Off the Wire

Off The Wire Archive

News items for August 2006

(IN)SECURE Magazine issue 8 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about Windows Mobile security software, continuous protection of enterprise data, a review of the Acunetix Web Vulnerability Scanner 4.0, and much more. Get your copy today! [more]
Thursday, 31 August 2006, 2:53 PM CET

This email will self-destruct
People who want to open email from patent attorney Andrew Currier have to know the drill. First, they must answer a predetermined question, such as "Where did we first meet?" If they answer correctly, they will then be allowed to view the contents of the email -- but they can't alter it or forward it to anyone else. [more]
Thursday, 31 August 2006, 1:58 PM CET

Latest polymorphism hides viruses better
A virus that infects AMD64-based Windows systems uses some tricky techniques to make defensive reverse engineering more difficult, security firm Symantec said this week. [more]
Thursday, 31 August 2006, 10:35 AM CET

Browzar promises privacy-proof surfing
The new Browzar internet browser is promising users a way to surf the internet while disclosing a limited amount of personal information. [more]
Thursday, 31 August 2006, 12:20 AM CET

Federal CIOs ordered to update smart-card implementation plans
They have until Sept. 8 to submit data to the OMB. [more]
Thursday, 31 August 2006, 12:19 AM CET

A wireless hacking computer that can't be hacked
If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. [more]
Thursday, 31 August 2006, 12:18 AM CET

Group sets new specification for securing mobile phones
Mobile Security Specification will be unveiled at CTIA show next month. [more]
Wednesday, 30 August 2006, 5:38 PM CET

Instances of zombies on the rise
Mocbot worm contributes to rise in numbers. [more]
Wednesday, 30 August 2006, 2:46 PM CET

Security experts warn about Ernesto-related frauds
With tropical storm Ernesto now blowing off the coast of Florida, Internet security experts are warning that fraudsters may be hard at work claiming Ernesto-related Web site domains. [more]
Wednesday, 30 August 2006, 2:42 PM CET

Microsoft to patch app that strips DRM technology
Fair-use claims go unheeded as company tweaks tech. [more]
Wednesday, 30 August 2006, 12:41 PM CET

Using IPFW rulesets with BSD firewalls
IPFW makes an excellent network firewall and I intend to illustrate its ease of use. [more]
Wednesday, 30 August 2006, 12:27 PM CET

Preserve privacy by not spying on staff
Australian professor says charity begins at home. [more]
Wednesday, 30 August 2006, 12:17 PM CET

Protect your web searches
AOL's recent "doh!" release of more than 500K user search records has prompted many people to examine their search methods. [more]
Wednesday, 30 August 2006, 12:08 PM CET

Microsoft bets big on Vista security
Microsoft's Vista developers can't catch a break these days. After years of warnings from security researchers that old code in Windows was creating security risks, the software giant decided to rewrite key parts of the operating system. [more]
Wednesday, 30 August 2006, 12:06 PM CET

Guidelines needed to protect anonymity
In early August, officials at America Online released information about searches being conducted by AOL members and users of the AOL search tool. [more]
Wednesday, 30 August 2006, 12:01 PM CET

Securing remote clients and portable computers
This document describes security features that can help protect mobile and remote computers running the Windows XP Professional operating system. [more]
Wednesday, 30 August 2006, 12:00 PM CET

Readers respond with spyware battle tips
Spyware, back-door Trojans and the like are obviously still a major problem, judging by the e-mail response to last week's "My battle with spyware" article. [more]
Wednesday, 30 August 2006, 11:59 AM CET

Hackers steal AT&T customer data
Hackers have obtained the credit card details of almost 19,000 online shoppers from telecoms giant AT&T. [more]
Wednesday, 30 August 2006, 11:54 AM CET

Teen data on Myspace compromised
A security hole in the popular MySpace social networking site allowed users to view entries marked "private", a crucial protection for users aged under 16, according to weekend reports. [more]
Wednesday, 30 August 2006, 11:53 AM CET

Bogus Apple iPod spam hides Trojan
A Trojan horse has been detected in spam emails notifying recipients that they have been charged almost $500 to pay for a non-existent Apple iPod. [more]
Tuesday, 29 August 2006, 2:40 PM CET

Music download security 'cracked'
Microsoft technology that protects digital files from copyright infringement has been breached, according to reports. [more]
Tuesday, 29 August 2006, 2:22 PM CET

Hackers still important, Red Hat exec says
Interview: Red Hat VP discusses the role of volunteer hackers in open-source software development. [more]
Tuesday, 29 August 2006, 2:22 PM CET

XML propels security intelligence
Typical enterprises include task-specific security devices in heterogeneous environments that cannot easily communicate or coordinate mitigation strategies. [more]
Tuesday, 29 August 2006, 12:06 PM CET

Secure your Apache2 with mod-security
This article will show how-to install, configure and set up apache's mod-security module on a debian based system. This was done on Ubuntu Dapper and should fit any Debian based system. [more]
Tuesday, 29 August 2006, 12:02 PM CET

Microsoft expected to release Vista RC1 within days
Microsoft is expected to be giving product reviewers access to Windows Vista Release Candidate 1 (RC1) as soon as Tuesday. [more]
Tuesday, 29 August 2006, 12:01 PM CET

T-Mobile network hacker sentenced
A man arrested in 2005 for hacking into the computers of the US arm of mobile company T-mobile has been sentenced. [more]
Tuesday, 29 August 2006, 11:57 AM CET

Not having a security architecture
It seems like we read about an IT security infraction just about every day. [more]
Tuesday, 29 August 2006, 11:43 AM CET

On YouTube, charges of security flaws
The 41-year-old Lockheed Martin engineer had complained to his bosses. He had told his story to government investigators. He had called congressmen. [more]
Tuesday, 29 August 2006, 11:43 AM CET

US department learns lessons from laptop theft
Encryption to protect veterans' data. [more]
Tuesday, 29 August 2006, 11:22 AM CET

Network Attacks: Analysis of Department of Justice Prosecutions 1999 - 2006
A landmark study on Department of Justice network crime prosecutions reveals most attacks used stolen IDs and passwords, resulting in far greater damages to affected organizations than previously thought: up to $10 million per occurrence and on average more than $1.5 million per occurrence. [more]
Monday, 28 August 2006, 6:17 PM CET

Vista, not improving security?
Longtime reader and correspondent Phil Daley, a developer for a software vendor, dropped me a line saying he's three weeks into a four-week project to evaluate one of his company's products on Windows Vista. The goal is to identify any problems and recommend changes and fixes. [more]
Monday, 28 August 2006, 12:49 PM CET

Building up database defenses
Protecting the corporate database involves targeting at-risk data and implementing four key defenses. [more]
Monday, 28 August 2006, 12:47 PM CET

How to recover lost files after you accidentally wipe your hard drive
Recently I wanted to make sure I had enough space to back up my home digital videos and pictures, so I purchased a new hard drive to add to my home Linux server. [more]
Monday, 28 August 2006, 12:44 PM CET

Protecting clients from network attacks
Malicious users or attackers on the Internet create worms and viruses that can reveal or destroy valuable data, and they run tools that attempt to break into your computer. [more]
Monday, 28 August 2006, 2:35 AM CET

SHA-1 hash function under pressure
Cryptographic experts at the Crypto 2006 conference have demonstrated a modified method of attack against a reduced variant of the SHA-1 hash algorithm. [more]
Monday, 28 August 2006, 1:21 AM CET

IT execs on firing line over security breaches
The cost of data breaches may be getting a lot higher for IT professionals who are deemed to be responsible for failing to properly secure corporate information. [more]
Monday, 28 August 2006, 1:07 AM CET

Pentagon hacker says charges have been manufactured
The hacker at the centre of an extradition storm after he broke into the US Military and NASA computer systems has said the charges against him in the US have been manufactured to ease his extradition there. [more]
Monday, 28 August 2006, 12:35 AM CET

New virus attacks AMD processors
Proof of concept code shows advanced attack vector. [more]
Monday, 28 August 2006, 12:21 AM CET

The danger of "free"
Searching for free stuff on the Internet? Beware what you find. [more]
Monday, 28 August 2006, 12:14 AM CET

Owner of software piracy site sentenced
BuysUSA operator gets 6 years in prison. [more]
Monday, 28 August 2006, 12:08 AM CET

Crypto browser plug-in aims for simplicity
German coders have developed a free encryption plug-in for webmail accounts. [more]
Monday, 28 August 2006, 12:03 AM CET

Hacker faces prison for PC attacks
Overall, investigators have identified 441,000 computer systems hacked by Christopher Maxwell's robot virus, including 104 country domains, 276 ".net" domains, 128 ".com" domains, and 28 ".edu" domains. [more]
Friday, 25 August 2006, 6:08 PM CET

Paris Hilton accused of phone phreakiness
But could it be that Hilton herself has begun using some of the same hacker tactics leveraged against her in personal attacks against others? [more]
Friday, 25 August 2006, 5:32 PM CET

How to set up WPA2 on your wireless network
It's worth the extra steps to keep your communications secure. [more]
Friday, 25 August 2006, 4:58 PM CET

Nine in 10 PCs infected with spyware
Social sites and sophisticated malware drive epidemic. [more]
Friday, 25 August 2006, 2:30 PM CET

Experts warn of email-bombing campaigns
Cyber-criminals stepping up protection racket. [more]
Friday, 25 August 2006, 2:13 PM CET

Real life: My battle with spyware
He knew better, but he just had to have that game patch before his business trip. [more]
Friday, 25 August 2006, 2:13 PM CET

Is the PSP spurring a new generation of safety concerns?
One doesn't often associate a child bearing a portable gaming console as a potential hacker, or, worse, a terrorist. [more]
Friday, 25 August 2006, 2:08 PM CET

How malicious hackers attack
When it comes to network defense, the adage "know thy enemy" is never more appropriate. [more]
Friday, 25 August 2006, 1:37 PM CET

Ransomware data kidnapping on the rise
30 per cent increase in software demanding payment to release files. [more]
Friday, 25 August 2006, 1:36 PM CET

New passport holder claims to block unwanted RFID signals
An Orem Utah-based forensics company is now selling metal mesh bags that it claims will stop identity thieves from accessing the newer US E-Passports. [more]
Friday, 25 August 2006, 12:39 AM CET

Tips on keeping your Ubuntu Linux server secure
As a system administrator, one of your chief tasks is dealing with server security. [more]
Friday, 25 August 2006, 12:30 AM CET

Video pirates: Watch out for fingerprints
New video fingerprinting technology from Koninklijke Philips Electronics could help stem the flood of movies and other video content being traded illegally on the Internet. [more]
Friday, 25 August 2006, 12:25 AM CET

Why home firewall software is a leaky dike
A chain is only as strong as its weakest link. That's doubly true when it comes to protecting computers that are connected to the internet. [more]
Friday, 25 August 2006, 12:21 AM CET

Vista: elevations are now blocked in the user's logon path
Applications that start when the user logs on and that require elevation are now blocked in the logon path. [more]
Thursday, 24 August 2006, 3:38 PM CET

Viruses and spyware cost users $7.8 billion
"It's hard to tell who's losing the money - the insurance company, the credit card company or the consumer - but it's coming out of someone's pockets," said Dan Hubbard, vice president of security and research for Websense Inc. [more]
Thursday, 24 August 2006, 3:36 PM CET

Five reasons you need a new approach to antivirus security
I fix people's computer problems for a living," says Jason Bradley, CEO of CCE Computer Solutions, who estimates he handles about 400 computers. [more]
Thursday, 24 August 2006, 3:34 PM CET

China cracks down on spammers
An unnamed Chinese company has been fined ¥5,000 (£332) in the first prosecution based on new anti-spam regulations in the country. [more]
Thursday, 24 August 2006, 3:32 PM CET

Intel Wi-Fi update ate my CPU cycles
Security researchers have identified performance problems with a recent wireless driver security update from Intel. [more]
Thursday, 24 August 2006, 3:31 PM CET

Microsoft delivers stronger security and simpler patching
Redmond adds "advanced security" to its firewall and unfurls WSUS 3.0 Beta 2. [more]
Thursday, 24 August 2006, 12:33 PM CET

AV vendors flip over CU's 'dummy viruses'
The antivirus community is crying foul over a consumer magazine's tests of their products, which included creating 5,500 dummy viruses to see how well the AV programs handle the unknown. [more]
Thursday, 24 August 2006, 11:56 AM CET

When and when not to use Credentials for Nessus scans
Tenable consistently gets questions as to when a user should perform a vulnerability scan with credentials. [more]
Thursday, 24 August 2006, 11:55 AM CET

Kickstart your Linux security by avoiding garbage installations
Unnecessary packages on a host bring significant risks. An attacker can target the capabilities of those unnecessary packages to subvert or compromise your host, especially since most distributions automatically start the processes required by the installed packages (for example, if you have installed Apache, then the httpd process is automatically started). [more]
Thursday, 24 August 2006, 11:55 AM CET

Campaign aims to thwart Internet predators
U.S. Attorney General Alberto Gonzales on Monday announced details of a new public service campaign that is aimed at protecting young Internet users from attacks by child predators. [more]
Thursday, 24 August 2006, 11:53 AM CET

Indonesian cops arrest two men on cyber terrorism charges
Police in Indonesia announced the arrests on Wednesday of two men accused of using computer technology to aid terrorists in the world's most populous Muslim nation. [more]
Thursday, 24 August 2006, 11:51 AM CET

Microsoft will re-release 'butchered' patch
August's MS06-42 fix simply too buggy. [more]
Thursday, 24 August 2006, 11:50 AM CET

Is Windows inherently more vulnerable to malware attacks than OS X?
It took an attack on a Windows production server, not devotion to Apple, to put that provocative title on this entry. [more]
Thursday, 24 August 2006, 11:43 AM CET

Keeping up with the hackers
Gone are the days when hackers would attack networks and Web sites simply to make a name for themselves. These days, it's all about hacking for profit. [more]
Thursday, 24 August 2006, 11:41 AM CET

Kid who crashed email server gets tagged
A 19-year-old man today pleaded guilty to breaking the Computer Misuse Act for sending an "email bomb" to his former employer, which caused the company's email server to collapse. [more]
Thursday, 24 August 2006, 11:40 AM CET

Hacking like it's 1999
In the late 1990s a band of website defacers called Global Hell wreaked headline-making havoc on poorly-protected servers around the net, tagging the White House, the FBI, the U.S. Army, and, well … pretty much everyone. [more]
Thursday, 24 August 2006, 11:38 AM CET

IBM to buy Internet Security
$1.3 billion deal the latest in a series of acquisitions driving Big Blue's growth. [more]
Wednesday, 23 August 2006, 3:47 PM CET

Microsoft delays re-issue of IE patch
Date of release pushed back "indefinitely" until software is up to par, says company. [more]
Wednesday, 23 August 2006, 12:43 PM CET

Protect your applications with AppArmor
AppArmor is a product that Novell acquired when they bought the company Immunix in May 2005. [more]
Wednesday, 23 August 2006, 12:38 PM CET

Airport security vs the business traveler
We all know we need strong airport security. Recent events in England (8/2006) only reemphasize this need. This article starts off by explaining the threat that portable electronic devices pose and concludes with a list of tips that can help you survive the new restrictions. [more]
Wednesday, 23 August 2006, 12:37 PM CET

SELinux Policy Editor: Removing micromanagement from administrative control
Administrators often criticize Security Enhanced Linux (SELinux) policies for being too complex, and they have a point. [more]
Wednesday, 23 August 2006, 12:34 PM CET

Microsoft campaign goes after 'cybersquatters'
Citing trademark infringement, company sues pay-per-click advertisers. [more]
Wednesday, 23 August 2006, 12:27 PM CET

SSH tunnels: bypass (almost) any firewall
The goal of this article is to present a few effective methods to revamp the way you work in a restricted corporation-like network. [more]
Wednesday, 23 August 2006, 12:24 PM CET

Microsoft's August IE patch contains security bug
Instead of making the browser more secure, Microsoft Corp.'s August Internet Explorer security update introduced a critical security bug, according to researchers at eEye. [more]
Wednesday, 23 August 2006, 12:14 PM CET

EC veep calls for passenger data sharing, US-style
The vice president of the European Commission wants airlines to provide passenger data to government security services for all flights within Europe. A similar plan for flights to the US was recently vetoed by the European Parliament. [more]
Wednesday, 23 August 2006, 12:10 PM CET

Smartcard licence on the move
The Queensland Government has called for expressions of interest for its long-awaited smartcard driver's licence. [more]
Tuesday, 22 August 2006, 3:17 PM CET

AOL CTO resigns over privacy 'screw-up'
AOL's chief technology officer has resigned and two other staff members have been sacked following the release of half a million subscribers' search terms. [more]
Tuesday, 22 August 2006, 3:15 PM CET

Gongs on offer for stupid security measures
Human rights watchdog Privacy International has re-launched its hunt for the World's most stupid security measures. [more]
Tuesday, 22 August 2006, 1:58 PM CET

Alerts can be big business
There are a lot of trends coming together that make alerts and the networks that might support them into an opportunity. [more]
Tuesday, 22 August 2006, 1:19 PM CET

Intelligent data protection in today’s enterprise
As information becomes increasingly more valuable to enterprises, IT organizations must overcome some daunting and complex data protection challenges, such as recoverability, storage management and compliance. However, rather than being reactive data availability demands, enterprises now have the opportunity to proactively protect their business critical information. [more]
Tuesday, 22 August 2006, 1:11 PM CET

Pizza fraudsters take a slice of your credit
If you're thinking about ordering a pizza for dinner tonight, you'll definitely want to think twice if the pizza place insists that you pay by credit card. [more]
Tuesday, 22 August 2006, 12:59 PM CET

Look at all of these passwords!
If you use any number of popular web forums or even some commercial services like,, or your provider's webmail service, you may not be aware that you're sending your credentials over the internet in the clear.
Tuesday, 22 August 2006, 12:53 PM CET

A move to secure data by scattering the pieces
Chris Gladwin, a software designer and businessman in Chicago, had time on his hands after selling his company, the online music store Music Now, in 2004. So he decided to digitize all of the music, photos and paper detritus that he had been meaning to organize for years. [more]
Tuesday, 22 August 2006, 12:39 PM CET

Microsoft Office security, part one
The flood of recent Microsoft Office vulnerabilities has brought forth the need to understand the mechanics of the MS Office security architecture and the possible fault injection points. [more]
Tuesday, 22 August 2006, 12:37 PM CET

Trojan exploits unpatched PowerPoint vulnerability
Virus writers have developed Trojan horse malware designed to exploit an unpatched vulnerability in Microsoft's PowerPoint software. [more]
Tuesday, 22 August 2006, 12:37 PM CET

Open warfare in open source
Disagreements over what should be included in the free software license's next version have pitted the movement's leaders against each other. [more]
Tuesday, 22 August 2006, 12:36 PM CET

Hacking teams to vie for honours
Hack In The Box announced that it will once again host the region’s best-known Capture The Flag hacking competition during the upcoming HITBSecConf2006 to be held from Sept 18-21 at The Westin Hotel, Kuala Lumpur. [more]
Tuesday, 22 August 2006, 12:34 PM CET

Vista disk encryption: very damn fast
Physical theft of hard drives is a rising problem, both in servers sitting in less-fortified branch offices and in the growing number of corporate laptops that may be lost or stolen. [more]
Tuesday, 22 August 2006, 12:29 PM CET

Bankers giving the finger to network security
For Daren Mehl, securing billions of dollars in transactions is so easy he can do all the heavy lifting with just a finger. [more]
Monday, 21 August 2006, 4:20 PM CET

Two arrested over fake hols website
Two people are in court this morning charged with offences connected to scam holiday websites which could have conned as many as 3,000 people. [more]
Monday, 21 August 2006, 4:17 PM CET

Are outsourced operations ever secure enough?
Overseas outsource service providers can be maniacal about security. "It is in their best interests to do so," says Akiba Stern, a partner with Morgan, Lewis & Bockius in New York who specializes in outsourcing. "The last thing a big name service provider needs is a well publicized security breach that happened at their facility." [more]
Monday, 21 August 2006, 4:17 PM CET

Romanian police cuff 23 ID fraud suspects
Romanian police arrested 23 people in the southern city of Pitesti as part of a clampdown on internet scam rings operating in the eastern European country. [more]
Monday, 21 August 2006, 4:15 PM CET

Privacy debacle hall of fame
Earlier this month AOL publicly released a data trove: 500,000 search queries culled from three months of user traffic on its search engine. [more]
Monday, 21 August 2006, 9:22 AM CET

Five ways to lock up e-mail
E-mail is second only to Web browsers as an avenue for attack. [more]
Monday, 21 August 2006, 9:20 AM CET

Virtual PCs are the key to secure computing
Cloned machines are immune from threats. [more]
Monday, 21 August 2006, 12:15 AM CET

What the heck was on that stolen laptop?
Cluelessness compounds data disclosure security flaps. [more]
Monday, 21 August 2006, 12:08 AM CET

Malware’s commercialisation drives security
Redmond is taking action against web nasties. [more]
Monday, 21 August 2006, 12:00 AM CET

Backing up key information
Most UNIX administrators have processes in place to back up the data and information on their UNIX machines, but what about the configuration files and other elements that provide the configuration data your machines need to operate? [more]
Friday, 18 August 2006, 11:16 PM CET

Terror charges axed in 2nd cellphone bomb plot
The spirit of Barney Fife is alive and well in small-town America, but that will hardly amuse the three men recently accused of terrorist crimes in the redneck backwater of Caro, Michigan. [more]
Friday, 18 August 2006, 8:18 PM CET

Microsoft CEO says hackers rampant
The head of Microsoft Corp. considers cyberspace a "much more dangerous place" now than just a few years ago, describing hackers as "serious bad guys." [more]
Friday, 18 August 2006, 10:53 AM CET

Security firm disclaims Mac hack demo
SecureWorks did a demo at the recent Black Hat conference, showing how it could hack into a MacBook. Now, the company posted a disclaimer on its site to make it clear that MacBook was modified. [more]
Friday, 18 August 2006, 10:51 AM CET

Privacy group files FTC complaint against AOL
World Privacy Forum joins EFF in taking action against AOL for releasing search records. [more]
Friday, 18 August 2006, 12:54 AM CET

Waging war against click fraud
In the end, the best proactive way to combat click fraud may be through harsher penalties for fraud perpetrators and better screening of the ad hosts that stand to benefit from advertising fraud. [more]
Friday, 18 August 2006, 12:39 AM CET

Internet crimes hit record high in Japan
Land of the rising scam rate. [more]
Friday, 18 August 2006, 12:31 AM CET

10 security software stars
"The hardest part of the battle is educating the public and the institutions about the potential hazards of ignoring this problem," said Ben Haidri, vice president of marketing and product development at mobile data security firm Absolute Software. [more]
Friday, 18 August 2006, 12:24 AM CET

Create an email blacklist in Gmail
If you constantly receive messages you'd like to ignore from the same persons or Gmail's spam filters aren't too good for you, it's time to create a blacklist. How to do that in Gmail? [more]
Friday, 18 August 2006, 12:16 AM CET

AOL seeks spammer's buried gold
AOL is seeking to excavate grounds owned by parents of a convicted spammer in the hopes of finding gold bars and other buried booty thought to be worth up to $500,000. [more]
Friday, 18 August 2006, 12:05 AM CET

Judge: Government wiretapping program illegal
The judge ordered that the NSA's so-called Terrorist Surveillance Program be halted. [more]
Friday, 18 August 2006, 12:01 AM CET

A nation divided over piracy
The Pirate Bay survives, and politicians and entertainment lawyers confront a youth movement that embraces file sharing. [more]
Thursday, 17 August 2006, 12:23 PM CET

Cisco challenges firewall flaw
Cisco has said it is unable to confirm a major vulnerability in its firewall products, two weeks after a security researcher announced the flaw at a hackers' conference. [more]
Thursday, 17 August 2006, 12:10 PM CET

Security: The latest and greatest of Bastille
First and foremost, Bastille Linux is an operating system lockdown tool. It goes through many default settings on a Linux system and recommends settings that are more secure. [more]
Thursday, 17 August 2006, 11:09 AM CET dismisses security worries
No way. Fat chance. Get out of here. That's response to claims by some that its open-source application suite is as susceptible to attack as Microsoft Office. [more]
Thursday, 17 August 2006, 11:08 AM CET

Military researching intelligent, secure wireless nets
The US government, corporate and academic researchers are working on a network that would be able to configure itself, intelligently cache and route data, and allow for fast and reliable sharing of data, all while maintaining military-grade security. [more]
Thursday, 17 August 2006, 2:58 AM CET

CIOs put out help-wanted sign for business-savvy IT professionals
Hiring will increase for programmers, systems developers, project managers and business analysts who really understand business. [more]
Thursday, 17 August 2006, 2:44 AM CET

Microsoft OneCare security grabs 15% market share
Low pricing helped drive the new consumer security service to second-place market share. [more]
Thursday, 17 August 2006, 2:03 AM CET

When online crooks advertise
The online promo was created by the online gangsters at Carderplanet, a now-disbanded international group of credit card and identity thieves (they dabbled in other businesses, but that was their bread and butter). [more]
Thursday, 17 August 2006, 1:57 AM CET

Spyware's growing arsenal
Purveyors of malware are increasingly harnessing the popularity of social networks and Web video to infect PCs. [more]
Thursday, 17 August 2006, 1:56 AM CET

Yahoo plugs Web mail security hole
Measures now in place to foil potential security breach posed by e-mail attachments. [more]
Thursday, 17 August 2006, 1:41 AM CET

Microsoft issues first patches for Vista
Microsoft confirmed that two of last week's 12 security bulletins are for Vista, and posted instructions for downloading security updates for the new Windows. [more]
Thursday, 17 August 2006, 1:12 AM CET

Digital image watermarks could combat trademark theft
Technology protects pictures of products from being stolen. [more]
Thursday, 17 August 2006, 1:11 AM CET

Smart card vendors talk privacy
Secure ID Coaltion formed to communicate security features of contactless smart cards. [more]
Thursday, 17 August 2006, 1:01 AM CET

IRS to beef up monitoring of employee e-mails
The Internal Revenue Service has pledged to step up monitoring of its e-mail servers in response to a recent review that found a high percentage of misuse among employees surveyed. [more]
Thursday, 17 August 2006, 12:45 AM CET

How much is customer trust worth?
Identity theft, while once thought to be a minor issue, could dry up multichannel contact center sales. [more]
Thursday, 17 August 2006, 12:31 AM CET

81% of U.S. firms lost laptops with sensitive data in the past year
Companies are struggling to protect hardware, data. [more]
Thursday, 17 August 2006, 12:22 AM CET

File-sharing 'darknet' unveiled
A "darknet" service that allows users to share music files anonymously on the web has been launched in Sweden. [more]
Thursday, 17 August 2006, 12:19 AM CET

Social sites open door to malware
Sites such as myspace are an easy target for malware authors. [more]
Thursday, 17 August 2006, 12:10 AM CET

Review: five firewalls for your desktop PC
It's amazing to think there was once a time when the idea of a firewall for one's desktop computer was thought of as overkill, if not downright ridiculous. Now it's practically mandatory - not just to protect your computer from outside threats, but to keep Trojans and e-mail viruses from hijacking your system from within. [more]
Thursday, 17 August 2006, 12:10 AM CET

Open source meets Windows on servers
Microsoft's ability to integrate its own back-end products with Windows gives it a big edge over open-source insurgents in general, said Mike Olson, vice president of embedded technologies at Oracle and former CEO of Sleepycat Software. [more]
Thursday, 17 August 2006, 12:06 AM CET

Assessing Java clients with the BeanShell
Assessing the security of Java applications, and particularly client-server applications, can be a tedious process of modifying the code, compiling, deploying, testing and repeat. This paper demonstrates a technique for using the BeanShell to assess the security of a typical Java client-server application. [more]
Wednesday, 16 August 2006, 5:43 PM CET

Hackers target latest Windows fix
Hi-tech hackers have started to produce malicious programs that target the latest bugs in Microsoft's Windows. [more]
Wednesday, 16 August 2006, 3:50 PM CET

Phishing - another side of the tale
De Consumentenbond, which is basically the Dutch version of Consumer Reports, released an interesting press release yesterday. Thanks to this organization, eBay is no longer asking for personal information which could identify the user via email. [more]
Wednesday, 16 August 2006, 3:48 PM CET

An interview with two 'granny hackers'
One of the best things that can happen at a show like Black Hat is making new friends, especially if they are not only brilliant, but also compliment you on your Linux T-shirt. [more]
Wednesday, 16 August 2006, 1:45 AM CET

Cisco updates CCNP with new exams
Cisco Systems announced Tuesday it is updating the exams for its Cisco Certified Network Professional (CCNP) certification and the recertification policy for all of its Professional-level titles. [more]
Wednesday, 16 August 2006, 1:44 AM CET

Lessig: Content security squashing culture
The open-source movement has freed up creativity on the operating system and application levels, but digital-rights management threatens to turn creators into “pirates,” Stanford University professor Lawrence Lessing told attendees at LinuxWorld on Tuesday morning. [more]
Wednesday, 16 August 2006, 1:41 AM CET

Hey, spammer, leave those kids alone
A pair of firms accused of sending unsolicited emails about gambling and alcoholic drinks to children are being sued by the State of Michigan. [more]
Wednesday, 16 August 2006, 1:39 AM CET

Microsoft: MMO games face security risk
All too familiar with hackers looking to exploit security flaws in its software, Microsoft Corp. warned video game developers Monday that their PC games are now a target for criminals. [more]
Wednesday, 16 August 2006, 1:38 AM CET

What should businesses require of data protection solutions?
Data protection today is one of the most innovative and fast-moving areas of Information Technology. Data protection technology developers have, in recent years, engaged in constant, vibrant ‘solution evolution’, continuously striving to deliver new data protection capabilities for increasingly demanding customers. [more]
Tuesday, 15 August 2006, 5:44 PM CET

Disk drive researchers turn up IDs
Academics wanting to make a point of how careless people are with their personal data have uncovered what they suspect could be pornographic images involving children. [more]
Tuesday, 15 August 2006, 5:25 PM CET

Justice Department looks To lock down databases
The agency is focusing on application-level security; the goal is to examine all its databases, up from 30% today, for potential problems and to lock them down as tightly as possible. [more]
Tuesday, 15 August 2006, 5:24 PM CET

Barclays scripting SNAFU exploited by phishers
Online scammers are exploiting a redirection script on Barclays' site to make fraudulent emails look more convincing. [more]
Tuesday, 15 August 2006, 4:45 PM CET

All-in-one security devices face challenges
he multipurpose security appliances that consolidate firewall/VPN, content filtering, intrusion prevention and more into a single box are winning favor as easy-to-manage devices. [more]
Tuesday, 15 August 2006, 4:44 PM CET

Police decryption powers 'flawed'
The government faces criticism over plans to give police powers to make suspects produce readable copies of encrypted computer evidence. [more]
Tuesday, 15 August 2006, 4:44 PM CET

Iran president's weblog spews malware - false
Reports that the new website of the President of Iran is trying to install malicious scripts on the PCs of visiting infidels are almost certainly the result of a false alarm by security packages rather than a hostile attack. [more]
Tuesday, 15 August 2006, 4:41 PM CET

FBI doubts cellphone terror scheme
The FBI has expressed reservations about the alleged cellphone terror plot uncovered by a Wal-Mart cashier working with small-town cops in Michigan, which we reported recently. [more]
Tuesday, 15 August 2006, 4:41 PM CET

Washington sues movie download service for spyware
The state of Washington has sued the owners of the, alleging that the company used spyware to strong-arm users into signing up for its paid movie download service. [more]
Tuesday, 15 August 2006, 11:33 AM CET

Hackers hunting for unpatched Microsoft computers
Hackers are actively using exploit code to target a flaw in Microsoft's software that generated a special warning from the U.S. government last week. [more]
Tuesday, 15 August 2006, 10:53 AM CET

Biometric polygraph next for airport security?
Got something to hide? You may not want to reconsidering flying in the future. [more]
Tuesday, 15 August 2006, 10:40 AM CET

Keeping your identity on a short leash
The dangers of information and identity theft are many, but by following a few very simple rules, people can drastically lower their odds of being victimized. [more]
Tuesday, 15 August 2006, 10:33 AM CET

VA buys encryption tools
Installation of software to be installed on all Veterans Affairs laptops within the month. [more]
Tuesday, 15 August 2006, 10:31 AM CET

Summer security slowdown? Hardly
In a move that evoked mixed emotions in industry watchers, Microsoft last month cut a nice big check (one would hope) for Winternals. [more]
Monday, 14 August 2006, 6:56 PM CET

RIM plays down BlackBerry hack threat
BBProxy attack makes 'several reaching assumptions'. [more]
Monday, 14 August 2006, 6:55 PM CET

Avoiding the knee-jerk approach to security
Cybercrime is growing exponentially, and businesses will have to adopt a priority-based approach if they are to implement effective protection technologies. [more]
Monday, 14 August 2006, 6:53 PM CET

Worm feasts on latest Windows vuln
Virus writers have adapted an existing family of worms to exploit a recently patched, high-profile Windows security vulnerability. [more]
Monday, 14 August 2006, 6:53 PM CET

How Cisco secures its own networks
For a year John Stewart has been CSO at Cisco. He's in charge of a team of 60 information security professionals who play a role in IT architecture, policy, audit and incident response to protect an internal user base of about 48,000 employees worldwide. [more]
Monday, 14 August 2006, 11:55 AM CET

Solving the security challenge of dynamic networks
Europe is hurtling toward an information society capable of offering communication services anywhere in the world. So far, such a proposition is not too secure. But researchers are on the case. [more]
Monday, 14 August 2006, 10:25 AM CET

An introduction to Windows kernel patch protection
There have been a lot of questions recently about a Windows technology called Kernel Patch Protection (sometimes referred to as PatchGuard). This article provides some context about the feature to help answer them. [more]
Monday, 14 August 2006, 10:23 AM CET

Take a closer look at OpenBSD, the most secure OS
OpenBSD is quite possibly the most secure operating system on the planet. [more]
Monday, 14 August 2006, 10:17 AM CET

Examining the CSO-CEO relationship
A key relationship in any organization with an effective security strategy is that between the CSO and the CEO, who must work together to ensure that security investments are mapped to the changing risk landscape. [more]
Monday, 14 August 2006, 10:16 AM CET security 'insufficient'
Researchers at French Ministry of Defense say vulnerabilities with open source office suite may rival those of Microsoft's version. [more]
Monday, 14 August 2006, 10:13 AM CET

Covert channel tool hides data in IPv6
An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems. [more]
Monday, 14 August 2006, 10:11 AM CET

How to prep laptops for airport security
Security providers offer a few tips for travelers flying with electronic devices. [more]
Monday, 14 August 2006, 10:07 AM CET

XSS, cookies, and session ID authentication
Cross site scripting (XSS) errors are generally considered nothing more than a nuisance — most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server. [more]
Friday, 11 August 2006, 9:51 PM CET

Stolen Florida laptop nets 133,000 identities
A federal agent's stolen laptop in Florida has put 133,000 people's personal identities at risk. [more]
Friday, 11 August 2006, 6:17 PM CET

Is your bank responsible for protecting you from key loggers?
Where does your bank's responsibility to protect you and your online transactions end? [more]
Friday, 11 August 2006, 4:31 PM CET

Ruby on Rails derailed by URL glitch
Developers are being urged to update their Ruby on Rails software following the discovery of a potentially serious security vulnerability. [more]
Friday, 11 August 2006, 4:20 PM CET

Experts ratchet up Windows worm warnings
The bug in question is one of 23 patched Tuesday by Microsoft. It affects all currently supported versions of Windows, can be exploited without end users needing to do anything and, some security watchers say, rivals the bug that led to 2003's destructive MSBlast attack. [more]
Friday, 11 August 2006, 3:23 PM CET

Software detects difference between shampoo, explosives
A Virginia firm is in talks with the TSA over using its technology. [more]
Friday, 11 August 2006, 3:22 PM CET

Old hard drives yield dark secrets
A quick wipe won't remove the data. [more]
Friday, 11 August 2006, 2:04 PM CET

HSBC knew about security loophole in online banking
One of Britain's biggest high street banks knew about a security loophole in its online banking service that left millions of accounts open to fraud and did nothing about it for almost two years. [more]
Friday, 11 August 2006, 2:03 PM CET

Florida laptop loss sparks ID theft fears
The theft of a laptop containing the unencrypted personal details of 133,000 Florida residents has sparked a major security alert. [more]
Friday, 11 August 2006, 2:03 PM CET

Testing client-side risks
How many of your employees can be tricked into opening malware? The answer may surprise you. [more]
Friday, 11 August 2006, 12:53 PM CET

Helping to stop DDoS - detecting DNS recursion configuration issues
Recently, Tenable was asked about detecting DNS servers that were configured to respond to DNS "recursion" queries. [more]
Friday, 11 August 2006, 10:33 AM CET

Symantec cries foul over Vista's bolted down kernel
Security features prevent competition and limit innovation, vendor alleges. [more]
Friday, 11 August 2006, 2:07 AM CET

Hacker sophistication outpacing forensics
Attackers are using increasingly sophisticated methods to stay ahead of security incident response teams, says Kevin Mandia, security consultancy. [more]
Friday, 11 August 2006, 2:06 AM CET

Gartner’s top 5 tips to boost data security
Public exposure of private data is becoming a regular occurrence, but the majority of these incidents can be prevented if companies implement the proper security best practices, according to Gartner, whose analysts have identified the top 5 steps to prevent data loss and information leaks. [more]
Friday, 11 August 2006, 2:03 AM CET

Security tech firms may benefit from foiled plot
Makers of security equipment are the most likely to benefit from the heightened alert at airports after British police foiled a plot to blow up planes flying between Britain and the United States. [more]
Friday, 11 August 2006, 12:57 AM CET

Worm fears raised after release of Windows malware
Code exploiting the Windows vulnerability shared on the Internet. [more]
Friday, 11 August 2006, 12:41 AM CET

Technology for rescuing stolen laptops
Tracking software, kill switches and encryption can trace machines, protect your data. [more]
Friday, 11 August 2006, 12:07 AM CET

FISMA could solve data security issues
The existing government security scorecard, FISMA, could be the answer to helping solve business' data security problems. [more]
Friday, 11 August 2006, 12:03 AM CET

Skype malware scam targets Turkey
Spyware authors have crafted a new attack that poses as an invitation to Turkish people to try Skype, the popular IP telephony application. [more]
Thursday, 10 August 2006, 6:17 PM CET

Credit protection due vets in data theft
ID Analytics will provide an initial analysis of several industries to determine if there has been any suspicious activity involving the veterans' information. It will then provide follow-up reports every three months for an unspecified period at no cost to veterans or the government, the VA said. [more]
Thursday, 10 August 2006, 6:16 PM CET

Microsoft defends IE7's RSS security
A critic says attackers could use malicious JavaScript to launch an attack through RSS, but Microsoft says the new Internet Explorer has some tricks to defend it. [more]
Thursday, 10 August 2006, 5:38 PM CET

HSBC web security cracked
The bank’s anti-keylogging system is flawed, say researchers. [more]
Thursday, 10 August 2006, 4:58 PM CET

All-in-one security devices face challenges
The multipurpose security appliances that consolidate firewall/VPN, content filtering, intrusion prevention and more into a single box are winning favor as easy-to-manage devices. [more]
Thursday, 10 August 2006, 4:57 PM CET

Windows smartphones get grown-up encryption
Mobile security specialist, Safeboot, has launched one of the first products that can transparently encrypt and decrypt data held on Windows mobile PDAs and smartphones.
Thursday, 10 August 2006, 4:56 PM CET

Google sees privacy threats from government intrusions
CEO Eric Schmidt told conference attendees this week that his company has put all necessary safeguards in place to protect users' personal data from theft or accidental release. But he said he still worries about government demands for customers' data. [more]
Thursday, 10 August 2006, 4:56 PM CET

White Hat: Vista gets high marks for security
With Vista, the much-ballyhooed (and delayed) version of Windows, Microsoft seems to finally be on the right track. Dan Kaminsky, senior researcher at DoxPara Research, says that after eight months of kicking Vista's security tires, he's convinced that Microsoft has learned from its mistakes. [more]
Thursday, 10 August 2006, 12:28 AM CET

How to start up a mobile security project
The proliferation of laptops, PDAs, smartphones and USB sticks means that corporate data is no longer confined to the office. Without the necessary procedures and technical restrictions in place, companies can easily lose track of their sensitive data. Just how many files have been copied in this way? Where are they all now? [more]
Thursday, 10 August 2006, 12:25 AM CET

Empty spam feasts on in-boxes
Email in-boxes are under attack from some unlikely menaces: J.R.R. Tolkien, Daniel Defoe, Alexandre Dumas and other authors whose classic works are surfacing in a newly popular spam scam. [more]
Thursday, 10 August 2006, 12:22 AM CET

Can you rely on Microsoft's Network Access Protection?
Viruses and malware are often stopped by software defenses than run on the desktop; in fact, the antivirus, antispyware and other security suite software business has rapidly become a very lucrative industry. [more]
Thursday, 10 August 2006, 12:17 AM CET

Securing Web-based applications on Linux
PHP, PERL and other languages are useful and easy to learn tools that can be used to build some pretty functional Web-based applications. [more]
Thursday, 10 August 2006, 12:16 AM CET

Lieberman campaign site, e-mail hacked
On the day of perhaps the toughest political battle of his life, Sen. Joe Lieberman finds himself fighting a challenge in an unexpected battlefield — cyberspace. [more]
Wednesday, 9 August 2006, 1:01 AM CET

The Black Hat Wi-Fi exploit coverup
You've probably heard of full disclosure, the security philosophy that calls for making public all details of vulnerabilities. [more]
Wednesday, 9 August 2006, 12:46 AM CET

Piracy is killing PC gaming
During a QuakeCon Q&A panel, Kevin Cloud, co-owner of Id and exec producer on Enemy Territory: Quake Wars, responded to a question about PC games disappearing from retailer's shelves by saying that piracy was "killing PC games." [more]
Wednesday, 9 August 2006, 12:23 AM CET

Phishing Trojan plays ping-pong with captured data
Security researchers have identified a new Trojan which sends data back to attackers via an unconventional communications protocol (for malware) in a bid to escape detection. [more]
Wednesday, 9 August 2006, 12:15 AM CET

Survey: retail RFID implementation lagging
According to the RFID survey conducted by Retail Systems Alert Group, although there still may be several challenges that are on the horizon in the adoption of RFID, the outlook is cautiously positive. The awareness level of RFID among C-level executives, directors and managers has significantly improved. [more]
Wednesday, 9 August 2006, 12:10 AM CET

ISO 27001: A new standard for IT security
Information security flaws can create havoc within your business operations. The ISO 27001 standard for information security management systems can help to locate existing security problems and prevent future threats before they prove harmful to your organization. [more]
Tuesday, 8 August 2006, 2:03 PM CET

Microsoft piracy check draws complaints
Microsoft has taken great pains to improve its privacy policies since it came under intense fire about five years ago for a system called Passport that sought to store all sorts of personal information under one log-on. [more]
Tuesday, 8 August 2006, 1:47 PM CET

Apache web server basic security measures
While running a HTTP server such as Apache, there is a few step an administrator have to take in order not to get easily hacked. The very basic one is to hide from the outside which software version and operating system version are running. [more]
Tuesday, 8 August 2006, 12:10 PM CET

An open source security triple play
Want to protect your SOHO machine or LAN from rootkits and malware, but want something a little more real-time than simply running Chkrootkit or another rootkit detector after the fact? Consider OSSEC-HIDS, an open source host intrusion detection system. [more]
Tuesday, 8 August 2006, 12:05 PM CET

Two teens charged over VA laptop theft
Two US teenagers were arrested last weekend for stealing a Veterans' Administration laptop, an incident that proved a major security flap and brought calls for improved information security legislation. [more]
Tuesday, 8 August 2006, 12:04 PM CET

AOL apologises for privacy 'screw up'
AOL released the internet search terms that more than 650,000 of its subscribers entered over a three-month period and admitted Monday that what it originally intended as a gesture to researchers amounted to a privacy breach and a mistake. [more]
Tuesday, 8 August 2006, 12:02 PM CET

Browser cache a hacker haven
Your browser's cache may be helping hackers to help themselves to your information. [more]
Tuesday, 8 August 2006, 12:12 AM CET

10 tips for reducing storage TCO
By designing the solution, regardless of the storage vendor, IT managers can resume control over their SAN, break the storage vendor lock-in and save a large part of their budget. Using the available storage management services can therefore provide excellent solutions for painful problems. [more]
Monday, 7 August 2006, 10:27 PM CET

Cybercriminals taking cues from Mafia, says FBI
he Web site offered to sell stolen credit card information for $100, but it was the title of the poster that caught FBI agent Thomas X Grasso Jr.'s attention. The cybercriminal identified himself as a "Capo di capo" -- a boss of bosses, in Mafia parlance. [more]
Monday, 7 August 2006, 7:13 PM CET

Enterprise privacy strategies, tactics
Have a privacy policy. Yes, it's basic. But you'd be surprised how few U.S.-based companies have a formal privacy policy. [more]
Monday, 7 August 2006, 4:56 PM CET

Credit cards, telephone calls and law enforcement, German style
Last Friday, we came across an interesting site: a message board where stolen credit card numbers have been published since August 2005. [more]
Monday, 7 August 2006, 4:45 PM CET

Hackers penetrate computers, pick locks, spray pellets at Defcon
In a dimly lit room off the main drag of a computer-security conference, programmers guzzle caffeine-laced drinks and wolf pizza while methodically hunting for cryptic messages hidden in the bowels of enemy territory. [more]
Monday, 7 August 2006, 4:43 PM CET

Security guru lays into database vendors
Researcher details more than 20 holes in IBM's Informix family. [more]
Monday, 7 August 2006, 4:41 PM CET

Mobile security begins with policy
Mobile security isn't easy. It isn't particularly fun, either.
Monday, 7 August 2006, 2:51 PM CET

Google offers malware warnings
Google has teamed up with an anti-malware organisation to offer warnings when search results might otherwise lead surfers to sites hosting malicious code. [more]
Monday, 7 August 2006, 2:50 PM CET

Building a desktop firewall
Everyone knows that you should be behind a firewall whenever you go online. [more]
Monday, 7 August 2006, 10:16 AM CET

Users still wary of Vista security
Microsoft uses Black Hat forum to make case that new OS will be secure. [more]
Monday, 7 August 2006, 10:15 AM CET

Blackberry a juicy hacker target
A computer security researcher says he's found an unexpected new path into company networks: the Blackberry. [more]
Monday, 7 August 2006, 12:59 AM CET

NSA risking electrical overload
Officials say outage could leave Md.-based spy agency paralyzed. [more]
Monday, 7 August 2006, 12:48 AM CET

Six steps to secure sensitive data in MySQL
If you're using MySQL, there are some easy things you can do to secure your systems and significantly reduce the risk of unauthorised access to your sensitive data. [more]
Monday, 7 August 2006, 12:39 AM CET

Hackers add Ajax to bag of tricks
Since Ajax is well on its way to becoming a standard for the way interactive Web pages operate, security experts expect attacks to escalate. "Imagine when the same flaws are used to steal money from financial institutions," says Alex Stamos, principal partner at security researcher iSEC Partners. [more]
Monday, 7 August 2006, 12:32 AM CET

Researchers warn over web worms
Exploiting a lack of security checks in browsers and Web servers, web worms and viruses are likely to become a major threat to surfers, security researchers speaking at the Black Hat Briefings warned on Thursday. [more]
Monday, 7 August 2006, 12:28 AM CET

Towards a secure biometric identity
Soon to be introduced biometric passports have a fresh design and new security features to prevent identity and passport frauds. [more]
Monday, 7 August 2006, 12:01 AM CET

Thai police crack credit card wiretap scam
Tourists from Australia and New Zealand are among an estimated 48,000 victims of a highly-organised credit card fraud ring in Thailand. [more]
Friday, 4 August 2006, 7:09 PM CET

Serious flaw puts Xerox printers at risk
Xerox says it is updating a patch to fix the flaw. [more]
Friday, 4 August 2006, 4:46 PM CET

Making corporate security second nature
Enterprise security executives need to make practices such as safe USB use and discreet handling of patient or customer data as commonplace as not accepting luggage from strangers in airports or wearing a seat belt when driving. [more]
Friday, 4 August 2006, 4:45 PM CET

How to clone the copy-friendly biometric passport
At Black Hat yesterday, security consultant Lukas Grunwald of German company DN-Systems demonstrated the cloning of a biometric passport. [more]
Friday, 4 August 2006, 4:42 PM CET

Hacks decline, worries don't
For the fourth year in a row, losses due to network compromises and hacker attacks fell, according to the annual CSI/FBI Computer Crime and Security Survey. [more]
Friday, 4 August 2006, 11:06 AM CET

Online security must be non-intrusive
Comsumers want security without the intrusion, acoording to research. [more]
Friday, 4 August 2006, 11:04 AM CET

Zombies and botnets - detecting "crowd surges" in logs and network traffic
Tenable released a TASL script for the Log Correlation Engine that can use netflow, sniffed network sessions, firewall logs and even network IDS logs to help identify botnets, maleware and zombie networks. [more]
Friday, 4 August 2006, 7:32 AM CET

Cybercrooks add Ajax coding to bag of hacking tricks
The hot new technology behind slick Web pages has suddenly become the hot new tool for cybercriminals. [more]
Friday, 4 August 2006, 7:27 AM CET

Security guru leaves Microsoft
Amid the major shake-ups in management at Microsoft, one of the company's more notable security guru's, Jesper Johansson, announced that he is leaving the company to work for the online retailer giant [more]
Friday, 4 August 2006, 2:34 AM CET

RSS for hackers?
RSS is a great technology for delivering content; it's also a potentially destructive tool for hackers to use as an attack-delivery system. [more]
Friday, 4 August 2006, 2:33 AM CET

Microsoft invites hackers to test Vista
After suffering embarrassing security exploits over the past several years, Microsoft is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista, the next generation of its Windows operating system. [more]
Friday, 4 August 2006, 2:32 AM CET

Management apps could pose security risk
Insecure coding and loose deployments of enterprise management applications could turn antivirus, patch management and systems management applications into powerful and malicious botnets, according to research presented at the Black Hat Briefings Conference in Las Vegas. [more]
Friday, 4 August 2006, 2:28 AM CET

Hackers clone e-passports
A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year. [more]
Friday, 4 August 2006, 12:55 AM CET

Javascript attacks on ateroids
Just sat through a rather disturbing presentation here at Black Hat on how bad guys can use Javascript to circumvent hardware and software firewalls and wreak havoc on a target's internal network. [more]
Friday, 4 August 2006, 12:55 AM CET

McAfee security bug bites deep
McAfee has fixed a flaw involving older versions of its consumer security software that creates a means for hackers to compromise vulnerable systems. [more]
Friday, 4 August 2006, 12:32 AM CET

Attackers pass on OS, aim for drivers and apps
The disappearance of easy-to-find flaws in the major operating systems has pushed vulnerability researchers to branch out from finding security issues in core system software and instead concentrate on the device drivers and client-side agents present on all PCs, security experts said on Wednesday at the Black Hat Briefings. [more]
Friday, 4 August 2006, 12:09 AM CET

Hacking SUSE Linux Enterprise Desktop 10
Novell's SUSE Linux Enterprise Desktop (SLED) 10 is a decent business desktop operating system as-is. However, it does not appropriately meet the needs of a large portion of business professionals. [more]
Friday, 4 August 2006, 12:01 AM CET

Improve your Windows XP security
It is often said that Windows XP is fundamentally insecure. Here's the professional way to make it watertight. [more]
Thursday, 3 August 2006, 12:15 PM CET

eBay scamming automation primed for fraud
Fraudsters are starting to use automated bots in a bid to establish a bogus eBay reputation that will later allow them to dupe gullible punters through bogus auctions. [more]
Thursday, 3 August 2006, 12:13 PM CET

Spam filters: do they work and can you prove it
Do spam filters work? Which is the best one? How might filters be improved? Without standards, one must depend on unreliable evidence, such as subjective impressions, testimonials, incomparable and unrepeatable measurements, and vendor claims for the answers to these questions. [more]
Thursday, 3 August 2006, 12:02 PM CET

Red flag raised over NAC security
Security expert tells Black Hat briefing the current crop of products is riddled with holes. [more]
Thursday, 3 August 2006, 2:52 AM CET

Even offline computers can be hacked, researchers say
Some computers with wireless Internet capabilities are vulnerable to malicious software that would let hackers take over the machines even if their owners aren't actually online. [more]
Thursday, 3 August 2006, 1:16 AM CET

Feds dip their snouts back in EFF vs. AT&T wiretap case
Surprise, surprise. The US government has asked a California court to take a second look at a recent decision that allowed the EFF’s wiretap case to proceed against AT&T. [more]
Thursday, 3 August 2006, 1:07 AM CET

Using Nessus to scan hosts behind a firewall
For first-time (and even veteran) Nessus users, Tenable support often gets questions about how to access the security of a host that is behind a firewall. [more]
Thursday, 3 August 2006, 12:28 AM CET

Hijacking a Macbook in 60 seconds or less
If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. [more]
Thursday, 3 August 2006, 12:17 AM CET

Mobile threats hit out of the blue
As mobile devices increase in sophistication so do their security risks, writes Lara Williams in Santa Clara. [more]
Thursday, 3 August 2006, 12:14 AM CET

Prototype worm targets Windows PowerShell
A prototype virus has emerged before the product has even been released. [more]
Thursday, 3 August 2006, 12:06 AM CET

The future of enterprise security
"The challenge for enterprise I.T. is shifting to [the question of] how do we secure the peripheral devices. The focus will shift to unmanaged and unowned components that access the network," says Mitchell Ashley, CTO of StillSecure. "This will become the major thrust of I.T. responsibility." [more]
Thursday, 3 August 2006, 12:00 AM CET

Nine ways to stop industrial espionage
IT staff are in the unique position that if they are nosy, immoral, greedy or corrupt that can get at what they want within their company at the touch of a button. The corporate crown jewels are usually left open and unexposed to the IT guys. So how do you protect your corporate crown jewels from staff that can so easily be bribed to steal them and hand them over to a competitor? [more]
Wednesday, 2 August 2006, 1:04 PM CET

Hackers ramp up 'insidious' targeted attacks
Bulk distribution of infected emails is so last year. [more]
Wednesday, 2 August 2006, 12:44 PM CET

A process for performing security code reviews
No one really likes reviewing source code for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option. [more]
Wednesday, 2 August 2006, 11:57 AM CET

Cisco beefs up software and services for compliance
The Cisco Pace portfolio promises better control and more automation for network changes. [more]
Wednesday, 2 August 2006, 11:55 AM CET

Talking with the Dark Tangent
Security Fix recently caught up with Jeff Moss -- a.ka. "Dark Tangent" -- the founder of Defcon and Black Hat, the two enormous hacker conventions that take place in Las Vegas each summer. [more]
Wednesday, 2 August 2006, 11:54 AM CET

WLAN viruses, anyone?
Intel has published a set of patches for Intel Centrino. [more]
Wednesday, 2 August 2006, 11:51 AM CET

Is your OS spying on you?
Paranoia is becoming more common these days, and if you let yourself be engulfed by it, there's definitely not a shortage of things to be concerned about. [more]
Wednesday, 2 August 2006, 11:48 AM CET

Further examining changes to the A+ certification
Last month, changes have been announced to the A+ certification, which is one of the most popular certifications currently in the IT industry. [more]
Wednesday, 2 August 2006, 11:47 AM CET

Alert over stolen tax file numbers
More than 170 Australians have had their tax file numbers stolen by online scammers who captured the information from their home computers when they were using the online e-tax system. [more]
Wednesday, 2 August 2006, 11:44 AM CET

Story lines abound on eve of Black Hat 2006
Typical of the drama that often unfolds at this security conference, Microsoft is making its first appearance at the event and will tout the stronger security measures in Vista. [more]
Wednesday, 2 August 2006, 12:45 AM CET

Nessus 3 agent-less compliance checks
Tenable released two new plugins for Nessus 3 that can audit the configuration of a remote UNIX or Windows system and report "compliant" or "not compliant" with a set of user-defined security policy configuration settings. [more]
Wednesday, 2 August 2006, 12:36 AM CET

How to beef up IT security
IT support staff get the complaints all the time. The company's security systems are either not working well enough - each morning your inbox is stuffed with spam - or the programs are too effective and vital emails never arrive because they contain one slightly suspicious word. [more]
Wednesday, 2 August 2006, 12:28 AM CET

Most home users secure Wi-Fi networks
Six out of ten consumers with Wi-Fi lock down their home networks, said a poll released Tuesday by a research firm. [more]
Wednesday, 2 August 2006, 12:12 AM CET

Internet privacy: a license for libel?
"There are reasons that there are such strong First Amendment protections on the Internet," says Marc Rotenberg, executive director of the Electronic Privacy Information Center. "People should be given wide latitude to express their opinions, even if others feel it's offensive or constitutes libel." [more]
Tuesday, 1 August 2006, 7:57 PM CET

Blackjacking and RFID passport exploits star at DEF CON
All eyes in the information security world will be on Las Vegas this week as the desert city plays host to Def CON 14 and the Black Hat briefings. [more]
Tuesday, 1 August 2006, 6:36 PM CET

Rounding the corners of network security
As the Black Hat conference descends upon Las Vegas this week, presents a series of articles addressing security issues past and present. [more]
Tuesday, 1 August 2006, 6:34 PM CET

Firewall chip gets funding
EU funding of 2 million Euros has been announced for a major new three-year project to develop a re-configurable photonic 'firewall on a chip'. [more]
Tuesday, 1 August 2006, 5:04 PM CET

Third-party Microsoft patches could get new life
It has been nearly three years since Microsoft moved to a monthly patch release schedule as a way to rein in some of the chaos that had begun to engulf its vulnerability reporting and repair efforts. [more]
Tuesday, 1 August 2006, 5:03 PM CET

McAfee to issue patch for vulnerability
Vulnerability in SecurityCenter app could allow unauthorized user to run code on a remote machine. [more]
Tuesday, 1 August 2006, 5:01 PM CET

Apple responds to iTunes DRM complaints
Apple meets deadline set by Scandanavian consumer agencies. [more]
Tuesday, 1 August 2006, 4:19 PM CET

Trojan uses smut to filch bank details
Hackers have developed a sophisticated Trojan-based attack which uses the lure of pornography to steal bank details from victims' PCs. [more]
Tuesday, 1 August 2006, 4:12 PM CET

Enterprise IT vendors team up for utility standard
XML-based standard promises cheaper network management. [more]
Tuesday, 1 August 2006, 12:23 PM CET

Hackers outfox Mozilla
A Mozilla Firefox exploit has been found that can hijack the Web browser and monitor submit-and-click events. [more]
Tuesday, 1 August 2006, 12:16 PM CET

Banks face Web security deadline
For some bank IT managers, the release of U.S. federal guidelines for validating the identities of online users helped catalyze ongoing efforts to adopt so-called strong authentication measures. [more]
Tuesday, 1 August 2006, 11:59 AM CET

Scammers deploy bots for Ebay manipulation
Scripts used to boast feedback ratings. [more]
Tuesday, 1 August 2006, 9:14 AM CET

ActiveX security faces storm before calm
A security researcher informs Microsoft of more than 100 flaws in ActiveX controls included with a default installation of Windows XP. Another reason to install Internet Explorer 7? [more]
Tuesday, 1 August 2006, 9:09 AM CET

Virus writers target upcoming Windows scripting language
Yet another point of caution, researchers warn. [more]
Tuesday, 1 August 2006, 9:05 AM CET

Wireless gadget vulnerabilities: the Nikon Coolpix P1
It wasn't the camera’s picture capturing ability that caught our attention. Instead, it was the integrated hardware/software that allows the camera’s user to transfer pictures to a PC over a wireless network. [more]
Tuesday, 1 August 2006, 12:49 AM CET

E-mail privacy in the workplace
Even with a well-heeled corporate privacy policy stating that all employee communications may be monitored in the workplace, the legality of e-mail monitoring is not as clear cut as one might think. [more]
Tuesday, 1 August 2006, 12:30 AM CET

Users mix open-source, Windows for server apps
Growing wave of 'WAMP users' want the best of both worlds. [more]
Tuesday, 1 August 2006, 12:11 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd