Off the Wire

Off The Wire Archive

News items for August 2005

Web apps with Tiger: security and MySQL
In this second part of "Web Apps with Tiger", we'll be focusing on protection. [more]
Wednesday, 31 August 2005, 3:01 PM CET

Hacker fear boosts IT security spending
Appliance and software sales continue to climb. [more]
Wednesday, 31 August 2005, 2:45 PM CET

A surefire cure for spam
Eliminate spam by eliminating spammers. Simple, clean, and certain. [more]
Wednesday, 31 August 2005, 2:28 PM CET

Understanding security in IE 6 in Windows XP SP2
This paper examines the state of Web browser security according to Microsoft and the correlation between a browser’s vulnerability and its advanced functionality. [more]
Wednesday, 31 August 2005, 2:26 PM CET

Three spammers face obscenity and CAN-SPAM charges
Three spammers were indicted in Pheonix last week for sending obscene spam in violation of US anti-spam regulations. [more]
Wednesday, 31 August 2005, 2:24 PM CET

Protecting your network from its own endpoints
This paper describes how network attacks are increasingly leveraging internal endpoints to gain a foothold and propagate. [more]
Wednesday, 31 August 2005, 2:23 PM CET

Flaws revealed in Adobe Version Cue
Company has issued a patch for vulnerabilities. [more]
Wednesday, 31 August 2005, 2:19 PM CET

CISSP vs. CCISP creating confusion for certification holders
"I am strongly concerned that the acronym is too close to the CISSP," said J.P. Vossen, a CISSP and integration manager for Counterpane Internet Security. [more]
Wednesday, 31 August 2005, 2:14 PM CET

Interview with Def Con CTF winning team member Vika Felmetsger
Richard Bejtlich interviews a member of Giovanni Vigna's team. [more]
Wednesday, 31 August 2005, 2:11 PM CET

HP warns of flaw in network management product
The flaw affects HP OpenView's Network Node Manager. [more]
Wednesday, 31 August 2005, 1:58 PM CET

Net security plans sow confusion
Vendors are developing such a wealth of products and security architectures for keeping potentially infected machines off the network and shutting down badly behaving ones that customers might have trouble figuring what is best for them, experts say. [more]
Wednesday, 31 August 2005, 1:52 PM CET

Disposable credit card? That'll do nicely
Permanent TSB and Visa are encouraging Irish shoppers to go online with the launch of a new disposable credit card voucher. [more]
Wednesday, 31 August 2005, 1:50 PM CET

Home users rush for data protection
Opportunities abound in a growing market, reports analyst. [more]
Tuesday, 30 August 2005, 5:31 PM CET

Movie studios poised for piracy gight
A now-famous AT&T Labs report, "Analysis of Security Vulnerabilities in the Movie Production and Distribution Process," revealed that of a total of 285 movies sampled on P2P networks, 77 percent were leaked by industry insiders. [more]
Tuesday, 30 August 2005, 5:01 PM CET

Integrating automated patch and vulnerability management into an enterprise-wide environment
This article explores the trends that are creating requirements for a strategic - rather than a tactical - approach to information security, patch and vulnerability management among public and private sector organizations. [more]
Tuesday, 30 August 2005, 4:04 PM CET

Ten-minute guide to network security
Keeping your network secure is a time-consuming job. But it needn't be that tough - for help, follow our ten-minute guide to get you started on keeping your network safe. [more]
Tuesday, 30 August 2005, 3:40 PM CET

Networking giant sets site on security intelligence
Cisco shops hunting down vulnerabilities or seeking to mitigate threats may now have help with their aim. [more]
Tuesday, 30 August 2005, 3:38 PM CET

Altering images with Biometrics to thwart hackers
A trick reminiscent of a fun-house mirror might improve the security and privacy of the access-control technology that examines fingerprints, facial features, or other personal characteristics. [more]
Tuesday, 30 August 2005, 3:36 PM CET

'Loverspy' program creator indicted, on the run
The creator of Loverspy, software to surreptitiously observe individuals' online activities, has been indicted for allegedly violating federal computer privacy laws, local and federal authorities announced Friday. [more]
Tuesday, 30 August 2005, 3:31 PM CET

Malware may hide behind long names in Windows registry
Malware may hide behind long names in Windows registry. [more]
Tuesday, 30 August 2005, 3:22 PM CET

Moving beyond the traditional firewall
"The firewall is a useless doorstop unless it is configured correctly," said Stuart McIrvine, IBM's director of security strategy. "How do you correlate potential security events as they happen? Is a multiphased attack going on? You can't see that by just looking at the firewall." [more]
Tuesday, 30 August 2005, 3:19 PM CET

Zotob suspects arrested in Turkey and Morocco
Law enforcement officials in Turkey and Morocco arrested two men in connection with the recent release of the Zotob worm. [more]
Tuesday, 30 August 2005, 3:18 PM CET

Security experts stake out Windows spyware hiding place
The case of the undectectable spyware. [more]
Tuesday, 30 August 2005, 3:18 PM CET

Infineon chips in with Xbox 360 security part
Infineon will provide memory chips and a wireless controller for Microsoft's Xbox 360 console. [more]
Tuesday, 30 August 2005, 3:16 PM CET

Preventing log evasion in IIS
Logs can be extremely valuable in identifying if an attack was successful or not, as well as some of the exact commands that an attacker may have executed. [more]
Monday, 29 August 2005, 4:18 PM CET

Product-based security vs. service-based security
Security vendors today can follow either of two different models: they can sell a product (a firewall, an encryption program, etc.) that your company pays for upfront, or they can sell a service that incurs an ongoing fee. [more]
Monday, 29 August 2005, 4:16 PM CET

Windows Server 2003 authentication: under the hood
This webcast focuses on the nuts and bolts of the Kerberos authentication protocol: the basic protocol exchanges, the protocol's strengths and its operation in a single- and multi-domain environment. [more]
Monday, 29 August 2005, 4:15 PM CET

How secure are you really?
When the results of InformationWeek Research's annual Information Security Survey came in, we were surprised to see that 84% of survey participants don't believe their organizations are more vulnerable to malicious-code attacks and security breaches than a year ago [more]
Monday, 29 August 2005, 4:10 PM CET

The 'virtual' way to better wireless security
I've always found the vernacular used in computing very interesting. [more]
Monday, 29 August 2005, 4:05 PM CET

Intel eyes Wi-Fi security
Intel is developing a way to locate a Wi-Fi user. [more]
Monday, 29 August 2005, 4:02 PM CET

Fighting cyberattacks by sharing information
New service must overcome companies' unwillingness to share even anonymous data. [more]
Monday, 29 August 2005, 11:36 AM CET

Where the hackers are looking these days
Hackers are looking beyond the operating system to gain access to computers, and they're increasingly targeting Web browsers, E-mail clients, and other applications and client software. [more]
Monday, 29 August 2005, 11:31 AM CET

Are women safer surfers than men?
Today we bring you another daft, self-serving survey of Internet users that marketing types have used to generate some headline grabbing statistics. [more]
Monday, 29 August 2005, 11:28 AM CET

Chinese websites attack US Defence networks
Websites in China are being used to launch attacks on US Defence Department computer networks and other US agencies, according to reports in the Washington Post. [more]
Friday, 26 August 2005, 3:37 PM CET

Three indicted in U.S. spam crackdown
The accused could face long prison sentences if convicted by a grand jury in Arizona. [more]
Friday, 26 August 2005, 3:34 PM CET

Distance detection may help secure Wi-Fi
Technology could prevent unauthorised access. [more]
Friday, 26 August 2005, 3:21 PM CET

Live on television, a worm attacks
"There were some high-profile customers that were attacked by the worm," said Debby Fry Wilson, director of Microsoft's Security Response Center. [more]
Friday, 26 August 2005, 3:17 PM CET

Cybercrooks lure citizens into international crime
Consumer-level financial fraud has been around since thieves first thought to filch blank checks from mailboxes. [more]
Friday, 26 August 2005, 3:16 PM CET

Microsoft to release antiphishing tool before IE 7
Phishing filter will be available for IE 6 running on Windows XP with SP2 installed. [more]
Friday, 26 August 2005, 2:59 PM CET

Protecting your email network with a layered security architecture
In this webcast Sendmail will explain the four basic layers of email security architecture, typical security gaps in complex email networks and how to fix them, and best practices to improve email security in a multi-vendor environment. [more]
Friday, 26 August 2005, 2:55 PM CET

The GIMP threatens PIN number security
This must be a first: Linux image manipulation programme the GIMP has been fingered as a possible tool in uncovering people's PIN numbers as sent through the post. [more]
Friday, 26 August 2005, 2:45 PM CET

Consistent voice needed on security issues, says TechNet
Zannetos seeks to articulate industry views to Congress. [more]
Friday, 26 August 2005, 1:52 PM CET

Detect weak network passwords with Hydra
Hydra is a network login cracker for more than 30 network services. [more]
Friday, 26 August 2005, 1:32 PM CET

An introduction IP spoofing
IP spoofing is a technique used to gain unauthorized access to computers. [more]
Friday, 26 August 2005, 1:29 PM CET

Global phishing outbreak hits four banks
Thieves get busy. [more]
Friday, 26 August 2005, 1:24 PM CET

In any language, IM worm a pain
A new "multiple language" smart worm is spreading through Instant Messaging, checking system settings of IM clients and then sending messages in the appropriate language. [more]
Thursday, 25 August 2005, 11:37 AM CET

Is the Real ID Act the real deal for ID security?
Is the Real ID Act a step toward a safer society or a threat to the liberties we hold dear? [more]
Thursday, 25 August 2005, 11:36 AM CET

Developing secure software is a management issue
When security vulnerabilities in a vendor's software are exploited, significant costs are faced by the vendor and its software users. [more]
Thursday, 25 August 2005, 11:32 AM CET

Microsoft vows to play nice with security chip
Windows Vista eases privacy concerns over security chip. [more]
Thursday, 25 August 2005, 11:32 AM CET

Ensuring apps security from the get-go
Closing the gap between developers and users is is the first step toward making sure applications are secure. [more]
Thursday, 25 August 2005, 11:30 AM CET

Three burning IT security issues
Jay Heiser, conference co-chairman and Gartner vice-president, shares his insight on three burning IT security issues ahead of the Gartner IT Security Summit 2005. [more]
Thursday, 25 August 2005, 2:23 AM CET

Why you need to add “protect domain name” to the security checklist
Domain name hijacking broadly refers to acts where a registered domain name is misused or stolen from the rightful name holder. [more]
Thursday, 25 August 2005, 2:18 AM CET

Phishers and security firms in malware 'arms race'
Conventional phishing attacks launched via spam messages are becoming eclipsed by sophisticated malware. [more]
Thursday, 25 August 2005, 2:05 AM CET

Zotob worms can affect XP computers
Microsoft admitted that the Zotob worm and similar worms could also affect certain Windows XP computers in a security advisory issued on Tuesday. [more]
Thursday, 25 August 2005, 1:54 AM CET

Spyware eyes bigger bucks
Spyware is getting more dangerous and has become a greater threat for the enterprise, according to the latest quarterly state of spyware report from Webroot Software. [more]
Thursday, 25 August 2005, 1:46 AM CET

VoIP emerging as next spam entryway
The challenge in building VoIP anti-spam tools is finding algorithms that can determine if calls are generated by humans or machines. [more]
Wednesday, 24 August 2005, 4:39 PM CET

They spy with their malicious eye
Spyware are programs that monitor user activity and subsequently transmit user information to remote servers. [more]
Wednesday, 24 August 2005, 1:43 PM CET

Advice on assessing your IT security posture
Most people will agree that Information Technology (IT) is changing or altering business processes and work environments at a dizzying pace. Unfortunately for those responsible for maintaining the security posture of these processes and environments, security changes faster. [more]
Wednesday, 24 August 2005, 1:40 PM CET

Banks abandoning SSL on home page log-ins
Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time. [more]
Wednesday, 24 August 2005, 5:21 AM CET

Microsoft find spam bill hard to swallow
The US executive charged with leading Microsoft's global drive against spam and phishing frauds paid a flying visit to Wellington last week to try to talk the Government out of passing its proposed anti-spam bill in its current form. [more]
Wednesday, 24 August 2005, 4:57 AM CET

Cisco patches IDS software, sensors against spoofing
A vulnerability in Cisco's security monitors could let attackers spoof the network giant's intrusion detection software and sensors, the company reveals in multiple security advisories. [more]
Wednesday, 24 August 2005, 4:46 AM CET

"Donnie Brasco" unveils new security cameras
The retired undercover FBI agent who infiltrated the Bonanno Crime Family will unveil one of the latest tools in the arsenal of homeland security products Wednesday. [more]
Wednesday, 24 August 2005, 4:39 AM CET

Not all security pros are equal
Experts warn that organizations should look for a lot more than certifications before allowing someone to protect their corporate assets. [more]
Wednesday, 24 August 2005, 4:29 AM CET

A layered approach to network security
Fresh off a company conference call where the primary topic was this week's Windows Plug and Play worm, Arun DeSouza was asked for his thoughts on this most recent major attack on the operating system. [more]
Wednesday, 24 August 2005, 4:20 AM CET

Advanced vulnerability management
When security administrators think about vulnerability management, they think about the cool tools at their disposal. But running scans does not make for a good vulnerability management process. [more]
Wednesday, 24 August 2005, 3:53 AM CET

Ideal-to-realized security assurance in cryptographic keys (part 2)
In the final installment of this two-part series, we'll cover two closely related collision attacks - the birthday attack and the meet-in-the-middle attack. [more]
Wednesday, 24 August 2005, 3:19 AM CET

CA patches security flaws in multiple products
Computer Associates [CA] has issued patches to fix security flaws involving its Message Queuing software that affect many of its products. [more]
Wednesday, 24 August 2005, 3:11 AM CET

Identity management architectures and digital identity
After some analysis, you've decided that your company needs to beef up its digital identity infrastructure. [more]
Tuesday, 23 August 2005, 3:54 PM CET

Spyware plague goes corporate
20 per cent increase in incidents during the last quarter. [more]
Tuesday, 23 August 2005, 3:05 PM CET

Sarbanes-Oxley seen as biggest IT time waster
Deployment of unproven technologies also ranked as potential waste of time in IBM user group poll. [more]
Tuesday, 23 August 2005, 3:04 PM CET

US tops poll of spyware purveyors
Spyware purveyors are expanding their distribution channels and adopting new tactics in a bid to cash-in by infesting more PCs with parasitic malware. [more]
Tuesday, 23 August 2005, 2:21 PM CET

Crimeware epidemic spreading fast
Epic battle shaping up between phishers and counter-phishers. [more]
Tuesday, 23 August 2005, 2:20 PM CET

Malicious hackers turn on each other
In the early days of computer attacks, when bright teens could bring down corporate systems, the point was often to trumpet a malicious hacker's success. No longer. [more]
Tuesday, 23 August 2005, 2:15 PM CET

'Ethical hackers' recruited
A new generation of "ethical hackers" are to be trained in Wales to test and protect the world's computer security systems. [more]
Tuesday, 23 August 2005, 2:12 PM CET

Legal disassembly
When Michael Lynn went to give a presentation at Black Hat, little did he know he would ignite a legal firestorm questioning whether even the act of looking for security vulnerabilities violates the law. [more]
Tuesday, 23 August 2005, 2:04 PM CET

Sun kicks off open DRM project
Open digital rights technology aimed at furthering digital content. [more]
Tuesday, 23 August 2005, 2:00 PM CET

EarthLink goes security shopping
Earthlink said that it bought the assets of anti-spyware maker Aluria Software. [more]
Tuesday, 23 August 2005, 1:53 PM CET

Best practices for wireless security and management
Learn best practices for deploying, managing, and securing enterprise wireless handheld fleets. [more]
Tuesday, 23 August 2005, 1:51 PM CET

Information security in campus and open environments
This article is geared towards techies at libraries and schools and will attempt to address common security problems that may pop up at these institutions. The author gears the solutions towards Open Source, freeware, and base operating system security in a Windows XP/2k environment. [more]
Tuesday, 23 August 2005, 12:33 PM CET

US Air Force scrambles after privacy breach
The US Air Force has been forced to notify more than 33,000 airmen that their personal details might have been exposed following the discovery of a computer security breach. [more]
Tuesday, 23 August 2005, 11:36 AM CET

ID theft spyware scam uncovered
Thousands of computer users have been caught out by a huge ID theft ring. [more]
Tuesday, 23 August 2005, 11:31 AM CET

Beware and be aware of rootkits
Attackers are increasingly turning to stealthy rootkits to keep anti-virus vendors from detecting and deleting malicious worms or Trojan horses, a Russian security firm said Monday. [more]
Tuesday, 23 August 2005, 11:30 AM CET

Intellectual property is focus at new job
Our security manager starts a new position with a mandate to keep company IP from walking out the door. [more]
Tuesday, 23 August 2005, 11:26 AM CET

Wireless wiretapping
A Federal Communications Commission (FCC) announced earlier this month that it intends to expand a mid-1990s ruling that allows law enforcement officers to wiretap conventional phone lines. [more]
Monday, 22 August 2005, 12:46 PM CET

FBI uses cyber lab to catch sexual predators
The New Haven-based lab is also used to investigate more sophisticated computer crimes, including Internet and credit card fraud, identity and intellectual property theft, and hacking. [more]
Monday, 22 August 2005, 12:45 PM CET

Veritas users cry foul over security info
Veritas may have been taken over by security giant Symantec, but end users have been left wanting better notification in the wake of a critical vulnerability with its backup software. [more]
Monday, 22 August 2005, 12:43 PM CET

Net access security plans sow confusion
The worms that threatened Win­dows computers last week made clear once again that vulnerable desktops and laptops pose a serious threat. [more]
Monday, 22 August 2005, 12:16 PM CET

Cybercrime flourishing in Russia, Romania
Romania, along with Russia, is a hotbed of computer crime. [more]
Monday, 22 August 2005, 12:15 PM CET

Hackers rob online gamers
Game cheating reaches a new low. [more]
Monday, 22 August 2005, 12:14 PM CET

Questions surround smartphone security
Wireless vendors are rolling out a new generation of handheld computers called smartphones for corporate users, but many network executives say they won't consider them until the means to manage and secure them are clear. [more]
Monday, 22 August 2005, 12:13 PM CET

Eye-witness account of a global virus outbreak
On Sunday the 14th we found a new virus around noon... [more]
Monday, 22 August 2005, 12:11 PM CET

Comments on network anomaly detection system article
Richard Bejtlich was asked to comment on Paul Proctor's new article in the August 2005 Information Security magazine, titled A Safe Bet?. [more]
Monday, 22 August 2005, 12:09 PM CET

Hundreds of Stanford University web sites defaced
A crew of brazilian defacers known as Unknown Core penetrated a server belonging to the university of Stanford and defaced 306 sites. [more]
Monday, 22 August 2005, 12:47 AM CET

Germany launches IT security initiative
Interior minister says companies need to do more to protect systems. [more]
Monday, 22 August 2005, 12:45 AM CET

"Hack"-door admissions
A number of prestigious colleges and universities across the country have discovered they are being hacked at an alarming rate. [more]
Monday, 22 August 2005, 12:44 AM CET

What is ClamXav (and do Mac users really need antivirus?)
ClamXav is a free virus checker for Mac OS X. [more]
Monday, 22 August 2005, 12:39 AM CET

Windows spyware survival tools
The popular and free Lavasoft AdAware and Spy-Bot Search and Destroy anti-spyware programs do a decent job of removing spyware after it has already been installed, but aren't much help in keeping spyware from getting onto a system in the first place. [more]
Friday, 19 August 2005, 7:58 PM CET

Desktop security threats
With security threats growing, it is imperative to have a multi-layered security solution that is fast, strong and nimble. [more]
Friday, 19 August 2005, 10:20 AM CET

New zero-day IE bug can give attackers control
Microsoft's Internet Explorer browser appears vulnerable to an unpatched bug similar to one fixed last week, according to several security vendors. [more]
Friday, 19 August 2005, 10:16 AM CET

Apple security update re-issued
Apple Computer re-releases its massive Mac OS X security update after the upgrade broke 64-bit applications. [more]
Friday, 19 August 2005, 10:12 AM CET

Strategies for protecting laptop data
Any machine that has the potential to hold sensitive data or e-mail should be encrypted. [more]
Friday, 19 August 2005, 5:26 AM CET

Cisco issues hacker patch
Cisco has released a patch for its Cisco Clean Access (CCA) software, which is designed to seek out unsafe hardware on a network. [more]
Friday, 19 August 2005, 4:26 AM CET

Microsoft issues Zotob cleaning tool
Microsoft late Wednesday rushed out a new version of its Windows Malicious Software Removal Tool as one response to a bot worm attack that began earlier this week. [more]
Friday, 19 August 2005, 3:52 AM CET

Consumer worries about online security on the rise
Survey finds that recent security and data-loss incidents have taken their toll on consumer confidence in E-commerce. [more]
Friday, 19 August 2005, 3:32 AM CET

Secure Computing to acquire CyberGuard
Secure Computing announced it had reached an agreement to acquire CyberGuard for approximately $295 million, [more]
Friday, 19 August 2005, 3:21 AM CET

Finns urge better Wi-Fi security after bank break-in
Finland called on its citizens to take more care securing their Wi-Fi networks. [more]
Friday, 19 August 2005, 2:59 AM CET

Warily watching worm variants
While security firms continue to debate the severity of the Zotob worm plaguing the Windows Plug-and-Play vulnerability, hackers have released a new wave of worms aimed at taking over PCs running the nearly ubiquitous operating system. [more]
Friday, 19 August 2005, 2:56 AM CET

First and foremost, security must make business sense
Return on investment analysis is useful, but prioritizing security projects and focusing on business objectives are necessities. [more]
Friday, 19 August 2005, 2:42 AM CET

Security ignores enemies within
Half of all data theft carried out by employees. [more]
Friday, 19 August 2005, 2:41 AM CET

Development tool security hole threatens Internet apps
A security hole in a popular development tool has severe implications for a number of the Internet's most popular applications, including Gmail, Flikr and MSN Virtual Earth. [more]
Friday, 19 August 2005, 2:23 AM CET

Implementing principle of least privilege
This article will go over some of the most common configurations that you can make to implement these principles and reduce the possibility of an attack from a typical end user. [more]
Friday, 19 August 2005, 2:06 AM CET

Adware makers sues naughty affiliates
But it's still adware, warns researcher. [more]
Thursday, 18 August 2005, 12:25 PM CET

Man logs into customer account shocker
Blind chance has helped to expose a password security issue at over the way it and many other online retailers deal with forgotten passwords. [more]
Thursday, 18 August 2005, 12:15 PM CET

Copy-protection gear sneaks into products
Controversial copy-protection technology is quietly being added to e-books, CDs, DVDs and other products. [more]
Thursday, 18 August 2005, 7:02 AM CET

Virus writers moving faster with attacks
Companies struck by worms this week are back to normal. [more]
Thursday, 18 August 2005, 6:33 AM CET

London eyes single smartcard strategy
Councils should collaborate for a London-wide card, says report. [more]
Thursday, 18 August 2005, 6:08 AM CET

Proactive honeypots
Honeypots sit on a server and wait for intrusion attempts. [more]
Thursday, 18 August 2005, 5:21 AM CET

Windows 2000 worms now affecting 250,000
McAfee raises risk to "high" for one variant, called IRCBot worm. [more]
Thursday, 18 August 2005, 4:06 AM CET

'Spear phishing' tests educate people on online scams
To fight computer crime, the good guys are masquerading as bad guys pretending to be good guys. [more]
Thursday, 18 August 2005, 3:58 AM CET

Ex-AOL employee sentenced to 15 months in spam case
Stole 92 million e-mail screen names and sold them to a spammer. [more]
Thursday, 18 August 2005, 3:49 AM CET

Computer virus writers at war, security firm says
We seem to have a botwar on our hands. [more]
Thursday, 18 August 2005, 2:54 AM CET

IBM works toward replacable biometrics
Big Blue researching the area of 'cancelable biometrics'. [more]
Thursday, 18 August 2005, 2:37 AM CET

The right coprocessor can help with encryption
Encryption is a key aspect of security for any application or system. Furthermore, encryption is algorithmically complex, requiring significant resources for implementation, and most often, significant hardware acceleration. [more]
Thursday, 18 August 2005, 2:20 AM CET

Microsoft and federated identities: the road to single sign-on
Single sign-on. Symbolically at least, it may be a kind of grail for IT staffers who today need to administer thousands of user accounts. [more]
Thursday, 18 August 2005, 2:09 AM CET

Avoiding the auto dialer virus
This article provides some thoughts and helpful tips on avoiding being scammed for hundreds or even thousands of dollars by "auto-dialers". Sometimes even experienced computer users can be caught off guard by this scam. [more]
Wednesday, 17 August 2005, 5:18 PM CET

Security for enterprises in the 21st century
Enterprise security solutions are a combination of hard/software that will consolidate from disparate perimeter implementation into holistic platforms with centralized intelligence and policy-based control. [more]
Wednesday, 17 August 2005, 5:17 PM CET

Symantec will buy Sygate
Symantec announced that it has signed an agreement to acquire Sygate Technologies, a technology leader in endpoint compliance solutions. [more]
Wednesday, 17 August 2005, 5:12 PM CET

Windows worm knocks down corporations
A new computer has succeeded at knocking out several large corporations in the US. [more]
Wednesday, 17 August 2005, 11:48 AM CET

Tools drive point-and-click crime
New software tools make stealing data from users as easy as browsing the web. [more]
Wednesday, 17 August 2005, 3:42 AM CET

Is it time for a VoIP firewall?
Spam commonly proliferates using STMP and HTTP protocols, which are critical to e-mail and the Internet, but it could soon become the nemesis of SIP as well. [more]
Wednesday, 17 August 2005, 2:58 AM CET

Using the Windows Server 2003 security configuration wizard to harden the ISA Firewall
While many of us made gallant attempts at coming up with comprehensive hardening plans that wouldn’t break core ISA Server 2000 firewall functionality, it always seemed like we were feeling our way through the dark. [more]
Wednesday, 17 August 2005, 2:54 AM CET

Kentucky is first state to complete security requirement
The Kentucky Office of Homeland Security was told by the U.S. Department of Homeland Security that Kentucky is the first state in the nation to complete the National Incident Management System Capability Assessment Support Tool. [more]
Wednesday, 17 August 2005, 2:44 AM CET

Ideal-to-realized security assurance in cryptographic keys
In the first installment of this two-part series, we'll cover key length, and relative concerns, such as entropy and how password etiquette affects key space complexity. [more]
Tuesday, 16 August 2005, 6:03 PM CET

Netfilter and iptables: understanding how they harden Linux
Linux firewalls are often more secure than Windows firewalls because of the way they're implemented, according to James Turnbull, author of Hardening Linux. [more]
Tuesday, 16 August 2005, 4:54 PM CET

Score list hacking
This article covers just a few of the potential problems and examines ways in which you can work to defeat a score list hacker. [more]
Tuesday, 16 August 2005, 4:40 PM CET

Disaster recovery: dealing with 21st century threats
The good news is technology has advanced to a point where disaster recovery isn't a single choice, but a collection of choices. [more]
Tuesday, 16 August 2005, 3:24 PM CET

Windows Vista puts testers' security at risk
Problems with beta version, warns expert. [more]
Tuesday, 16 August 2005, 3:22 PM CET

Threat chaos: making sense of the online threat landscape
Download this white paper for an analysis of the vulnerabilities and discover a threat model that can be used to clear up the confusing nomenclature. [more]
Tuesday, 16 August 2005, 3:21 PM CET

IIS vs. Apache: which is the right security choice?
From a security perspective, the choice is debatable. [more]
Tuesday, 16 August 2005, 3:02 PM CET

US cyber security 'almost out of control'
Vulnerable to terrorist and criminal attacks. [more]
Tuesday, 16 August 2005, 2:50 PM CET

IRC bot latches onto Plug-and-Play vuln
he Microsoft Plug-and-Play vulnerability exploited by the ZoTob worm has been harnessed to create an IRC bot. [more]
Tuesday, 16 August 2005, 2:49 PM CET

(IN)SECURE Magazine issue 3 has been released
(IN)SECURE Magazine is a freely available, freely distributable digital security magazine in PDF format. Get your copy of the third issue today! [more]
Tuesday, 16 August 2005, 2:58 AM CET

McAfee readies home Wi-Fi security tool
All home Wi-Fi gear comes with the bricks and mortar to put up at least a basic security wall against intruders and eavesdroppers, but McAfee wants to sell consumers a better trowel for building it. [more]
Tuesday, 16 August 2005, 2:56 AM CET

Windows worm ZOTOB a threat
Trend Micro reports that a new Windows worm, dubbed ZOTOB, exploits "critical" security issues Microsoft patched just last week. [more]
Tuesday, 16 August 2005, 2:17 AM CET

Chain attack Trojan nets 3m email addresses
Can infect victim PCs with up to 19 malicious malware programs. [more]
Monday, 15 August 2005, 7:14 PM CET

Phishers target good Samaritans
An 89 year old needs your money. [more]
Monday, 15 August 2005, 7:12 PM CET

Bulk mailer convicted of data theft scam
A Florida man has been convicted of stealing vast amounts of personal information from Acxiom. [more]
Monday, 15 August 2005, 7:11 PM CET

Storage security basics: confidentiality and integrity
If you manage a storage network, one of your primary goals is to ensure that the data is secure. [more]
Monday, 15 August 2005, 7:10 PM CET

Don't shoot the security messenger
Security through transparency takes on a whole new point of view. [more]
Monday, 15 August 2005, 4:20 PM CET

So you think your data is secure?
Everything I'm about to tell you is true. And if you're a corporate executive who's serious about information security, corporate governance and compliance, you will cut this column out and nail it to your CEO's office door. [more]
Monday, 15 August 2005, 4:19 PM CET

Flexible, safe and secure?
This article looks beyond the hype of mobile working to consider some of the practical issues of an organisation implementing an ICT strategy that ensures data security wherever employees connect to corporate systems. [more]
Monday, 15 August 2005, 2:38 PM CET

Is VOIP wiretapping a privacy threat?
Has the Federal Communications Commission radically enhanced the powers of law enforcement with its new regulation to allow for Internet wiretapping, as some civil libertarians have been suggesting? [more]
Monday, 15 August 2005, 2:22 PM CET

Flaw on Tuesday, worm by Sunday
Virus writers have created a worm that spreads using a Microsoft Plug-and-Play vulnerability disclosed only last week. [more]
Monday, 15 August 2005, 2:21 PM CET

Did 'Spam Factory' steal data?
On the hunt for a hacker two years ago, security officials at data-management company Acxiom discovered that an internet address at one of its clients' contractors was taking far more data than it should have. [more]
Monday, 15 August 2005, 1:18 PM CET

Cost-effective application protection and recovery
Since the network world is constantly under attack from application-crashing viruses, worms and bugs, data protection and recovery is an advantage for the forward-thinking network executive. [more]
Monday, 15 August 2005, 1:17 PM CET

Open firmware security for Mac workstations
When Apple Computer Inc. introduced Open Firmware with the first G3 Macintosh computers, it was big news because it allowed Apple to easily modify system information previously stored in ROM. [more]
Monday, 15 August 2005, 1:11 PM CET

Data dumped in secure flight test
Information about airline travelers collected to test a new passenger-screening system is being destroyed by the feds, leaving some privacy advocates wondering why. [more]
Monday, 15 August 2005, 1:09 PM CET

The privacy lawyer: wireless freeloaders are breaking the law
You can try to justify it, but there's no way around the fact. And if you fear it's your wireless connection that's being stolen, it's time to get proactive about securing that network. [more]
Monday, 15 August 2005, 1:08 PM CET

Attacks reported for critical Veritas Backup Exec flaw
Flaw is discovered in Network Data Management Protocol agent. [more]
Monday, 15 August 2005, 1:05 PM CET

Feds push flier background checks
Homeland Security officials quietly lobby Congress to ease oversight of the planned Secure Flight passenger-screening program and allow private databases to help probe travelers' lives. [more]
Monday, 15 August 2005, 1:03 PM CET

The fingerprint of paper
Scientists devise new way to foil forgeries. [more]
Friday, 12 August 2005, 8:09 PM CET

Cisco security flap is much ado about something
Michael Lynn: Your 15 minutes are up. Cisco Systems: You're still on the clock. [more]
Friday, 12 August 2005, 8:07 PM CET

Living with spyware
Virtually every PC that connects to the Internet on a regular basis will by now have acquired its own collection of spy- and adware hangers-on. [more]
Friday, 12 August 2005, 8:05 PM CET

Home PC face security onslaught
If your house was burgled only 12 minutes after you moved in, you would probably think about selling up and moving on pretty quickly. [more]
Friday, 12 August 2005, 7:47 PM CET

Students, and security threats, head to stanford
Stanford University's School of Education deploys new security modules from Juniper Networks to tighten security and boost network performance. [more]
Friday, 12 August 2005, 7:41 PM CET

Traffic hackers hit red light
If you've ever been stuck in traffic longing for a magic box that could turn all your red lights to green, beware: Acting on that fantasy became a federal crime this week. [more]
Friday, 12 August 2005, 1:56 PM CET

Microsoft exploit code hits the web
Windows Plug-and-Play hole could give hackers complete control. [more]
Friday, 12 August 2005, 1:55 PM CET

AOL to give away spammer loot
Cash and a Hummer are part of assets recovered from New Hampshire man. [more]
Friday, 12 August 2005, 3:53 AM CET

Security expert: more developer education needed
Many programmers don't understand how code errors cause vulnerabilities. [more]
Friday, 12 August 2005, 3:42 AM CET

When it comes to IM, first think security
As IT administrators increasingly move to adopt enterprise-level instant messaging software, industry players say their first thought should be about how to make it secure. [more]
Friday, 12 August 2005, 3:22 AM CET

Intelligent patching strategies
Learn what intelligent patching is, what to look for in a system and how it can provide the necessary audit trails you need to lower downtime and troubleshooting time and also create a self-documenting environment for your business. [more]
Friday, 12 August 2005, 3:07 AM CET

FBI: businesses (still) reluctant to report cyber attacks
Roughly 20% of businesses report computer intrusions annually, a figure the agency believes is low. [more]
Friday, 12 August 2005, 2:55 AM CET

DHS head: businesses need to focus on cybersecurity
Chertoff also calls for incentives to private sector. [more]
Friday, 12 August 2005, 2:27 AM CET

Belkin adds simple WLAN security setup
Belkin today announced that it has enhanced the installation wizard of selected wireless routers to include simplified wireless security setup. [more]
Friday, 12 August 2005, 2:14 AM CET

Fax-back phishing scam targets PayPal
Phishers have gone retro with a scam that tries to dupe victims into faxing their banking details to fraudsters. [more]
Friday, 12 August 2005, 1:12 AM CET

Critics slam net wiretapping rule
An FCC ruling that internet telephony services must provide the same built-in wiretapping capabilities as conventional phone companies has civil libertarians feeling burned. [more]
Thursday, 11 August 2005, 3:23 PM CET

Latest phishing scam goes low tech
This one asks users to fax their credit card details to a toll-free number. [more]
Thursday, 11 August 2005, 3:22 PM CET

Microsoft initially released corrupted IE patch
The patch for Internet Explorer that Microsoft earlier this week urged users to install as soon as possible was flawed, the company says. [more]
Thursday, 11 August 2005, 5:15 AM CET

The hidden boot code of the Xbox
The principles, the implementations and the security vulnerabilities of the 512 bytes ROM will be discussed in this article. [more]
Thursday, 11 August 2005, 1:05 AM CET

Hackers break into two Universities - 100,000 identities at risk
Hackers broke into the computer networks of two universities and may have accessed 100,000 identities, including Social Security numbers, school officials in California and Texas said this week. [more]
Thursday, 11 August 2005, 1:02 AM CET

Securing the enterprise: developing an anti-phishing strategy
News reports break daily on the increasing frequency and cost of identity theft crimes. These electronic crimes target a broad range, from large multi-national organizations to individuals. [more]
Thursday, 11 August 2005, 1:01 AM CET

AOL raffles spammer's gold bars
AOL is planning to give away assets seized from spammers in a US sweepstake due to launch Wednesday. [more]
Thursday, 11 August 2005, 12:55 AM CET

Managing Linux daemons with init scripts
What happens if you're building from source, and no init script is supplied? What if you're writing the source and haven't ever built an init script? [more]
Thursday, 11 August 2005, 12:41 AM CET

Guide for securing Windows Server Active Directory installations
This guide is an update to the Windows 2000 guide and assists IT professionals who participate in security planning for an Active Directory service deployment and who are running a secure Active Directory operation. [more]
Thursday, 11 August 2005, 12:16 AM CET

Microsoft's HoneyMonkeys prove patching Windows works
Microsoft's Strider HoneyMonkey research project sniffs out sites hosting malicious code for patching or legal action. [more]
Thursday, 11 August 2005, 12:06 AM CET

Harmless hackers or teen criminals?
'Arrest me, I know the password!' [more]
Wednesday, 10 August 2005, 10:22 AM CET

Bluetooth: is it a security threat?
Is it secure? Can it be made secure? What are particular security concerns? We’ll take a look at those questions in this article. [more]
Wednesday, 10 August 2005, 8:56 AM CET

Blu-ray consortium launches new DVD security features
One of the two groups vying to produce the next generation of DVDs rolled out new security features Tuesday to entice entertainment and electronics companies to adopt its technology. [more]
Wednesday, 10 August 2005, 8:01 AM CET

Microsoft issues 3 critical security bulletins
Microsoft on Tuesday issued six security bulletins for Windows, half of them carrying critical vulnerabilities, with the majority of the bugs able to be exploited remotely. [more]
Wednesday, 10 August 2005, 7:29 AM CET

Former 'Spam King' pays MS $7m to settle lawsuit
Former 'Spam King' Scott Richter has agreed to pay Microsoft $7m to settle an anti-spam lawsuit. [more]
Wednesday, 10 August 2005, 6:47 AM CET

Secure your apps for notes and Web clients
In this webcast, We will look at application security using a top-down approach, teaching you about all of the access points for an application and introducing you to tips and techniques for troubleshooting application security. [more]
Wednesday, 10 August 2005, 5:38 AM CET

TippingPoint leans into network threats
Intrusion-detection and intrusion-prevention products have come a long way in a short time, as vendors have been fast to incorporate new detection techniques and bolster defenses to an ever-widening range of threats. [more]
Wednesday, 10 August 2005, 4:17 AM CET

Stealing your neighbor's Net
The spread of wireless is opening lots of opportunity to log on for free, but experts urge caution. [more]
Wednesday, 10 August 2005, 1:36 AM CET

Fortinet loses anti-virus patent ruling
The US International Trade Commission has passed an order blocking Fortinet from importing its FortiGate antivirus firewall products into the US pending resolution of a patent dispute with rival Trend Micro. [more]
Wednesday, 10 August 2005, 1:35 AM CET

Lessons learned from corporate security breaches
With information security breaches in the U.S. now reported at a rate of one every three days, corporate privacy and security officers need to take stock about what's happening and what they can do about it. [more]
Wednesday, 10 August 2005, 1:30 AM CET

Warning to IT security pros: it's August - on guard!
August has traditionally been a rough month for IT security pros, an anti-virus vendor warned Tuesday as it told users to keep alert even as business slows down. [more]
Wednesday, 10 August 2005, 1:29 AM CET

Network Solutions CEO on domain name security
Network Solutions Chairman and CEO Champ Mitchell talked with Computerworld's Sharon Machlis about his company's plans, explained how the Hushmail domain hijacking really happened and weighed in on the security of the domain name system. [more]
Wednesday, 10 August 2005, 1:27 AM CET

How to secure your wireless network
This purpose of this article is to help you understand the terminology of wireless security in the home setting as well as to develop a check list for key security oriented steps you should take when setting up and using your network. [more]
Tuesday, 9 August 2005, 8:26 PM CET

Encryption use increases
Many firms are increasing their use of encryption to boost IT security, new research has found. [more]
Tuesday, 9 August 2005, 5:28 PM CET

Security firm warns of IM worm
Less than a week after sounding the warning bell regarding a barrage of threats coming through public Instant Messaging (IM) clients, Akonix Security Center said it has discovered another bug. [more]
Tuesday, 9 August 2005, 5:27 PM CET

Few obstacles deter cyber-terrorists
Al Qaeda has become the first guerrilla movement to migrate from physical space to cyberspace. [more]
Tuesday, 9 August 2005, 11:57 AM CET

Short interview with Giovanni Vigna
Giovanni Vigna is the Associate Professor, Reliable Software Group, Department of Computer Science at the University of California, Santa Barbara. He is the leader of the Shellphish team, the winners of this year's DEFCON Capture The Flag competition. [more]
Tuesday, 9 August 2005, 11:48 AM CET

Personal implanted chips and privacy
Radio frequency identification (RFID) chips implanted into human beings hold the promise of improving patient care. [more]
Tuesday, 9 August 2005, 11:44 AM CET

Wiretaps for VoIP
The Federal Communications Commission (FCC) is expanding the reach of U.S. wiretapping laws to wireline broadband providers and Internet telephone companies. [more]
Tuesday, 9 August 2005, 11:38 AM CET

Spyware costs IT $130,000 monthly
More than 1,000 IT managers and end users reveals that spyware and other unsanctioned downloads are resulting in average monthly costs of $130,000 to IT enterprises. [more]
Tuesday, 9 August 2005, 11:31 AM CET

Red Hat bangs security drum
Security initiatives unveiled. [more]
Tuesday, 9 August 2005, 11:27 AM CET

PHP web application security
We'll discuss some of the main security "gotchas" when developing PHP web applications, from proper user input sanitization to avoiding SQL injection vulnerabilities. [more]
Tuesday, 9 August 2005, 3:27 AM CET

Targeting the enemy within
Insider security risks grow as partners and suppliers increasingly have access to corporate networks. Here's what companies are doing about the threat. [more]
Tuesday, 9 August 2005, 3:15 AM CET

The case of the stolen Wi-Fi: what you need to know
Tapping into a wireless network can be against the law, and letting a stranger access yours also can have serious repercussions. [more]
Tuesday, 9 August 2005, 2:51 AM CET

OS exploits are 'old hat'
Security issues involving Cisco kit highlighted in Michael Lynn’s presentation at Black Hat are characteristic of networking vendors in general. [more]
Tuesday, 9 August 2005, 2:47 AM CET

Nigerian police crack down on e-scams
Here’s how some scams originate. [more]
Monday, 8 August 2005, 2:51 PM CET

Attacks bewilder VeriSign
Key overseer of the Internet says online world now a 'war zone'. [more]
Monday, 8 August 2005, 2:07 PM CET

Five must-have hacker tools for the security admin
In this webcast, guest speaker Tom Bowers, CISSP, PMP and Certified Ethical Hacker, identifies five must-have hacker tools for the security admin. [more]
Monday, 8 August 2005, 2:02 PM CET

Sealing the deal with security certifications
When it comes to security, obviously no company--big or small--takes it lightly these days. Selecting the right solution provider for the security job is a task that also takes serious consideration. [more]
Monday, 8 August 2005, 1:58 PM CET

Web services' security factor
Basic practices such as authentication can protect Web services from hackers and limit access to authorized personnel. [more]
Monday, 8 August 2005, 12:18 PM CET

Anti-spyware firm warns of massive ID theft ring
Officials at Sunbelt Software, said the company stumbled upon a massive ID theft ring. [more]
Monday, 8 August 2005, 12:14 PM CET

Microsoft slams Vista virus report
Problem reported by F-Secure is 'non-existent'. [more]
Monday, 8 August 2005, 12:10 PM CET

Security firms block USB access
Sygate, McAfee enhance host-based services to guard against siphoning by portable storage devices. [more]
Monday, 8 August 2005, 12:08 PM CET

Security download must clearly disclose adware has settled charges made by the Federal Trade Commission (FTC) that it failed adequately to disclose the bundling of adware with a free security download. [more]
Monday, 8 August 2005, 12:07 PM CET

Shining a light on enterprise grid security
GRIDtoday editor Derrick Harris recently spoke with Glenn Brunette, vice chair of the EGA Grid Security Working Group and a distinguished engineer and chief security architect for the client solutions division at Sun Microsystem. [more]
Monday, 8 August 2005, 12:06 PM CET

Rootkit battle: rootkit revealer vs. hacker defender
Although rootkits have been threatening various platforms for years, only recently did a major battle develop between the rootkit creators and eradicators. [more]
Friday, 5 August 2005, 11:54 AM CET

RSS behind the firewall
NewsGator Technologies introduced Enterprise Server on Thursday, a business-class application for enabling RSS content delivery behind the firewall. [more]
Friday, 5 August 2005, 11:43 AM CET

Windows Vista already under virus attack
Proof-of-concept code exploits upcoming MSH scripting technology. [more]
Friday, 5 August 2005, 11:41 AM CET

Silent, deadly forms of phishing double
While the number of phishing scam Web sites stayed relatively flat in June, the most malicious form of Internet ID thievery has doubled in just three months. [more]
Friday, 5 August 2005, 11:39 AM CET

Six Microsoft patches on the way
Microsoft is set to release six patches on Tuesday for its Windows operating system. [more]
Friday, 5 August 2005, 11:26 AM CET

CAN-SPAM or cannot, that is the question
The court determined that White Buffalo complied with federal law, that its e-mails were not illegal, but the law applies to the University of Texas as it would to an Internet service provider that employs protection measures. [more]
Friday, 5 August 2005, 11:14 AM CET

Court orders CardSystems to retain breach information
Evidence needed in case of 40M exposed credit card numbers. [more]
Friday, 5 August 2005, 11:06 AM CET

Windows syscall shellcode
This article has been written to show that is possible to write shellcode for Windows operating systems that doesn't use standard API calls at all. [more]
Friday, 5 August 2005, 10:23 AM CET

10 tips for preparing and passing the CISSP exam
Insights, tips and tricks from a CISSP for putting your best foot forward when you sit this grueling, six-hour security theory exam. [more]
Friday, 5 August 2005, 10:16 AM CET

Adapting to the changing landscape of security
Read this white paper to learn about the changing landscape of security and explore ways to re-examine your business' processes. In addition, this paper provides guidelines for evaluating competing security solutions. [more]
Friday, 5 August 2005, 9:55 AM CET

Rackspace illegally handed customer data to FBI
Hosting provider Rackspace acted illegally in handing over the London-based servers hosting the websites for to US authorities. [more]
Friday, 5 August 2005, 9:40 AM CET

One in five hit by identity theft
Experian-Gallup report warns of growing danger. [more]
Friday, 5 August 2005, 9:13 AM CET

SSL encrypted syslog with stunnel
In this paper, I describe how to write syslog messages to a MySQL database. [more]
Friday, 5 August 2005, 8:11 AM CET

Piracy couple gets jail sentence
A married couple arrested for music, film and game piracy have received jail terms of between six and 21 months. [more]
Friday, 5 August 2005, 7:11 AM CET

Hacker fear fuels outsourced security spend
Complexity of deploying in-house security systems also boosting services. [more]
Friday, 5 August 2005, 6:02 AM CET

Auditing user accounts
This article will discuss the key user account properties that need to be audited, as well as the tools that can help complete the task. [more]
Thursday, 4 August 2005, 2:16 PM CET

VoIP security threats: fact or fiction?
Currently VoIP security isn't a concern for most I.T. managers, but that will quickly change once companies start publicizing their SIP addresses in VoIP communications, on business cards and Web sites. [more]
Thursday, 4 August 2005, 1:33 PM CET

Palladium not in Apple dev kits after all
Earlier reports circulating around the Internet concerning Apple's inclusion of a Trusted Platform Module (TPM) chip in Intel-based Macs were incorrect. [more]
Thursday, 4 August 2005, 12:04 PM CET

How endpoint security works
If you are interested in using VPNs nowadays, you should also be interested in using endpoint security. [more]
Thursday, 4 August 2005, 12:03 PM CET

Phishers hack eBay
Link takes victims to real eBay sign-in page, then hidden characters redirect to scam site. [more]
Thursday, 4 August 2005, 11:58 AM CET

Exploring spyware and adware risk assessment
This paper posits a working definition of spyware and adware, and outlines suggestions for evaluating tests of spyware and adware protection. [more]
Thursday, 4 August 2005, 11:57 AM CET

Rooting the Fortune 100
Blackhat is one of my favorite places to do some casual online banking over an insecure WiFi connection. Where's the risk, right? All joking aside, Blackhat is in fact a great place to do some deep thought on the current state of the security industry. [more]
Thursday, 4 August 2005, 11:51 AM CET

Setting up SSL connections
The ability to remotely access business information can present opportunities for unauthorized access to information, data theft, or cyber attacks. [more]
Thursday, 4 August 2005, 11:18 AM CET

Mike Lynn's 'exploit', in plain (non-technical) English
here has been an almost unbelievable amount of hubbub lately about the research that Mike Lynn gave a demonstration of at the BlackHat conference last week, and there's been a positively dizzying amount of "spin" applied to the media. [more]
Thursday, 4 August 2005, 10:46 AM CET

Spear phishers launch targeted attacks
Customised malware attacks are becoming more commonplace with virus-laden emails up 50 per cent in the first half of 2005 despite a decrease in volumes of spam and simple computer viruses, according to an IBM security report. [more]
Thursday, 4 August 2005, 10:38 AM CET

Logging and monitoring Apache (part 1)
Most administrators do not think about the logs much before an intrusion happens and only realize their configuration mistakes when it is discovered that critical forensic information is not available. [more]
Thursday, 4 August 2005, 10:32 AM CET

An IT manager’s guide to provisioning and identity management
With staff now requiring access to so many internal and external computer systems, all of which might require separate usernames, passwords and access privileges, identity management is far from straightforward. Learn what can be done to simplify identity management in this article. [more]
Thursday, 4 August 2005, 10:20 AM CET

Key management holding back encryption
Businesses are keener than ever to roll out data encryption, but are still struggling with the complexity of key management, a new survey has concluded. [more]
Thursday, 4 August 2005, 9:52 AM CET

Linux kernel quality, security shows improvement
A new study released today by code-analysis tools maker Coverity Inc. finds that overall quality and security of the Linux kernel has improved substantially in the last six months. [more]
Thursday, 4 August 2005, 9:51 AM CET

Cisco website breached, passwords reset
Security at Cisco Systems remained front and centre as the company confirmed that it had to reset all passwords to its website because of a vulnerability in the search tool at [more]
Thursday, 4 August 2005, 9:51 AM CET

File-compression tool hides ugly security flaw
A buffer overflow vulnerability in Zlib could give attackers an opening on unpatched Linux and BSD systems. [more]
Thursday, 4 August 2005, 9:49 AM CET

Bug fixes, security support to be top priority in IE 7
Microsoft plans to add support for cascading style sheets in the upcoming Internet Explorer 7, but other standards will take a back seat to critical bug fixes. [more]
Wednesday, 3 August 2005, 1:01 PM CET

Hacked: who else is using your computer?
This article brings to light how people tend to be complacent with their computers and not understand the little things they have overlooked that have left themselves open to others on the Internet. [more]
Wednesday, 3 August 2005, 12:57 PM CET

US raise fresh cyber-terror claims
Cyber terrorists are attempting to penetrate government networks using the same methods as internet hackers and many nations are vulnerable to the threat, a US State Department official said. [more]
Wednesday, 3 August 2005, 10:39 AM CET

Hackers cash in on 802.1x confusion
New standard has a way to go. [more]
Wednesday, 3 August 2005, 10:32 AM CET

Bluetooth security - the car whisperer
The Car Whisperer and allows people equipped with a Linux Laptop and a directional antenna to inject audio to, and record audio from bypassing cars that have an unconnected Bluetooth handsfree unit running. [more]
Wednesday, 3 August 2005, 10:31 AM CET

More resources on Ciscogate
The media is now calling the Lynn affair "Ciscogate." [more]
Wednesday, 3 August 2005, 10:24 AM CET

Analysts say ATM systems highly vulnerable
By failing to scan security codes in the magnetic strips on ATM and debit cards, many banks are letting thieves get away with an increasingly common fraud at a cost of several billion dollars a year. [more]
Wednesday, 3 August 2005, 10:18 AM CET

IBM: security attacks up 50%
Criminal-driven security attacks and emails with viruses increased by 50% in the first half of this year according to a report released by IBM. [more]
Wednesday, 3 August 2005, 4:54 AM CET

Apple adopts controversial security chip
PM to limit OS X to Macs, but could to more. [more]
Wednesday, 3 August 2005, 4:38 AM CET

Authentication auditing in Windows 2000
Authentication auditing is an essential part of protecting your Windows computers from intrusion. [more]
Wednesday, 3 August 2005, 4:34 AM CET

Automated backups on Tiger using rsync
In this article I'm going to show you how to create a free, customizable backup solution using only software that comes with Mac OS X 10.4, which will automatically back up changes to your data without user intervention. [more]
Wednesday, 3 August 2005, 3:05 AM CET

Interference, not hacking, said to be biggest wireless threat at DefCon
The biggest wireless threat at the recent DefCon conference came from items like microwave ovens according to AirMagnet. [more]
Wednesday, 3 August 2005, 2:06 AM CET

The shmoo bloodhound Wi-Fi gun
This is a low cost "gun" made from a Pocket PC and some off the shelf parts that can find rouge Wireless access points. [more]
Wednesday, 3 August 2005, 1:36 AM CET

Installing and configuring Microsoft’s Data Protection Manager, part 2
In this two part article, we show you how to install and configure DPM and evaluate how this can be integrated into your overall security strategy. [more]
Wednesday, 3 August 2005, 12:40 AM CET

How to develop a security training program that works
The program can be customized for your organization by hiring specialized training consultants or by using internal staff knowledgeable in system and user vulnerabilities and exploitable areas. [more]
Tuesday, 2 August 2005, 1:53 PM CET

Hackers demonstrate their skills in Vegas
Even allegedly foolproof biometrics aren't totally safe at Defcon, the conference where crackers, hackers, and feds come to share tips and tricks. [more]
Tuesday, 2 August 2005, 1:52 PM CET

Software pirates tap into technology
Criminal gangs are increasing taking advantage of the internet to peddle counterfeit software, say experts. [more]
Tuesday, 2 August 2005, 1:50 PM CET

Review: ZoneAlarm Internet Security Suite 6.0
We've long been users of Zone Labs' ZoneAlarm products due to their ease of use, effectiveness and excellent value for money. ZoneAlarm Internet Security Suite 6.0 is no different. [more]
Tuesday, 2 August 2005, 1:38 PM CET

Microsoft aims to host regular hacker meetings
Microsoft is working on plans to make a recent hacker meeting held on its Washington, campus a twice-yearly event, according to a spokesman for the vendor's security group. [more]
Tuesday, 2 August 2005, 1:34 PM CET

How to protect data residing on your IP network
Attend this webcast for discussion of the topics, overview of typical IP Network attacks, why a layered defense is critical and the importance of data encryption. [more]
Tuesday, 2 August 2005, 1:33 PM CET

Two experts discuss biomedicine, cyberwarfare, and security
There have always been similarities and overlap between the worlds of biology and computer science. Nowhere is this more evident than in computer security, where the basic terminology of viruses and infection is borrowed from biomedicine. [more]
Tuesday, 2 August 2005, 1:29 PM CET

Open specification to aid PC server security
The Trusted Computing Group has announced an open specification for trusted servers to allow manufacturers to improve hardware security on PC servers. [more]
Tuesday, 2 August 2005, 1:24 PM CET

What to do before an IOS disaster strikes
Security expert Jian Zhen explains how to fend off a Cisco router exploit. [more]
Tuesday, 2 August 2005, 3:21 AM CET

The CardSystems blame game
Hiring a security auditor in light of the CardSystems breach reveals quite a bit about the legal side of security consultants. [more]
Tuesday, 2 August 2005, 3:03 AM CET

Assess system security using a Linux LiveCD
Four LiveCD offerings specialize in nailing down vulnerabilities. [more]
Tuesday, 2 August 2005, 1:34 AM CET

Microsoft anti-phishing white paper
The focus of this white paper is to describe the basic workings of a new capability, the Microsoft Phishing Filter, that will be included in the upcoming release of Internet Explorer 7. [more]
Tuesday, 2 August 2005, 1:25 AM CET

Linux security - is it ready for the average user?
There seems to be a new important security patch out for Linux every month, lots of "do not use this program" warnings, too many articles and books with too little useful information, high-priced consultants, and plenty of talk about compromised systems. It is almost enough to send someone back to Windows. Can the average Linux user or system administrator keep his or her system secure and still have time to do other things? Bob Toxen is happy to say yes and here is how to do it. [more]
Monday, 1 August 2005, 5:45 PM CET

Blackhat: first Jericho Forum Challenge winners announced
Researchers from a Swedish security software house have scooped the first Jericho Forum Challenge at the BlackHat convention in Las Vegas. [more]
Monday, 1 August 2005, 2:31 PM CET

Cyber blackmailers and adware threaten
Increases in the number of cyber blackmailers and adware going 'deep' are just some of the highlights in the April-June 2005 Malware report from Alexander Gostev, senior virus analyst, Kaspersky Lab. [more]
Monday, 1 August 2005, 2:27 PM CET

Researcher describes how the phishing economy works
Phishers use Internet chat to communicate with each other and buy and sell victims' financial information. [more]
Monday, 1 August 2005, 2:26 PM CET

Feds eye new mission: zombie hunting
According to Prolexic Technologies, an intrusion prevention and detection firm based in Hollywood, Fla., America Online is the most targeted ISP in the U.S., with 11.7 percent of all zombie attacks being pointed at AOL. This was followed by, which is the target of 10.66 percent of would-be zombie planters. [more]
Monday, 1 August 2005, 2:25 PM CET

Bumblebee Wi-Fi spectrum analyzer
Berkeley analyzer precisely discovers wireless and RF interference but lacks full-spectrum support. [more]
Monday, 1 August 2005, 2:24 PM CET

Ears recommended for biometrics
A scientist in the UK has proposed that the unique pattern inside each individual's ear could be used as a biometric identifier, in the same way fingerprints are used. [more]
Monday, 1 August 2005, 2:12 PM CET

Dark traffic email report
This report defines and analyzes dark traffic email gathered through a combination of research interviews with enterprise IT and email administrators in the US. [more]
Monday, 1 August 2005, 2:11 PM CET

The sorry state of IM security
With more than 2,000 percent year-on-year growth rate in IM threats, somebody's got to see a huge opportunity. [more]
Monday, 1 August 2005, 1:59 PM CET

ISS Pursues Lynn presentation copies
ISS is now pursuing Web sites posting Mike Lynn's presentation. [more]
Monday, 1 August 2005, 1:51 PM CET

Is VoIP secure enough for prime time?
VoIP is hot, but VoIP security is not. [more]
Monday, 1 August 2005, 1:47 PM CET

Windows copy protection defeated
Single line of JavaScript all that is needed. [more]
Monday, 1 August 2005, 1:45 PM CET

Getting a secure handle on handhelds
Cell phones, smart phones, and PDAs find their way into the workforce when employees buy them and use them without regard to official company and security policies. [more]
Monday, 1 August 2005, 1:45 PM CET

IDC slams European firms’ attitudes to security
IDC says that to date, most organisations have had a lacklustre approach to IT security in Western Europe. [more]
Monday, 1 August 2005, 1:43 PM CET

Worm mocks convicted Sasser author
A new virus mocking the creator of the Sasser worm is spreading across the net. [more]
Monday, 1 August 2005, 1:42 PM CET

Cisco, security researcher settle dispute
Cisco Systems Inc. and a network security firm reached a settlement Thursday with a researcher who quit his job so he could deliver a speech on a serious flaw in Cisco software that routes data over the Internet. [more]
Monday, 1 August 2005, 1:40 AM CET

A hacker games the hotel
A vulnerability in many hotel television infrared systems can allow a hacker to obtain guests' names and their room numbers from the billing system. [more]
Monday, 1 August 2005, 1:19 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd