Off the Wire

Off The Wire Archive

News items for July 2004

Internet snagged in the hooks of phishers
Maybe it's time we all went to digital self-defense school. How else can we learn how to deflect the Internet thieves pounding on our electronic doors? [more]
Friday, 30 July 2004, 11:30 AM CET


PDA viruses could get nasty
Pests could easily run undetected on handhelds and spread quickly online, security expert warns. [more]
Friday, 30 July 2004, 11:14 AM CET


Covert Java: obfuscating classes
Obfuscation can help prevent the hacking of your Java code, but how does it work? Alex Kalinovsky explains the most common methods and how they can help protect your intellectual property in this chapter. [more]
Friday, 30 July 2004, 11:11 AM CET


Email privacy is lost
As if the common use of "web bugs" inside spam was not enough, companies are using new techniques to watch and track the private emails you read, forward, print, and more. [more]
Friday, 30 July 2004, 10:59 AM CET


Spam foes band together
A new group wants to make it easier to fight spam worldwide while making it tougher for spammers to hide their operations. [more]
Friday, 30 July 2004, 10:54 AM CET


Security, Houston-style
Security is far more effective when it's based on well-trained smart people, instead of on rote-trained people checking photo IDs and X-ray machine screens, writes Bruce Schneier. [more]
Friday, 30 July 2004, 10:52 AM CET


Hackers harness Google to hunt for weaknesses
A security expert says the search engine can be used by hackers to pinpoint sites with weak security. [more]
Friday, 30 July 2004, 10:27 AM CET


Hackers trade tool tips
MetaSploit toolkit can access, control PCs over the Internet 'for good or evil,' writers say. [more]
Friday, 30 July 2004, 10:23 AM CET


Secure programming with the OpenSSL API
Create basic secure and unsecure connections. [more]
Friday, 30 July 2004, 10:22 AM CET


Storm over iPod 'hacker tactics'
Apple says it is looking closely at software firm RealNetworks' claim that it has found a way for tunes from its online store to be played on iPods. [more]
Friday, 30 July 2004, 10:20 AM CET


Virus writing on the increase
A report published by Sophos which reveals that the number of new viruses being written is increasing. [more]
Thursday, 29 July 2004, 2:53 PM CET


Audio learning session: 5 tips on protecting your business against spam
Warren Sealey, SME Security Manager at Message Labs, discusses the ever growing spam problem, talks about the need for using different anti-spam technologies and provides some valuable tips on minimizing the spam threat. [more]
Thursday, 29 July 2004, 2:17 PM CET


Hackers gather in Vegas for annual digital huddles
For the next few days corporate executives sporting coats and ties will rub elbows with a T-shirt-wearing crowd sporting names like Ne0n Ra1n and Mudge. [more]
Thursday, 29 July 2004, 1:27 PM CET


Russian hackers in net heist
Russian hackers inflicted tens of millions of dollars of damage on British bookmakers in an internet extortion scheme, officials have revealed. [more]
Thursday, 29 July 2004, 1:17 PM CET


Counting the cost of a worst-case worm
A single 'superworm' attack could cost business as much as $50bn. [more]
Thursday, 29 July 2004, 11:56 AM CET


Great hackers
A few months ago I finished a new book, and in reviews I keep noticing words like "provocative'' and "controversial.'' To say nothing of "idiotic.'' [more]
Thursday, 29 July 2004, 11:29 AM CET


Details of Microsoft antivirus software leak out
An executive of Microsoft in France divulged on Wednesday some of the software maker's plans for its highly anticipated entry into the antivirus software market. [more]
Thursday, 29 July 2004, 11:19 AM CET


Building systems to be shared securely
Want to securely partition VMs? One option is to put 'em in Jail. [more]
Thursday, 29 July 2004, 11:15 AM CET


Hackers striking more suddenly
Attackers are writing malicious code more quickly than ever, the founder of the Black Hat Security Briefings has warned. [more]
Thursday, 29 July 2004, 11:13 AM CET


Security fears holding back online travel market
Cyberspace is a nice place to visit but I wouldn't want to buy there. [more]
Thursday, 29 July 2004, 11:11 AM CET


RFID tags become hacker target
Privacy advocates may not be the only people taking issue with the current crop of radio-frequency identification tags--merchants will likely have problems with a lack of security as well, a German technology consultant said Wednesday. [more]
Thursday, 29 July 2004, 11:07 AM CET


A promise falls in the forest
A federal court recently ruled that website privacy policies aren't binding, because nobody reads them. The implications are far reaching for contract law and the Internet. [more]
Wednesday, 28 July 2004, 1:45 PM CET


Windows Server 2003 security guide
The Windows Server 2003 Security Guide focuses on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments. [more]
Wednesday, 28 July 2004, 1:10 PM CET


Network troubleshooting tools
Here's information on sniff and ngrep. [more]
Wednesday, 28 July 2004, 11:45 AM CET


Web security threat classification
This paper compiles and distills the known unique classes of attack, which have presented a threat to web sites in the past. Each class of attack will be given a standard name and explained with thorough documentation discussing the key points. [more]
Wednesday, 28 July 2004, 9:21 AM CET


Locking down endpoints to prevent virus resurgence
Verifying PC security compliance before granting network access. [more]
Wednesday, 28 July 2004, 9:10 AM CET


Linux gets host application security
New modules in the Linux 2.6 kernel make for easier host-based application security. [more]
Wednesday, 28 July 2004, 9:06 AM CET


Are P2P networks leaking military secrets?
A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella. [more]
Wednesday, 28 July 2004, 12:58 AM CET


Microsoft delivers Office Service Pack
SP1 spruces up OneNote, InfoPath. [more]
Wednesday, 28 July 2004, 12:57 AM CET


DoubleClick blacks out from Web attack
DoubleClick has confirmed that an Internet attack crippled its online advertising service Tuesday and caused a widespread outage among its customers. [more]
Wednesday, 28 July 2004, 12:56 AM CET


Government takes new tack to secure online transactions
Establishing proof of identity to conduct business online today is a much different security challenge than it was in the mid-1990s. [more]
Wednesday, 28 July 2004, 12:55 AM CET


A database encryption solution
This paper presents a practical implementation of field level encryption in enterprise database systems, based on research and practical experience from years of commercial use of cryptography in database security. [more]
Wednesday, 28 July 2004, 12:37 AM CET


A guide to SpamAssassin
Spam is one of the most serious problems plaguing Internet users today. Fortunately, there is a cure called SpamAssassin, and we'll show you how it works and how to configure it for your server. [more]
Tuesday, 27 July 2004, 3:23 PM CET


Wireless attacks and penetration testing (part 3 of 3)
This third and final part of the wireless pen-test series looks at how to mitigate the security risks outlined in the previous articles, and then looks at some proposed solutions currently in front of the IETF. [more]
Tuesday, 27 July 2004, 3:16 PM CET


Astaro firewall earns ICSA Labs certification
Astaro Security Linux Version 5 has fulfilled the criteria and passed the 4.0 test for ICSA Labs' Firewall Product Certification. [more]
Tuesday, 27 July 2004, 3:10 PM CET


Linux certifications can pay off big
The Linux business is growing fast, and the right Linux certification can help you grow with it. [more]
Tuesday, 27 July 2004, 3:09 PM CET


Security at your fingertips
Employees in at least one Defense Department office no longer have to remember passwords or personal identification numbers. [more]
Tuesday, 27 July 2004, 2:07 PM CET


Google worm attack confirmed
Antivirus companies have confirmed yesterday's Macworld report claiming a new Internet assault against search engines, including those run by Lycos and Google. [more]
Tuesday, 27 July 2004, 2:05 PM CET


Open source security
Whilst it is true that Open Source is not a security panacea - for example, there can be hot spots in the code, and it may be possible that some parts have not been fully reviewed -many believe that it has inherent advantages. [more]
Tuesday, 27 July 2004, 9:41 AM CET


Security is now top IT concern
Security has overtaken cost cutting as the top concern of IT managers with more than 75 percent of those polled in a new IDC study rating security as a very or extremely significant challenge. [more]
Tuesday, 27 July 2004, 9:39 AM CET


Why are virus writers so tough to catch?
The fight to rout Sasser and its ilk is fraught with ethical ambiguities. "Out of the 75,000 viruses that are written each year, all but 1,000 never infect anybody. So is it a crime to just write a virus?" asked David Perry of Trend Micro. "We are an open society. Do we give up all those [liberties] that make us Americans?" [more]
Tuesday, 27 July 2004, 9:36 AM CET


Watchfire acquires Sanctum
Watchfire announced on Monday that it is acquiring security software maker Sanctum in a move to broaden its monitoring, measuring, managing and security software offerings. [more]
Tuesday, 27 July 2004, 9:35 AM CET


U.S. e-mail privacy bill introduced
Congressmen react to court ruling. [more]
Monday, 26 July 2004, 2:59 PM CET


Eye spy with my little network
Closed circuit surveillance systems are going digital, which will not only reduce costs but lead to a dramatic increase in the scope of coverage. [more]
Monday, 26 July 2004, 2:46 PM CET


Stealing the network: a prequel
Ryan Russell has written this "prequel" depicting a '70s-era hack, set at a tech company back East. [more]
Monday, 26 July 2004, 2:10 PM CET


E-commerce attack is imminent, warn security experts
A surge in internet scanning activity in the past week could indicate a fresh wave of attacks on e-commerce servers, UK-based web services company Netcraft warned. [more]
Monday, 26 July 2004, 12:47 PM CET


Lock down remote access to the Windows registry
Take the steps outlined in this article to secure the Windows registry from being remotely compromised by attackers. [more]
Monday, 26 July 2004, 12:19 PM CET


Aruba Submits IETF Draft
The IETF submission documents how wireless traffic can be exposed regardless of the type of authentication and encryption used to transmit data if the network behind the access point can be compromised. [more]
Monday, 26 July 2004, 12:17 PM CET


The allure of keyless entry
Establishing proof of identity to conduct business online today is a much different security challenge than it was in the mid-1990s. [more]
Monday, 26 July 2004, 12:05 PM CET


Malware: fighting malicious code
This book presents a good start for getting knowledge about malicious code. It's clearly written, easy to understand and informative. [more]
Monday, 26 July 2004, 12:03 PM CET


Windows XP SP2: install with care
SP2 will wreak havoc on many security and firewall software utilities. [more]
Monday, 26 July 2004, 10:54 AM CET


Feds halt classified work at labs
The Energy Department responded to a security breach at the Los Alamos weapons lab by halting classified work at two dozen other facilities that use computer disks containing classified nuclear-weapons research material. [more]
Monday, 26 July 2004, 10:53 AM CET


US criticised over cyber-security
Efforts by the US authorities to counter cyber-crime and terrorism have been criticised in an official report. [more]
Monday, 26 July 2004, 10:47 AM CET


Hack this: secure embedded systems
As hackers move down the food chain from desktops to embedded systems, hardware-and software-security decisions dominate the design process. [more]
Friday, 23 July 2004, 3:35 PM CET


Inside SSH, Part 3
In Part 2 of this multipart series delving into the Secure Shell on Mac OS X, François Joseph de Kermadec showed you how to securely fire up the Secure Shell and start communicating. Now, in Part 3, he digs deeper, showing you more advanced techniques. [more]
Friday, 23 July 2004, 2:52 PM CET


Detecting network intrusions with packet filtering
In an effort to put the usage of these filters into context I will explain a normal day in the life of a network security analyst. [more]
Friday, 23 July 2004, 2:51 PM CET


Collaboration leads to advance towards quantum crypto
A joint research project of Fujitsu Ltd. and The University of Tokyo has made progress towards realizing a viable quantum cryptography system. [more]
Friday, 23 July 2004, 2:41 PM CET


Introduction to securing Linux
A consideration of what it means to be secure. [more]
Friday, 23 July 2004, 12:42 PM CET


Laziness puts Wi-Fi security at risk
If you're paying for wireless access it doesn't make sense to allow others to use it. [more]
Friday, 23 July 2004, 12:36 PM CET


Mac OS X ? Unix? Secure?
Apple's OS X is not safer or less susceptible to vulnerabilities and viruses than other OSes, and Apple's secretive culture is bad for the security world. [more]
Friday, 23 July 2004, 12:33 PM CET


Hackers: friends or foes?
What motivates hackers? Are they upright citizens with a Spiderman-style zeal to protect the world's great companies from their own weaknesses? [more]
Friday, 23 July 2004, 12:26 PM CET


VoIP security: loose IPs sink ships
IP Telephony opens doors to integrated applications such as presence management, unified messaging and multimedia communications. Unfortunately, it also opens other doors into the formerly staid world of circuit-switched telephony. [more]
Friday, 23 July 2004, 12:23 PM CET


Olympics arms against virus threat
Security officials in Athens are taking steps to stop worms crippling the Olympics' data network. [more]
Friday, 23 July 2004, 12:21 PM CET


Microsoft faces up to browser flaws
Mass migration to Windows XP could raise serious security questions for users. [more]
Thursday, 22 July 2004, 3:13 PM CET


Feeling secure? Symantec CEO does not
CEO John Thompson has succeeded in transforming Symantec from a seller of PC utilities for the consumer market into a major player in enterprise security software. [more]
Thursday, 22 July 2004, 3:03 PM CET


Locked out
Just when we need CISOs the most, many find their resources and authority—and sometimes the CISO position itself—reduced to zero. [more]
Thursday, 22 July 2004, 2:03 PM CET


The weakest security link? You
"People are the weakest link," said Chris Pick, vice president of market strategy at security and systems-management company NetIQ. [more]
Thursday, 22 July 2004, 1:54 PM CET


A rounded approach to security
Dr RK Raghavan, consulting advisor for Tata Consultancy Services, stresses the importance of treating security as far more than simply a technological issue. [more]
Thursday, 22 July 2004, 1:52 PM CET


Best practices for securing your WLAN
The steady growth of Wi-Fi in the enterprise demands that corporate IT teams learn and adopt new security methodologies tailored to the unique requirements and weaknesses of wireless networks. [more]
Thursday, 22 July 2004, 1:37 PM CET


Cybersecurity needs education, standards, partnerships
Partnerships, education and standards are important to strengthening the information technology workforce's ability to protect the nation's infrastructure, experts and lawmakers said today at a hearing of the House Science Committee. [more]
Thursday, 22 July 2004, 11:14 AM CET


Anti-spam laws are working
Several major spam email companies have stopped sending offensive unsolicited messages to Australians in the three months since tough new regulations were introduced. [more]
Thursday, 22 July 2004, 7:39 AM CET


Bluesocket punts wireless security kit
Bluesocket, the IT security vendor, is to sell wireless monitoring technology alongside its current line of wireless gateway products. [more]
Thursday, 22 July 2004, 7:37 AM CET


Bulk mailer faces criminal charges
A bulk e-mailer in Florida has been charged with electronically breaking into a massive data warehouse and stealing gigabytes of personal information on Americans, federal prosecutors said Wednesday. [more]
Thursday, 22 July 2004, 7:34 AM CET


Security expert defends security community stance on e-voting
Aviel Rubin is the professor at the center of the controversy over e-voting security. [more]
Thursday, 22 July 2004, 7:33 AM CET


Latest Bagle and MyDoom worms on the loose
Latest versions of the Bagle and MyDoom worms have surfaced on the internet and appear to be spreading. [more]
Wednesday, 21 July 2004, 3:32 PM CET


Educate users about strong passwords
General concepts in security escape most end users, pointy-haired bosses, and other decision-makers, and even some junior administrators. While the more senior technologists may not ever hope to get them to relate to the finer points of DMZs and VLANs, we should at least continue to push and educate in the area of passwords. [more]
Wednesday, 21 July 2004, 2:09 PM CET


Exploiting software: how to break code
This is a very exciting book, full of nitty-gritty details you need to be familiar with in order to understand how attackers find software holes and build exploits. These details are valuable if you want a deep understanding of the concepts and practices behind system security. [more]
Wednesday, 21 July 2004, 1:07 PM CET


Beware hackers' deals, say experts
The group is selling Enterasys' Dragon intrusion detection system for £8,650. The list price is £10,800 for a single user and up to £162,000 for a 500-user licence. [more]
Wednesday, 21 July 2004, 12:01 PM CET


IT security problems blight US nuclear weapons lab
Security troubles continue at the Los Alamos National Laboratory, where officials have confirmed that workers recently sent out an undisclosed number of classified e-mails over a nonsecure e-mail system. [more]
Wednesday, 21 July 2004, 11:52 AM CET


Apache logs
This article explains Apache logging and how it can be configured. [more]
Wednesday, 21 July 2004, 11:51 AM CET


Sloppy banks open the door to phishermen
A new vulnerability makes it easier for fraudsters to pass off content from bogus websites as the real thing. [more]
Wednesday, 21 July 2004, 11:42 AM CET


How to harden GNU/Linux against local intrusions
So, you've set up parental filtering, only to discover that an overachieving teenager has Googled a way around it. You've just been the victim of a local intrusion. Preventing such an occurrence on GNU/Linux requires a little knowledge and even less work. Here's how. [more]
Wednesday, 21 July 2004, 11:26 AM CET


ATM keypads get a security boost
Credit card companies are responding to a host of high and low-tech attacks on the sanctity of your ATM code. [more]
Wednesday, 21 July 2004, 11:24 AM CET


An elliptic curve cryptography primer
This lengthy and highly technical primer provides a gentle yet thorough introduction to elliptical key cryptography. [more]
Wednesday, 21 July 2004, 11:20 AM CET


More mobile viruses to come?
The virus, called Dust, or WinCE4.Dust, is aimed at Pocket PCs and smartphones. In order to run, the virus needs a mobile-compatible device running Microsoft's Windows CE operating system. [more]
Wednesday, 21 July 2004, 11:18 AM CET


Dell campaign builds awareness of security issues
Dell launched an aggressive PC security awareness campaign to help its millions of consumer customers better understand and protect their computers from the detrimental effects of spyware, viruses and other online security threats. [more]
Tuesday, 20 July 2004, 3:36 PM CET


RSA eases security process for Java developers
Java developers would probably rather be coding Web services applications than learning the intricacies of Web services security, surmises Kathy Kriese, senior product manager at RSA Security. [more]
Tuesday, 20 July 2004, 3:34 PM CET


Microsoft endorsement pleases security software developer
Cloakware Corp. has attracted several major clients who are using its security software. [more]
Tuesday, 20 July 2004, 3:32 PM CET


Thoughts on secure operating systems
This editorial looks at several OS certifications that have recently been used as ammunition against Linux by real-time OS vendors targeting the high-security and military markets. It also debunks several emotional and inflamatory arguments impugning Linux security. [more]
Tuesday, 20 July 2004, 3:21 PM CET


The pied piper syndrome
Making electronic voting terminals more like slot machines won't keep elections secure from tampering. [more]
Tuesday, 20 July 2004, 3:20 PM CET


Packet crafting for firewall and IDS audits (part 2 of 2)
This article is the second of a two-part series that will discuss various methods to test the integrity of your firewall and IDS using low-level TCP/IP packet crafting tools and techniques. [more]
Tuesday, 20 July 2004, 3:16 PM CET


Cyber cop going, going, gone
Former High Tech Crime Centre director Alastair MacGibbon, who is to become cyber security boss of eBay in Australia, fears organised syndicates will win the online crime war unless internet users take personal responsibility for the security of their information. [more]
Tuesday, 20 July 2004, 3:11 PM CET


IE security problems open doors to friends and foes
Two software developers have opted to take very different approaches to the lack of security in Internet Explorer: one has decided to join Microsoft, the other to beat them. [more]
Tuesday, 20 July 2004, 3:10 PM CET


The new face of cybercrime
You once could explain away Internet attacks as destruction for destruction's sake. But many of the juvenile delinquents of the 1990s have since graduated from mere vandalism to hacking for monetary gain. [more]
Tuesday, 20 July 2004, 3:08 PM CET


iPass sets tech security pact
iPass, which supplies Internet connections to business travelers, will unveil partnerships Monday with dozens of top security companies in a bid to act as a clearinghouse for corporate network security. [more]
Monday, 19 July 2004, 3:36 PM CET


Bracing for the Microsoft update
Though the new Windows overhaul from Microsoft is welcome, its release is expected to generate a flood of help-desk calls for some companies whose software will need upgrades to work with Service Pack 2. [more]
Monday, 19 July 2004, 2:50 PM CET


Modeling security concerns in service-oriented architectures
The purpose of this paper is to provide a set of primitive modeling elements that allows the business stakeholders to specify the intent of security within the requirements process. [more]
Monday, 19 July 2004, 2:35 PM CET


California man charged in government hacking
A 20-year-old California man has been charged with hacking government computers, including two agencies within the Defense Department, and defacing government Web sites, the U.S. attorney's office said Friday. [more]
Monday, 19 July 2004, 2:32 PM CET


Virus linked to al-Qaida?
Is this another weapon of mass destruction which escapes detection? [more]
Monday, 19 July 2004, 2:31 PM CET


New Bagle variant seen in the wild
Antivirus software companies late Thursday and early Friday began warning e-mail users that the persistent Bagle virus has re-emerged in a new version, Bagle.AF or Beagle.AB. [more]
Monday, 19 July 2004, 2:29 PM CET


Securing Mac OS X
This paper addresses operating system hardening in terms of patching, administration roles and setting passwords. It also provides information on Apple Macintosh OS X network security: namely, basic firewall configuration and hardening of network services such as FTP, SSH and the Apache web server. [more]
Monday, 19 July 2004, 2:11 PM CET


Security expert Dave Wreski discusses open source security
Dave Wreski, CEO of Guardian Digital talks about how Guardian Digital is changing the face of IT security today. [more]
Monday, 19 July 2004, 1:14 PM CET


Fear factor
Largely the stuff of Hollywood films, cyber terrorism - politically motivated attacks intended to shock and terrify - has long been identified by security experts as a possible future conduit for terrorist groups. [more]
Monday, 19 July 2004, 1:03 PM CET


Cisco fortifies WLAN security
Cisco Systems Inc. is preparing to introduce products to its WLAN line that add support for AES, among other security and management features. [more]
Monday, 19 July 2004, 12:56 PM CET


NIST puts fingerprints to the test
A wide-ranging study of biometric fingerprint systems recently published by the National Institute of Standards and Technology could finally put to rest nagging doubts about the technology and help boost its use. [more]
Monday, 19 July 2004, 12:53 PM CET


RFID users say no privacy law needed
Privacy advocates cite the need to protect consumers from potential RFID abuses. [more]
Friday, 16 July 2004, 3:53 PM CET


Security concerns still plague wireless take-up
Wireless has many benefits, provided companies minimise the risks and rein in ad hoc networks. [more]
Friday, 16 July 2004, 3:46 PM CET


5 security myths
Like water, hackers take the path of least resistance. Today, this path leads over Secure Sockets Layer (SSL) to get past most corporate firewalls, where nothing exists between a hacker, a Web site and the information it holds. [more]
Friday, 16 July 2004, 3:40 PM CET


A novel authentication method for Apache
This article shows you step by step how to compile and configure mod_auth_ibmdb2 (an Apache authentication module) using IBM DB2 Universal Database (UDB) as the database for storing user and group information. [more]
Friday, 16 July 2004, 2:45 PM CET


BitDefender sees Al-Qaeda link in new Atak worm
The 'smart' worm that sleeps when scanned has sprouted a variant that appears to be written by someone claiming links to Al-Qaeda, according to antivirus firm BitDefender. [more]
Friday, 16 July 2004, 2:42 PM CET


Oxford hackers face punishment
Two students from Oxford University are facing disciplinary action after hacking into the university's computer. [more]
Friday, 16 July 2004, 2:42 PM CET


Worried firms consider email boycott
Security concerns threaten future of 'everyone's favourite killer app'. [more]
Friday, 16 July 2004, 2:41 PM CET


Security tops network wish list
Increased remote access changes corporate security priorities, finds survey. [more]
Friday, 16 July 2004, 12:35 PM CET


Charges against Amsterdam '419ers' dismissed
The Dutch Department of Justice yesterday suffered bitter defeat in a court case against thirteen West African men, who allegedly sent thousands of 419 or advance fraud fee letters through the Amsterdam cable network of UPC. [more]
Friday, 16 July 2004, 12:34 PM CET


Latest Bagle worm 'certainly successful'
Doing as much harm as MyDoom. [more]
Friday, 16 July 2004, 12:33 PM CET


HNS audio learning session: encryption applied
Alex van Someren, Chief Executive Officer at nCipher, talks about the process of encryption, the difference between symmetric and asymmetric encryption, need for hardware crypto accelerators and more. [more]
Thursday, 15 July 2004, 5:04 PM CET


Stopping PC spies at the gate
"For many years, I think we accepted the fact, 'Okay, I get to use this for free, so I don't care if they track Web sites I visit,'" Gartner's Richard Stiennon said. "Today, though, it's not as anonymous. Spyware gets us more junk mail and our name on lists, and it slows down our PCs." [more]
Thursday, 15 July 2004, 3:02 PM CET


iPods: weapons of network destruction
Music fans, beware: Britain's Ministry of Defense has become the latest organization to add the iPod to its list of high-tech security risks. [more]
Thursday, 15 July 2004, 3:01 PM CET


Defence Department computers hacked: report
Determined computer hackers broke through federal firewalls several times last year, gaining access to Defence Department networks. [more]
Thursday, 15 July 2004, 2:58 PM CET


Forensic computing uncloaks industrial espionage
Forensic computing techniques proved decisive in winning a recent High Court action involving underhand dealings and industrial espionage in Britain's automotive tools industry. [more]
Thursday, 15 July 2004, 2:43 PM CET


For lawmakers, identity theft a kettle of phish
The latest innovation in identity fraud typically begins with an unexpected e-mail message from a financial institution proclaiming something like: "Your account information needs to be updated due to inactive members, frauds and spoof reports." [more]
Thursday, 15 July 2004, 2:42 PM CET


Windows XP key to Microsoft's secure computing
Upgrade now if you want security, Redmond tells 2000 and 9x users. [more]
Thursday, 15 July 2004, 2:42 PM CET


Hackers put 'stolen' source code online
Code from Enterasys and Napster is being offered for sale online - and the group says that data can be provided 'to order'. [more]
Thursday, 15 July 2004, 2:33 PM CET


EDS tests security update tool
In the latest move towards keeping patch management as automated as possible, EDS is testing an update tool. [more]
Thursday, 15 July 2004, 2:20 PM CET


Swiped security
No more keys. No more six-digit PINs. No more passwords. A more secure environment where there's nothing to remember or lose – that's the goal of biometrics. [more]
Thursday, 15 July 2004, 2:19 PM CET


Software aims to secure mobile transactions
New security software will provide consumers with a more secure environment for electronic transactions using ARM powered mobile phones, payment terminals, set-top boxes and other consumer devices. [more]
Thursday, 15 July 2004, 2:17 PM CET


'Important' Windows flaw could turn critical
Security experts are bracing themselves for a spate of new worms and viruses designed to exploit of the seven new vulnerabilities announced by Microsoft on Tuesday as part of its monthly patch cycle. [more]
Wednesday, 14 July 2004, 5:06 PM CET


Worm wars
Companies are throwing up layers of protection as new worms and viruses appear at an ever-quickening pace. [more]
Wednesday, 14 July 2004, 4:49 PM CET


OpenVMS - hack-proof and crash resistant?
OpenVMS offers unmatched robustness for business-critical apps. [more]
Wednesday, 14 July 2004, 4:39 PM CET


Hacking for profit
The popular perception of the worm writer as a socially inadequate teenager who releases worms mainly to impress peers may no longer be entirely accurate. [more]
Wednesday, 14 July 2004, 4:36 PM CET


Microsoft announces security partnerships
It's time to get proactive, says Microsoft, which has announced partnerships with 25 companies aimed at working together to increase security. [more]
Wednesday, 14 July 2004, 4:35 PM CET


The art of UNIX programming - book review
Many books have been written about the UNIX operating system. Many of them are so-called cookbooks while others are packed with theoretical knowledge. This one is peculiar as it incorporates both types, packing the best material from each. [more]
Wednesday, 14 July 2004, 4:23 PM CET


Microsoft: 'Real progress' on security
Microsoft claims it has made "real progress" in the last year towards its goal of Trustworthy Computing but criticized businesses for failing to be more proactive on security. [more]
Wednesday, 14 July 2004, 3:44 PM CET


South Korean government agencies cyber attacked
South Korea's spy agency have said important government data may have been stolen during a spate of recent cyber-attacks launched from China. [more]
Wednesday, 14 July 2004, 3:42 PM CET


Microsoft warns of seven Windows flaws
Microsoft yesterday warned of seven security vulnerabilities, two of which it rated as 'critical'. [more]
Wednesday, 14 July 2004, 3:29 PM CET


Analysis: The network is the security
Analyst Jon Oltsik says the network security market will inevitably consolidate. Here's which company will come out on top... and which is the dark horse in the running. [more]
Wednesday, 14 July 2004, 3:28 PM CET


SSL VPNs energise security sales
Secure Sockets Layer catches up with IPSec for virtual private networks. [more]
Wednesday, 14 July 2004, 3:27 PM CET


Man is indicted in Verizon hacking case
A man has been charged with illegally infiltrating a computer at Verizon Communications more than 100 times this year, forcing the telecommunications company to spend at least $120,000 to retool its security system. [more]
Tuesday, 13 July 2004, 4:23 PM CET


Worm sleeps to avoid detection
The latest mass-mailing worm, Atak, hides by going to sleep when it suspects that antivirus software is trying to detect it. [more]
Tuesday, 13 July 2004, 4:08 PM CET


Biometric myths: six of the best
It is probably the hottest sector in the security field today. Yet the biometrics industry is weighed down with claims and counterclaims, fallacies and myths. While some of the myths are no doubt based on an element of historical or scientific truth, some are now so out of date or inaccurate that they are almost laughable. [more]
Tuesday, 13 July 2004, 3:00 PM CET


Microsoft further delays patching product, service
Microsoft Corp. has delayed a significant update to its patch management tool and its single patching service until the first half of next year because of security work it had to do first related to Windows XP. [more]
Tuesday, 13 July 2004, 2:09 PM CET


A gathering to hack the system
Hackers gather in New York City at the fifth annual Hackers on Planet Earth conference to discuss all the little ways that the government and corporations are turning technology against the people. [more]
Tuesday, 13 July 2004, 1:58 PM CET


Metasploit framework (part one)
This article provides an elaborate insight into the Open Source exploit framework, the Metasploit Framework, which is meant to change the future of penetration testing once and for all. Part one of three. [more]
Tuesday, 13 July 2004, 1:31 PM CET


Microsoft products also vulnerable to Mozilla flaw
Popular Microsoft Corp. products may be vulnerable to a security vulnerability that is similar to one patched for the Mozilla Web browsers last week. [more]
Tuesday, 13 July 2004, 1:04 PM CET


Symantec snaps up antispam firm
Security company Symantec has acquired antispam specialist TurnTide for $28 million in cash, a sign of further consolidation among makers of e-mail filters. [more]
Tuesday, 13 July 2004, 12:34 PM CET


Cost dictates security plans
Companies must ignore return on investment, and align security needs with the business. [more]
Monday, 12 July 2004, 2:25 PM CET


For hackers, shop talk, a warning and advice
Steve Wozniak, a founder of Apple Computer, was speaking to the choir Saturday at a conference in Midtown Manhattan, recalling an era when the word "hackers" referred to technological wizards, not rogue computer users. [more]
Monday, 12 July 2004, 2:14 PM CET


Go phish: Don't do it, or you'll have been scammed
According to a June 2004 article, "National Phishing Attack Launched," published in the newsletter of the Better Business Bureau, Internet scams designed to gain access to personal information for the purpose of identity theft are on the rise. [more]
Monday, 12 July 2004, 2:13 PM CET


IE suffers security concerns, loses market share
Internet Explorer last month saw its market share drop for the first time this century, according to WebSideStory. Total market share fell by 1 per cent in June. [more]
Monday, 12 July 2004, 1:59 PM CET


Security strategies ‘not working'
Today's strategies to defend networks against viruses, worms and Trojan horses are not working, says Gary Middleton, IT security specialist at Dimension Data. [more]
Monday, 12 July 2004, 1:04 PM CET


Interview with Bruce Hendrix, President and CEO of ServGate
In this interview Mr. Hendrix discusses online security threats, the spam problem, cyberterrorism, and more. [more]
Monday, 12 July 2004, 1:00 PM CET


Seeking clarity on security
Members of the federal Chief Information Security Officers Forum have sent a memo to the Office of Management and Budget seeking clarification of OMB's security reporting policies. [more]
Monday, 12 July 2004, 11:53 AM CET


Embracing strong passwords
Most of us are stuck with passwords and the management problems they cause. [more]
Monday, 12 July 2004, 11:52 AM CET


Automate backups on Linux
No excuses: do-it-yourself, secure, distributed network backups made easy. [more]
Monday, 12 July 2004, 11:43 AM CET


Windows vs. Linux security: No unbiased reports
Forrester Research published a report last March that came to the unlikely conclusion that Linux is no more secure than Windows. [more]
Monday, 12 July 2004, 10:43 AM CET


Alleged hacker is Microsoft employee
A man accused of hacking into search engine company AltaVista's computer systems about two years ago is now employed by Microsoft Corp, reportedly working on search technology. [more]
Monday, 12 July 2004, 10:38 AM CET


Security tool could prevent iPod risk
Pointsec Media Encryption secures corporate data on removable media. [more]
Friday, 9 July 2004, 3:22 PM CET


Commentary: patched in 60 seconds
Today it was announced that a vulnerability in the Mozilla and Firefox Web browsers allows the execution of arbitrary code in Windows NT, 2000, and XP systems. [more]
Friday, 9 July 2004, 11:21 AM CET


Service Pack deux?
Microsoft should make SP2 available to all users and backport the changes to older operating systems, or they risk putting profits ahead of security yet again. [more]
Friday, 9 July 2004, 5:27 AM CET


5 security myths
Like water, hackers take the path of least resistance. Today, this path leads over Secure Sockets Layer (SSL) to get past most corporate firewalls, where nothing exists between a hacker, a Web site and the information it holds. [more]
Friday, 9 July 2004, 5:24 AM CET


The convergence (or not) of security and operations event monitoring
Event monitoring is of interest from both a security and an operations perspective, but to date they have tended to be implemented separately with different toolsets. [more]
Friday, 9 July 2004, 5:23 AM CET


Analyst: UN needs warriors in spam battle
An international effort can wipe out spam by 2006, says an agency of the United Nations, the International Telecommunications Union. The group is sponsoring an ongoing anti-spam conference in Geneva that has drawn representatives of more than 60 countries and global organizations. [more]
Friday, 9 July 2004, 5:22 AM CET


An answer to security questions
Imagine being able to provide your customers with firewall, URL filtering, virus screening, spam filtering and VPN technologies all in one, cohesive secure platform. Not possible? [more]
Friday, 9 July 2004, 5:18 AM CET


Security spending rises, as do risks
Firms failing to follow best practice advice despite increasing their budgets. [more]
Thursday, 8 July 2004, 12:33 PM CET


Security threat growing in UK
But many users are ignoring best practice advice. [more]
Thursday, 8 July 2004, 12:32 PM CET


Security failures threaten online shopping
Over a million UK consumers have been victims of security breaches whilst shopping online, which is prompting them to turn their backs on large online brands. [more]
Thursday, 8 July 2004, 12:25 PM CET


Secure cores provide extra-smart cards
Toppan Printing Co, the world's second largest printing company, has developed an IC card with high-speed cryptographic processing capabilities using ARM SecurCore microprocessors. [more]
Thursday, 8 July 2004, 8:38 AM CET


Multi-layer intrusion detection systems
This article discusses mIDS, a system that brings together many layers of technology into a single monitoring and analysis engine, from integrity monitoring software such as TripWire, to system logs, IDS logs, and firewall logs. [more]
Thursday, 8 July 2004, 8:25 AM CET


New Internet Explorer exploit posted on the Web
Microsoft's efforts to neutralize its explosive security problems once again fell short as a Dutch computer-science student posted an exploit for the Internet Explorer flaw that the tech giant's latest patch was supposed to fix. [more]
Thursday, 8 July 2004, 8:13 AM CET


Scotland Yard and the case of the rent-a-zombies
Vast networks of home computers are being rented out without their owners' knowledge to spammers, fraudsters and digital saboteurs. [more]
Thursday, 8 July 2004, 8:12 AM CET


Old-school worm loves Windows applications
The latest variant of the Lovgate worm scans PCs for executable files and then renames them, a tactic used by viruses from a much older generation, according to antivirus companies. [more]
Thursday, 8 July 2004, 8:12 AM CET


Does 802.11i solve your WLAN security problems?
A wireless expert looks at what network managers can expect now that the 802.11i security standard is ratified. [more]
Wednesday, 7 July 2004, 4:46 PM CET


HNS audio learning session: digital certificates explained
Dr. Phillip Hallam-Baker, Principle Scientist and Web Services Security Architect at Verisign, talks about Public Key Cryptography and introduces the listeners to the importance of digital certificates. [more]
Wednesday, 7 July 2004, 2:24 PM CET


ITU wants spam dead within two years
Conference delegates call for international co-operation to defeat 'epidemic'. [more]
Wednesday, 7 July 2004, 2:13 PM CET


The attack of the $2 million worm
Internet-based business disruptions triggered by worms and viruses are costing companies an average of nearly $2 million in lost revenue per incident. [more]
Wednesday, 7 July 2004, 1:57 PM CET


Hacker college
Sporting long sideburns, a goatee and black baseball cap, US instructor Ralph Echemendia has a class of 15 buttoned-down corporate, academic and military leaders spellbound. [more]
Wednesday, 7 July 2004, 1:42 PM CET


The basket case for RFID
Radio-frequency chips are retail nirvana. They're the end of privacy. They're the mark of the beast. Peek inside the tag-and-track supermarket of the future. [more]
Wednesday, 7 July 2004, 1:34 PM CET


Password-stealing Trojan cut off at source
A malicious program that tried to steal banking passwords has been stopped, says Symantec. [more]
Wednesday, 7 July 2004, 1:26 PM CET


Blaming users for virus chaos?
The common rallying cry heard around IT Security departments is the need for more security awareness training for corporate users. [more]
Wednesday, 7 July 2004, 4:09 AM CET


Are you prepared for disaster? Is your data really protected?
Selecting a storage solution that will protect your company’s most valuable assets should disaster occur is about evaluating the particular needs of your organisation. [more]
Wednesday, 7 July 2004, 12:44 AM CET


Smartphone chips build in data security
Texas Instruments and ARM are working together on a security system for mobile and wireless devices. [more]
Tuesday, 6 July 2004, 4:20 PM CET


Front and back: KPGP and GPG
KGPG is a front-end to GPG, the GNU Privacy Guard. GPG was created to replace PGP, the popular encryption program. GPG is a common component in a Linux system - almost all package utilities use it for verification, for example. [more]
Tuesday, 6 July 2004, 4:08 PM CET


Network security analysis tools
This is the review of an extensive collection of network security analysis tools professionally integrated into a bootable Knoppix-based CD. [more]
Tuesday, 6 July 2004, 3:59 PM CET


iPods pose security risk for enterprises
The iPod may be popular, but also poses such a major security risk for businesses, that enterprises should seriously consider banning the iPod and other portable storage devices, according to a study by research firm Gartner Inc. [more]
Tuesday, 6 July 2004, 3:55 PM CET


Microsoft's patchwork mess
After the Download.Ject attack, Microsoft released a "configuration change" it wants people to apply to installations of the Windows XP, Windows Server 2003 and Windows 2000 operating systems. [more]
Tuesday, 6 July 2004, 3:42 PM CET


Microsoft, under attack, aims to offer security
Redmond giant to shore up the security of IE in the coming weeks. [more]
Tuesday, 6 July 2004, 3:22 PM CET


How to get falsely blacklisted for running an open spam relay
It's easy. Just sign up with an ISP that issues dynamic IP addresses. [more]
Tuesday, 6 July 2004, 3:04 PM CET


Bagle author releases 'dangerous' assembler code
Two new Bagle worm variants and the worm's original assembler source code were spreading around the Internet on Sunday - a dangerous development, according to security experts. [more]
Tuesday, 6 July 2004, 2:46 PM CET


Instant-messaging virus costs a man his job
A virus can transmit previous IM conversations to a user's buddy list without his or her consent - and with disastrous consequences. [more]
Tuesday, 6 July 2004, 2:39 PM CET


Microsoft battles against security failures
Security experts are warning that Microsoft's Internet Explorer (IE) browser is not safe to use. [more]
Tuesday, 6 July 2004, 2:27 PM CET


Hackers grab bank details with fake ad
The latest virus, with the file name img1big.gif, differs from other attacks on internet bank customers which have seen a big rise recently. [more]
Monday, 5 July 2004, 5:13 PM CET


The future of instant messaging - simple, secure, and self-managed
With encrypted IM, a unique key session between the user and the recipient ensures the authenticity of the exchange while providing valuable log data. The Secure Instant Messenger, a product of Validian, is poised to change how IM is handled at the enterprise level. [more]
Monday, 5 July 2004, 4:09 PM CET


IEEE approves 802.11i security spec
The IEEE has approved yet another specification in the 802.11 family of wireless ethernet. This time it's a new Wi-Fi security standard, dubbed 802.11i. [more]
Monday, 5 July 2004, 3:59 PM CET


The allure and curse of complexity
The curse of complexity is the bane of every security administrator, so UNIX users take your pick: would you like BSD or Linux? [more]
Monday, 5 July 2004, 3:33 PM CET


School teaches 'ethical hacking' to computer students
Sporting long sideburns, a goatee and black baseball cap, instructor Ralph Echemendia has a class of 15 buttoned-down corporate, academic and military leaders spellbound. The lesson: hacking. [more]
Monday, 5 July 2004, 2:46 PM CET


Managing network policy
Managing the complexities of large, distributed networks is a daunting task, with hundreds, even thousands, of mixed-vendor bridges, switches, routers and gateways. [more]
Monday, 5 July 2004, 2:45 PM CET


Route tracing with PHP
Based on the Net_Ping class, Net_Traceroute allows you to trace the route between your server and a remote host. [more]
Monday, 5 July 2004, 1:40 PM CET


Automatic backups with rsync and Anacron
This article and the presented backup procedure is intended for anyone wishing to keep an effective backup of their important data. [more]
Monday, 5 July 2004, 1:38 PM CET


First security scare hits next-generation Internet
The US Computer Emergency Readiness Team has issued alerts for some Juniper routers running IPv6. [more]
Monday, 5 July 2004, 1:31 PM CET


Army plans network fortification
But budget contraints hamper funding efforts this year. [more]
Monday, 5 July 2004, 1:29 PM CET


Microsoft finally patches IE Trojan vulnerability
Hey it's only been nine months... [more]
Monday, 5 July 2004, 1:28 PM CET


Enforcement is key to fighting cybercrime
The publication of a review of Britain's cybercrime laws by an influential group of MPs and peers this week has been welcomed by the IT industry. [more]
Friday, 2 July 2004, 7:22 PM CET


Microsoft IE security storm builds
Experts are warning users about Internet Explorer security risks. While the Mozilla or Opera Web browser may be a good choice for some consumers, enterprise alternatives are sketchy. [more]
Friday, 2 July 2004, 7:22 PM CET


Wiretap ruling could signal end of e-mail privacy
A federal appeals court ruling this week has put a spotlight on the increasingly public nature of e-mail messages and has unraveled expectations that e-mail would gain the same privacy protections as traditional communications. [more]
Friday, 2 July 2004, 7:18 PM CET


Spammers face tri-nation crackdown
UK, US and Australia join forces to investigate and prosecute spammers. [more]
Friday, 2 July 2004, 7:17 PM CET


A holistic approach to securing the enterprise
The continuance of malicious computer attacks has made security a front page topic in almost every board room and IT oversight committee. Most IT departments accept that routine updates to software operating environments are a necessary part of managing systems. [more]
Friday, 2 July 2004, 11:09 AM CET


PC World sells "new" hard drive with personal data
A hard drive sold as new in a major PC World outlet in London on Monday contained a couple's personal data including spreadsheets, VAT information and other sensitive information. [more]
Friday, 2 July 2004, 10:04 AM CET


Networking: Wi-Fi security still spotty
A year after WPA's launch, many products aren't certified. [more]
Friday, 2 July 2004, 9:57 AM CET


Experts debate security through diversity
The sheer number of worms and viruses directed at Microsoft Corp.'s Windows operating system and Internet Explorer browser have many in the computer industry wondering whether we would all be more secure if more users relied on alternatives to Microsoft's products. [more]
Friday, 2 July 2004, 9:54 AM CET


Upside-down security
How can companies hope to protect their data--and how can we hope to stop identity theft--when we ignore the most basic protection methods? [more]
Friday, 2 July 2004, 9:53 AM CET


Secure enough for a bank
In its New York location alone, the Fed maintains more that 10,000 discrete devices, including AS/400, HP-UX, Linux, Novell NetWare, and Sun Solaris servers, as well as a huge installed base of Microsoft Windows. The awesome responsibility of managing these assets falls on the shoulders of Sean Mahon, the New York Fed's vice president of system management. [more]
Friday, 2 July 2004, 9:50 AM CET


FBI opens new computer crime lab
The FBI opened a new lab Tuesday dedicated to detecting computer-related crimes and training federal, state and local police to catch Internet pedophiles, frauds and thieves. [more]
Thursday, 1 July 2004, 10:02 AM CET


Viruses, viruses everywhere
I never thought I would pine for the good old days in computing when me and my buddies would take turns typing in the peeks and pokes in endless listings from "RUN" magazine to make my Commodore 64 actually do something.
[more]
Thursday, 1 July 2004, 1:02 AM CET


Viruses putting small business off internet
Small businesses in Wales are being put off internet trading by computer viruses and spam, a report has revealed. [more]
Thursday, 1 July 2004, 1:01 AM CET


Hacker coughs up advice
You've got to "understand the dark side" to be a good guy in the computer-hacking world, says ethical hack specialist Mike Sues, and most computer users don't have the first clue about the dangers they face. [more]
Thursday, 1 July 2004, 1:00 AM CET


$1.5m 'hacker's heaven' for poly students
Homework gets a little unusual for some students at the Singapore Polytechnic, which has set up a $1.5 million computer centre so they can hack into it and make it crash. [more]
Thursday, 1 July 2004, 12:58 AM CET


Internet security: Who needs it? (You do)
The potential threats are many and varied, so protect yourself better than you believe you should or you could lose it all. [more]
Thursday, 1 July 2004, 12:53 AM CET


Experts outline e-voting security requirements
A panel of IT security experts yesterday proposed a series of detailed recommendations that they said state and local jurisdictions must act on immediately to ensure the security of electronic voting systems and the accuracy and transparency of the November presidential election. [more]
Thursday, 1 July 2004, 12:52 AM CET


Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //