Off the Wire

Off The Wire Archive

News items for July 2006

U.K. failing to come to grips with Internet fraud
The U.K. is trailing behind other countries in its efforts to track and investigate Internet fraud, according to a new report from the Attorney General's office. [more]
Monday, 31 July 2006, 6:05 PM CET

Crypto clues help solve prison murders
Bosses of an American racist prison gang have been convicted of murders and racketeering offences after investigators broke the encoded messages they used to order attacks. [more]
Monday, 31 July 2006, 5:18 PM CET

Fires prompt users to hasten hunt for backup alternatives
Blazes hit Iron Mountain facilities in London, Ottawa; investigations ensue. [more]
Monday, 31 July 2006, 11:32 AM CET

Microsoft adds "Previous Versions" support on the file system level
When is a deleted file really deleted? With Windows Vista, that answer gets complicated. [more]
Monday, 31 July 2006, 11:31 AM CET

Wordpress 2.0.4 fixes security issues
WordPress 2.0.4, the latest stable release the Duke series, is available for immediate download. [more]
Monday, 31 July 2006, 11:19 AM CET

Removable storage: the new breed
Storage formats such as tape have enjoyed year upon year of being in pole position as the format of choice for secondary backup, though in recent years hard disk technologies have caught up with the aging medium. [more]
Monday, 31 July 2006, 1:18 AM CET

Bot-slaying ISP hall of fame
"Botnets" - large armies of hijacked personal computers that bad guys use for everything from spamming to knocking Web sites offline - are a constant security threat to business and home users alike. [more]
Monday, 31 July 2006, 1:05 AM CET

Linux patch problems: Your distro may vary
With all the different distributions of Linux available -- many for free -- what distinguishes one over another? Most have the same set of standard bells and whistles. A few have support options that might be appealing for enterprise-level deployments. [more]
Monday, 31 July 2006, 1:02 AM CET

Public agencies working to close security gaps
Starting this fall, Palm Beach County students can win software worth $500 in a competition to spot the school district's computer network weaknesses. The "Hack Me" contest is among the school district's latest efforts to improve computer safety. [more]
Monday, 31 July 2006, 12:59 AM CET

L.A. counterterrorism center uses Memex for data sharing
It allows several law enforcement agencies to analyze tips in real time. [more]
Monday, 31 July 2006, 12:57 AM CET

Developers cry foul over Windows kernel security
Recently introduced security measures by Microsoft will make it more difficult to integrate third-party security tools with Windows, according to a rival personal firewall firm. [more]
Monday, 31 July 2006, 12:56 AM CET

Fingerprint tool guards multimedia content
Researchers at the University of Maryland have developed a digital fingerprinting technology that they say can better protect multimedia content from unauthorized copying and distribution. [more]
Monday, 31 July 2006, 12:54 AM CET

Cybercrime: When to call in the FBI
When a company thinks it might have been the victim of a cybercrime, it's not always easy to figure out when to call in the feds for help. [more]
Monday, 31 July 2006, 12:52 AM CET

The challenge in selling security
CSOs say they have a hard time getting their ideas accepted from the board level on down. [more]
Monday, 31 July 2006, 12:51 AM CET

Continued debate on desktop lockdowns
To make the case for unauthorized software bans more clear, Roger heads once more into the breach. [more]
Friday, 28 July 2006, 1:49 PM CET

Confessions of a cybermule
John Dillinger was a bank robber whose tool of trade was a machine gun. But in today's cybercrime era, the weapon of choice for "John Dillinger" is an MSR206, a card-writing machine used for encoding bank account numbers and other data onto the magnetic stripe of bank credit and debit cards. [more]
Friday, 28 July 2006, 10:23 AM CET

Hackers face prison time for boosting grades
A pair of California college students each face up to a year in prison for hacking into a professor's computer to give out bogus grades. [more]
Friday, 28 July 2006, 12:33 AM CET

Microsoft to push out IE7 as high priority update
Microsoft is apparently planning to ship Internet Explorer 7 out to Windows XP users as a "high priority" security update later this year, according to a company spokesperson. [more]
Friday, 28 July 2006, 12:31 AM CET

In separate incidents, three laptops stolen; data at risk
Two of them were being used by Navy recruiters. [more]
Friday, 28 July 2006, 12:28 AM CET

Cisco VPNs open to DoS attacks
The vulnerability lies in the Internet Key Exchange Protocol, which enables remote IPsec VPN access. [more]
Friday, 28 July 2006, 12:28 AM CET

Backing up your network with RANCID
A couple of years ago, my employer, a large state university, was looking for an open source replacement for CiscoWorks to assist us in backing up our network configurations. We found RANCID (Really Awesome New Cisco config Differ), tried it, and have used it ever since. [more]
Thursday, 27 July 2006, 7:21 PM CET

Kazaa makers settle piracy suits
The company that produced software called Kazaa, which made it simple for millions of computer users to download music and movies over the Internet, has agreed to pay more than $115 million to the entertainment industry to settle global piracy lawsuits, the industry said Thursday. [more]
Thursday, 27 July 2006, 7:20 PM CET

Firefox users need to update (again)
The Mozilla Foundation has released an updated version of Firefox following the discovery of multiple security vulnerabilities involving the popular browser software. [more]
Thursday, 27 July 2006, 4:24 PM CET

More than 95% of e-mail is 'junk'
More than 95% of e-mail is junk, be it spam, error messages or viruses, report mail monitoring firms. [more]
Thursday, 27 July 2006, 1:17 PM CET

Security training highlights need for continuity planning
When an IT environment spans the vast, complex landscape of state government, it's nearly impossible to stop every threat from cyberspace and the physical world. [more]
Thursday, 27 July 2006, 1:16 PM CET

How bot those nets?
What could you do if you controlled a network of thousands of computers -- or, at least, could use the spare processor cycles on those machines? [more]
Thursday, 27 July 2006, 10:57 AM CET service falls victim to cross site scripting attack
Online vandals have hacked the service using a cross-site scripting attack. [more]
Thursday, 27 July 2006, 10:54 AM CET

Chip offloads WiFi security, encryption
Connect One is shipping a secure IP (Internet protocol) coprocessor chip aimed at adding encrypted WiFi connectivity to cost-constrained machine-to-machine (M2M) applications. [more]
Thursday, 27 July 2006, 1:46 AM CET

Visa looks to bolster security with PCI classification changes
Visa U.S.A. Inc. has changed the way it classifies merchants under its Payment Card Industry (PCI) data security standards program, which will require about 1,000 merchants to meet more rigorous compliance-validation standards. [more]
Thursday, 27 July 2006, 12:39 AM CET

Wifi links vulnerable even with encryption
Free tools crack WEP and WPA with ease, McAfee expert warns. [more]
Thursday, 27 July 2006, 12:38 AM CET

India buffing its data security image
A new regulatory agency in India will set privacy and security standards for offshore IT services and monitor its members to ensure they are following them. Punishment for breaches may include expelling the guilty members or turning them over to law enforcement.

Thursday, 27 July 2006, 12:21 AM CET

Savings body turns screw on identity theft
NSI plans two-factor authentication devices for online customers. [more]
Thursday, 27 July 2006, 12:14 AM CET

The life and death of Russia’s spam king
He withheld pay from employees, enraged government officials, and flooded Russia with 25 million emails a day. Then one morning, Vardan Kushnir’s mother found his bloodied body on the bathroom floor, skull bashed in. [more]
Wednesday, 26 July 2006, 12:39 PM CET

Japanese agencies vulnerable to viruses
A large number of computers at Japanese ministries and police agencies are dangerously vulnerable to cyber attacks and viral infections, a government survey, quoted in an AFP report, said. [more]
Wednesday, 26 July 2006, 7:30 AM CET

Judge dismisses phone records lawsuit
Citing national security, a federal judge Tuesday threw out a lawsuit aimed at blocking AT&T Inc. from giving telephone records to the government for use in the war on terror. [more]
Wednesday, 26 July 2006, 7:30 AM CET

IP encryption expected to restore trust with consumers
A conference panel backs the IP encryption proposal, but design engineers want a model that offers them greater visibility into the IP. [more]
Wednesday, 26 July 2006, 3:30 AM CET

Hackers target latest Windows flaws
One of the exploits targets a vulnerability in the DHCP Client Service that could lead to a buffer overflow, allowing an attacker to take control of a system. The flaw affects several versions of Windows including XP and Server 2003. [more]
Wednesday, 26 July 2006, 3:25 AM CET

Will industry rescue the identity card?
The private sector should take a bigger role in the national ID card scheme, say experts. [more]
Wednesday, 26 July 2006, 3:16 AM CET

Trojan spoofs Firefox extension, steals IDs
An identity-stealing keylogger that disguises itself as a Firefox extension and installs silently in the background was discovered Tuesday by security vendor McAfee. [more]
Wednesday, 26 July 2006, 3:12 AM CET

People-chipping tech cloned by hackers
Hackers demonstrated how to clone a copy of an human-implanted RFID chip at a hacking conference this week. The demonstration goes against claims from people-chipping firm VeriChip that its technology, the subject of the experiment, can uniquely identify an individual. [more]
Wednesday, 26 July 2006, 2:15 AM CET

Beyond encryption: VoIP security risks
Apart from the security of your own VoIP traffic, you need to be concerned whether your networking resources are being used without your knowledge or permission to route other people's VoIP traffic. [more]
Wednesday, 26 July 2006, 2:09 AM CET

Ethereal on Mac OS X
Ethereal is a GUI application that requires some flavor of X11 on your Mac and Fink will need the developer tools to compile some packages from source. [more]
Wednesday, 26 July 2006, 1:17 AM CET

Retailers fail to pass security test
Until the standard is revised and merchants get the PCI guidance they need, it doesn't make sense for the credit card associations to start doling out fines. [more]
Wednesday, 26 July 2006, 12:58 AM CET

The smart traveler's guide to data theft protection
Travelers are even more open to identity theft than normal users. [more]
Wednesday, 26 July 2006, 12:47 AM CET

HOPE closes with social engineering
New York conference winds up for another two years. [more]
Wednesday, 26 July 2006, 12:39 AM CET

Attackers exploit latest Microsoft flaws
Exploit code for three vulnerabilities detected in the wild. [more]
Wednesday, 26 July 2006, 12:30 AM CET

Yahoo, Symantec offer security bundle
Yahoo, in partnership with Symantec, launched an Internet security software suite dubbed Norton Internet Security and designed to protect online users from threats like viruses and spyware. [more]
Wednesday, 26 July 2006, 12:26 AM CET

British Library to secure digital content
The British Library is adopting a new data security system that will enable it to safely store the content of its National Digital Library, which will contain everything from digitised versions of centuries-old manuscripts to digital journals and web archives. [more]
Wednesday, 26 July 2006, 12:21 AM CET

US public wary of e-passport security
Fueled by inaccurate speculation, a tide of popular concern is rising about the security of the new "e-passports" the United States government will begin issuing to its citizens next month. [more]
Wednesday, 26 July 2006, 12:10 AM CET

PHP encryption for the common man
In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. [more]
Wednesday, 26 July 2006, 12:02 AM CET

Malware evolution: Mac OS X vulnerabilities 2005 - 2006
This article looks at vulnerabilities detected in Mac OS X in the first half of 2006. It compares these vulnerabilities to those detected in the first half of 2005, providing an overview of the evolution of threats targeting this increasingly popular platform. [more]
Tuesday, 25 July 2006, 6:32 PM CET

Honeypots and User-Mode-Linux (UML)
In technical terms, a honeypot performs a function very similar to that of a “honeypot” in the outside world: a sweet lure. [more]
Tuesday, 25 July 2006, 11:43 AM CET

Government acts on cyber-bullies
The government is publishing guidelines to help schools, parents and pupils tackle the issue of "cyber-bullying". [more]
Tuesday, 25 July 2006, 11:42 AM CET

Windows Firewall: the best new security feature in Vista?
It is interesting how some of the best security features in Windows receive either no attention, or get criticized for the strangest reasons. [more]
Tuesday, 25 July 2006, 11:40 AM CET

Hacked sites cause headaches
Many Web site owners are feeling the pain of hack attacks. Here's what you should know. [more]
Tuesday, 25 July 2006, 11:31 AM CET

How to access the true Administrator account in Windows Vista
Microsoft has hidden the Administrator account in Vista, but it's easy to resurrect once you know how to find it. [more]
Tuesday, 25 July 2006, 3:08 AM CET

A DIY SSL VPN with SSL-Explorer, part 1
In this two-part series, we will explore a very popular open source SSL VPN from 3SP Ltd. called SSL Explorer. [more]
Tuesday, 25 July 2006, 2:37 AM CET

Hackers fight authority in NYC
The Man keeping you down? The sixth-annual Hackers on Planet Earth conference doles out briefings on picking locks, jamming phones and beating wiretaps. There was only one arrest. [more]
Tuesday, 25 July 2006, 2:07 AM CET

Ransomware getting harder to break
Hackers may soon be pushing out ransomware packages so complex that they're beyond the decryption capabilities of the anti-virus industry, according to a study by Russian anti-virus firm Kaspersky Lab. [more]
Tuesday, 25 July 2006, 2:01 AM CET

6 steps to protect your wireless network
It doesn't take a lot of extra work or money to secure your network. [more]
Tuesday, 25 July 2006, 1:51 AM CET

IRS warns of new e-mail scam
The agency has noted an uptick in phishing attempts since last fall. [more]
Tuesday, 25 July 2006, 1:24 AM CET

Microsoft bets big on Vista security
Symantec report suggests Windows' new code will introduce new security problems. [more]
Tuesday, 25 July 2006, 1:03 AM CET

Hackers use AI to uncover vulnerabilities
Artificial intelligence (AI) software is now being widely used by hackers to find formerly undiscovered application vulnerabilities, security experts have warned. [more]
Tuesday, 25 July 2006, 12:59 AM CET

A sneakier kind of spam
A new strain of spam popping up in e-mail boxes is confounding consumers and corporate security officials. [more]
Tuesday, 25 July 2006, 12:56 AM CET

Unsolicited credit card push irks security researchers
A top UK security expert has criticised the practice of issuing unsolicited credit cards. [more]
Tuesday, 25 July 2006, 12:41 AM CET

Security is more than rules
Australian security professionals are better trained, happier with their budgets and have better security in place than they were a year ago, according to research by analyst Gartner. [more]
Tuesday, 25 July 2006, 12:30 AM CET

The most secure laptop
Laptops have become a huge hole this year that private data, mostly customer financial and medical information, has been pouring out of. [more]
Tuesday, 25 July 2006, 12:25 AM CET

'Anti-spyware' Trojan hits 100,000 UK firms
Social engineering never goes out of fashion. [more]
Tuesday, 25 July 2006, 12:12 AM CET

Hackers using new tools to exploit vulnerabilities
Much like in the physical world, the security of the virtual world seems more precarious all the time. [more]
Tuesday, 25 July 2006, 12:08 AM CET

Organizations not doing enough to secure data
A holistic approach is needed to help small, and big, customers alike secure their content, according to Peter Christy, a principal at Internet Research Group. [more]
Monday, 24 July 2006, 3:53 PM CET

Recovery specialists bring data back from the dead
Data recovery specialists describe how their methods match the changing needs of their customers. [more]
Monday, 24 July 2006, 3:40 PM CET

Warning over Sky TV scam
Credit card fraudsters are targeting Sky TV subscribers with a new two-part scam. [more]
Monday, 24 July 2006, 3:39 PM CET

PI arrested at hacker convention
A private detective has been arrested by the FBI at a hacker convention just minutes before he was due to lead a discussion on privacy. [more]
Monday, 24 July 2006, 1:14 PM CET

Companies take costly steps to secure laptops
Big U.S. companies are taking tough measures to shore up laptop security amid a rash of thefts. [more]
Monday, 24 July 2006, 12:40 PM CET

Continuous data protection
Backup and recovery operations are the focus of business continuity and data protection plans and often the main source of anxiety for IT departments. Few businesses are fully satisfied with their backup and recovery solutions. Not only must data be protected from complete site failures, such as those resulting from natural disasters, data must also be protected from corruption or data loss, such as that resulting from a computer virus or human error. [more]
Monday, 24 July 2006, 12:39 PM CET

Voice phishers work harder to get your number
Scammers have begun using the telephone to harvest data for use in identity theft and credit card fraud, and VoIP is making it easier for them to cover their tracks. [more]
Monday, 24 July 2006, 12:54 AM CET

Fake Google website hides Trojan horse
Scammers have set up an exact copy of the download page for Google’s Toolbar plug-in in an attempt to lure users to download a Trojan back door. [more]
Monday, 24 July 2006, 12:36 AM CET

After an exploit: mitigation and remediation
As we all know, prevention, detection and response are our three main lines of defence against threats, with a good administrator putting most focus on prevention. [more]
Monday, 24 July 2006, 12:30 AM CET

Top-secret world loses blogger
CIA contractor is fired when internal post crosses the line. [more]
Monday, 24 July 2006, 12:27 AM CET

Flaw finders lay siege to Microsoft Office
Responding to a steady influx of flaws in the company's Office productivity suite has occupied many of Microsoft's programmers since late 2005. [more]
Monday, 24 July 2006, 12:25 AM CET

Security spend depends on past investment, says Gartner
Those who have kept up-to-date with security won't need to spend so much, analyst firm says. [more]
Monday, 24 July 2006, 12:20 AM CET

Old UTM is still new in network security
They'll always be with us in the wooly corners of the Web: attackers bent on breaking your network system, stealing your data, pilfering funds, or letting their fingers do the walking through your e-mail and IM threads. [more]
Monday, 24 July 2006, 12:03 AM CET

The insecure pleasures of wi-fi
Today I was travelling in the Netherlands by train. One of the great things is that major stations have their own wi-fi access. When we stopped at a station, as usual I wanted to check my emails while waiting for the train to move on. [more]
Friday, 21 July 2006, 7:03 PM CET

Gartner slams government security guidelines
Nothing but a PR stunt, claims analyst. [more]
Friday, 21 July 2006, 6:58 PM CET

Password size does matter
Length is more important than complexity when it comes to secure passwords - and here's a $100 wager to prove it. [more]
Friday, 21 July 2006, 1:58 PM CET

FBI: curbing cyber crime requires "digital Enron"
Major online catastrophy needed to create awareness. [more]
Friday, 21 July 2006, 11:00 AM CET

Judge: NSA case can proceed
In a landmark ruling Thursday, a federal judge forcefully refused to dismiss a civil liberties group's lawsuit against AT&T. [more]
Friday, 21 July 2006, 10:59 AM CET

Bogus PI coughs to ID theft charges
A US man who fraudulently accessed the details of thousands on a credit reference database pleaded guilty this week to ID theft-related charges. Brian Dill, 33, of Simi Valley, California, claimed to be a private investigator in order to access privileged information on the Merlin Information Services database. [more]
Friday, 21 July 2006, 10:58 AM CET

Point and click DDoS attacks
Seems like the Internet's bad guys have automated all their attacks these days. [more]
Friday, 21 July 2006, 2:38 AM CET

Free tool scans sites for threats
The tool, called LinkScanner, allows users to enter a URL, and then the tool checks the target page for threats and exploits and reports back on its findings. [more]
Friday, 21 July 2006, 2:35 AM CET

Researchers look to predict software flaws
Want to know how many flaws will be in the next version of a software product? Using historical data, researchers at Colorado State University are attempting to build models that predict the number of flaws in a particular operating system or application. [more]
Friday, 21 July 2006, 2:30 AM CET

Feature: Linux free, easy and secure
Linux is free to modify and distribute, safer than other systems and easier than ever to use. Find out how to get it, install it and use the open-source OS. [more]
Friday, 21 July 2006, 1:29 AM CET

Casino hackers
When a gambling town falls hard for the computer network. [more]
Friday, 21 July 2006, 1:29 AM CET

OPM outlines plan for meeting security clearance needs
The Office of Personnel Management hopes to cut the average time it takes to reinvestigate federal employees and contractors for security clearances by more than half by the end of fiscal 2007. [more]
Friday, 21 July 2006, 1:27 AM CET

Security sector rethinks common virus names
Seeking end user input as the number of major outbreaks drops. [more]
Friday, 21 July 2006, 1:25 AM CET

Control-systems security to be taught
Federal scientists who study how hackers try to break into computer-based controls for nuclear reactors and other automated industrial systems are passing the secrets on to the private operators of such facilities. [more]
Friday, 21 July 2006, 1:24 AM CET

Content security trends
System and network security is consistently one of the top priorities for IT managers and has been since the ubiquity of the Internet wrought dramatic changes on most businesses. Early security measures focused on virus threats to PC clients and later on protecting internal networks from rogue attacks from the public Internet. [more]
Friday, 21 July 2006, 1:24 AM CET

PayPal XSS exploit available for two years?
The cross-site scripting (XSS) vulnerability, which was harnessed by fraudsters to execute a convincing phishing attack against PayPal users, may have been exploitable for two years previously. [more]
Thursday, 20 July 2006, 4:47 PM CET

Tips for implementing encryption on stored data
Here’s how I would approach the organizational behavior change needed to ensure that sensitive data on all storage media in the organization is protected. [more]
Thursday, 20 July 2006, 1:50 PM CET

Security validation of OpenSSL encryption tool uncertain
The group that certified the technology has changed its mind - again. [more]
Thursday, 20 July 2006, 11:39 AM CET

Security pros wrestle with data overload
First, the good news: IT administrators have a ton of data about information security. The bad news, of course, is that IT administrators have a ton of data about information security. [more]
Thursday, 20 July 2006, 11:38 AM CET

Security: The adventure continues - SELinux
An advantage of upgrading to the latest Fedora Core version (5) is the latest and greatest in SELinux advances. [more]
Thursday, 20 July 2006, 11:34 AM CET

Weakest link in app security is customization
The customization of off-the-shelf software is the weakest link in application security. This is particularly true for widely used enterprise products such as SAP and Oracle, according to Gartner research director Rich Mogull. [more]
Thursday, 20 July 2006, 11:33 AM CET

Cisco to be under scrutiny again at Black Hat
Though some high-profile researchers not slated to present. [more]
Thursday, 20 July 2006, 5:50 AM CET

Jury returns guilty verdict against UBS sys admin
The jury entered guilty verdicts on two of the four charges against Roger Duronio, once a systems administrator for UBS PaineWebber, for launching a 2002 attack that brought down parts of his former employer's network. [more]
Thursday, 20 July 2006, 4:06 AM CET

Hacked ad seen on MySpace served spyware to a million
An online banner advertisement that ran on and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company. [more]
Thursday, 20 July 2006, 3:58 AM CET

How small firms lock down data
The readers substitute for passwords when employees access company databases. Workers must be physically in the office to press their fingers on the readers so the devices can verify they're company employees. [more]
Thursday, 20 July 2006, 3:40 AM CET

Will Microsoft muzzle the software that cries wolf?
Despite the WGA flap, Microsoft looks to Genuine Advantage for Office. [more]
Thursday, 20 July 2006, 3:26 AM CET

Experts tell Congress U.S. e-voting security is flawed
Security experts told Congress on Wednesday (July 19) that the federal qualification process for electronic voting machines is flawed. [more]
Thursday, 20 July 2006, 3:01 AM CET

The state of spam
Filters have gotten so effective at keeping junk e-mail away from users that there's little public outcry against spam today. But behind the scenes, the problem is worse than ever--and it could mask a serious, real-world threat. [more]
Thursday, 20 July 2006, 2:30 AM CET

Microsoft tweaks IIS patch
Microsoft has tweaked one of the security updates it released last week, after customers reported installation problems. [more]
Thursday, 20 July 2006, 1:44 AM CET

Digital vault thwarts hackers
With 63 million American adults banking online and millions falling victim to identity theft, GuardID Systems is shipping 250,000 ID Vaults. [more]
Thursday, 20 July 2006, 1:38 AM CET

Web services next battlefront for hackers
Web services security and compliance with the Payment Card Industry (PCI) Data Security Standards are top-of-mind customer concerns that the latest version of Watchfire's AppScan Web application vulnerability assessment software aims to address. [more]
Thursday, 20 July 2006, 1:21 AM CET

Online fraudsters love webmail - true
Online fraudsters favour easy to set-up webmail accounts when perpetrating online fraud. Yahoo! accounts come first in a list of the top ten email addresses used by online card fraudsters compiled by Early Warning UK, a scheme set up to help retailers avoid credit card fraud. [more]
Thursday, 20 July 2006, 12:47 AM CET

HP's Memory Spot poses security risks
Danger posed by the tiny chips can be managed, however, experts say. [more]
Thursday, 20 July 2006, 12:32 AM CET

Hackers striking databases in record numbers
Databases are under increasing assault from SQL injection attacks. [more]
Thursday, 20 July 2006, 12:30 AM CET

Symantec: Vista probably 'less stable' than XP
The networking technology underpinning Windows Vista may be less stable on release that that behind Windows XP, according to an analysis by security firm Symantec. [more]
Thursday, 20 July 2006, 12:22 AM CET

HP unveils RFID's future competitor
Hewlett-Packard unveiled a memory chip the size of a tomato seed on Monday in its Palo Alto laboratories. The tiny chip, called the Memory Spot, can be attached unobtrusively to any object and carry media or data. [more]
Wednesday, 19 July 2006, 3:22 PM CET

Recovering from file system corruption using TestDisk
We've all been there. We press the wrong key, we do some silly mistake, and suddenly, one or more of our file systems refuse to work. Whenever this happens, the first thing we hear is "You should have made a backup", the dreaded sentence that we'll never listen to. Let's face it, we're stupid, and we don't backup. [more]
Wednesday, 19 July 2006, 11:36 AM CET

LaCie Safe 250GB biometric hard drive
You don't have to have filled you hard drive with scandalous shots of your holiday to the fleshpots of the Far East to want to keep your files safe from prying eyes. [more]
Wednesday, 19 July 2006, 11:32 AM CET

Hacking Digital Rights Management
Like a creeping fog, DRM smothers more and more media in its clammy embrace, but the sun still shines down on isolated patches of the landscape. [more]
Wednesday, 19 July 2006, 11:02 AM CET

Punish spying? I must be abroad
While the United States is embroiled in debate over continuing revelations of official eavesdropping, data mining and other surveillance programs, democracies in Asia and Europe are grappling with similar wiretapping scandals of their own. [more]
Wednesday, 19 July 2006, 10:24 AM CET

Oracle patches 65 holes with security round
The patches, released Tuesday, address problems in its database, application server, and e-business suite products. [more]
Wednesday, 19 July 2006, 9:42 AM CET

Secure authentication with the new IEEE 802.1x standard
The IEEE 802.11 standard used WEP (Wired Equivalent Privacy) to provide authentication and privacy for a wireless LAN (WLAN). However, WEP has well-known vulnerabilities: it is unsafe at any key length and many consider its RC4 algorithm to be very weak. [more]
Wednesday, 19 July 2006, 7:56 AM CET less secure than Microsoft Office? has been increasing in both popularity and visibility over the past several months. [more]
Wednesday, 19 July 2006, 7:42 AM CET

Vulnerability found in D-Link routers
Patches are available for the vulnerability, which affects D-Link's consumer-grade routers. [more]
Wednesday, 19 July 2006, 6:46 AM CET

Breach rules toughened for federal agencies
The White House's Office of Management and Budget instructed U.S. federal agencies to alert the US-CERT within one hour to any breach involving personally identifiable information, even if the possibility of a breach is only suspected. [more]
Wednesday, 19 July 2006, 6:29 AM CET

New U.S. government security guidelines need more clarity
New Office of Management and Budget incident-reporting guidelines represent a step forward for U.S. government information security. But the government's definitions of security incidents are still too imprecise to be truly effective. [more]
Wednesday, 19 July 2006, 6:16 AM CET

Cisco updates CCIE tracks with beta, equipment changes
Cisco Systems announced last week changes to its Cisco Certified Internetwork Expert certification tracks for Service Provider (SP) and Routing & Switching (R&S). [more]
Wednesday, 19 July 2006, 5:31 AM CET

MS hires rootkit sleuth
Microsoft Corp. has acquired Winternals Software LP, the company co-founded by rootkit detective Mark Russinovich. [more]
Wednesday, 19 July 2006, 5:24 AM CET

Ethical, educated or neither?
I recently read about the "Ethical Hacking and Countermeasures" degree being offered by a Scottish university. [more]
Wednesday, 19 July 2006, 4:52 AM CET

USDA employees identity safe
The U.S. Department of Agriculture announced that personal identity information was neither downloaded nor transferred outside the department’s computer system last month when it was illegally accessed. [more]
Wednesday, 19 July 2006, 4:21 AM CET

Microsoft sues resellers for piracy
Microsoft Corp. has filed 26 lawsuits against alleged dealers of pirated software in seven U.S. states, the company said Tuesday. [more]
Wednesday, 19 July 2006, 4:02 AM CET

Open source blamed for malware development
Malware authors are adopting open source development models to develop more potent threats. [more]
Wednesday, 19 July 2006, 3:48 AM CET

EMC + RSA = New force in data security
It's always interesting to see the public response to a game-changing acquisition, namely EMC buying RSA Security. This deal changes the security landscape, so I need to come up with a new name for EMC. How about EMCecurity (pronounced E-M-See-curity)? I kind of like that. [more]
Wednesday, 19 July 2006, 3:30 AM CET

Bot masters fool with Paris Hilton
The simple life, unless you're the one battling the malware. [more]
Wednesday, 19 July 2006, 3:19 AM CET

Manage source code using Git
Git is the open source revision control software that Linus Torvalds developed to help manage Linux kernel development. [more]
Wednesday, 19 July 2006, 3:14 AM CET

Create a secure Linux-based wireless access point
Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. [more]
Wednesday, 19 July 2006, 12:56 AM CET

Essential security software for Mac OS X users
There's a plethora of Mac OS X security software available but some have proven to be quite exceptional and essential for anyone interested in computer security. Here is a list of tools you all should have in your Applications folder. [more]
Tuesday, 18 July 2006, 11:59 PM CET

FBI consultant spared jail in password case
An FBI computer consultant who pleaded guilty to hacking the secret passwords of Director Robert Mueller and others will not serve any time in prison, a federal judge has ruled. [more]
Tuesday, 18 July 2006, 9:15 PM CET

Criminals exploit net phone calls
Malicious hackers are turning to net phone systems in a bid to trick people into handing over personal details. [more]
Tuesday, 18 July 2006, 9:14 PM CET

How to restore a hacked Linux server
In most cases if you have a system compromise at root level, you will hear that you have to fully reinstall the system and start fresh because it will be very hard to remove all the hidden files the attacker has placed on the system. [more]
Tuesday, 18 July 2006, 9:11 PM CET

Asterisk VoIP platform open to DDoS attacks
A flaw in the Asterisk IP PBX platform reported last week could result in a denial-of-service attack that would disrupt a business' VoIP or VoIP-to-PSTN gateway service. [more]
Tuesday, 18 July 2006, 9:10 PM CET

Biometric security helps track sex offenders
Biometric Intelligence & Identification Technologies has announced that it has unveiled new cutting edge technology and a database that for the first time, registers and tracks convicted sex offenders using iris recognition biometric technology. [more]
Tuesday, 18 July 2006, 9:08 PM CET

The case for educating security practitioners
The trouble is that many businesses still believe that the IT manager, who used to take care of accounting systems and terminals, is the same individual who should design web sites, upkeep software patches and upgrades, maintain security, and even do system repairs. [more]
Tuesday, 18 July 2006, 9:07 PM CET

Unilever secures its laptops
Unilever is to use Iron Mountain to backup up laptops. [more]
Tuesday, 18 July 2006, 9:06 PM CET

Google-based malware search tool surfaces
The creator of the Metasploit hacking tool has released code that can be used to find malicious software using specially-crafted Google search queries. The malware search engine created by H.D. Moore can be found here. [more]
Tuesday, 18 July 2006, 9:05 PM CET

Bots, Google hacks: the Internet 'storms'
Windows, Linux or Mac - does operating system or platform matter to hackers? Not necessarily, according to research from Fortify Software, an application security provider. [more]
Tuesday, 18 July 2006, 2:50 AM CET

Online banks strengthen security
There's no such thing as bulletproof security. But if done in layers and tied into fraud detection systems, multifactor authentication might make online banking safer than banking offline, experts say. [more]
Tuesday, 18 July 2006, 2:42 AM CET

Oracle owns up to patching problems
Database giant Oracle Corp. has faced mounting criticism of its security patching process during the last two years. [more]
Tuesday, 18 July 2006, 1:53 AM CET

Viruses leap to smart radio tags
Computer viruses could be about to take a giant leap and start spreading via smart barcodes, warn experts. [more]
Tuesday, 18 July 2006, 1:44 AM CET

Secure chip program seeks to extend DoD foundry effort
The Pentagon wants to extend its trusted foundry program to develop new chip-making technologies that would serve as a backup if foundry acccess is disrupted. [more]
Tuesday, 18 July 2006, 1:39 AM CET

Are virus writers the new entrepreneurs?
Modern virus writers and the criminal operations which pay for their skills are looking ever more like real businesses according to one security expert, who even likened them to dot-com start-ups. [more]
Tuesday, 18 July 2006, 1:21 AM CET

Juniper shows off its funk(y) new security tools
Juniper Networks on Monday plans to unveil revamped policy management and authentication tools from its acquisition of Funk Software last year. [more]
Tuesday, 18 July 2006, 1:02 AM CET

Security through RAID on Mac OS X
I always thought it would be nice to have a “key” to a computer, or a hard drive, and unless you encrypt your drive anyone can mount it on a different computer and pull data off of it. While my method will probably won’t work so great against the government, it should against parents / siblings / school staff. [more]
Tuesday, 18 July 2006, 12:53 AM CET

AOL offers PC protection package
Total Care represents an effort by AOL to stem the tide of defections among its customers to broadband DSL and cable providers. [more]
Tuesday, 18 July 2006, 12:44 AM CET

Controversial security report finds lower losses
The Computer Security Institute released their annual survey last week finding that corporate losses due to cybersecurity incidents had fallen for the fifth straight year, but critics questioned the study's methodology. [more]
Tuesday, 18 July 2006, 12:35 AM CET

Worm hits MySpace
A worm spreading through MySpace is embedding JavaScript code into users' profiles that redirects visitors to a site claiming the U.S. government was behind the 9/11 terrorist attacks, a security company warned Monday.
Tuesday, 18 July 2006, 12:22 AM CET

Cisco broadens security family
Cisco launches new security appliances; beefs up IOS security. [more]
Tuesday, 18 July 2006, 12:02 AM CET

How do you fit into the security community?

At the risk of being attacked for promoting stereotypes or hurting feelings, I decided to share a few thoughts on this subject. What group describes you? [more]
Monday, 17 July 2006, 6:16 PM CET

2006 the 'year of cyber-crime'
SMEs are the most vulnerable, says report. [more]
Monday, 17 July 2006, 6:11 PM CET

Hackers learn from open source
Hackers are taking a page from the open-source playbook, using the same techniques that made Linux and Apache successes to improve their malicious software, according to McAfee Inc. [more]
Monday, 17 July 2006, 6:10 PM CET

Trojan downloader uses Zidane lure
Nefarious virus writers are using continued interest in Zinedine Zidane's infamous headbut in the World Cup final in order to distribute malware via a malicious website (screen shot here) that poses as an official FIFA World Cup 2006 website. [more]
Monday, 17 July 2006, 6:09 PM CET

The next data breach could mean your IT job
From the VA to Ohio University, IT pros have lost their jobs over lost data. Businesses, meanwhile, refuse to take security training seriously. [more]
Monday, 17 July 2006, 3:59 PM CET

IBM releases anti-DoS, worm tool
IBM has launched new software that will allow IT departments, telecom service providers and IT outsourcing companies to respond proactively to security threats like denial of service attacks and worms as they happen. [more]
Monday, 17 July 2006, 3:26 PM CET

Daily flaws ratchet up debate
HD Moore is used to polarising the vulnerability-research community. [more]
Monday, 17 July 2006, 3:23 PM CET

Security mergers set to benefit buyers
Increasing consolidation among security tool providers should make life simpler for IT managers. [more]
Monday, 17 July 2006, 3:22 PM CET

5 tools to bulletproof Firefox
Here are five essential tools for securing Firefox by disabling JavaScript and Flash, sniffing out suspicious sites, foiling phishing, preventing peeks at private data, and preparing powerful passwords. [more]
Monday, 17 July 2006, 1:04 AM CET

Microsoft kills off 'My Private Folder' app
If you've heard of Microsoft Private Folder 1.0, forget it. As of 2:30 p.m. Pacific Time on Friday, it no longer exists. [more]
Monday, 17 July 2006, 12:58 AM CET

IBM accused of hacking, asks judge to toss case
In April, legal firm Butera and Andrews filed suit in US District Court against IBM, seeking damages of more than US$60,000. [more]
Monday, 17 July 2006, 12:52 AM CET

Wiretap surrender
Sen. Specter's bill on NSA surveillance is a capitulation to administration claims of executive power. [more]
Monday, 17 July 2006, 12:42 AM CET

Mac OS X: viruses and security
Researchers and engineers who are working in the security field must have strong constitutions - especially when it comes to weathering negative backlash and tired conspiracy theories whenever security and Mac OS X are mentioned in the same breath. [more]
Monday, 17 July 2006, 12:22 AM CET

FBI consultant spared jail time in hacking case
Jopesph Colon pleaded guilty to misdemeanors for stealing FBI passwords. [more]
Monday, 17 July 2006, 12:14 AM CET

Daily flaws ratchet up disclosure debate
As the creator of the Metasploit Project, an open-source tool for automating the exploitation of vulnerabilities, Moore has had his share of contentious debates with other security professionals. [more]
Friday, 14 July 2006, 10:38 PM CET

Skype protocol cracked
Skype is dismissing a claim by a small team of Chinese engineers who say they have reverse engineered the protocol used for Skype Internet phone calls. [more]
Friday, 14 July 2006, 10:35 PM CET

e-Passports: Ready or not here they come
The State Department expresses confidence in "e-Passports" while technologists fret about their security risks. [more]
Friday, 14 July 2006, 10:33 PM CET

Super firewall aims to block site swampers
Firewall spots and contains Denial of Service attacks before they escalate, developers say. [more]
Friday, 14 July 2006, 4:52 PM CET

Credit card security revamp in works
If a company suffers a security breech and it isn't complying with security standards, it can be hit with big dollar fines and loss of its authorization to process credit card payments, said Chris Farrow, director of the policy and compliance division for Configuresoft. [more]
Friday, 14 July 2006, 4:51 PM CET

Secret court secretly reviewing secret wiretaps
Senate Judiciary Committee chairman Arlen Specter (Republican, Pennsylvania) has crafted proposed legislation, pre-approved by the White House, enabling the FISA star chamber court to rubber-stamp the NSA's massive, warrantless wiretap program, and decide that it is constitutional. [more]
Friday, 14 July 2006, 3:23 PM CET

Financial losses? Blame viruses!
The Computer Security Institute with the participation of the San Francisco FBI's Computer Intrusion Squad today released its 2006 report citing that virus attacks are the leading cause of financial losses. [more]
Friday, 14 July 2006, 3:21 PM CET

CSI survey: Data breaches still being swept under the rug
On the surface, the results of the 11th annual CSI/FBI Computer Crime and Security Survey are positive, with fewer companies reporting financial loss from data breaches compared to last year. [more]
Friday, 14 July 2006, 11:29 AM CET

S.F. evaluating its ties to AT&T
City officials are examining San Francisco's telecommunications contracts with AT&T and whether to take action against the company for its alleged cooperation with the National Security Agency, Mayor Gavin Newsom said this week. [more]
Friday, 14 July 2006, 9:08 AM CET

The next frontier in security
There was a time when encryption was fodder for a James Bond flick, somewhere between Moneypenny and “shaken, not stirred.” [more]
Friday, 14 July 2006, 9:06 AM CET

Preventing internal security breaches
Security is always on the minds of system administrators. [more]
Friday, 14 July 2006, 9:04 AM CET

PowerPoint the latest target of virus writers
Virus writers seem to be making the rounds of the Office applications. Word and Excel have both been hit with exploits, and now PowerPoint is the target of a zero-day vulnerability, although it uses the same modus operandi as so many other viruses. [more]
Friday, 14 July 2006, 9:02 AM CET

Researcher to show code for 'wormable' Windows flaw
Metasploit's HD Moore weeks away from delivering code that exploits recent Windows bug. [more]
Thursday, 13 July 2006, 4:33 PM CET

Threats from hackers 'converging,' researchers say
"We have seen more evidence of spammers employing spyware to make their campaigns more effective," said Mark Sunner, chief technology officer, MessageLabs. [more]
Thursday, 13 July 2006, 4:32 PM CET

Mobiles set for key role in card authentication
Two factor authentication devices may include the mobile phone. [more]
Thursday, 13 July 2006, 4:29 PM CET

Microsoft incentives to influence your security vote
Microsoft is offering partners a tasty slice of security software licensing revenues, in a promo to help kick-start this new business. [more]
Thursday, 13 July 2006, 1:11 PM CET

Application-level virtualization for Windows
Federico Biancuzzi interviews Eyal Dotan, who has developed application-level virtualization software that protects Windows hosts from malware. [more]
Thursday, 13 July 2006, 1:09 PM CET

Defeating the hacker
Who is responsible for security? Everybody is, not just the security officer and his/her team. But it's a technical issue, right? A matter of firewalls, applying patches, installing programs that detect and remove spyware and viruses... Wrong again! [more]
Thursday, 13 July 2006, 1:06 PM CET

Security in Windows Communication Foundation
Windows Communication Foundation performs a lot of the heavy lifting to make it easier for your service to provide the basic security features that most distributed systems need. [more]
Thursday, 13 July 2006, 2:44 AM CET

Seven keys for complete message security
In today's highly regulated, highly networked, international work environment, message security is vital. [more]
Thursday, 13 July 2006, 2:30 AM CET

IBM seeks dismissal of claims it hacked into law firm's e-mail
A federal judge is deciding whether to throw out a suit filed by Washington, D.C.-based law and lobbying boutique Butera & Andrews alleging that IBM Corp. and an unidentified employee in its Durham, N.C., facility tried to hack into its e-mail system. [more]
Thursday, 13 July 2006, 2:07 AM CET

Copyright watchdog steps up the fight against film pirates
Fact is tackling increasing piracy with new technology and a cinema investigator. [more]
Thursday, 13 July 2006, 1:04 AM CET

New virus pretends to be WGA
A virus posing as Microsoft's controversial anti-piracy software is spreading via AOL's popular Instant Messenger network, but it appears to be more of a jab at Microsoft than a real threat. [more]
Thursday, 13 July 2006, 12:57 AM CET

Energy Review looks to generate security
The sound of champagne corks popping in the offices of nuclear power bosses rang around the world yesterday when, as expected, the UK government committed to a new generation of fission reactors. [more]
Thursday, 13 July 2006, 12:38 AM CET

Hacking Xandros Desktop Home 4.0
Xandros Desktop Home Premium Edition is the most complete desktop GNU/Linux distribution on the market today, but it still has a few holes in it. [more]
Thursday, 13 July 2006, 12:30 AM CET

Top 10 cities to have your identity stolen
Identity theft and identity fraud are terms used to refer to types of crime in which someone wrongfully obtains and uses another individual’s personal data in a way that involves fraud or deception, typically for economic gain. [more]
Thursday, 13 July 2006, 12:20 AM CET

Hackers hit State Department
The U.S. State Department acknowledged that large-scale security breaches have occurred in recent weeks, but it said that the hackers had not gained access to any sensitive data. [more]
Thursday, 13 July 2006, 12:16 AM CET

Vishing joins phishing as security threat
Just as Internet surfers have gotten wise to the fine art of phishing, along comes a new scam utilizing a new technology. [more]
Wednesday, 12 July 2006, 1:08 PM CET

Emergency alerts to ping cellphones, Internet
The government will soon be pinging cellphones and posting on websites to warn Americans of impending disasters as it updates its Cold War-era emergency alert system. [more]
Wednesday, 12 July 2006, 1:07 PM CET

Hacker spawns a French Watergate
A hack of a Luxembourg bank's records is emerging as a key detail of the so-called Clearstream affair here, a national scandal that's pulled top-level politicians, powerful corporate executives and now a white-hat hacking group into its orbit. [more]
Wednesday, 12 July 2006, 1:00 PM CET

European boffins tackle DoS attacks
Time to fire up the Diadem Firewall. [more]
Wednesday, 12 July 2006, 1:27 AM CET

Will IE 7.0 be capable of secure RSS?
The streaming news feeds known as RSS (Really Simple Syndication) may get a dramatic boost if Microsoft's Internet Explorer 7.0 supports feeds when it's released later this year. [more]
Wednesday, 12 July 2006, 1:18 AM CET

Windows 98/ME-friendly security tools
Given what I heard from a number of users who said they planned to keep using those systems indefinitely, I promised to circle back with a look at which security tools still play nice with them. [more]
Wednesday, 12 July 2006, 1:16 AM CET

Using PowerShell through SSH
Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks. [more]
Wednesday, 12 July 2006, 12:41 AM CET

Microsoft to show off Vista at Hack In The Box conference
The hacker conference will host two speakers from Microsoft. [more]
Wednesday, 12 July 2006, 12:20 AM CET

Banking on security checks and balances
John Petrie sees potential danger everywhere. [more]
Tuesday, 11 July 2006, 5:57 PM CET

Biometric tool works by measuring blood vessel patterns
Snowflake Technologies plans to bring to market next year a device to verify an individual's identity by reading vein patterns in the palms of people's hands. [more]
Tuesday, 11 July 2006, 5:56 PM CET

Companies to expand WLANs despite nagging security fears
Bigger enteprise WLANs to bring management headaches. [more]
Tuesday, 11 July 2006, 2:02 PM CET

Crazy-long hacker sentence upheld
A federal appeals court upheld a nine-year prison term Monday for a hacker who tried and failed to steal customer credit-card numbers from the Lowe's chain of home improvement stores. [more]
Tuesday, 11 July 2006, 11:23 AM CET

Citibank phish spoofs 2-factor authentication
Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called "two-factor authentication". [more]
Tuesday, 11 July 2006, 11:10 AM CET

Security chiefs talk trends, risks
Leading executives join a roundtable discussion of the trends and the threats they think IT executives may be missing. [more]
Tuesday, 11 July 2006, 11:08 AM CET

Secure Remote Desktop access over SSH
Remote Desktop is an excellent tool for accessing Windows machines across locations. [more]
Tuesday, 11 July 2006, 11:06 AM CET

British Music group asks ISPs to fight piracy
Until now, the BPI has pursued individual uploaders. So far, it has taken action against 139 people, four of whom were prosecuted.. [more]
Tuesday, 11 July 2006, 11:04 AM CET

McAfee CEO unfazed by Microsoft security moves
'I worry more about protecting customers,' says George Samenuk. [more]
Tuesday, 11 July 2006, 1:03 AM CET

Teenagers putting computers at risk
Almost 40 per cent of European teenagers are unconcerned by the risks of viruses and other threats when downloading music or video content, according to a survey by a security vendor. [more]
Tuesday, 11 July 2006, 12:47 AM CET

Hacker 'to fight US extradition'
Former computer hacker Gary McKinnon has vowed to fight extradition to the US, where he faces decades in jail. [more]
Tuesday, 11 July 2006, 12:39 AM CET

More U.S. Navy data found on the web
The U.S. Navy reported on Friday that more than 100,000 sailors' personal data was found on a website, the second major incident in several weeks. [more]
Tuesday, 11 July 2006, 12:25 AM CET

Successful backups are not enough
Data protection requirements have moved on from the purely technical question of “Did the backup work?” to the much more complex question of “Is my business protected?”. The view of the backup application of success or failure is no longer relevant unless considered in the context of business policies. [more]
Tuesday, 11 July 2006, 12:15 AM CET

Half of ICT firms suffer security breach
Over 50 per cent of ICT firms reported a security breach in the last 12 months, according to a survey conducted by business advisory firm Deloitte. [more]
Monday, 10 July 2006, 7:49 PM CET

Switches take role of security kit
Network security appliances could be on their way out, as vendors switch to security on switches. [more]
Monday, 10 July 2006, 2:36 PM CET

Site-lookup service foils fraud
Few netizens think about the internet's domain name system: the architecture that invisibly translates a browser's request for, say, into the numeric IP address where the site is hosted. [more]
Monday, 10 July 2006, 12:14 PM CET

Compromising VoIP
"Arrests Indicate Vulnerability of Web Phone Service to Fraud" blared a recent Wall Street Journal headline - though I doubt any readers thought broadband VoIP was invulnerable to hacking. [more]
Monday, 10 July 2006, 12:12 PM CET

More secret White House intel
The White House possibly broke the law by keeping intelligence activities a secret from the lawmakers responsible for overseeing them, the House Intelligence Committee chairman said Sunday. [more]
Monday, 10 July 2006, 2:07 AM CET

Cracking the secret codes of europe's Galileo satellite
Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. [more]
Monday, 10 July 2006, 1:25 AM CET

Google search helps dig up malware
Websense has used the company's binary search to create software that can sniff out malware. But hackers could use it in new ploys. [more]
Monday, 10 July 2006, 1:05 AM CET

A chronology of data breaches reported since the ChoicePoint incident
The data breaches noted in this paper have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. [more]
Monday, 10 July 2006, 12:54 AM CET

Spyware developers net huge profits, outrage
With annual revenues of $2 billion, pop-up ads are a high-stakes game. [more]
Monday, 10 July 2006, 12:45 AM CET

Retailers fail to pass security test
One year after the deadline, most big merchants still aren't Payment Card Industry compliant. [more]
Monday, 10 July 2006, 12:38 AM CET

Next-gen DVD formats fall to the first of many hacks
The folks at c't magazine have discovered a simple tool for beating the content protection on Blu-ray and HD-DVD formats: the print screen button. [more]
Monday, 10 July 2006, 12:32 AM CET

Hacker-friendly Linux PDA stack enhanced
The OpenZaurus Project has released a new version of its Linux-based software stack for Sharp Zaurus PDAs. [more]
Monday, 10 July 2006, 12:18 AM CET

Visa, MasterCard to unveil new security rules
Visa U.S.A. Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week. [more]
Friday, 7 July 2006, 8:53 PM CET

Think all Wi-Fi networks are secure?
Think again. Many - even those used by business travelers - are vulnerable. Here's how to protect yourself. [more]
Friday, 7 July 2006, 8:51 PM CET

Phone phishers target PayPal
Hi-tech fraudsters are attempting to trick PayPal users into calling a phone number and giving over sensitive credit card account information. [more]
Friday, 7 July 2006, 8:48 PM CET

VoIP security services taking hold
Carriers report increased demand for their growing roster of offerings. [more]
Friday, 7 July 2006, 4:54 PM CET

Police expert admits mobile phone forensics barrier
A police digital forensics expert has admitted that some mobile phones are impenetrable to software used by police in forensic examinations. The revelation follows a paper by a Cambridge researcher which originally made the claim. [more]
Friday, 7 July 2006, 4:51 PM CET

Hong Kong drafts first anti-spam law
Ten year jail terms for online fraudsters. [more]
Friday, 7 July 2006, 4:50 PM CET

Microsoft will issue seven security patches
Microsoft plans to release 7 security bulletins as part of its July 11 Patch Tuesday, the company said Thursday. Four of the updates are for Windows, with the most severe being rated as "critical." Three other patches are directed at Office, also with a maximum severity of "critical." [more]
Friday, 7 July 2006, 4:49 PM CET

VPN market to hit $29bn by 2009
Managed services also benefiting from increased security threat.
Friday, 7 July 2006, 4:48 PM CET

Web bangers: gangs stake Net turf
Some of the country's most notorious street gangs have become web-savvy, showcasing illegal exploits, making threats and honoring killed and jailed members on digital turf. [more]
Friday, 7 July 2006, 11:45 AM CET

How to bypass BIOS passwords
BIOS passwords can be add extra layer of security for desktop and laptop computers, and are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. [more]
Friday, 7 July 2006, 11:41 AM CET

Spammers increase pump-and-dump scams
Shady stock-sales tactic makes up 15% of junk e-mail. [more]
Friday, 7 July 2006, 11:40 AM CET

Changes to the A+ certification
A number of noteworthy changes have been announced to one of the most popular certifications currently in the IT industry: A+. [more]
Friday, 7 July 2006, 11:37 AM CET

Feds get religion on laptop security (and so do I)
The Executive Branch's Office of Management and Budget has just released a memo that's intended to staunch the flow of sensitive information that federal agencies have been practically hemorrhaging for some time now. [more]
Friday, 7 July 2006, 11:30 AM CET

Internet threats double in two years
100,000 new threats since 2004, says McAfee. [more]
Friday, 7 July 2006, 11:18 AM CET

Basic journey of a packet
The purpose of this introductory article is to take a basic look at the journey of a packet across the Internet, from packet creation to switches, routers, NAT, and the packet's traverse across the Internet. [more]
Friday, 7 July 2006, 11:18 AM CET

Go-ahead for hacker's extradition
A US request to extradite a British computer hacker accused of the "biggest military hack of all time" has been granted by Home Secretary John Reid. [more]
Friday, 7 July 2006, 1:25 AM CET

Stolen VA laptop sold off 'back of a truck'
More details of how a stolen laptop containing the personal details of up to 26.5m US veterans was recovered have emerged. [more]
Friday, 7 July 2006, 1:24 AM CET

EU taskforce to bolster ICT security
Ambitious project involves 200 researchers. [more]
Friday, 7 July 2006, 1:24 AM CET

Federated identity: scenarios, architecture, and implementation
This article provides an in-depth look at the challenges and requirements of securing the exchange of information and services between independent organizations. [more]
Thursday, 6 July 2006, 1:41 PM CET

Consultant breached FBI's computers
A government consultant, using computer programs easily found on the Internet, managed to crack the FBI's classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III. [more]
Thursday, 6 July 2006, 11:44 AM CET

Researcher vows to publish a browser bug a day for July
Month of Browser Bugs intends to show the kinds of results he's generated using a variety of automated security testing tools. [more]
Thursday, 6 July 2006, 11:43 AM CET

McAfee sees 400,000 virus definitions by 2008
Although widespread virus outbreaks may be a thing of the past, the total amount of malicious software being written is on the rise, according to McAfee. [more]
Thursday, 6 July 2006, 11:42 AM CET

The hidden dangers of instant messaging
Love it or hate it, IM is here to stay. Companies can try to stop employees from using it, but the bevy of new IM features and the growing proliferation of IM services from Microsoft, Yahoo, and Google are rapidly making this an exercise in futility. [more]
Thursday, 6 July 2006, 11:41 AM CET

Skype steps up security spin
Under the dubious title "Skype fights back" (we think it should be more like Skype Fesses Up), Techworld has outlined how peer-2-peer voice client developer Skype has begun a campaign to address some of the security concerns it has so far been denying. [more]
Thursday, 6 July 2006, 11:38 AM CET

A day in the life of a security professional
Spend enough time in the IT security industry and it’s certain that you’ll see a combination of familiar problems rearing their heads again, as well as brand new ones making an appearance for the first time. [more]
Thursday, 6 July 2006, 11:33 AM CET

Wardriving with Ubuntu Linux and Google Earth
Wardriving is fun. Going around the neighborhood and mapping all the wireless networks may be nothing more than a geeky hobby but it can sure teach you alot. And viewing the results in Google Earth is icing on the cake. [more]
Wednesday, 5 July 2006, 9:48 PM CET

VoIP turns up the heat on firewalls
Because of VoIP, firewalls may never be the same. [more]
Wednesday, 5 July 2006, 9:38 PM CET

Malware responses: what to do before, during, and after an attack
Don't let a malware attack ruin your business. A little planning and the right responses can make it a minor annoyance instead of a major catastrophe. [more]
Wednesday, 5 July 2006, 9:37 PM CET

Preventing movie piracy
Researchers are developing tools to thwart the copying of films in theaters. [more]
Wednesday, 5 July 2006, 9:30 PM CET

SSH tricks
SSH (secure shell) is a program enabling secure access to remote filesystems. Not everyone is aware of other powerful SSH capabilities, such as passwordless login, automatic execution of commands on a remote system or even mounting a remote folder using SSH! In this article we’ll cover these features and much more. [more]
Wednesday, 5 July 2006, 9:27 PM CET

Oz domain name scammer declares bankruptcy
Australian domain name scammer Bradley Norrish has declared himself bankrupt. [more]
Wednesday, 5 July 2006, 5:50 PM CET

20 years of PC viruses
This year marks the 20th anniversary of the first PC virus. We look back at the highs and lows (well, mostly lows) of the ongoing struggle against malware. [more]
Wednesday, 5 July 2006, 5:50 PM CET

UK enterprises 'clueless' on end-point security
Desktops not being protected, according to poll. [more]
Wednesday, 5 July 2006, 2:27 PM CET

Identity thief finds easy money hard to resist
By the time of Shiva Brent Sharma's third arrest for identity theft, at the age of 20, he had taken in well over $150,000 in cash and merchandise in his brief career. After a certain point, investigators stopped counting. [more]
Wednesday, 5 July 2006, 2:25 PM CET

Major phishing scam thwarted this week
SoftScan claims to have stopped 70,000-strong phishing email attack. [more]
Wednesday, 5 July 2006, 2:22 PM CET

Crash test dummies
Many firms are using live customer data to test applications. [more]
Tuesday, 4 July 2006, 5:27 PM CET

Outsourcing managed security
Companies looking into managed security services need to weigh the cost savings against the risks that come with handing over their data to a third party. [more]
Tuesday, 4 July 2006, 5:26 PM CET

EU opens public consultation on RFID
Fears about new Radio Frequency Identification technology (RFID), have prompted the EU to open a public consultation process. [more]
Tuesday, 4 July 2006, 2:56 PM CET

Limiting vulnerability exposure through effective patch management
This paper aims to provide a complete discussion on vulnerability and patch management. It looks first at the trends relating to vulnerabilities, exploits, attacks and patches. These trends provide the drivers of patch and vulnerability management. [more]
Tuesday, 4 July 2006, 2:14 AM CET

Virus peril shifts from e-mail to Web sites
BlackSpider warned that the shift towards hosting viruses on the Web will demand a change in security policies. [more]
Tuesday, 4 July 2006, 12:41 AM CET

Citibank experiments with RFID tech
Banks have been reluctant to jump on the RFID bandwagon. Wells Fargo declined to discuss specific technology applications, considering them proprietary. Citibank, however, has promoted its trial of RFID to ATMs and credit cards. [more]
Tuesday, 4 July 2006, 12:12 AM CET

OpenOffice update fixes security bug trio has released a security update to its alternative office productivity suite following the discovery of three potentially serious security vulnerabilities during an internal audit. [more]
Monday, 3 July 2006, 4:12 PM CET

EMC/RSA union draws mixed reviews
EMC's planned acquisition of RSA Security for US$2.1 billion is garnering mixed reviews from analysts on Wall Street and within the technology industry. [more]
Monday, 3 July 2006, 10:24 AM CET

Killing that spam with Postgrey snd Postfix
Ever heard of greylisting? [more]
Monday, 3 July 2006, 1:22 AM CET

UBS trial: defense suggests witness altered evidence
Despite being accused of altering evidence, forensics specialist Keith Jones stood firmly by his earlier testimony. [more]
Monday, 3 July 2006, 1:09 AM CET

Windows security and directory services for UNIX
This guide provides prescriptive guidance on enabling Microsoft Windows Server 2003 to be used for authentication and as an identity store within heterogeneous Microsoft Windows and UNIX environments. [more]
Monday, 3 July 2006, 12:59 AM CET

Life after privacy
Personal information is no longer personal. The only question is: who gets to see it? [more]
Monday, 3 July 2006, 12:48 AM CET

The punishment for lax security: two decades of audits
Nations Holding, a real estate company operating in 44 states, must improve its information security practices and submit to biennial security audits for the next 20 years under a settlement with the Federal Trade Commission. [more]
Monday, 3 July 2006, 12:33 AM CET

WEP cracking, the FBI way
WEP cracking usually takes hours. Lots of hours, depending on the amount of traffic on the access point. [more]
Monday, 3 July 2006, 12:27 AM CET

Who's reading your e-mail?
New plans to scan e-mails for illegal images of child abuse may give the appearance that children are being safeguarded but they may not be as effective as they first seem, argues Technology commentator Bill Thompson. [more]
Monday, 3 July 2006, 12:21 AM CET

MySpace, a place without MyParents
Scott Granneman looks at the mass hysteria surrounding MySpace social security issues, examines a collection of frightening reports, and then discusses the real issue of parenting and parental supervision behind keeping our children safe. [more]
Monday, 3 July 2006, 12:15 AM CET

Email encryption is becoming essential
Email was not intended as a secure means of communication. Whether you’re a lawyer, an accountant, a chief executive, a chief financial officer or an internal auditor — even if you work at home or are retired — you need to know that what you put in an email could one day become key evidence in litigation. [more]
Monday, 3 July 2006, 12:09 AM CET

Mac OS X vulnerability exploit published
So far, there are no known reports of anyone using the launchd proof-of-concept information to develop an exploit for Mac OS X. "This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update," said an Apple spokesperson. [more]
Monday, 3 July 2006, 12:02 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd