Off the Wire

Off The Wire Archive

News items for September 2002

HNS Newsletter issue 129 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 30 September 2002, 2:03 PM CET


WinTasks Process Library
The newly opened WinTasks Process Library contains information about all common Windows processes as is continiously updated with new information. [more]
Monday, 30 September 2002, 12:34 PM CET


Online payment service PayPal hit by scam
PayPal officials acknowledged the company has been the target of a scam designed to get users' personal information. But it hasn't warned customers to be wary. [more]
Monday, 30 September 2002, 12:29 PM CET


Agency probes D.C. wireless network
Secret Service agents are using a laptop and an antenna fashioned from a Pringles potato chip can while looking for security holes in wireless networks in Washington. [more]
Monday, 30 September 2002, 12:26 PM CET


New Net project aims to avoid hacking
Scientists concerned about the vulnerability of the Internet to failure or hacking envision a next-generation system that would use the collective power of users' computers to become more secure. [more]
Monday, 30 September 2002, 12:21 PM CET


Porn spam: it's getting raunchier
Disturbing, explicit and sometimes-illegal pornographic images are popping up unsolicited in e-mail boxes everywhere. [more]
Monday, 30 September 2002, 12:16 PM CET


Email on SOHO Networks
In this article, Jeffrey L. Taylor provides detailed steps for implementing your own email system. [more]
Monday, 30 September 2002, 12:06 PM CET


Viruses are dead. Long live viruses!
This year has been mercifully quiet on the virus front but anyone who reckons the virus problem has finally been beaten is failing to learn the lessons of history. [more]
Monday, 30 September 2002, 11:57 AM CET


Hacker groups declare war on US.gov
A record number of malicious hacking attempts were made this month, and anti-American groups are responsible. [more]
Monday, 30 September 2002, 11:53 AM CET


The "Privacy2002" gathering in Cleveland
Privacy and security experts gathered this week to network and share their fears about the threat ever-evolving technology poses to ordinary consumers, business and governments alike. [more]
Monday, 30 September 2002, 11:53 AM CET


Weekly Virus Report
This week's virus report looks at three Trojans and two variants of Linux/Slapper. [more]
Friday, 27 September 2002, 3:41 PM CET


P2P foes defend hacking bill
Supporters of a new bill set to thwart peer-to-peer piracy have hitback at criticis, accusing them of using 'scare tactics'. [more]
Friday, 27 September 2002, 3:39 PM CET


Linux Newbie Administrator Guide
This is a complete reference for new Linux users who wish to set up and administer their own Linux home computer, workstation and/or their home or small office network. [more]
Friday, 27 September 2002, 2:19 PM CET


IT testing laws leave lawyers laughing
IT managers are rejecting elaborate waivers pushed by IT security vendors for routine penetration testing, but legal concerns have been accelerating since the introduction of the Cybercrime Act (2001). [more]
Friday, 27 September 2002, 2:11 PM CET


Profits from piracy
Evidence is mounting that cracking down on software copyright infringement may not be good for business. [more]
Friday, 27 September 2002, 2:05 PM CET


Distributed.net completes rc5-64 project
On 14 July, a PIII-450 computer in Tokyo returned the winning key to the distributed.net keyservers. The key produces the plaintext output: "The unknown message is: some things are better left unread". [more]
Friday, 27 September 2002, 1:00 PM CET


The challenges in a wireless world
This week's feature focuses on making wireless a realistic and secure part of the network. Wired solutions abound, but wireless is still the stepchild trying to fit in. [more]
Friday, 27 September 2002, 12:58 PM CET


Anti-Spam Laws a Tough 'Cell'
California has a new bill that bans cell-phone spam. Some (irked) cell-phone owners are afraid the legislation doesn't go far enough. [more]
Friday, 27 September 2002, 12:26 PM CET


Security group comes out of the shadows
After nearly a year in the shadows, the Organization for Internet Safety on Thursday formally announced its formation. [more]
Friday, 27 September 2002, 12:13 PM CET


Book Review: Linux Administration Handbook
The Unix Administration Handbook has long been regarded as one of the must-haves for *nix system admins, so Zonker was a bit excited to check out the new one revamped exclusively for Linux systems. [more]
Friday, 27 September 2002, 12:11 PM CET


Universities tapped to build secure Net
Because of concerns over attacks, the National Science Foundation has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure. [more]
Thursday, 26 September 2002, 4:08 AM CET


China denies hacking Dalai Lama computer
Responding to accusations that China's government tried to break into the Dalai Lama's computer network, a government spokeswoman said Wednesday that Beijing opposes all computer hacking. [more]
Thursday, 26 September 2002, 2:30 AM CET


Exploiting Common Vulnerabilities in PHP Applications
Shaun Clowes: "This paper is based on my speech during the Blackhat briefings in Singapore and Hong Kong in April 2001." [more]
Thursday, 26 September 2002, 1:39 AM CET


U.S. puts money on World Bank "hacktivists"
The U.S. advises system administrators to monitor their systems for computer attacks planned during this week's meeting of the World Bank and the IMF. [more]
Thursday, 26 September 2002, 1:24 AM CET


Enterprises Must Address Atypical Security Threats
IT consulting firm Yankee Group has released two reports this month predicting tremendous growth in the Denial of Service and managed security markets. [more]
Thursday, 26 September 2002, 1:22 AM CET


Nortel Networks Alteon Switched Firewall Whitepaper
The Alteon Switched Firewall, integrating Check Point FireWall-1 Next Generation, is specifically designed to provide a total solution that allows you to ensure high levels of security. [more]
Thursday, 26 September 2002, 1:09 AM CET


Remote management of Win2K servers: three secure solutions
This article will discuss three methods to make the remote management of Win2K servers more secure. [more]
Thursday, 26 September 2002, 12:36 AM CET


Digital defense test
This test is based on a list of best practices for individual users and home network users developed by CERT. [more]
Thursday, 26 September 2002, 12:30 AM CET


Network Data Management Protocol (NDMP) White Paper
What is the primary goal of enterprise storage management? To back up and restore information in an intelligent, secure, timely, cost-effective manner over all enterprise-wide operating systems. [more]
Thursday, 26 September 2002, 12:26 AM CET


Linux Firewall on out of date hardware: kernel 2.2 or 2.4?
The people at Portazero.info are publishing a performance test, trying to understand what kernel is best suited for a Linux firewall based on an out of date PC. [more]
Thursday, 26 September 2002, 12:21 AM CET


Book review: Advanced Linux Networking
This is a good advanced Linux networking book with some interesting tidbits and details on system administration. It succeds to cover, explain and help you get most out of your server. [more]
Wednesday, 25 September 2002, 2:29 AM CET


A Note on Proactive Password Checking
Proactive password checking algorithms are based on the philosophy of the dictionary attack, and they often fail to prevent some weak passwords with low entropy. In this paper, a new approach is proposed. [more]
Wednesday, 25 September 2002, 2:25 AM CET


Microsoft labs try to balance security, innovation
Projects with code names such as "Sapphire" and "Sideshow" may not conjure up visions of futuristic technology, but they promise to deliver advancements in how computers process and secure information. [more]
Wednesday, 25 September 2002, 2:24 AM CET


Wi-Fi in the Wild: A Freeloader's Guide
The cryptic symbols began showing up on city sidewalks and walls this summer: small, squiggly lines scrawled in white chalk, surrounded by arcane strings of letters and numbers. But who created them? [more]
Wednesday, 25 September 2002, 2:04 AM CET


Big firms neglect security: survey
IT security remains a cottage industry, according to Information Security Magazine's annual survey. [more]
Wednesday, 25 September 2002, 1:18 AM CET


Judge reserves decision on spam fighter trial
A judge has reserved his decision on whether a "fearless spam fighter" should face trial for disrupting the $1,000-a-day business of a company which sends junk email, or "spam". [more]
Wednesday, 25 September 2002, 12:54 AM CET


Cybercrime code ready
Internet service providers are preparing for a new cybercrime code of conduct that will detail how much data they should keep on subscribers in order to co-operate with law enforcement agencies. [more]
Wednesday, 25 September 2002, 12:52 AM CET


How a bank got e-mail scammed
A Detroit secretary is the latest to fall for an "urgent business proposition" and requests for "urgent assistance" from an official-sounding foreigner, becoming another victim of the ubiquitous e-mail scam. [more]
Wednesday, 25 September 2002, 12:51 AM CET


FBI fingerprint research helps spawn an industry
To a large extent, the modern biometrics industry was born out of efforts to commercialize the Federal Bureau of Investigation's groundbreaking fingerprint scanning technology. [more]
Wednesday, 25 September 2002, 12:50 AM CET


Vendors make a wireless end run
Microsoft, Cisco and major wireless LAN hardware vendors plan to leapfrog the standards process and adopt new 802.11b security protocols by year's end. [more]
Wednesday, 25 September 2002, 12:39 AM CET


Interview with Marcel Gagné
Marcel Gagné writes the "Cooking with Linux" column for Linux Journal, the online series "Sysadmin's Corner," and is a regular columnist for UNIX Review and Sys Admin Magazine. [more]
Tuesday, 24 September 2002, 1:49 AM CET


OWASP Guide to Building Secure Web Applications
The Guide covers various web application security topics from architecture to preventing attack specifics like cross site scripting, cookie poisoning and SQL injection. [more]
Tuesday, 24 September 2002, 1:48 AM CET


Security Scanning 101
Network and system security scanning is the most practical way to find out what the vulnerabilities and threats are on and for your systems and networks. [more]
Tuesday, 24 September 2002, 1:18 AM CET


Crypto boffins: let's get physical
Researchers at MIT have developed a physical token, based on tiny glass spheres encased in epoxy resin, as a more secure alternative to generating cryptographic keys electronically. [more]
Tuesday, 24 September 2002, 1:16 AM CET


Boston's Logan gets ID authentication technology
Logan International Airport in Boston will be the first U.S. airport to install identity authentication technology to screen passports, drivers licenses, visas, and other forms of identification. [more]
Tuesday, 24 September 2002, 1:15 AM CET


New laws make hacking a black-and-white choice
Kevin Finisterre likes to hew close to the ethical line separating the "white hat" hackers from the bad guys, but little did he know that his company's actions would draw threats of a lawsuit from HP. [more]
Tuesday, 24 September 2002, 1:12 AM CET


Who's on your network?
Many organizations are finding that firewalls, antivirus software and user authentication policies aren't enough to keep networks safe. That explains the growing market for intrusion detection technology. [more]
Tuesday, 24 September 2002, 1:09 AM CET


Configuring IPsec/IKE on Solaris Part Three
This article will discuss the configuration of an IPsec VPN tunnel between two Solaris hosts. [more]
Tuesday, 24 September 2002, 1:06 AM CET


Cyber-terrorism still a threat
Computer users should not relax their guard just yet, with terrorist groups still suspected to be plotting cyber attacks. [more]
Tuesday, 24 September 2002, 1:04 AM CET


Who says paranoia doesn't pay off?
There's a business case for paranoia if you're a distributor of Linux. [more]
Tuesday, 24 September 2002, 1:02 AM CET


XDCC - An .EDU Admin's Nightmare
Slave computers on IRC are serving warez and a massive amount of bandwidth is being wasted. The author describes what's happening from an insiders view. [more]
Monday, 23 September 2002, 2:14 PM CET


Internet related security threats
When a computer connects to a network in an office for example, a world of working possibilities opens up to employees: sharing documents, messaging, instant access to data in other systems... [more]
Monday, 23 September 2002, 1:57 PM CET


SpamAssassin Speedup
SpamAssassin is a great program for stopping almost all spam. The defaults are quite good, but it can be a little slow. Here are three ways to speed it up. [more]
Monday, 23 September 2002, 1:56 PM CET


Hacker abuses MSP’s e-mail address to send porn images
A senior MSP has called in detectives after a computer hacker used her parliamentary e-mail address to send pornographic images over the internet. [more]
Monday, 23 September 2002, 1:52 PM CET


IT security spending defies recession
Security spending is buoyant despite the overall downturn, according to analyst house IDC. [more]
Monday, 23 September 2002, 1:51 PM CET


Internet related security threats
There are some basic safety measures can prevent the Internet connection from becoming a problem instead of an advantage. [more]
Monday, 23 September 2002, 12:36 PM CET


A cybersecurity sleeping pill
From a White House given to dramatic warnings of electronic Pearl Harbors comes an incongruously meek national strategy. Did industry lobbyists slip someone a Mickey? [more]
Monday, 23 September 2002, 12:33 PM CET


Spam and virus control?
On the one hand is high-volume spam, which is a deliberate marketing act; on the other is virus/worm infected e-mail, with its automated activity. Distinguishing between them is hard. [more]
Monday, 23 September 2002, 12:24 PM CET


White House defends cybersecurity plan
A White House official is standing behind the administration's draft recommendations on cybersecurity, asserting that they have not been weakened by lobbying from technology companies. [more]
Monday, 23 September 2002, 12:17 PM CET


ShadowCon 2002 information
ShadowCon 2002 will be held on October 17, 2002 in Naval Surface Warfare Center Dahlgren with a keynote from Alan Paller, Director of Research, SANS Institute. [more]
Monday, 23 September 2002, 12:03 PM CET


How was RIAA web site hacked?
The Register carried on a story from the popular defacement mirror Zone-H, which lets us know how RIAA web site got hacked. [more]
Saturday, 21 September 2002, 5:25 PM CET


Three interviews
Multitool Linux authors Jeremy Anderson, Steven Murphy and Michael Schwarz talk about their first steps in Linux, the writing of the book, future plans and more. [more]
Friday, 20 September 2002, 2:04 PM CET


Business breaches trigger security alarm
Two-thirds of companies suffered an IT security breach in the last year - but less than half reported it to the police. [more]
Friday, 20 September 2002, 12:23 PM CET


US .gov info restricted over attacker fears
VeriSign has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks. [more]
Friday, 20 September 2002, 11:28 AM CET


The Trivial Cisco IP Phones Compromise
This paper lists several severe vulnerabilities with Cisco systems’ SIP-based IP Phone 7960 and its supporting environment. [more]
Friday, 20 September 2002, 10:03 AM CET


Security controls
TruSecure has come up with a risk assessment philosophy that it says focuses on real-world threats. [more]
Friday, 20 September 2002, 9:59 AM CET


Security spending survey
While most security dollars go to technology, CIOs in this survey say investments in staff - and education efforts to guide them - must back up that robust firewall. [more]
Friday, 20 September 2002, 9:55 AM CET


Slapped Silly
In this article, Jon Lasser writes about the lessons he learned from falling prey to the latest Linux virus... [more]
Friday, 20 September 2002, 9:49 AM CET


Open-source group gets Sun security gift
Sun Microsystems has donated new cryptography technology to OpenSSL, an open-source project at the heart of many secure transactions on the Internet. [more]
Friday, 20 September 2002, 9:42 AM CET


LinuxCertified announces its network services bootcamp
LinuxCertified, Inc., will offer its next Linux Network Services Bootcamp, on October 5th - 6th, 2002 in San Francisco bay area (south bay). All students get a free Linux laptop! [more]
Friday, 20 September 2002, 9:41 AM CET


Linux rootkit hacker suspect arrested in UK
A 21-year old from Surbiton, Surrey has been arrested on suspicion of writing and distributing the T0rn rootkit, which dumbs down the process of hacking Linux servers. [more]
Friday, 20 September 2002, 9:35 AM CET


HNS Coverage from RSA Conference 2002 Europe
The Help Net Security staff will attend the conference and all the appropriate exhibitions and classes. Be sure to expect all the scoops, photos and interviews from the conference. [more]
Thursday, 19 September 2002, 1:11 PM CET


Warchalking is theft, says Nokia
Warchalking, the technique of highlighting areas where wireless networks can be accessed freely, has been blasted as theft. [more]
Thursday, 19 September 2002, 1:10 PM CET


Windows 2000 Advanced Server System Compromise Report
This is a comprehensive compromise report written by Curt R. Wilson - Netw3 Security Research. [more]
Thursday, 19 September 2002, 1:09 PM CET


Identity theft: fact and fiction
Filching someone else's good name through identity theft can significantly enrich the criminal and impoverish the victim. [more]
Thursday, 19 September 2002, 1:05 PM CET


Detecting and removing trojans and malicious code from Win2K
The purpose of this article is to recommend steps that an administrator can use to determine whether or not a Win2K system has been infected with malicious code or "malware" and, if so, to remove it. [more]
Thursday, 19 September 2002, 1:03 PM CET


Falun Gong 'TV hackers' on trial
Members of the Falun Gong spiritual movement have gone on trial in China, charged with hacking into a cable television network and broadcasting pro-Falun Gong messages. [more]
Thursday, 19 September 2002, 12:57 PM CET


Home LANs risk accidental hacks
Small businesses and home networkers are at risk from hackers - but some intrusions into a wireless network may be unintended. [more]
Thursday, 19 September 2002, 12:55 PM CET


A gathering of big crypto brains
Every year, a select group of digital security and cryptography experts convene for a meeting of the minds. Canned presentations are abandoned - and then the fun begins. [more]
Thursday, 19 September 2002, 12:54 PM CET


User access chaos needs life cycle management
Interest in the user management market is growing rapidly, but Global 2000 organizations are struggling to define the space. [more]
Thursday, 19 September 2002, 12:52 PM CET


IBM steps up Web services security
IBM plans to add to its products new software that should make Web services applications more secure. [more]
Thursday, 19 September 2002, 12:50 PM CET


Cross-Site Scripting Vulnerabilities
Have you ever mistyped an URL and received a message like "Error - page name could not be found"? When you encounter an error message like this, you are actually witnessing a potential security breach. [more]
Wednesday, 18 September 2002, 3:31 PM CET


Scalable Java security with JAAS
AS, the Java Authentication and Authorization Service API, provides flexible and scalable mechanisms for securing your client- and server-side Java applications. [more]
Wednesday, 18 September 2002, 3:31 PM CET


Securing Linux from DoS attacks
Linux has a great firewall that allows you to secure in some way from DoS attacks. [more]
Wednesday, 18 September 2002, 3:28 PM CET


Airport WLANs lack safeguards
While U.S. airlines and airports have beefed up physical security during the past year, wireless LANs continue to be potential IT security problems for some airports, according to an informal audit. [more]
Wednesday, 18 September 2002, 3:13 PM CET


State-level security
Scott McPherson started to think about cyberterrorism and possible security breaches long before the terrorist attacks last year. [more]
Wednesday, 18 September 2002, 3:12 PM CET


NetBSD Releases a Batch of Security Advisories
With the release of NetBSD 1.6, the NetBSD project published a batch of Security Advisories (some of which are updates). [more]
Wednesday, 18 September 2002, 3:10 PM CET


Cybersecurity plan to offer tips, not rules
A White House panel studying ways to protect America's high-tech backbone has dropped several security ideas and turned others into topics for discussion rather than government mandates. [more]
Wednesday, 18 September 2002, 3:08 PM CET


An Introduction to On-Access Virus Scanning, Part Two
This article will explore some of the strategies that virus writers have adopted to circumvent on-access scanners and the ways that anti-virus developers are in turn reacting to those changes. [more]
Wednesday, 18 September 2002, 2:49 PM CET


CA Integrates eTrust Tools
Computer Associates International Inc. announced a new security console designed to integrate its various eTrust technologies and support the company's new "holistic" security strategy. [more]
Wednesday, 18 September 2002, 2:48 PM CET


SQL Yukon a major security concern
Users should hold off deploying Microsoft's next version of SQL Server until the first service pack because of major security concerns, analysts have warned. [more]
Wednesday, 18 September 2002, 2:47 PM CET


Securing an Internet Name Server
The goal of this document is to discuss general name server security. In order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers. [more]
Tuesday, 17 September 2002, 1:17 PM CET


Privacy leak reported in Mozilla-based browsers
A "serious" privacy leak in Mozilla and other browsers based on the open-source technology, such as Netscape and Galeon, discloses users' Web surfing information. [more]
Tuesday, 17 September 2002, 1:16 PM CET


Security experts divided on Slapper's threat
Experts are divided on how big a threat Slapper poses to the Internet infrastructure as a whole. [more]
Tuesday, 17 September 2002, 1:12 PM CET


New AES crypto standard broken already?
Theoretical attacks against AES (Advanced Encryption Standard) winner Rijndael and runner-up Serpent have been published. They might work in the practical world; they might not. [more]
Tuesday, 17 September 2002, 1:11 PM CET


Feds considering terrorism liability protections for vendors
Congress is moving closer to limiting the liability of IT vendors that sell to federal, state and local governments by allowing Uncle Sam to insure systems that fail to stop terrorists from causing havoc. [more]
Tuesday, 17 September 2002, 1:09 PM CET


Don't you know who I am?
There are many aspects to the whole area of security - but one where the technology just gets better and better is the issue of identity. [more]
Tuesday, 17 September 2002, 1:03 PM CET


Probe into wireless network hacking suspended
Harris County Attorney Mike Stafford has suspended his investigation into a security gap discovered earlier this year in a county-run wireless computer network. [more]
Tuesday, 17 September 2002, 1:00 PM CET


The Internet after 9/11: leave it open
The Internet is but one avenue to information. As with all others, putting up roadblocks and barriers to accessing it is equivalent to burning books, and about as useful. [more]
Tuesday, 17 September 2002, 12:51 PM CET


Installing Nagios
Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. [more]
Tuesday, 17 September 2002, 12:45 PM CET


White House slows cybersecurity planning
The Bush administration will not unveil the final version of a national cybersecurity plan this Wednesday, saying it wants to gather more input from the technology industry. [more]
Tuesday, 17 September 2002, 12:40 PM CET


HNS Newsletter issue 127 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 16 September 2002, 8:06 PM CET


Managed Vulnerability Assessment
This white paper explains the value of the various approaches to network security. It focuses on the unique role of vulnerability assessment, and MVA in particular. [more]
Monday, 16 September 2002, 7:14 PM CET


Idle Scanning and related IPID games
There's an Idlescan implementation in recent versions of Nmap. This paper describes the technique in detail and offers defenses that can be used to mitigate the vulnerability. [more]
Monday, 16 September 2002, 7:10 PM CET


Privacy Losses Around the World
One year after September 11, personal privacy is an international casualty in the war on terror. [more]
Monday, 16 September 2002, 7:06 PM CET


Joel Carter, cyber-warrior
In a fortified lab in the heart of the British Columbia Institute of Technology's Burnaby campus, 21-year-old Joel Carter stands on guard in the new fight against high-tech terrorism. [more]
Monday, 16 September 2002, 7:03 PM CET


The coming virus armageddon
In addition to being stealthy, experts said, the ultimate computer virus would be polymorphic - able to change its code, message and form to avoid detection. [more]
Monday, 16 September 2002, 6:53 PM CET


Paranoid penguin: stealthful sniffing, intrusion detection and logging
Attackers can't rewrite your log files if they can't connect to the log server. Learn the ways of stealth. [more]
Monday, 16 September 2002, 6:51 PM CET


SpamShield: a perl-based spam filter for sendmail
As system administrators work to build sophisticated roadblocks, spammers continue to find ways to knock them down. This article will focus on one viable solution, SpamShield version 1.40. [more]
Monday, 16 September 2002, 6:48 PM CET


Linux worm hits the network
"Slapper," a Linux server worm whose goal is to create a P2P attack network, is on the loose and has infected thousands of machines. [more]
Monday, 16 September 2002, 6:46 PM CET


How Nimda changed computer security
One year ago this week, the prolific worm started spreading - and IT managers are still struggling to stop it. [more]
Monday, 16 September 2002, 6:44 PM CET


Guarding against WLAN security threats
Through effective security techniques you can beef up the security of a wireless LAN to a degree that satisfies specific requirements. [more]
Friday, 13 September 2002, 4:23 PM CET


Samba: talking to windows networks
This is an excerpt in PDF format from "Multitool Linux: Practical Uses for Open Source Software" by Michael Schwarz, Jeremy Anderson, Peter Curtis and Steven Murphy. [more]
Friday, 13 September 2002, 4:18 PM CET


Outlook Express becomes attack platform, of sorts
For years Outlook Express failings have been exploited to infect users. So why not take advantage of its features to send viruses in such a way that they might fool detection by AV and content checking tools? [more]
Friday, 13 September 2002, 3:24 PM CET


Network Associates says owns 96% of McAfee.com
Computer security provider Network Associates Inc. said it has completed an exchange offer and now owns about 96 percent of the shares of McAfee.com. [more]
Friday, 13 September 2002, 3:20 PM CET


Cyber jail terms tougher
Criminals who hack into computers and communications equipment face up to 10 years in jail. [more]
Friday, 13 September 2002, 3:14 PM CET


Secure e-commerce by disconnecting your servers from the Internet
While it sounds strange, disconnecting your e-commerce servers from the Internet is exactly what SpearHead Security Technologies would have you do - using their NetGAP line of security products. [more]
Friday, 13 September 2002, 3:11 PM CET


Neglecting phone systems is costly
Companies fearful of hacking attacks have improved security on their data networks, but have probably left themselves vulnerable not paying attention to their telephone systems. [more]
Friday, 13 September 2002, 3:09 PM CET


When will security get personal?
Whilst we have grown used to the constant need to change passwords in the workplace, once we get home our perception of security changes completely. [more]
Friday, 13 September 2002, 3:03 PM CET


Security at Your Fingertips
Biometric technology has become increasingly important since September 11. While not new, the idea of biometrics has been pushed to the forefront since last year's attacks. [more]
Friday, 13 September 2002, 3:01 PM CET


Bug Watch: All quiet on the virus front?
Mikko Hypponen, manager of antivirus research at F-Secure Corporation's antivirus team, looks at the theories behind the eerie silence in the antivirus world. [more]
Friday, 13 September 2002, 3:00 PM CET


HNS Security Database back online
We finally updated the whole HNS Security Database which now has over 325 listed companies with more then 1415 security products. Check it out and share the feedback. [more]
Thursday, 12 September 2002, 11:54 AM CET


Interview with Stuart McClure
Stuart's latest book, Web Hacking: Attacks and Defense, was recently released and that was the perfect opportunity to get him to answer a few questions. [more]
Thursday, 12 September 2002, 12:58 AM CET


Victoria to table new laws on computer crime
Tough new legislation to combat hackers and those who knowingly spread viruses are set to be tabled in the Victorian parliament. [more]
Thursday, 12 September 2002, 12:39 AM CET


Terror Czar: the war is digital
Ousting Saddam Hussein is the easy part, says congressional security adviser Barry McCaffrey. The real trick, he maintains, is disrupting terrorists' communications. [more]
Thursday, 12 September 2002, 12:37 AM CET


Virtually Helpless
The next time the USA is targeted by terrorists, the primary weapon may be an object no bigger than your thumbnail: a computer chip. [more]
Thursday, 12 September 2002, 12:34 AM CET


Book review: Desktop Witness
This book attempts to enable the readers do the unthinkable - both use their personal computers, and have security and privacy. [more]
Thursday, 12 September 2002, 12:33 AM CET


Securing dynamic Web content
This article details how to secure dynamic content on an Apache Web server. It is targeted primarily at Webmasters and system administrators responsible for maintaining and securing a Web server. [more]
Thursday, 12 September 2002, 12:23 AM CET


Win-XP Help Center request wipes your HD
A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine. MS has rolled the fix silently into SP1 without making a public announcement. [more]
Thursday, 12 September 2002, 12:18 AM CET


Hackers chalk one up
The conference of the Australian Unix User Group was "war chalked" within hours of opening last week. [more]
Thursday, 12 September 2002, 12:10 AM CET


"Buggy" Sept. 11 worm surfaces
A new e-mail worm has surfaced that uses the terror attacks of Sept. 11 to lure victims, antivirus groups say. [more]
Thursday, 12 September 2002, 12:07 AM CET


Online privacy at odds with security
The concern over online privacy is nothing new. Even the staunchest critics were silenced after people figured out what cookies could be used for and that hitting the "delete" key did not mean a file was gone for good. [more]
Thursday, 12 September 2002, 12:06 AM CET


Stunnel 4.00 builds on prior success
Stunnel encapsulates cleartext protocols within strong SSL encryption and can be used to protect any standard TCP connection, from your mail protocol (POP, IMAP, SMTP) to your own customized application. [more]
Wednesday, 11 September 2002, 1:44 AM CET


Astaro Content Filtering Process
This paper describes the Cobion Content Filtering process that uses a new approach for internet filtering. [more]
Wednesday, 11 September 2002, 1:39 AM CET


The Weakest Link in Disaster Recovery
Detailed configuration settings for all the major devices on your network should be kept accessible and up-to-date in order to speed recovery in the event of a disaster. [more]
Wednesday, 11 September 2002, 1:19 AM CET


Evaluating Network Intrusion Detection Signatures, Part 1
This article will discuss some of the basics of evaluating NID signature quality, and then look at issues relating to selecting attacks to be used in testing. [more]
Wednesday, 11 September 2002, 1:17 AM CET


Security requires 'depth in datapath', AT&T researcher says
Distributed computing environments of the future require a "defense in depth" security architecture which cannot be implemented with single-point firewalls, an AT&T Labs researcher said. [more]
Wednesday, 11 September 2002, 1:14 AM CET


Administration pares cyber-security plan
As the White House moves to finalize a national plan to better secure cyberspace, high-tech firms are continuing a furious campaign to have some recommendations struck from the document. [more]
Wednesday, 11 September 2002, 12:59 AM CET


Technology aids hunt for terrorists
Analysts at the CIA and NSA can now search through audio feeds and watch lists for spoken words and terrorist names. [more]
Wednesday, 11 September 2002, 12:58 AM CET


Qualys is proactive about network security
Qualys Vice President of Engineering Gerhard Eschelbeck discusses the company's ASP model and how best to protect multiple entry points into a company. [more]
Wednesday, 11 September 2002, 12:54 AM CET


Intel launches 'LaGrande' security plan
Intel unveiled a new security initiative, code-named LaGrande Technology, that it will integrate into future processors and chip sets to stymie efforts to steal data. [more]
Wednesday, 11 September 2002, 12:49 AM CET


Security v. Privacy Conference
Visit the conference in Seattle, Washington, 18-19 September 2002. It includes two full days of keynotes, general sessions, and many topical tracks that address your concerns about Internet law and policy. [more]
Wednesday, 11 September 2002, 12:13 AM CET


Book review - Multitool Linux: Practical Uses for Open Source Software
This book is intended as a guide for users who already installed their Linux boxes, but are unsure of their possibilities or don't know what to do with them. As such, it does good. [more]
Tuesday, 10 September 2002, 2:14 PM CET


Asynchrony rolls out secure IM for cautious companies
Asynchrony Solutions rolled out a secure IM product, developed with the U.S. Department of Defense, figuring that if it's secure enough for the government, it's secure enough for your enterprise. [more]
Tuesday, 10 September 2002, 2:13 PM CET


Virtual Private Networks for Small to Medium Organizations
Explains the benefits of VPN, how a VPN works, how to evaluate VPN technology options, and how to choose the right SonicWALL VPN solution in your organization. [more]
Tuesday, 10 September 2002, 2:04 PM CET


Internet security not pressing to all
Companies increasingly identify computer security as one of their top priorities, but a significant minority admit that they are inadequately protected, according to a survey. [more]
Tuesday, 10 September 2002, 12:02 PM CET


Intrusion Detection
This documentation will show how you can protect yourself by installing Snort on a Mandrake Linux System. [more]
Tuesday, 10 September 2002, 11:57 AM CET


Security pros: Our defences need work
Despite widespread cyberterrorism anxiety, corporations have only made modest gains in security over the past year. [more]
Tuesday, 10 September 2002, 11:53 AM CET


Special coverage: one year later
One year after the attacks on the WTC and the Pentagon, IT professionals are at the forefront of efforts to prevent the nightmare of a recurrence - and to be prepared if what used to be unthinkable happens again. [more]
Tuesday, 10 September 2002, 11:51 AM CET


Worldwide 'war drive' exposes insecure wireless LANs
Amateur wireless LAN sniffers detected hundreds and of insecure wireless LANs in North America and Europe during the past week. [more]
Tuesday, 10 September 2002, 11:44 AM CET


Microsoft 'solves' hacking mystery
A wave of mysterious Windows 2000 hacks isn't the result of a software hole - it's all down to password management. [more]
Tuesday, 10 September 2002, 11:38 AM CET


Jordanians arrested in Manila phone hacking sting
The Philippines says it has cracked a $1.9 million computer hacking ring that had gained access to telephone company lines and sold off cheap phone calls. [more]
Tuesday, 10 September 2002, 11:38 AM CET


HNS Newsletter issue 126 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 9 September 2002, 10:57 AM CET


Terror laws 'eat away at privacy'
The UK is one of the worse places in the world for privacy with the internet playing a huge part in the erosion of rights. [more]
Monday, 9 September 2002, 9:55 AM CET


Computer forensics specialists in demand as hacking grows
"There simply are not enough people to do this work," says Scott Pancoast, a Seattle-based certified forensic computer examiner with the Washington state Attorney General's Office. [more]
Monday, 9 September 2002, 9:53 AM CET


IT managers cite security when choosing a Linux system
An investigator switched to Linux. "It's a security issue," he said. "Viruses which target Windows could send confidential documents from my machines to random people - and that could send me to prison." [more]
Monday, 9 September 2002, 9:51 AM CET


Putting security first
Anteon IT executive ponders dilemmas raised while searching for national technology security solutions. [more]
Monday, 9 September 2002, 9:49 AM CET


Book review: Professional Apache 2.0
Generally, the book is clearly written and contains enough examples to find any configuration you want. [more]
Monday, 9 September 2002, 9:46 AM CET


The IP Security Protocol, Part 1
Explaining IPSec, different levels of security and how to be safe sending and receiving packets over the network. [more]
Monday, 9 September 2002, 9:42 AM CET


Physical and network security merging?
Should you combine your physical and information security departments? Companies that have done it reveal tips for handling budgeting and political challenges. [more]
Monday, 9 September 2002, 9:41 AM CET


Unix LogFiles
This tutorial gives detailed information about LastLog logging file, the structure of the log file and how to change user's entry. [more]
Monday, 9 September 2002, 9:40 AM CET


Tool aligns business processes, security
Business process management software provider IDS Scheer Inc. will announce a new tool that is designed to align business processes and enterprise systems with new standards of operational security. [more]
Monday, 9 September 2002, 9:38 AM CET


Buffer Overflows - Defending against arbitrary code execution
This paper deals with the technical details concerning buffer overflows and the methods of prevention. Examples are in C and x86 assembly. [more]
Friday, 6 September 2002, 11:42 AM CET


Win2K First Responder's Guide
This article offers a brief overview of some of the steps security administrators and incident handlers should take as part of the first response to security incidents. [more]
Friday, 6 September 2002, 11:38 AM CET


Government pushes for tougher IT security
A new set of guidelines aim to make businesses better defended against risks such as hackers and computer viruses. [more]
Friday, 6 September 2002, 11:10 AM CET


Security weathers the spotlight
Perimeter scans, vulnerability assessments, and re-evaluated business continuity plans became even more sought-after during the frenzied dash to plug enterprise holes after the events of Sept. 11. [more]
Friday, 6 September 2002, 11:08 AM CET


Heard of drive-by hacking? Meet drive-by spamming
'Warspammers' are taking advantage of unprotected wireless LANs to send out millions of junk emails. [more]
Friday, 6 September 2002, 11:04 AM CET


Klez attack may wipe out attacker
A minor variant of the Klez virus is set to go into action today, erasing a host of files on infected hard drives. But the attack may also wipe out the attacker. [more]
Friday, 6 September 2002, 11:03 AM CET


Thwarting The PBX Hacker
Verizon is urging customers who use voicemail and PBXs to use secure passwords to keep hackers out. [more]
Friday, 6 September 2002, 11:01 AM CET


Xbox Live to target hackers?
Microsoft may backtrack on an earlier pledge not to use its Xbox Live online gaming service to crack down on "mod chips". [more]
Friday, 6 September 2002, 11:00 AM CET


Security's human touch
Interview - GWU's security officer Krizi Trivisani focuses on the softer skills-like communicating with students and administrators-to help her battle real-life villains. [more]
Friday, 6 September 2002, 10:59 AM CET


File-name flaw threatens PGP users
For more than a decade, the US government classified encryption technology as a weapon. Now that label might actually apply. [more]
Friday, 6 September 2002, 10:57 AM CET


SSL - A discussion of the secure socket layer
The Secure Socket Layer is the protocol that gives e-commerce the confidence it needs to allow on-line banking and shopping. This is a paper discussiong the theory and practice of SSL. [more]
Thursday, 5 September 2002, 10:51 AM CET


Airwave camouflage to stop drive-by hacking
Software that generates a blizzard of bogus wireless network access points could bamboozle hackers trying to access corporate and home computer networks. [more]
Thursday, 5 September 2002, 10:08 AM CET


Using terror as a pretext
In a world obsessed with security, it's tempting to hand law enforcement broad surveillance powers over the Internet and other aspects of people's private lives. [more]
Thursday, 5 September 2002, 10:06 AM CET


Securing a heterogeneous network with free software tools
After reading this special issue you will know a bit more about security, but in no way will you be able to say that your network is secure. You have been warned. [more]
Thursday, 5 September 2002, 10:00 AM CET


Server attacks stump Microsoft
Microsoft released further details of a rash of attacks on Windows 2000 servers that has so far stumped Microsoft's research team. [more]
Thursday, 5 September 2002, 9:58 AM CET


Companies exposed to ‘social engineers’
Companies are leaving themselves exposed to hackers because of a lack of awareness of the 'social engineering' techniques deployed by the most dangerous attackers, according to Kevin Mitnick. [more]
Thursday, 5 September 2002, 9:56 AM CET


Mobile phones key to e-commerce security
RSA plans to bring two-factor authentication to the masses by sending keys by SMS to mobile phones. [more]
Thursday, 5 September 2002, 9:52 AM CET


A FreeBSD Operating System Security Checklist
This document is intended to be a working checklist of security settings implemented on FreeBSD servers. [more]
Thursday, 5 September 2002, 9:50 AM CET


‘Spam’ crackdown urged
Three consumer groups petitioned the Federal Trade Commission to enact tougher rules regarding the sending of spam. [more]
Thursday, 5 September 2002, 9:45 AM CET


Fibre Channel SAN Security
As Fibre Channel SANs become larger and more complex, ensuring the security of the data they contain becomes more difficult. [more]
Thursday, 5 September 2002, 9:40 AM CET


Utah uses digital signatures to secure deals
Utah Incentive Funds, a division of the state's department of business and economic development, is using online services secured with digital certificates to lure more businesses to the state. [more]
Thursday, 5 September 2002, 9:29 AM CET


Threat Profiling Microsoft SQL Server
This paper is written from the perspective of an attacker and shows typical "cursi incursi" for Microsoft SQL Server. [more]
Wednesday, 4 September 2002, 1:58 AM CET


Password guessing games with Check Point firewall
Security researchers have discovered two potentially serious flaws with Check Point's flagship FireWall-1 firewall which give rise to both username guessing and sniffing issues. [more]
Wednesday, 4 September 2002, 1:58 AM CET


Improving Enterprise Security with Ecora's Configuration Auditor
Ecora's software simplifies control through configuration management and assessment. The author describes the methodology and the benefits of this tool for effectively securing the enterprise. [more]
Wednesday, 4 September 2002, 1:54 AM CET


Why FBI computer force ain't fat
The finest hackers in the land can't work for the FBI even if they want to because of the agency's physical fitness requirements. A few other regulations are kind of tricky, too. [more]
Wednesday, 4 September 2002, 1:30 AM CET


Hacker vs. hacker: how to tell them apart
If we do not distinguish good from bad, if we fail to understand the make-up of such a complex group of people, how can we ever hope to limit black-hat hacking? [more]
Wednesday, 4 September 2002, 1:26 AM CET


Alberta hackers find wireless networks wide open
Alberta hackers have discovered that two-thirds of the province's wireless computer networks are operating with an unsecured connection. [more]
Wednesday, 4 September 2002, 1:24 AM CET


Hackers claim Lord of the Rings leak
Four months before its official release, hackers claim that the next instalment of the Lord of the Rings trilogy may already be available on the internet. [more]
Wednesday, 4 September 2002, 1:17 AM CET


Bluesocket tightens wireless security
Looking to speed adoption of wireless local area networks, Bluesocket and SSH Communications Security have partnered to address one of the top concerns about the systems - security. [more]
Wednesday, 4 September 2002, 1:15 AM CET


Security overhaul to postpone SQL server
Built-in security development is at the heart of a delay of a major Microsoft database upgrade. [more]
Wednesday, 4 September 2002, 1:10 AM CET


An introduction to on-access virus scanning, part one
This two-part series will offer a brief overview of a particular type of anti-virus mechanism know as on-access virus scanners. [more]
Wednesday, 4 September 2002, 1:06 AM CET


Hackers being jobbed out of work
Long gone is the day when hackers could write their own ticket for mainstream network-security jobs. Even famous "good" hackers, like Max Vision, are having trouble getting a nibble. [more]
Tuesday, 3 September 2002, 11:33 AM CET


Improving the TCPA Specification
The author explains in a balanced fashion what is both good and bad about the proposed industry standard and suggest ways that the Trusted Computing Platform Alliance technical committee can improve it. [more]
Tuesday, 3 September 2002, 11:27 AM CET


Local sites potential targets for cyberterror
From nuclear plants to gas pipelines to electric utilities, Western Washington contains several "critical infrastructure" facilities that terrorists might target - through their computers. [more]
Tuesday, 3 September 2002, 11:26 AM CET


Catching wireless hackers in the act
It's been a cinch for vandals with an eye on Internet mischief to launch attacks by co-opting an unsecured wireless network, but such break-ins may not go so unnoticed now. [more]
Tuesday, 3 September 2002, 11:24 AM CET


Who's watching you? A surveillance society
Computer databases already have a lot on us: Credit cards keep track of airline ticket purchases and car rentals. Supermarket discount programs know our eating habits. Libraries track books checked out... [more]
Tuesday, 3 September 2002, 11:19 AM CET


Password security for online banking queried
Banks should shift from keyboard password entry to a mouse-based system to help avoid surreptitious keyboard logging programs. [more]
Tuesday, 3 September 2002, 11:10 AM CET


Adaptive Linux Firewalls
Automatic firewall hardening is a technique used by many commercial firewalls to prevent invalid packets from reaching protected networks. This document will demonstrate how to harden iptables in real-time. [more]
Tuesday, 3 September 2002, 11:06 AM CET


New privacy czar on way
Eager to head off criticism from privacy advocates over expanded surveillance provisions, the Bush administration is expected to recommend appointing a federal "privacy czar" to act as watchdog. [more]
Tuesday, 3 September 2002, 11:00 AM CET


Ziff pays $125K to settle security breach
Publisher Ziff-Davis has agreed to pay $125,000 to settle legal actions brought after a security breach that exposed customer credit card details on the Web. [more]
Tuesday, 3 September 2002, 10:57 AM CET


HNS Newsletter issue 125 has been released
You can read the Newsletter in TXT or PDF format. If you haven't done it yet, consider subscribing. [more]
Monday, 2 September 2002, 2:30 PM CET


Monitored Intrusion Detection Systems
Monitored Intrusion Detection Systems offer real-time detection and response to attacks, including dynamic blocking, complaints to ISPs and report generation. [more]
Monday, 2 September 2002, 12:45 PM CET


Firewall Follies
The complacency firewalls breed is ultimately more damaging than the computer pirates they keep out. [more]
Monday, 2 September 2002, 12:42 PM CET


E-terrorism: Digital myth or true threat?
Doomsday predictions of a "digital Pearl Harbor" have persisted in the year since the terrorist attacks of Sept. 11. [more]
Monday, 2 September 2002, 12:38 PM CET


D.C. area emergency network could be model for U.S.
When completed, the network could serve as a model for other communities looking to help emergency officials share critical data wirelessly when disaster strikes. [more]
Monday, 2 September 2002, 12:34 PM CET


Ask these questions before you hire a hacker or cracker
Two articles on hiring ex-hackers generated a lot of discussion. The author reviews some of those comments and addresses some of the concerns they raise. [more]
Monday, 2 September 2002, 12:30 PM CET


Uncovering a computer's secrets
Mark Eddo discovers how easy it is to find data on a hard disk even if it has been deleted or reformatted. [more]
Monday, 2 September 2002, 12:27 PM CET


Mail Filtering
There are many ways to filter your e-mail with Perl. Two of the more popular and interesting ways are to use PerlMx or Mail::Audit. The author took a long look at both, and this is what he thought of them. [more]
Monday, 2 September 2002, 12:25 PM CET


Security products aim to make nets hacker-proof
Concerns over network security are giving rise to new Internet products aimed at foiling the efforts of hackers and cyberterrorists. [more]
Monday, 2 September 2002, 12:11 PM CET


OASIS fuels security agenda
Determined to nail down key security and interoperability standards, the broad base of support for official standards bodies is swelling to counter enterprise apprehension regarding Web services adoption. [more]
Monday, 2 September 2002, 12:09 PM CET


Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //