, rather than individual campaigns, to drive back new forms. [more]
Friday, 1 June 2007, 11:48 AM CET


Transfer files securely with SFTP
File Transfer Protocol (FTP) was once the most widely used protocol for transferring files between computers. However, because FTP sends authentication information and file contents over the wire unencrypted, it's not a secure way to communicate. [more]
Friday, 1 June 2007, 11:44 AM CET


China goes for gold in malware olympics
Olympic city Beijing was the most prolific source of spam and viruses for May, according to managed security company Network Box. [more]
Friday, 1 June 2007, 11:43 AM CET


Electronic discovery and court problems
The courts are struggling to cope with information technology. [more]
Friday, 1 June 2007, 1:13 AM CET


Cyberthieves steal $449K from city coffers
Most of the money is recovered, but thieves still at large. [more]
Friday, 1 June 2007, 1:10 AM CET


Creating a computer security incident response plan
Cybercrime is an issue that every IT manager will confront at some point, either directly or indirectly. [more]
Friday, 1 June 2007, 12:35 AM CET


Crime writer sues over online defamation
Cornwell says writer posted 'defamatory and contemptuous' material against her on Web sites. [more]
Friday, 1 June 2007, 12:15 AM CET


Encryption vendor claims AACS infringes its patents, sues Sony
Canadian encryption vendor Certicom yesterday filed a wide-ranging lawsuit against Sony, claiming that many of the products offered by the electronics giant infringe on two Certicom patents. [more]
Friday, 1 June 2007, 12:09 AM CET


California considers tougher law on securing payment card data
Bill mirrors new security, reimbursement mandates on retailers in Minnesota. [more]
Friday, 1 June 2007, 12:06 AM CET


Security: when lock downs lock out the blind
Banks and vendors are working to make online tools secure and usable for the visually impaired. [more]
Friday, 1 June 2007, 12:03 AM CET


Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //