Off the Wire

Off The Wire Archive

News items for August 2002

Who's spying on my Hotmail?
Think using web-based e-mail at work protects you from your boss’ prying eyes? Think again. eBlaster lets employers co-pilot virtually any kind of e-mail account, including private Web-based e-mail accounts. [more]
Friday, 30 August 2002, 2:45 AM CET

Secure Personal Identification Systems
This paper describes policy, process and technology issues that need to be considered in implementing a privacy-sensitive secure personal ID system. [more]
Friday, 30 August 2002, 2:40 AM CET

Surveying security on wireless LANs
Finisar next month will add security features to its software for monitoring IEEE 802.11b wireless LANs, allowing managers to identify and eliminate unauthorized users. [more]
Friday, 30 August 2002, 2:17 AM CET

The Need For Security - And Ethics - Education
The saga of the Princeton University admissions director who was caught breaking in to confidential files on a Yale University Web site has, apparently, come to an inglorious end. [more]
Friday, 30 August 2002, 2:15 AM CET

Spam hits 36 percent of e-mail traffic
Corporate networks are becoming increasingly clogged by e-mail pitches for pornography, money-making schemes and health products, and there's little relief on the horizon. [more]
Friday, 30 August 2002, 2:13 AM CET

Bogus e-mails traded on Amazon's name
Always question an order you can't remember making. And never give out your credit-card number for an online transaction you didn't initiate. [more]
Friday, 30 August 2002, 2:09 AM CET

Does crime pay more on the Internet?
Those bent on Internet crime can forgo ski masks, dangerous weapons and jackhammers by simply arming themselves with a computer, a modem and a clever plan to rob a bank. [more]
Friday, 30 August 2002, 2:06 AM CET

Cyber-attack fears stir security officers
Nearly half of corporate security officers expect terrorists to launch a major strike through computer networks in the next 12 months, a poll released today shows. [more]
Friday, 30 August 2002, 2:05 AM CET

Do firewalls and IDS create a false sense of internal security?
Intranet security gaps are most commonly a result of a combination of firewall and IDS limitations, poor application development and deployment practices, and widespread accessibility. [more]
Friday, 30 August 2002, 2:04 AM CET

Bush plans e-security centre
The US Government is planning ways to improve how it deals with internet security threats. [more]
Friday, 30 August 2002, 2:01 AM CET

Shatter attacks - more techniques, more detail, more juicy goodness
Foon writes: "I've written this to try and answer some of the more common questions I'm being asked, and to present some new Shatter techniques that I've been working on." [more]
Thursday, 29 August 2002, 11:54 AM CET

Website security flaw costs Ziff-Davis
Tech magazine publisher Ziff-Davis agrees to pay about 50 customers $500 each after their credit card info showed up on its site. All the more reason for online companies to take security seriously. [more]
Thursday, 29 August 2002, 10:59 AM CET

Liberty Alliance picks up more members
Another 30 companies have thrown their support to the effort to create a standard technology that allows users to travel password-protected Web sites using a single user name and password. [more]
Thursday, 29 August 2002, 10:56 AM CET

Certification pays for IT security pros
Companies are willing to pay more for IT security professionals with certification. [more]
Thursday, 29 August 2002, 10:54 AM CET

Internet anonymity for Linux newbies
The fact is, Windows is easier than Linux for a casual user to make fairly secure, whereas Linux is easier than Windows for a power user to make very secure. [more]
Thursday, 29 August 2002, 10:53 AM CET

Lobbying for insecurity
The NSA's Linux security project was so good it almost made up for that whole Echelon thing. Then politics entered the picture. [more]
Thursday, 29 August 2002, 10:52 AM CET

RIAA site hacked
Foe of music-swapping finds its own site offering free downloads, thanks to hackers. [more]
Thursday, 29 August 2002, 10:50 AM CET

McAfee firewall adds blocking features
Security tool will protect against Trojan horses and spyware by monitoring the outgoing applications and files on your PC. [more]
Thursday, 29 August 2002, 10:49 AM CET

Personal remote control: Security disaster
With easy Internet access and the demand of users to access their files from home, come Web-based remote control tools which bring back the security risks of personal remote control. [more]
Thursday, 29 August 2002, 10:47 AM CET

RSA Mobile to offer two-factor authentication by phone
With new software by RSA Security, users will be able to authenticate their identities with their mobile phones on Web sites and corporate networks that use RSA's SecurID authentication system. [more]
Thursday, 29 August 2002, 10:44 AM CET

Cisco launches new network security services
The new modules marry security services typically found at the network perimeter with an existing portfolio of rich Layer 2 - 7 network services on the Catalyst 6500 Series switch. [more]
Wednesday, 28 August 2002, 1:49 PM CET

Will Canada's ISPs become spies?
The Canadian government is considering a proposal that would force Internet providers to rewire their networks for easy surveillance by police and spy agencies. [more]
Wednesday, 28 August 2002, 1:47 PM CET

Hackers rally round Deceptive Duo
As the two defacers await trial for their 'patriotic' website defacement spree, other members of the hacker underground have threatened action if the pair go down. [more]
Wednesday, 28 August 2002, 1:41 PM CET

Hacker's Daewoo trades raise alarm
Companies are tightening internal control systems after Daewoo revealed that one of its traders had hacked into its systems and used a client's account to buy $21.4 million of shares. [more]
Wednesday, 28 August 2002, 1:39 PM CET

Book review: wireless security essentials
While the book does have valuable information, the fact that only 75 pages of it are specific to wireless security may not warrant its $40.00 purchase price. [more]
Wednesday, 28 August 2002, 1:24 PM CET

Online gold diggers come up empty
Hackers bent on bamboozling $200,000 in gold from an offshore Internet bank get only error messages. The precious metal stays safe, but the break-in stymies the gold dealer's site. [more]
Wednesday, 28 August 2002, 1:22 PM CET

Host hardening and intrusion detection - the open source way
This article examines and illustrates the implementation of the inner shells, or host-centric layers of server security. [more]
Wednesday, 28 August 2002, 1:20 PM CET

Remote Administration of Linux Systems
In this article we will examine remote administration using the Red Hat Linux distribution. Path names and the format of configuration files in other distributions may vary. [more]
Wednesday, 28 August 2002, 1:03 PM CET

How secure is Instant Messaging?
As instant messaging use grows, so do business concerns about security, authenticity, and encryption. [more]
Wednesday, 28 August 2002, 1:01 PM CET

Lamo bumped from NBC after hacking them
The helpful hacker demonstrates his techniques on camera for the NBC Nightly News, but lawyers kill the story when he cracks the broadcast network's own systems. [more]
Wednesday, 28 August 2002, 1:00 PM CET

TruSecure lables warchalking as hype
TruSecure's Research Group suggests that while several media outlets are reporting warchalking as being a widespread practice, few actual "warchalks" exist. [more]
Tuesday, 27 August 2002, 2:04 PM CET

Public Key Infrastructure (PKI): A Primer
PKI has evolved to address the issue of large-scale distributed authentication. Unlike symmetric key systems, PKI can scale well while avoiding the costs and inconveniences of password loss. [more]
Tuesday, 27 August 2002, 10:36 AM CET

Network security risks of mergers too often ignored
Corporate acquisitions and mergers often end up being a security nightmare, according to industry analysts. [more]
Tuesday, 27 August 2002, 10:26 AM CET

Refracted data and the rise of biometrics
The main drawback of using most biometric systems - other than that they are often expensive - is that they sacrifice some measure of personal privacy for the sake of convenience. [more]
Tuesday, 27 August 2002, 10:23 AM CET

Expert demonstrates Microsoft hack
Software security widely used for Internet banking and e-commerce can be easily circumvented, and customer accounts at several of Sweden's largest banks remain at risk as a result, a computer expert said. [more]
Tuesday, 27 August 2002, 10:16 AM CET

What are the real risks of cyberterrorism?
While warnings pervade government and the media, doomsday scenarios of cyberterrorism that result in massive deaths or injury remain largely the stuff of Hollywood scripts or conspiracy theory. [more]
Tuesday, 27 August 2002, 10:15 AM CET

Group promotes 'culture of security'
The Organization for Economic Cooperation and Development has issued new guidelines for securing information systems and networks in anticipation of cyberterrorist attacks or intrusions. [more]
Tuesday, 27 August 2002, 10:11 AM CET

NAI beefs up sniffer, surveillance with DragNet buy
Network Associates Inc reckons it has bought technology with the potential to give it a unique edge in the internet security marketplace, with the acquisition of Traxess Inc for an undisclosed sum. [more]
Tuesday, 27 August 2002, 10:09 AM CET

Barbarians at the Gate
Intrusion detection systems are becoming increasingly important in network security. Here’s a primer on what they do and how they work—and an evaluation of four popular sentries. [more]
Tuesday, 27 August 2002, 10:07 AM CET

DOD gives interim wireless guidance
The Defense Department has decided to delay issuing its final security policies on restricting wireless devices in order to seek additional comments on the proposed rules, a DOD spokesman said. [more]
Tuesday, 27 August 2002, 10:02 AM CET

IT security tough talk short on cash
Australia's IT industry is talking tough about security but it's certainly not translating into dollars with medium to large companies averaging a measly spend of A$33,000 (US$18,000) per annum. [more]
Tuesday, 27 August 2002, 9:59 AM CET

HNS Newsletter issue 124 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 26 August 2002, 1:00 PM CET

This is an excerpt in PDF format from "Web Hacking: Attacks and Defense" by Stuart McClure, Saumil Shah and Shreeraj Shah. [more]
Monday, 26 August 2002, 10:35 AM CET

The world's worst viruses
Check out a list of nasty computer viruses and find out how to save your PC from infection. [more]
Monday, 26 August 2002, 10:07 AM CET

Minnow ISP aims counterstrike at RIAA 'legal hackers'
A small US internet service provider has become the first to introduce a policy of deliberately hampering the music recording industry's efforts to hack users of P2P file-trading networks. [more]
Monday, 26 August 2002, 10:02 AM CET

Seattle lawyer to challenge FBI in Russian hacker sting
A Seattle lawyer is set to charge that U.S. officials illegally hacked into computers of two Russians to get evidence to prosecute the pair on computer crimes. [more]
Monday, 26 August 2002, 10:00 AM CET

Hacker has last laugh over lottery site
LowVoltage, the hacker who was last month threatened with legal action by Lotto organiser Uthingo over his "National Robbery" site, this week paid the renewal fee for the Uthingo domain which was overdue. [more]
Monday, 26 August 2002, 9:59 AM CET

Decision support: you can't outsource liability for security
Security requires a process, people, policies, education, and technologies to work together. [more]
Monday, 26 August 2002, 9:56 AM CET

An Introduction to Role-Based Access Control
Role-Based Access Control was introduced with Solaris 8. It's a powerful method of allocating root-level privileges to non-root users, somewhat in the fashion of 'sudo'. Is it more secure than other methods? [more]
Monday, 26 August 2002, 9:52 AM CET

IBM bakes Cisco security into chip
IBM hopes by year's end to deliver notebooks with built-in security chips that are integrated with a wireless authentication and encryption technology developed by Cisco. [more]
Monday, 26 August 2002, 9:49 AM CET

Ashcroft decries wiretap decision
In a move to keep its wiretapping powers as broad as possible, the Justice Department appeals a special court's ruling to limit surveillance activities allowed by the Patriot Act. [more]
Monday, 26 August 2002, 9:47 AM CET

You're only as good as your password
Outsiders penetrated software outfit Niku's Web site to steal data - something that can happen to any business, large or small. [more]
Monday, 26 August 2002, 9:45 AM CET

Once Again a Virus Targets the KaZaA Network
Kaspersky Labs reports the detection of the network worm "Duload", which is spreading across the KaZaA file-exchange network. [more]
Friday, 23 August 2002, 1:45 AM CET

Making the most of OpenSSH
OpenSSH is a secure replacement for depreciated protocols such as telnet and rsh. It has become a De-facto standard as a remote login service for Linux, BSD, and other *nix variants for quite a while. [more]
Friday, 23 August 2002, 1:43 AM CET

NetScreen adds intrusion detection with OneSecure purchase
Firewall and VPN hardware and software maker NetScreen Technologies is adding intrusion detection and prevention systems to its list of products, thanks to the acquisition of OneSecure. [more]
Friday, 23 August 2002, 1:40 AM CET

Exploring XML Encryption, Part 2
In this paper, the author examines the usage model of XML Encryption with the help of a use case scenario. [more]
Friday, 23 August 2002, 1:04 AM CET

A Web-only Primer on Public-key Encryption
This article is an outline of the principles of the most common variant of public-key cryptography, which is known as RSA, after the initials of its three inventors. [more]
Friday, 23 August 2002, 12:35 AM CET

Cyberterrorism scenarios scrutinized
Security experts, IT professionals meet to consider how best to plan for likely cyberattacks. [more]
Friday, 23 August 2002, 12:32 AM CET

The seven deadly security sins
Gartner research director John Pescatore blamed the hiring of people who turn out to be internal threats or who have submitted inflated resumes, which results in "sheer incompetence." [more]
Friday, 23 August 2002, 12:29 AM CET

White House debates cyberwar rules
The Bush administration is stepping up an internal debate on the rules of engagement for cyberwarfare as evidence mounts that foreign governments are surreptitiously exploring our digital infrastructure. [more]
Friday, 23 August 2002, 12:27 AM CET

CacheFlow tries on security coat
CacheFlow, which once concentrated on specialty servers for speeding Net access, has changed its name to Blue Coat Systems and will focus on the security market. [more]
Friday, 23 August 2002, 12:25 AM CET

Windows ICF: can't live with it, can't live without it
In this article, we will give an overview of the Internet Connection Firewall (ICF), see how it performs under a simulated attack, and discuss the pros and cons of ICF. [more]
Friday, 23 August 2002, 12:25 AM CET

Book review - Web Hacking: Attacks and Defense
What you have here is an essential collection of web hacking techniques and countermeasures against them, all in one book. Sort of an all around guide on web hacking, with methods and techniques demystified. [more]
Thursday, 22 August 2002, 3:55 AM CET

War dialing
After introducing and exploring the different forms war dialing attacks can take and some tools used to execute such attacks, the article examines measures that can be taken to prevent such an attack. [more]
Thursday, 22 August 2002, 3:54 AM CET

Security flaw in key Microsoft services
Microsoft on Tuesday warned users of a number of its subscription programs of a potential security flaw affecting the software they use for downloads. [more]
Thursday, 22 August 2002, 3:53 AM CET

Security specialists blame faulty software
"When we face a choice between adding features and resolving security issues, we need to choose security," wrote Microsoft chairman Bill Gates to his employees. [more]
Thursday, 22 August 2002, 1:24 AM CET

Stolen data reveal undercover cops
Surveillance firm’s client list is stolen and posted on Internet; undercover police officers, Secret Service names revealed. [more]
Thursday, 22 August 2002, 1:21 AM CET

Security policies: only as good as the audit
If you think you have a sound IT policy because your administrators clamor about the continual need to update security patches, you might want to think again. [more]
Thursday, 22 August 2002, 1:08 AM CET

New Salvo in Piracy, Privacy War
The RIAA asks a federal court to order Verizon Internet Services to turn over information on one of its subscribers, which the court does. Verizon demurs. The issue is far from closed. [more]
Thursday, 22 August 2002, 1:06 AM CET

Introduction to Autorooters
This article explores the concepts behind autorooters and what can be done to defend against them. [more]
Thursday, 22 August 2002, 1:03 AM CET

U.S. probes firm in security breach
Federal law enforcement authorities searched the computers of a San Diego security firm that used the Internet to access government and military computers without authorization. [more]
Thursday, 22 August 2002, 1:02 AM CET

Alberta hackers gear up for International War Driving Day
Information technology managers may want to pay close attention to Red Deer, Alberta, on Aug. 31, which has been targeted by hackers for a "wardriving" day. [more]
Thursday, 22 August 2002, 12:59 AM CET

Plans emerging for national security data sharing
Defense and intelligence officials are shedding light on new antiterror initiatives at this week's Information Sharing and Homeland Security conference. [more]
Wednesday, 21 August 2002, 3:01 AM CET

Know Your Enemy: Defining Virtual Honeynets
This paper defines what a Virtual Honeynet is, its advantages and disadvantages, and the different way they can be deployed. [more]
Wednesday, 21 August 2002, 2:44 AM CET

A New AES Standard For Wireless
A new encryption mode joins 16 others Tuesday for consideration by the National Institute of Standards and Technology as a security mode using the advanced encryption standard (AES). [more]
Wednesday, 21 August 2002, 2:37 AM CET

Data deluge
Security systems generate an overload of information. New tools help manage it all more effectively. [more]
Wednesday, 21 August 2002, 2:31 AM CET

Wireless Security Blackpaper
Can wireless networks be deployed securely? What are the security holes? This article attempts to answer these questions and others about wireless networking security in an enterprise environment. [more]
Wednesday, 21 August 2002, 1:18 AM CET

Protecting the Distributed Enterprise
This paper in PDF format shows how a distributed security strategy can cost-effectively extend the reach of enterprise-class security and remote access throughout the enterprise. [more]
Wednesday, 21 August 2002, 1:01 AM CET

A map of wireless controversy?
They strike at night or in broad daylight. They're called "warchalkers," and they're part of a global guerrilla campaign to point out to others where to get free, wireless Internet access in public places. [more]
Wednesday, 21 August 2002, 12:45 AM CET

Europe to force ISPs and telcos to retain data for one year
European Union proposals on data retention would compel telecom firms to keep customer email logs, details of internet usage and phone call records for at least a year. [more]
Wednesday, 21 August 2002, 12:28 AM CET

Can Microsoft take the lead in security?
Microsoft is undergoing a major cultural shift in the way it deals with security, but it has come much later than it should have, said company executives at its TechEd conference in Brisbane. [more]
Wednesday, 21 August 2002, 12:26 AM CET

Study: Admins slow in patching Apache-SSL servers
Many web servers running Apache-SSL remain vulnerable to attacks, although a June security alert did prompt administrators to patch standard Apache Web installations. [more]
Wednesday, 21 August 2002, 12:24 AM CET

Review: Sophos Anti-Virus for Unix
In this review of Sophos Anti-Virus we take a look at its Linux version. The information provided here gives an overview of its functionality with main aspects focused on installation, configuration and usage. [more]
Tuesday, 20 August 2002, 5:28 PM CET

Computer experts say 'script kiddies' a relic
"They're [script kiddies] just not the threat they once were," said Mark Toshack, a virus analyst for MesssageLabs. [more]
Tuesday, 20 August 2002, 4:54 PM CET

Automate access control
Today, technology more closely resembles the popular show "Survivor" - as tech leaders never really know who's a threat or where the next betrayal could come from. [more]
Tuesday, 20 August 2002, 3:37 PM CET

Haiku'da been a spam filter
A new spam-filtering service uses a unique method to halt the flow of the horrid stuff: a hidden scrap of copyrighted poetry. [more]
Tuesday, 20 August 2002, 3:17 PM CET

Start-Up Will Market PGP
New PGP company acquires encryption technology, plans expanded product line. [more]
Tuesday, 20 August 2002, 2:52 PM CET

RSA Security faces SEC injunction threat
The US Securities and Exchange Commission may file for a civil injunction against RSA Security, following an investigation into the company's disclosures of revenue recognition changes. [more]
Tuesday, 20 August 2002, 2:51 PM CET

Guide to Windows Security
This guide will cover some of such tips and tricks for different applications which should make your system more secure as well as less prone to viruses. [more]
Tuesday, 20 August 2002, 2:49 PM CET

Exploring Diffie-Hellman Encryption
The GNU bc threaded code compiler provides arbitrary precision arithmetic that can handle large numbers used in modern cryptography. Here we use it to explore Diffie-Hellman public key encryption. [more]
Tuesday, 20 August 2002, 2:46 PM CET

Cracking the hackers' code
If your organisation suffered a computer crime in the past few years and reported it to AusCERT, it was probably an attack carried out from the outside. [more]
Tuesday, 20 August 2002, 2:43 PM CET

Sprint security faulted in Vegas hacks
Telco faces forced security audits as vice hack case wraps up in Las Vegas. [more]
Tuesday, 20 August 2002, 2:41 PM CET

A new part of HNS - reviews
The Reviews section has opened it's doors. Besides several old reviews we have a new one - Have You Locked the Castle Gate? a book by Brian Shea. Check it out! [more]
Monday, 19 August 2002, 4:01 PM CET

Wireless hackers take to the air
Australian hackers have taken the practice of looking for open wireless networks to new heights. [more]
Monday, 19 August 2002, 3:58 PM CET

More outside articles at HNS - Wireless
The "Wireless" section has been added to the list of Outside Articles. For the moment 21 articles are available. Check it out for all your wireless security needs. [more]
Monday, 19 August 2002, 3:46 PM CET

The White House and free software will guide the industry
We know that a focus on security is necessary, but can the government and the Free Software and Open Source communities agree on what that means? [more]
Monday, 19 August 2002, 3:42 PM CET

Virus Bulletin 2002 Conference Preview
Helen Martin, the editor of Virus Bulletin, gives a preview of this year's two day VB2002 Conference in New Orleans, that will be held in late September. [more]
Monday, 19 August 2002, 2:21 PM CET

Wireless Security and Hacking
This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools. [more]
Monday, 19 August 2002, 12:40 PM CET

Canadians steering clear of on-line shopping
The Leger Marketing survey found out that Canadians pass up up opportunities to buy their goods and services online because security-related worries. [more]
Monday, 19 August 2002, 12:35 PM CET

Microsoft security under fire, again...
Microsoft's commitment to security is being questioned after its inaction regarding two new reports of security vulnerabilities in its products, security experts say. [more]
Monday, 19 August 2002, 12:29 PM CET

Send Congress Back to School
Why lawmakers should stop legislating the Internet until they understand it better. [more]
Monday, 19 August 2002, 12:21 PM CET

XML firewalls aid services
Two technology companies are helping corporate users embrace XML-based information while ensuring the security and integrity of the messages that come into their systems. [more]
Monday, 19 August 2002, 12:14 PM CET

The best defence is a fine offence
Julie Huff, a systems architect at PRC, thinks that computers should not simply close the gate when threatened - they should take the offensive and give chase to intruders and begin counterattacks. [more]
Friday, 16 August 2002, 11:50 AM CET

Surviving the worst-case scenario
Until the widespread adoption of peer review becomes common in software development, our software will be developed by the equivalent of alchemists and witch doctors. [more]
Friday, 16 August 2002, 11:47 AM CET

E-mail can be key criminal evidence
E-mail messages and electronic files are a treasure trove of evidence for law enforcement officers, whether they are targeting terrorists, crooked CEOs or local drug dealers. [more]
Friday, 16 August 2002, 10:56 AM CET

Security software tops IT must-buy list
Security software, web-based applications and VPNs top the list of must-have purchases for U.S. and European IT departments, says the latest NOP/ Technology Confidence Barometer. [more]
Friday, 16 August 2002, 10:51 AM CET

Secure wireless workers
Companies need to continue getting more productivity from employees, the cost of wireless equipment to do this has never been lower. Now is a good time to setup secure remote corporate access. [more]
Friday, 16 August 2002, 10:50 AM CET

FBI agent charged with hacking
Russia’s counterintelligence service filed criminal charges against an FBI agent it says lured two Russian hackers to the US and illegally seized evidence against them by downloading data from their computers. [more]
Friday, 16 August 2002, 10:36 AM CET

Sleuths invade military pcs with ease
Security consultants entered scores of confidential military and government computers without approval, exposing vulnerabilities open the networks to electronic attacks and spying. [more]
Friday, 16 August 2002, 10:33 AM CET

Crypto lockdown secures lost laptop data
Stolen or lost laptops can now automatically encrypt all their data, thanks to new equipment that creates a wireless bond between the machine and its owner. [more]
Friday, 16 August 2002, 10:32 AM CET

Secure FTP 101
Here's a primer on secure FTP that will help you understand it's practical application. [more]
Friday, 16 August 2002, 10:30 AM CET

Configuring IPsec/IKE on Solaris
This article is the first of a three-part series that will examine IPsec and the key management protocol, IKE, and provide readers with an introduction on how to configure both protocols on a Solaris host. [more]
Friday, 16 August 2002, 10:24 AM CET

Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting "decryption oracle". [more]
Thursday, 15 August 2002, 12:39 AM CET

Is now a good time to be a hacker?
Aberdeen Group analyst Eric Hemmendinger told NewsFactor that despite federal government regulations and heightened awareness, hackers still stand a fair chance of avoiding authorities. [more]
Thursday, 15 August 2002, 12:39 AM CET

Computer security: hack attack
Experience shows networking of systems helps your business become more efficient. Such increased connectivity, however, leaves you and your organisation vulnerable to security breaches. [more]
Thursday, 15 August 2002, 12:38 AM CET

Twelve arrested in British swoop on Net child porn
Twelve people have been arrested after police raided 17 homes across Britain as part of a five-month investigation into child pornography on the Internet. [more]
Thursday, 15 August 2002, 12:36 AM CET

Security certifications decline
According to a new Cyber IQ Defense Report from Brainbench, the number of new security certifications obtained over an 8-month period has declined significantly. [more]
Thursday, 15 August 2002, 12:35 AM CET

The myth of cybersecurity
In late July, Richard Clarke said the technology industry was acting irresponsibly in selling computer network devices that remain remarkably easy to attack. [more]
Thursday, 15 August 2002, 12:33 AM CET

Security spend may remain unaffected
With the continued downturn in the IT sector IT managers are expected to remain cautious when it comes to IT spending, although spending on security may remain a lot more buoyant. [more]
Thursday, 15 August 2002, 12:28 AM CET

Glitch blacks out FBI’s Web sites
The FBI accidentally pulled the plug on its own Web sites on Tuesday morning. A misconfiguration in the bureau’s domain name setup meant that many visitors to could not get through. [more]
Thursday, 15 August 2002, 12:26 AM CET

Security pair work to protect P2P users
Security vendors, beginning to take the spread of peer-to-peer applications seriously, are marshaling their forces on two fronts in an effort to protect both P2P users and their employers. [more]
Thursday, 15 August 2002, 12:24 AM CET

HNS downtime
If you're wondering why we've been offline for the past 24 hours, it was due to a hard drive crash. Everything is hopefully fixed now. [more]
Thursday, 15 August 2002, 12:22 AM CET

White-Hat Hate Crimes on the Rise
When hackers broke into Ryan Russell's server and plastered his private e-mails and other personal files on the Internet last week, Russell tried to shrug it off as a harmless prank. [more]
Wednesday, 14 August 2002, 10:35 PM CET

Unlocking the Secrets of Crypto
This article will demystify crypto and break it down to simple tools that aid us in achieving satisfactory privacy and security. [more]
Wednesday, 14 August 2002, 10:31 PM CET

Are Virus writers getting scared away?
The first half of 2002 has been a quiet period for the computer experts on watch for worms and viruses, leaving some to trumpet their effectiveness even as their predictions of doom are now looking overblown. [more]
Wednesday, 14 August 2002, 10:27 PM CET

Security overload
New tools give agencies a leg up on security data management. [more]
Wednesday, 14 August 2002, 10:27 PM CET

Security flaw hits Windows, Mac, Linux
There is a flaw in communications software that can allow attackers to take over computers running Windows, Unix-based operating systems, and Mac OS X, as well as Kerberos authentication systems. [more]
Friday, 9 August 2002, 12:14 PM CET

Pornographer says he hacked al Qaeda
A self-proclaimed Web warrior says he enlisted in the United States' war on terror by mounting an incursion into an Internet site said to be run by al Qaeda. [more]
Friday, 9 August 2002, 9:46 AM CET

Student to demonstrate security flaw in Xbox
Former MIT doctoral student Andrew "Bunnie" Huang will present a paper explaining a security flaw in the Microsoft Xbox videogame system. [more]
Friday, 9 August 2002, 9:29 AM CET

Simplicity is key to keeping code secure
Paul Kocher, president of Cryptography Research, told the Usenix Security Symposium in San Francisco that more powerful computer systems and complex code will be a growing cause of insecure networks. [more]
Friday, 9 August 2002, 9:25 AM CET

NASA investigating hacker theft of sensitive documents
NASA cybercrime investigators are looking into the theft of militarily significant design documents pertaining to the next generation of reusable space vehicles. [more]
Friday, 9 August 2002, 1:07 AM CET

Google fixes security flaws in search toolbar
Browser add-on contained holes that could have allowed an attacker to execute scripts on affected PCs. [more]
Friday, 9 August 2002, 1:05 AM CET

Time for Open-Source to Grow Up
The OpenSSH backdoor demonstrates that the community must get pragmatic about package verification, and fast. [more]
Friday, 9 August 2002, 1:03 AM CET

Attacking Nimda-infected attackers
A presentation at Blackhat by Tim Mullen of AnchorIs, offering a novel treatment for the Nimda worm, has caused controversy because it involves taking unauthorized actions against the offending box. [more]
Friday, 9 August 2002, 12:53 AM CET

Skin chips
A new biometric technology may soon lead to safer handguns. [more]
Friday, 9 August 2002, 12:51 AM CET

Feds Chide Microsoft's Passport
The Federal Trade Commission issued a proposed consent order with Microsoft over complaints that the company falsely represented the security and privacy provisions in its Passport family of services. [more]
Friday, 9 August 2002, 12:50 AM CET

Shatter Attacks - How to break Windows
This paper presents a new generation of attacks against Windows, and possibly other message-based windowing systems. [more]
Thursday, 8 August 2002, 10:13 AM CET

A big LOL for FBI alert
An FBI computer security agency predicts a fierce cyberattack Tuesday morning. The perpetrator? A group of Italian kids just as confused as the G-men, who seem to have created their own crisis. [more]
Thursday, 8 August 2002, 9:58 AM CET

OECD publishes cyber-security guidelines
The Organization for Economic Cooperation and Development updated its principles on security of information systems and networks, here are the latest guidelines. [more]
Thursday, 8 August 2002, 9:54 AM CET

Irish Honeynet attracts Trojan Horses
An Irish decoy computer network set-up to study would-be cyber attackers was hit over 350 times in June with many of the attacks being Trojan Horses. [more]
Thursday, 8 August 2002, 9:51 AM CET

Data security needs staff effort
Companies that have spent millions of rand on network and data security will be horrified to learn that 80% of their employees will happily divulge their passwords and log-on details to a stranger. [more]
Thursday, 8 August 2002, 9:50 AM CET

Microsoft's Palladium: the real deal?
While Palladium group product manager Mario Juarez described the project as the evolution of Windows, analysts were skeptical about the demand for it. [more]
Thursday, 8 August 2002, 9:49 AM CET

Database security breaches on the increase
Direct security breaches against databases appear to be on the rise, according to the recently released Summer 2002 Database Developers survey from research firm Evans Data Corp. [more]
Thursday, 8 August 2002, 9:48 AM CET

Researcher: Biometrics Unproven, Hard To Test
Just how accurate are the face identification systems being rolled out around the country? Testing them is harder than it looks. [more]
Thursday, 8 August 2002, 9:45 AM CET

Lucent offers novel authentication tool
Researchers at Lucent Technologies Inc.'s Bell Labs have developed a new authentication technology that experts say could greatly improve the security of enterprise networks. [more]
Thursday, 8 August 2002, 9:44 AM CET

Advancing Wireless LAN Security
An intriguing solution surfaces for both the "WEP Key Problem" and the presence of rogue access points. [more]
Thursday, 8 August 2002, 9:42 AM CET

Infranet: Circumventing Web Censorship and Surveillance
Many countries and companies block or monitor access to parts of the Internet. To counteract these measures there's Infranet, a system that enables to retrieve sensitive content via cooperating Web servers. [more]
Wednesday, 7 August 2002, 9:59 AM CET

A General and Flexible Access-Control System for the Web
This article describe the design, implementation, and performance of a new system for access control on the web. [more]
Wednesday, 7 August 2002, 9:54 AM CET

Digital privacy: A curmudgeon's guide
Are you a data curmudeon? Are you so wired that you're obsessive about protecting your personal information? Here are ways to fight this losing battle. [more]
Wednesday, 7 August 2002, 9:14 AM CET

Identity thieves: make an arresting development
Every few weeks, there is a story online, in print or on television about how a nice Midwestern couple got their bank account stripped bare and their credit wrecked. [more]
Wednesday, 7 August 2002, 9:12 AM CET

Record tampering at uni prompts security warning
A finding that 11 students at the University of Technology, Sydney, had paid to have fail marks deleted from the record had shown that all NSW universities were vulnerable to mark tampering. [more]
Wednesday, 7 August 2002, 9:11 AM CET

Don't legalize hacking by record companies
There is a bill in Congress that would allow media companies to sabotage Napster-style networks. Will it stop there? [more]
Wednesday, 7 August 2002, 9:07 AM CET

Analyst: Microsoft on verge of security blitz
Microsoft is poised for an onslaught into the security software market that could displace many of the sector's leading vendors, IDC analyst Chris Christiansen forecast Tuesday. [more]
Wednesday, 7 August 2002, 9:03 AM CET

Attack prompts U.S. Internet watch
The government was monitoring a series of electronic attacks launched early Tuesday against US Internet providers, hours after European authorities passed warnings to the FBI predicting the attacks. [more]
Wednesday, 7 August 2002, 9:02 AM CET

Confessions of a scam artist
Before his 16th birthday, Hue had stolen $5,000 running auction scams on Yahoo and eBay. It was child’s play. [more]
Wednesday, 7 August 2002, 9:01 AM CET

BTopenwoe gives up punter's home addresses
A security gaffe by BT means that if you know someone's BT Click email address you can find their place of residence. [more]
Wednesday, 7 August 2002, 8:56 AM CET

Microsoft puts security to the test
What do you do when your hobby - security - becomes your job? You chase other people whose hobby is hacking. [more]
Tuesday, 6 August 2002, 3:11 PM CET

Hacker risks jail at Def Con
When Adam Bresson showed how to make copies of copyright-protected videos in a speech at Def Con, he realised he was risking arrest for violating US copyright laws. [more]
Tuesday, 6 August 2002, 1:42 PM CET

Instant Headache
The rapidly expanding use of instant messaging is introducing new security challenges to enterprise networks. [more]
Tuesday, 6 August 2002, 12:37 PM CET

E-mail encryption: why isn't everyone doing it?
By some estimates, nearly one of every seven people on earth - over 900 million people - now has access to e-mail. And the vast majority have no sort of e-mail protection. [more]
Tuesday, 6 August 2002, 12:14 PM CET

Post to Bugtraq - Go to Jail
HP's ill-advised DMCA threat actually had a few legal teeth. Will federal prosecutors soon start chomping at bug finders? [more]
Tuesday, 6 August 2002, 12:12 PM CET

College seeks security in thumbs
It's down with passwords and up with thumbs for a school in Iowa trying to keep its data safe. [more]
Tuesday, 6 August 2002, 12:10 PM CET

Putting fun back into hacking
At Def Con, the annual capture-the-flag tournament captivates players and spectators with a new back story, snazzy graphics and a tougher scoring system. [more]
Tuesday, 6 August 2002, 11:56 AM CET

Security pros develop flaw database
A new database will allow anyone to access information on vulnerabilities, addressing worries about limits on company-owned data. [more]
Tuesday, 6 August 2002, 11:52 AM CET

DEA Data Thief Pleads Guilty
Fed who fled to Mexico faces up to two years in custody for peddling law enforcement database. [more]
Tuesday, 6 August 2002, 11:51 AM CET

Internet hacker gets suspended jail term
The Criminal Court gave a 23-year-old computer hacker a suspended jail term of two years and eight months and fined him for fraudulent use of another person's credit card account over the Internet. [more]
Tuesday, 6 August 2002, 11:46 AM CET

The new face of security
Five Cyber Corps recruits reflect the changing culture of government security. [more]
Tuesday, 6 August 2002, 11:44 AM CET

HNS Newsletter issue 122 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 5 August 2002, 10:41 AM CET

Def Con: Va-Va-Va Voom, Las Vegas
The world's largest and certainly wackiest underground security convention is less a boy's club than previous years, but the rare sight of a woman hacker still gets those geek hormones raging. [more]
Monday, 5 August 2002, 10:37 AM CET

Fortifying Your Firewalls
A simple trick in configuring firewalls can make the Internet more secure - all by blocking arbitrary external accesses. [more]
Monday, 5 August 2002, 10:32 AM CET

Fed plea: Stop security leaks
Security researchers and hackers who find vulnerabilities need to realize that discretion is more important than valor, several federal security experts said at the Defcon hacking conference here this weekend. [more]
Monday, 5 August 2002, 10:31 AM CET

Internet banking, is it really safe and worth it?
Is online banking really safe? Consider the benefits it provides: There is the ability to pay your bills online without the need of going to the. However, its useful convenience is tempered by security issues. [more]
Monday, 5 August 2002, 10:29 AM CET

Wireless Security: An IP VPN Conspiracy Theory
Why don't carriers want you to use encryption? [more]
Monday, 5 August 2002, 10:27 AM CET

Computer vigilantes target hackers
Striking back against a computer that is attacking you may be illegal under US law, but a researcher says people should be allowed to neutralise one that is spreading destructive Internet worms like Nimda. [more]
Monday, 5 August 2002, 10:23 AM CET

Site 'hypes' Linux hacks
Chris Hegan, general manager of Auckland Linux consultancy Asterisk, says the survey, by British self-described "digital risk specialist" Mi2g, amounts to scaremongering. [more]
Monday, 5 August 2002, 10:22 AM CET

Old game machine turned into Linux hacker tool
Security researchers at the Defcon hacker conference turn Dreamcast consoles and other innocuous gadgets into stealthy network monitoring devices. [more]
Monday, 5 August 2002, 10:21 AM CET

Pakistan steps up cyber attacks against India
After cross-border terrorism, Pakistan has opened up a new front against India - cyber attacks. [more]
Monday, 5 August 2002, 10:18 AM CET

How the GhettoHackers teach security
The founders of GhettoHackers say its members teach others how to crack security only to find flaws so that defenses can be hardened. They are the good guys. [more]
Friday, 2 August 2002, 2:17 PM CET

Government against full disclosure of vulnerabilities
The government wants hackers to search for vulnerabilities, but also wants them to only pass information they find on to software vendors and the government, not to the rest of the security community. [more]
Friday, 2 August 2002, 12:23 PM CET

Proprietary Certificates
Certificates play an essential role in public-key cryptography and are likely to become a cornerstone of commerce related applications. In this paper, we introduce the notion of proprietary and collateral certificates. [more]
Friday, 2 August 2002, 10:58 AM CET

Advanced Log Processing
This article offers a brief overview of log analysis, particularly: log transmission, log collection and log analysis. It will also briefly touch upon log storing and archival. [more]
Friday, 2 August 2002, 10:46 AM CET

Is security a man's world?
By creating a women-only conference, members of the SANS institute thought they’d found a clever way to attract an extra 50 percent of the population. Instead they unleashed a fury. [more]
Friday, 2 August 2002, 10:45 AM CET

The web's most wanted
The hacking community from Cardiff to California has declared war on cyber crime investigators who are led by the FBI. [more]
Friday, 2 August 2002, 10:20 AM CET

Hacking up the truth on the internet
Sometimes what seems to be a respected source of reliable information is actually a clever scheme to manipulate people, suggests Dartmouth Thayer School of Engineering Professor George Cybenko. [more]
Friday, 2 August 2002, 10:18 AM CET

HP backs off DMCA threat
Hewlett-Packard abandoned legal threats it made against security analysts who publicized flaws in the company's software. [more]
Friday, 2 August 2002, 10:15 AM CET

Hacker rings cracked in Italy
Tipped off by American officials, Italian police shut down two rings of hackers who attacked Web sites belonging to the U.S. Army and NASA as well as Web sites in Italy. [more]
Friday, 2 August 2002, 10:14 AM CET

Summer surprises with virus relief
Central Command has reported that the number of virus attacks it tracks fell in July compared with June--the first time this year that reported virus infections dropped month-on-month. [more]
Friday, 2 August 2002, 10:13 AM CET

OpenSSH trojaned
Edwin Groothuis sent an email to the Incidents mailing list in which he says that the OpenSSH package on and its mirrors is trojaned. [more]
Thursday, 1 August 2002, 5:43 PM CET

Vegas braces for the hackers
It's time once again for Def Con, the infamous hacking convention where mysterious incidents - like smoking swimming pools and FBI arrests of Russian programmers - are more commonplace than not. [more]
Thursday, 1 August 2002, 11:40 AM CET insecure about security?
Where there is e-commerce, there will be security holes. Online bookseller knows this well - just don't tell them when they have one. Or six. [more]
Thursday, 1 August 2002, 11:36 AM CET

Sandstorm launches NetIntercept 1.1
NetIntercept 1.1 is a network forensics and analysis tool for FreeBSD. It debuted at GOVSEC in Washington DC. Demonstrations included the patent-pending decryption of SSH2 traffic. [more]
Thursday, 1 August 2002, 11:32 AM CET

Defense Department to impose limits on wireless devices
The Defense Department is imposing new limits on its workers' use of the latest generation of wireless devices inside military buildings. [more]
Thursday, 1 August 2002, 11:25 AM CET

Monitor Linux routers and firewalls with MRTG
MRTG doesn't have all the bells and whistles of commercial monitoring software, but it does the job well and is definitely worth considering as part of your network monitoring activities. [more]
Thursday, 1 August 2002, 11:21 AM CET

Agents pass on al Qaeda site hijacked for FBI
When Web operator Jon Messner gained control of one of al Qaeda's prime Internet communication sites, he offered it to the FBI to use it for disinformation and collecting data about sympathizers. [more]
Thursday, 1 August 2002, 11:19 AM CET

Securing Linux 101
Kopmanis provides some methods, lessons, and checklists for detecting blackhats, then securing your Linux box. [more]
Thursday, 1 August 2002, 11:17 AM CET

Nmap Security Scanner version 3.00 has been released
Version 3.00 is the first "stable" release since 2.53 (May 2000). It's recommended that all current users upgrade. Improvements from 39 public beta releases have gone into this version. [more]
Thursday, 1 August 2002, 11:09 AM CET

Richard Clarke points finger of blame
Software makers and Internet service providers must share the blame for the nation's vulnerable networks, according to President Bush's special adviser on cyberspace security Richard Clarke. [more]
Thursday, 1 August 2002, 11:03 AM CET

When Dreamcasts Attack
White hat hackers use game consoles, handheld PCs to crack networks from the inside out. [more]
Thursday, 1 August 2002, 11:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Aug 28th