Off the Wire

Off The Wire Archive

News items for September 2004

Sticky security problems
The potential threats posed by memory sticks. [more]
Thursday, 30 September 2004, 6:10 PM CET

Secure Linux: hope or hype?
The race is on to deliver a version of the Linux open-source operating system that will be more secure than any of its predecessors but also manageable and affordable enough to garner widespread acceptance. [more]
Thursday, 30 September 2004, 4:20 PM CET

Putting Wi-Fi behind the corporate firewall
"For years, company employees have had dial-up access to the corporate network over a virtual private network," says Wi-Fi Alliance managing director Frank Hanzlik. "Today, the security is still provided with a VPN -- they just connect with Wi-Fi." [more]
Thursday, 30 September 2004, 4:16 PM CET

IM worm crawls through JPEG hole
Attack largely unsuccessful, but security experts warn of more to come. [more]
Thursday, 30 September 2004, 4:15 PM CET

So many viruses, so little time
Those who design new ways of launching attacks on computers are shortening the development cycle for new exploits, worrying companies and systems manufacturers. [more]
Thursday, 30 September 2004, 4:12 PM CET

Data and security key issues in BI roll-out
Companies see big operational benefits in implementing business intelligence software but only after overcoming numerous technical, cultural and process challenges. [more]
Thursday, 30 September 2004, 4:11 PM CET

Warspammer pleads guilty under anti-spam law
A Los Angeles man who spewed porn advertisements from his car likely faces up to six months in jail. [more]
Wednesday, 29 September 2004, 7:26 PM CET

Large scale IM virus attack feared
Security researchers are seeing the first signs of a large-scale virus attack taking advantage of a known flaw in the way JPEG images are processed in Microsoft Windows products. [more]
Wednesday, 29 September 2004, 7:25 PM CET

How to combat spyware
There's no doubt that the presence of spyware on a computer is a serious intrusion of privacy that needs to be dealt with. [more]
Wednesday, 29 September 2004, 7:22 PM CET

SysAdmin to SysAdmin: five flags you completely forgot about
Administrators are creatures of habit. So much so that we often read things and think, "hey, that's really cool," and then we completely forget about them, even though they might, in some instances, be useful on a regular basis. [more]
Wednesday, 29 September 2004, 7:17 PM CET

Going further to stop hackers
The OpenBSD free Unix project has focused on auditing software security since its inception in 1995, in a bid to thwart malicious hackers. [more]
Wednesday, 29 September 2004, 6:42 PM CET

Sarbanes-Oxley documentation for administrators
This article examines the U.S. Sarbanes-Oxley Act of 2002 from a systems administrator’s viewpoint and looks at some tips to help you be better prepared for such an assessment. [more]
Wednesday, 29 September 2004, 6:41 PM CET

What security means for the chief executive
Legislation and cybercrime mean greater responsibility for senior management. [more]
Wednesday, 29 September 2004, 6:34 PM CET

Defeating honeypots : network issues, part 1
The purpose of this paper is to explain how attackers behave when they attempt to identify and defeat honeypots, and is useful for security professionals to deploy honeypots in a more stealthy manner. [more]
Wednesday, 29 September 2004, 6:33 PM CET

IT bosses eye up biometric security
Firms prepare to introduce iris scans and fingerprint recognition in the workplace. [more]
Wednesday, 29 September 2004, 6:26 PM CET

Vendors struggle to cope with WLAN security threats
The market for wireless local area network (WLAN) security technologies is growing "phenomenally", but vendors are struggling to keep up with the fast-moving nature of WLAN security threats, industry experts have warned. [more]
Wednesday, 29 September 2004, 6:25 PM CET

UK policeman arrested over phone tap claims
Six men - including a serving Metropolitan Police officer - have been arrested concerning the alleged illegal interception of private phone calls. [more]
Wednesday, 29 September 2004, 6:24 PM CET

Japanese bank uses biometrics to boost security
Japan's third-largest bank, The Bank of Tokyo-Mitsubishi, will deploy a biometric security system based on vein-pattern recognition technology in branches nationwide in October. [more]
Wednesday, 29 September 2004, 6:23 PM CET

Security firms merge to form Cybertrust
"We are going to see more consolidation in this space. I don't think many of these managed security companies are making a huge profit or having much impact on the market. The whole area is a minefield and requires huge investment," Bernie Dodwell, business development director at distributor Wick Hill, said. [more]
Tuesday, 28 September 2004, 5:48 PM CET

Security in a world without borders
As the perimeter loses ground in the battle for secure networks, some security executives want to do away with perimeter security altogether. But others aren't so sure. [more]
Tuesday, 28 September 2004, 5:45 PM CET

OpenSSH marks its fifth birthday
OpenSSH marks five years of its existence this week and a new round of internet SSH version mapping shows that it has over 88 percent of the SSH server market. [more]
Tuesday, 28 September 2004, 4:11 PM CET

Microsoft, file phishing, spamming lawsuits
Suit alleges Gold Disk Canada is responsible for sending millions of deceptive e-mails. [more]
Tuesday, 28 September 2004, 4:10 PM CET

Wireless security: 'We have to do the right things'
With its security improving, wireless is set for deployment. [more]
Tuesday, 28 September 2004, 4:03 PM CET

UK firm promises super-secure email
Jeftel .safe service bypasses servers to avoid snooping and spam. [more]
Tuesday, 28 September 2004, 4:01 PM CET

Security vendors harden products
Security companies are trotting out intrusion-prevention system and vulnerability-assessment products. [more]
Tuesday, 28 September 2004, 3:57 PM CET

Nokia breaks into home security market
Wireless home monitoring device controlled by text message. [more]
Tuesday, 28 September 2004, 3:56 PM CET

Nuke watchdog issues cybergeddon alert
The United Nations' nuclear watchdog agency warned of growing concern about cyber attacks against nuclear facilities. [more]
Tuesday, 28 September 2004, 3:55 PM CET

Terrorists grow fat on email scams
Organisations such as al-Qaeda, ETA en PKK are copying Nigerian scams to fund terrorism, two Dutch experts told Dutch daily De Telegraaf. [more]
Tuesday, 28 September 2004, 3:51 PM CET

Security leaders get bigger
Consolidation in the security sector continued last week as three firms planned a merger to form a new security giant offering global services. [more]
Tuesday, 28 September 2004, 3:50 PM CET

House struggles over security bill
House Republicans rejected language in a bill that would have shifted oversight responsibility for cybersecurity from the Homeland Security Department to a newly created position in the Office of Management and Budget. [more]
Tuesday, 28 September 2004, 3:48 PM CET

Not Yet Another Setup Tool (YaST) anymore
GUI-Based, Application-Level Security Management for Novell's SLES 9. [more]
Monday, 27 September 2004, 4:23 PM CET

Financial web sites vulnerable to phishing attacks
Survey shows nine out of 10 financial web sites contain security flaws. [more]
Monday, 27 September 2004, 4:17 PM CET

Will we have a wireless public safety network?
Group demonstrates possible solutions, but lawmakers also need to act. [more]
Monday, 27 September 2004, 4:05 PM CET

Information security fast becoming core issue in corporate governance
A large number of corporations in Middle East are beginning to identify 'information security' as a core area of corporate governance, said sources from information security sector. [more]
Monday, 27 September 2004, 3:56 PM CET

Mandrakesoft in bid For EAL5 certification
Mandrakesoft is teaming with a consortium of European partners in an effort to win Common Criteria Evaluation Assurance Level 5, the highest security certification. [more]
Monday, 27 September 2004, 3:55 PM CET

Audio - The certification of SSL VPNs
Brian Monkman, Technology Programs Manager at ICSA Labs, discusses how SSL VPNs are certified at ICSA Labs. Help Net Security visitors are introduced to the background and the process of this thorough certification procedure. [more]
Monday, 27 September 2004, 3:27 PM CET

Biometrics: a security makeover
The reliability of facial biometrics has been seriously questioned in the past. A4Vision has developed and marketed 3D facial biometrics technology that is drawing strong interest. [more]
Monday, 27 September 2004, 1:25 PM CET

Hackers smell blood in Common Windows Interface
Hackers smell blood in Common Windows Interface [more]
Monday, 27 September 2004, 1:23 PM CET

E-business sites hit with attacks, extortion threats
Attackers may be shifting strategy and aiming at specific companies. [more]
Monday, 27 September 2004, 1:22 PM CET

Security in a single package
Hercules offers patch management, remediation, policies in unified interface. [more]
Monday, 27 September 2004, 1:18 PM CET

VeriSign, RSA introduce authentication tools
VeriSign Inc. added yet another security system to the industry with VeriSign Unified Authentication. [more]
Monday, 27 September 2004, 1:17 PM CET

'UTM appliances' will supplant firewalls
The basic building block of today's network security is the firewall but two market analyses from research company IDC offer compelling evidence that this is about to change. [more]
Monday, 27 September 2004, 1:15 PM CET

Designing Network Security, Second Edition
This is a comprehensive guide which will help you understand the fundamentals of securing your network infrastructure. [more]
Friday, 24 September 2004, 6:07 PM CET

Virus writers focus on image bug
A critical weakness found in many Microsoft programs looks like it is about to be exploited by virus writers. [more]
Friday, 24 September 2004, 12:55 PM CET

Wireless tip: Don't hide from risk
The best wireless network security is to not have a wireless network, according to Defense and intelligence experts. [more]
Friday, 24 September 2004, 11:09 AM CET

House drops plans to move cybersecurity role to White House
House Republican leaders backed away Thursday from a proposal to move important cybersecurity functions from the Homeland Security Department to the White House budget office. [more]
Friday, 24 September 2004, 11:08 AM CET

Identity theft on the rise in the UK
But neither banks nor consumers are doing enough to mitigate the risk. [more]
Friday, 24 September 2004, 11:07 AM CET

Hardening Linux authentication and user identity
PAM is an authentication mechanism that originated on Solaris, but is used on various systems, including Linux. [more]
Friday, 24 September 2004, 12:19 AM CET

System attackers up the ante
Attacks are not only rising in number, but in speed and sophistication too. [more]
Friday, 24 September 2004, 12:16 AM CET

Anti-spam standard body dismantled
Row over Microsoft's Sender ID leads to disbanding of IETF working group. [more]
Friday, 24 September 2004, 12:15 AM CET

Mac or PC? Windows' security issues help users choose
This virus and security problem might be the biggest challenge to Microsoft in years. The message I get is that people are fed up with the vulnerability of Windows. They are increasingly willing to consider other options. And, for whatever reasons, Apple's Macintosh and Linux-based computers hardly get infected or invaded at all. [more]
Friday, 24 September 2004, 12:10 AM CET

IT security culture must start from the top
Global survey warns senior execs against 'delegating' security awareness. [more]
Friday, 24 September 2004, 12:03 AM CET

French Defense Ministry commissions high-security Linux
The French Ministry of Defense has awarded an $8.6 million, three-year contract to a consortium of companies, including Linux vendor Mandrakesoft, to develop a highly secure Linux operating system. [more]
Friday, 24 September 2004, 12:02 AM CET

Are firewalls useful? and another thing...
Address spoofing depends crucially on being able to hide the real source address, so why not make that impossible? One way to do it would be to have all the ISPs and network carriers whose connections constitute the Internet certify where packets entering the network come from. [more]
Thursday, 23 September 2004, 3:37 PM CET

Nokia breaks into home security market
Wireless home monitoring device controlled by text message. [more]
Thursday, 23 September 2004, 12:54 PM CET

Firm justifies job for virus writer
A German computer security firm has defended its decision to hire the self-confessed teenage author of the Sasser and Netsky worms. [more]
Thursday, 23 September 2004, 12:08 PM CET

P-cube goes hunting for zombie PCs
P-Cube, the traffic management firm Cisco agreed to buy for $200m last month, is aiming to tackle the problem of spam at source by detecting and quarantining spam zombie machines. [more]
Thursday, 23 September 2004, 12:01 PM CET

Ireland cracks down on net scams
Calls to 13 other countries will be blocked to thwart auto-dialer software. [more]
Thursday, 23 September 2004, 11:46 AM CET

4 must-have security solutions
Vulnerability and automated patch management top the list. [more]
Thursday, 23 September 2004, 11:44 AM CET

Bill would narrow intruder surveillance
Senate proposal would scale back a provision of the USA Patriot Act that lets the FBI monitor alleged computer trespassers without a warrant [more]
Thursday, 23 September 2004, 11:39 AM CET

Hackers hit credit card company
DDoS attack on e-commerce service provider is preceded by an extortion note. [more]
Thursday, 23 September 2004, 11:34 AM CET

Exploit posted for Microsoft JPEG flaw
Customers are urged to install software updates. [more]
Thursday, 23 September 2004, 11:33 AM CET

DHS expands biometric use
Biometric programs should be expanded to fight terrorism and crime, a Homeland Security Department official said. [more]
Thursday, 23 September 2004, 11:30 AM CET

Information security fails to reach the boardroom
Global security survey shows need for greater awareness still an issue. [more]
Thursday, 23 September 2004, 11:29 AM CET

The spy threat from the internet
Browsing the web can let unwanted visitors into your system - and simple anti-virus software can't catch them. [more]
Wednesday, 22 September 2004, 1:19 PM CET

There's 100,000 of them... and they're after you
As a new study reveals that the number of malicious computer programs has reached the 100,000 mark for the first time, Adrian Mather looks at the dangers facing us in our own homes and what we can do to ward off an attack. [more]
Wednesday, 22 September 2004, 1:18 PM CET

Activists find more e-vote flaws
More weaknesses appear in the Diebold electronic voting system that activists say could be used to rig the November election. The company says auditing procedures would catch any vote fraud. [more]
Wednesday, 22 September 2004, 11:44 AM CET

Uncle Sam demands all air travel records
The US Transportation Security Administration (TSA) has demanded the passenger records of all domestic flights during the month of June, 2004, so that it can test its new "CAPPS Lite" data mining operation before putting it into production, the Associated Press reports. [more]
Wednesday, 22 September 2004, 11:37 AM CET

Backing up your Linux desktop with rsync
This article explain how to use rsync to backup your computer to a drive attached to your system. [more]
Wednesday, 22 September 2004, 11:35 AM CET

Security fears still blocking WLAN adoption
Despite the best efforts of the Wi-Fi industry to assure companies wireless networking is safe in the workplace, a new survey of executives finds security remains the leading barrier to WLAN adoption. [more]
Wednesday, 22 September 2004, 11:24 AM CET

Offshore security can be compromised by cultural differences
Gartner has warned companies that outsource to countries like India and China not to overlook the impact of cultural differences on security. [more]
Wednesday, 22 September 2004, 11:18 AM CET

I/O devices are trusted with PC security
Two new SafeKeeper Trusted Input/Output (I/O) devices are designed to embed security into desktop and notebook computer motherboards. [more]
Wednesday, 22 September 2004, 11:18 AM CET

The building blocks of a customized security service
New IP VPN services can be customized to fit specific user needs, speeding time-to-market without investing in dedicated hardware or applications. [more]
Tuesday, 21 September 2004, 9:14 AM CET

Secure ID tags at AOL
Internet provider introduces new service to put a 'dead bolt' on accounts. [more]
Tuesday, 21 September 2004, 9:13 AM CET

Nmap examination of various operating systems
The purpose of this short comparison is to perform some sort of evaluation of the quality of the TCP/IP stack which is implemented differently in various Operating Systems. [more]
Tuesday, 21 September 2004, 12:18 AM CET

Hackers costing enterprises billions
Hackers continued adding billions to the cost of doing business on the Internet in the first half of 2004, despite security executives' efforts to prevent malicious attacks. [more]
Tuesday, 21 September 2004, 12:12 AM CET

Can all-in-one security appliances secure the network?
Some might do the job, but consultants recommend a layered security approach. [more]
Tuesday, 21 September 2004, 12:07 AM CET

Avoid security tools you don't need
Many technologies may be a waste of time and money, researcher says. [more]
Tuesday, 21 September 2004, 12:06 AM CET

Sasser author gets IT security job
Securepoint technical director Lutz Hausmann says the teenager deserved a second chance. [more]
Tuesday, 21 September 2004, 12:04 AM CET

Microsoft-Cisco security fight hurts us all
Microsoft and Cisco pachyderms are fighting over network security standards, and the losers, once again, are the folks on the ground. [more]
Tuesday, 21 September 2004, 12:03 AM CET

Oracle security patches causing headaches
Oracle Corp. released a batch of security patches earlier this month, addressing dozens of vulnerabilities discovered this year. With limited information on each patch, DBAs are being forced to take entire systems out of production. [more]
Tuesday, 21 September 2004, 12:02 AM CET

Gartner: Information security is still key
Despite claims from some quarters that security will cease to be a key issue over the next few years, Gartner stressed today that information security will remain a major executive concern for the foreseeable future. [more]
Tuesday, 21 September 2004, 12:00 AM CET

Biometrics for Network Security
With all the problems related to using simple password-based authentication methods, biometrics surely has major "pros" for its implementation in enterprise networks. Can this book help you? Read on and find out. [more]
Monday, 20 September 2004, 3:41 PM CET

Hackers deploying 'bots' on a massive scale
Symantec reports up to 75,000 PCs being compromised daily. [more]
Monday, 20 September 2004, 2:26 PM CET

FTC backs spammer bounties (false)
A program to encourage members of the public to become "bounty hunters" tracking down email spammers received the luke warm backing of the US Federal Trade Commission (FTC). [more]
Monday, 20 September 2004, 1:46 PM CET

4 tips for a strong defense
Agency efforts to tighten system security have evolved in recent months from documenting weaknesses to deploying security safeguards, said experts familiar with federal programs. [more]
Monday, 20 September 2004, 1:21 PM CET

VMware - secure access goes virtual
VMware offers a new option for controlling access to corporate systems. [more]
Monday, 20 September 2004, 1:19 PM CET

Microsoft trials piracy lock on Download Center
New feature locks out pirated copies of Windows. [more]
Monday, 20 September 2004, 1:18 PM CET

Arrest made in Cisco source code theft
Police in the UK have arrested a man in connection with the theft of source code from networking equipment maker Cisco Systems in May, a Scotland Yard spokeswoman confirmed on Friday. [more]
Monday, 20 September 2004, 1:17 PM CET

A feast of anti-spam
The proliferation of anti-spam offerings has left many businesses bewildered. Which products should they choose? [more]
Monday, 20 September 2004, 1:14 PM CET

Net security threats growing fast
More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, a study shows. [more]
Monday, 20 September 2004, 1:13 PM CET

A visual history of spam and virus emails
Raymond chen, a Microsoft employee has kept every single piece of spam since mid-1997. The results were then put into a graph to show a visual representation of spam and viruses received for the last 6 years. [more]
Monday, 20 September 2004, 1:12 PM CET

Open source security: still a myth
This article looks at why open source software may currently be less secure than its commercial counterparts. [more]
Friday, 17 September 2004, 8:48 PM CET

How to protect yourself if you use Windows
If you use a Windows personal computer to access the Internet, your personal files, your privacy and your security are all in jeopardy. [more]
Friday, 17 September 2004, 9:26 AM CET

SSH - the Secure Shell: an overview
SSH is an application protocol and software suite that allows secure network services over an insecure network such as the public Internet. [more]
Friday, 17 September 2004, 9:25 AM CET

Hackers seek to save America
A new cyber security centre has been launched in a remote area of eastern Idaho in the US to give expert hackers access to an entire isolated infrastructure to test computing vulnerabilities. [more]
Friday, 17 September 2004, 9:21 AM CET

Microsoft: security now key issue in browser market
Another security scare has hit Microsoft's Internet Explorer. [more]
Friday, 17 September 2004, 9:17 AM CET

NEC extends quantum cryptography range and speed
NEC researchers have developed a quantum cryptography system with sufficient speed and range to make it commercially viable. It could go on sale in the second half of 2005. [more]
Friday, 17 September 2004, 9:15 AM CET

Hackers jump on Windows vulnerability
Hackers are drooling at the thought of exploiting Microsoft's most recent vulnerabilities, security analysts said Thursday. [more]
Friday, 17 September 2004, 9:13 AM CET

Symantec to acquire @stake
Symantec has agreed to acquire @Stake, a Cambridge, Mass.-based provider of IT security consulting services. [more]
Friday, 17 September 2004, 9:10 AM CET

Phones gain coded security
"Pressure for greater security is coming from enterprise customers. [Security] used to be seen as an add-on to IT systems, but lately it has been regarded as something that has to be embedded from the beginning," commented Certicom's vice-president of marketing, Roy Pereira. [more]
Friday, 17 September 2004, 9:05 AM CET

Bugwatch: Managing network security risk
Jukka Sieppi, director of product management at network protection firm Stonesoft, warns of the dangers of adopting a so-called 'silver bullet' solution to network security. [more]
Thursday, 16 September 2004, 5:34 PM CET

Man pleads guilty in massive credit info theft case
Personal financial information stolen from more than 30,000 people [more]
Thursday, 16 September 2004, 2:27 PM CET

Sharing files over a network with NFS
As users chose to supplement their RISC OS computers with a second machine, there grows a need to manage files over a network. With this in mind, Paul Stewart guides us through evaluating and configuring NFS with RISC OS and Windows. [more]
Thursday, 16 September 2004, 2:24 PM CET

Extortion online
Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared. [more]
Thursday, 16 September 2004, 2:22 PM CET

MySQL administrator
In this article, the author recommends MySQL Administrator, which allows an adminstrator to configure a MySQL server easily. [more]
Thursday, 16 September 2004, 2:21 PM CET

Bug detected In Unix and Linux admin console
A bug in Usermin, a widely used administration console for Unix and Linux, could allow a hacker to run malicious code through a specially crafted email, reported security researchers. [more]
Thursday, 16 September 2004, 2:18 PM CET

Academia battles forces of IT anarchy
Academic institutions who have to add, manage, and secure thousands of new users within a period of just a few days face political and social issues on top of the immense technical ones, suggests Scott Granneman. [more]
Thursday, 16 September 2004, 2:15 PM CET

Feds say Lamo inspired other hackers
Prosecutors blame the New York Times hacker for inspiring others of his generation to become cyber outlaws. [more]
Thursday, 16 September 2004, 2:13 PM CET

Give us a job, plead virus writers
Antivirus developers have to ensure that their software works reliably, detecting over 90,000 viruses on a wide variety of operating systems and network configurations without causing problems, explained consultant Graham Cluley. "Virus writers don't care if their code crashes or causes incompatibilities. You don't have to be a genius to write a virus," he said. [more]
Thursday, 16 September 2004, 2:12 PM CET

Microsoft not trying to hijack anti-spam spec
Though it has raised concerns about Microsoft's Sender ID anti-spam technology, the Internet Engineering Task Force, an organization devoted to establishing standards for Internet architecture, has not banned the software giant's participation in the development of an e-mail specification. [more]
Thursday, 16 September 2004, 2:10 PM CET

Five fired at Los Alamos lab
As part of the fallout from an incident at Los Alamos National Lab in July, five workers have been fired. They are among 23 suspended when computer disks containing classified information went missing. [more]
Thursday, 16 September 2004, 2:09 PM CET

Service monitoring with Nagios
Nagios calls itself an "open source host, service and network monitoring program". [more]
Wednesday, 15 September 2004, 3:24 PM CET

Intrusion detection with Tripwire
Tripwire is a file integrity checker for UNIX/Linux based operating systems and works as an excellent intrusion detection system. [more]
Wednesday, 15 September 2004, 10:05 AM CET

Super-secure network could flag data danger
It's a hacker's nightmare but a dream for bankers and spies: A computer network so secure that even the simplest attempts to eavesdrop will interrupt the flow of data and alert administrators to the snooping. [more]
Wednesday, 15 September 2004, 9:57 AM CET

Samba servers vulnerable to denial-of-service attacks
The Samba Team released on Tuesday a patch to fix two flaws that could result in disruptions for networks using the widely installed Unix and Linux software. [more]
Wednesday, 15 September 2004, 9:56 AM CET

Major graphics flaw threatens Windows PCs
Microsoft published on Tuesday a patch for a major security flaw in its software's handling of the JPEG graphics format and urged customers to use a new tool to locate the many applications that are vulnerable. [more]
Wednesday, 15 September 2004, 12:14 AM CET

Wardriving: you can look, but don't touch
Is wardriving legal? Until a court rules otherwise, it is. But should you access an open wireless network you stumble upon? The answer is no. [more]
Wednesday, 15 September 2004, 12:13 AM CET

Brazil is world 'hacking capital'
Brazil has become the global capital for computer hacking and internet fraud, according to experts meeting in the country's capital, Brasilia. [more]
Wednesday, 15 September 2004, 12:12 AM CET

Sun touts tougher security in Solaris 10
Sun Microsystems said its Solaris 10 operating system will be ready for general release by year's end, complete with a sharper set of security teeth. [more]
Wednesday, 15 September 2004, 12:11 AM CET

Nokia joins Secure Digital industry group
Nokia said it has joined an industry group working on technical and specification standards for Secure Digital memory card applications. [more]
Wednesday, 15 September 2004, 12:10 AM CET

BorderWare firewall fights VOIP threats
BorderWare Technologies Inc. has joined Ingate Systems AB and others in providing an edge solution to the external threat problem in voice-over-IP PBXes. [more]
Wednesday, 15 September 2004, 12:08 AM CET

IBM expands RFID services for manufacturers
IBM will offer a range of new services to help industrial firms respond to retail and government pressure to implement radio-frequency identification. RFID services will include consulting, developing the business case, technological proof of concept, and full rollout of the systems. [more]
Wednesday, 15 September 2004, 12:08 AM CET

Internet standards body rejects Sender ID proposal
The Internet Engineering Task Force has rejected Microsoft's Sender ID proposal due to the company's refusal to reveal details of a possible patent application on its proposed technology. [more]
Tuesday, 14 September 2004, 4:22 PM CET

SQL Server 2000 security - DTS security
In this article of our series presenting SQL Server 2000 Security, we are turning our attention towards Data Transformation Services. [more]
Tuesday, 14 September 2004, 4:05 PM CET

Analysts herald arrival of smart security patching tools
IT security managers can look forward to the arrival of enhanced patching technology which will automate and reduce the cost of installing software security and maintenance updates, industry experts have predicted. [more]
Tuesday, 14 September 2004, 3:58 PM CET

Wired for security
McAfee has always been synonymous with PC security, but CEO George Samenuk intends to make a priority of protecting wireless networks and voice communications over the Internet. [more]
Tuesday, 14 September 2004, 3:57 PM CET

Video interview with Chris Potter, PricewaterhouseCoopers Information Security Assurance Partner
In this video Mr. Potter talks about what can be done in order to minimize the recovery time from an incident, discusses the threat posed by increased mobile computing, the most important step businesses must take in order to manage their information security risks in the future, and more. [more]
Tuesday, 14 September 2004, 9:25 AM CET

Graphs for security
Most programmers are familiar with the access-control list (ACL) as a datastructure used for authorization. This article describes using a more robust structure called an access-control graph (ACG). The ACG has several advantages over traditional ACL designs and has special relevance in Web-based applications. [more]
Tuesday, 14 September 2004, 8:51 AM CET

Symantec launches antiphishing service
Symantec is fishing for dollars with a new service designed to help companies combat the ongoing epidemic of online identity theft, or "phishing," scams. [more]
Tuesday, 14 September 2004, 8:46 AM CET

Spycam may be watching you work
If you have a webcam and a microphone on your computer and a broadband connection to the internet, as many now do to chat with their friends around the world, a hacker could be watching you - maybe, if your PC is in your bedroom, just when you really needed privacy. [more]
Tuesday, 14 September 2004, 8:41 AM CET

I spy with my little eye
Forget Congress' myopic efforts to outlaw spyware. What we really need is better enforcement of existing computer crime laws. [more]
Tuesday, 14 September 2004, 2:48 AM CET

Extreme Wi-Fi
Take that wireless hot spot in the local java joint, jack it up on steroids and use it to connect an entire city full of computers. [more]
Tuesday, 14 September 2004, 2:46 AM CET

Safe databases are key to security
Your database and network design may help prevent critical vulnerabilities from being exploited. [more]
Tuesday, 14 September 2004, 2:36 AM CET

Multicore network security processor
Cavium will sample a line of single-chip, multi-core "network services processors" (NSPs) in Q1, 2005. [more]
Tuesday, 14 September 2004, 2:35 AM CET

SP2 fights worms, has bugs
Software conflicts are not the only issue causing some users heartburn. Many people have downloaded or installed the update without a hitch, but others have not been so lucky. [more]
Tuesday, 14 September 2004, 2:34 AM CET

Hercules, Stat Scanner, bulk up security
Financial-services firms get help fixing vulnerabilities with automated scanning and management applications. [more]
Tuesday, 14 September 2004, 2:32 AM CET

Beware of malformed MIME artists
The UK's top UK security co-ordination agency today warned of a series of vulnerabilities involving implementations of the Multipurpose Internet Mail Extensions (MIME) protocol within email and web security products. [more]
Tuesday, 14 September 2004, 2:25 AM CET

Certicom announces hardware security
Digital rights have become a bigger issue for the wireless industry in the last few years as music and other protected content is offered by carriers. [more]
Tuesday, 14 September 2004, 2:21 AM CET

Want more secure software? Then give your vendor hell
Software holes will mean security-related downtime will triple by 2008, unless IT managers take matters into their hands. [more]
Monday, 13 September 2004, 5:20 PM CET

Moving to the Linux Business Desktop
I've read countless articles debating whether Linux is ready for the desktop showcasing the strengths and weaknesses of this OS. This book goes beyond that discussion as the author doesn't think Linux is just ready for the desktop but for the business desktop. Did Gagne manage to guide the reader as well as in his previous books? Read on and find out. [more]
Monday, 13 September 2004, 12:15 PM CET

Identity fraud crisis spirals out of control
APACS calls on UK channel players to support anti-CNP schemes. [more]
Monday, 13 September 2004, 12:09 PM CET

New Windows OS boosts security
With its next version of Windows, dubbed Longhorn and due out in 2006, Microsoft is working on technology that will give companies more control over whether to prohibit devices that can easily be used to transfer data to and from personal computers. [more]
Monday, 13 September 2004, 12:12 AM CET

Enhancing Apache with mod_security
ModSecurity is an open source intrusion detection and prevention engine for web applications. [more]
Monday, 13 September 2004, 12:12 AM CET

MS Premium customers get early security warnings
Microsoft is giving premium customers advance notice of security bulletins, has learned. [more]
Monday, 13 September 2004, 12:11 AM CET

AKCP CameraProbe8 data center security monitor
AKCP has used embedded Linux to build a data center security monitor that can track both physical and network-related events. The CameraProbe8 has an integral low-light pan-and-tilt camera, and supports up to eight environmental sensors. It also runs network service monitoring software. It is manageable via secure SNMP or HTTP. [more]
Monday, 13 September 2004, 12:10 AM CET

OpenBSD’s Theo de Raadt talks software security
In an exclusive interview with Computerworld's Rodney Gedda, the man behind an operating system that lays claim to only one remote exploit in the default install in seven years, reveals where we are headed – and how far we have to go – in the search for more secure software. [more]
Monday, 13 September 2004, 12:10 AM CET

U.S.Robotics Secure Storage Router Pro
This device is a multifunctional router with the VPN server and client support as well as with integrated functions of a network database. [more]
Monday, 13 September 2004, 12:07 AM CET

Spammers twist Microsoft's good into evil
According to a recent study, spammers have now begun to use Microsoft’s latest arsenal against spam, the Sender Policy Framework (SPF), to give their mail a garb of legitimacy. [more]
Monday, 13 September 2004, 12:07 AM CET

Managing background commands in shell scripts
Rainer Raab discusses how to manage multiple background jobs in Korn shell scripts. After a short job control tutorial, he presents his job_monitor_status shell function that alerts the calling script when all background jobs have completed successfully or failed. [more]
Monday, 13 September 2004, 12:06 AM CET

Smart card use grows
Federal agencies are moving toward large-scale adoption of smart cards for identification, according to the latest survey from the Government Accountability Office. [more]
Monday, 13 September 2004, 12:06 AM CET

Runing Linux on an iPAQ
Installing Linux on your iPAQ can be a great way to breathe new life into aging hardware or make an existing tool even better, particularly if you are a fan of Linux on the desktop. [more]
Monday, 13 September 2004, 12:06 AM CET

Microsoft: Sasser bounty hinges on conviction
Sven Jaschan, the alleged author of the Sasser worm and several variants of the Netsky virus, was charged this week by German police, but the informant who led authorities to the suspect will have to wait for a promised $250,000 reward, Microsoft officials said Friday. [more]
Monday, 13 September 2004, 12:05 AM CET

Cisco to acquire network-monitoring firm NetSolve
The acquisition of NetSolve will enable Cisco and its channel partners to offer customers real-time monitoring of Cisco products and to help ensure continuous, secure operation of such services as IP telephony and network security, Cisco says. [more]
Monday, 13 September 2004, 12:04 AM CET

MyDoom spawns four small offshoots
Four minor copies of the program surface, which some security experts believe indicates that a more lethal MyDoom may be on the way. [more]
Monday, 13 September 2004, 12:04 AM CET

Microsoft sticks with controversial Longhorn security
Although Microsoft continues to tweak a controversial architecture for securing PCs, it still plans to include the feature in Longhorn, the next release of Windows. [more]
Thursday, 9 September 2004, 12:35 PM CET

Securing that PC
A book on computer security can often be boring. The author of this review thinks Thomas C. Greene's book is not boring at all. [more]
Thursday, 9 September 2004, 11:55 AM CET

StillSecure enforces network security policies
StillSecure announced the release of Safe Access version 2.0, which tests all PCs on a network and gives access only to those that meet an organization's established security policies, while quarantining others. [more]
Thursday, 9 September 2004, 11:40 AM CET

House panel moves to criminalize spyware, net piracy
People who illegally share copyrighted music and movies over the Internet could be jailed for up to five years under a bill approved by a powerful
congressional panel today. [more]
Thursday, 9 September 2004, 10:19 AM CET

Perimeter security is changing fast
Most security solutions today are built around attempting to protect the vulnerability of the PC and, or the server, by attempting to keep "bad" things outside of the network security perimeter. But, with the changing and disappearing perimeter - security now needs to be intrinsic in every system and for every user. [more]
Thursday, 9 September 2004, 10:15 AM CET

Microsoft offers more time to test XP Service Pack 2
Registry key to prevent PCs from automatically downloading update now good for 240 days. [more]
Thursday, 9 September 2004, 10:13 AM CET

Microsoft puts fingerprint readers into hardware
Microsoft unveiled a new array of keyboard and mice, with some featuring built-in fingerprint readers to make it easier for users to log on to personal computers and Web sites. [more]
Thursday, 9 September 2004, 10:10 AM CET

Spammers use e-mail ID to gain legitimacy
With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. [more]
Thursday, 9 September 2004, 10:09 AM CET

ISPs given thumbs down for virus, hacker control
U.S. residential Internet users are much more satisfied with the spam protection from their Internet service providers, but remain unhappy with their ISPs' defenses against hackers and viruses, J.D. Power and Associates said Wednesday. [more]
Thursday, 9 September 2004, 10:09 AM CET

Primus claims secure broadband first
Australia’s fourth largest ISP, Primus Telecom, has launched a secure DSL service in the hope of boosting its credibility as a tier-one carrier. [more]
Thursday, 9 September 2004, 10:08 AM CET

Security: from the horse's mouth
Network Times decided to ask a few security vendors a set of three questions to hopefully give readers a better idea of what is important and what is available in the security arena. [more]
Wednesday, 8 September 2004, 2:01 PM CET

Samba-3 by Example: Practical Exercises to Successful Deployment
This is a cookbook you've been searching for. That is a slogan. And it is a fact. If you use Samba or you think of using it, this book is something you are going to need. [more]
Wednesday, 8 September 2004, 1:48 PM CET

'War drive' reveals New York's hidden security flaws
While physical security was tightened to unprecedented levels here last week for the Republican National Convention, IT security researchers uncovered an unsettling number of unencrypted wireless devices that they said created a potential information security nightmare for convention organizers and delegates. [more]
Wednesday, 8 September 2004, 12:53 PM CET

Security: Can you really trust just techies?
HR, senior execs and staff all off the hook as IT team take the blame... [more]
Wednesday, 8 September 2004, 12:43 PM CET

'Trusted' systems move to the mainstream
When it comes to operating systems, it's a matter of trust—or mistrust, as the case may be. [more]
Wednesday, 8 September 2004, 12:28 PM CET

Can spammers really exploit wireless networks?
A US citizen is thought to have become the first person to be accused of hacking a wireless network in order to send spam. [more]
Wednesday, 8 September 2004, 12:23 PM CET

Spyware interferes with Microsoft patch
Though Microsoft's new security update package is all about protecting systems from worms, viruses and spyware, it can't do much about what's already on computers - and that could pose a problem. [more]
Wednesday, 8 September 2004, 12:12 PM CET

Windows XP SP2 release surrounded by a feast of egos
Eager to tarnish Microsoft's shiny new Service Pack 2, the security press managed to spin the most thin and marginal issues into "gaping holes" and "security craters." [more]
Wednesday, 8 September 2004, 11:37 AM CET

Using ctelnet in Sun Cluster software with secure shell
You can use the ctelnet application in Sun Cluster software to connect to systems by means of the ssh command instead of telnet. The ctelnet tool is part of the Sun Cluster Console (SUNWccon) package in Sun HPC ClusterTools software. [more]
Wednesday, 8 September 2004, 11:33 AM CET

Metasploit framework, part 2
Newly updated. This article provides insight into the Metasploit Framework, a very useful tool for the penetration tester. Part two of three. [more]
Wednesday, 8 September 2004, 11:31 AM CET

Five steps to enforcing your endpoint security
Your security policy has to have teeth. Here's how to enforce your endpoint security policy. [more]
Wednesday, 8 September 2004, 11:22 AM CET

Spammers exploit anti-spam trap
Some spammers are getting their messages through using techniques designed to spot and stop them. [more]
Wednesday, 8 September 2004, 11:21 AM CET

Top UK companies are failing to develop written security policies
Almost half (47%) of the UK's top 350 companies do not have a fully documented information security policy. [more]
Wednesday, 8 September 2004, 11:19 AM CET

Red Hat upgrades security
Linux software maker Red Hat on Tuesday released an update to its enterprise product with security upgrades, support for IBM Power5 servers, new driver support and bug fixes. [more]
Tuesday, 7 September 2004, 9:06 PM CET

Start-up says it can deliver secure VoIP
A start-up called Net6 claims that its virtual private network products offer companies high-quality voice communications over any network from anywhere. [more]
Tuesday, 7 September 2004, 9:05 PM CET

McAfee AV ate my application
An Australian software developer has been left fuming after the latest virus definition update from McAfee caused his package to be wrongly identified as a Trojan horse programme. [more]
Tuesday, 7 September 2004, 8:53 PM CET

Is JBoss ready for your enterprise?
It's been about a month since JBoss, the Open Source J2EE application server, received its full certification from Sun. [more]
Tuesday, 7 September 2004, 8:47 PM CET

Juniper incorporates third-party security in SSL VPNs
Juniper Networks Inc. is expanding users' security options by opening new interfaces that allow integration of third-party tools with Juniper's line of SSL VPNs. [more]
Tuesday, 7 September 2004, 5:14 PM CET

Patch plugs WinZip flaw
WinZip Computing has released a patch WinZip 9.0 Service Release 1, which it claims will resolve a buffer overflow issue. [more]
Tuesday, 7 September 2004, 5:08 PM CET

Spam: shoot the vendor
The constant evolution of spam to look as much as possible like real email will guarantee that filtering cannot be a complete solution. [more]
Monday, 6 September 2004, 3:20 PM CET

Who goes to jail?
Not having kept, or being able to access, the right information at the right time is now a serious offence that puts the CEO and/or the CFO in jail for perjury, regardless of who in the organisation may or may not have been to blame. [more]
Monday, 6 September 2004, 3:18 PM CET

Companies still fail to take security seriously
Too many firms see security as an IT issue, says survey. [more]
Monday, 6 September 2004, 2:08 PM CET

Web app security using Struts, servlet filters, and custom taglibs
In this article, you will develop a generic security solution that can be used by most enterprise-level Web applications. [more]
Monday, 6 September 2004, 1:14 PM CET

Wireless: new eye on crime aids security in real time
Wireless technology has in recent weeks helped extend the long arm of the law at events ranging from the Republican National Convention in New York City to a rock concert in Staffordshire, England. [more]
Monday, 6 September 2004, 12:38 PM CET

SSL VPNs: full access with maximum security
Many companies are turning to a relatively young technology, Secure Sockets Layer Virtual Private Networks, to provide a full range of remote access while ensuring maximum security. [more]
Monday, 6 September 2004, 12:35 PM CET

v710 hackers reward program
The v710 Hacker Reward Program is a community-sponsored initiative to enable key features on the Verizon/Motorola v710 mobile phone which were disabled by the carrier. [more]
Monday, 6 September 2004, 12:31 PM CET

eBay domain hijacker arrested
Police in Germany have arrested a 19 year-old from Helmstedt for hijacking the site of eBay Germany about a week ago. [more]
Monday, 6 September 2004, 12:26 PM CET

Security: the bigger picture
Symantec chairman and CEO John W. Thompson tells about the company's strategy, and why he's not bothered about Microsoft's entry into the market. [more]
Monday, 6 September 2004, 12:22 PM CET

Army puts up its defenses
Army information technology officials started the Fort Campbell Network Upgrade in December 2003... [more]
Monday, 6 September 2004, 12:21 PM CET

Midrange firewalls face off
ServGate, SonicWall, and StoneGate boxes prove their mettle. [more]
Friday, 3 September 2004, 1:52 PM CET

600,000 students warned of identity theft
California university officials have warned nearly 600,000 students and faculty that they might be exposed to identity theft following incidents where computer hard drives loaded with their private information were lost or hacked into. [more]
Friday, 3 September 2004, 1:51 PM CET

Bluetooth can bite
With an estimated 250 million Bluetooth-enabled devices currently in use, the fact that Bluetooth is about as secure as the proverbial wide-open barn door should be of concern to everyone responsible for the safekeeping of corporate data. [more]
Friday, 3 September 2004, 1:44 PM CET

WinXP SP2 = security placebo?
We evaluated the security features of Windows XP SP2 on a test machine, following a clean install of XP Pro with no configuration changes and no third-party software or drivers installed. [more]
Friday, 3 September 2004, 1:27 PM CET

Slack security for old computers
Less than 25% of old computers sold or given away by companies have had data removed from them, raising concerns about personal information security. [more]
Friday, 3 September 2004, 1:27 PM CET

Apache says it won't support sender ID
The foundation is balking at Microsoft's strict licensing terms for the proposed anti-spam standard. [more]
Friday, 3 September 2004, 1:26 PM CET

Simple and secure isn't so simple
Simple to code does not always mean simple for the user. And simple for the user is often not easy to code. [more]
Friday, 3 September 2004, 1:25 PM CET

Security flaws in WinZip could allow attacks
WinZip Computing Inc. recently revealed that Version 9.0 of its popular WinZip file compression program is vulnerable to a variety of security attacks. [more]
Friday, 3 September 2004, 1:13 PM CET

Fallout from virus war persists
Netsky, Bagle and Mydoom variants still topping the virus charts. [more]
Friday, 3 September 2004, 1:12 PM CET

Army honors security work
The Army this week issued its first awards to service personnel and contractors for excellence in information assurance. [more]
Friday, 3 September 2004, 1:10 PM CET

Spam avalanche keeps growing
The spam flood is rising, contributing to a reduction in the usefulness of e-mail, a market research firm said Wednesday. [more]
Thursday, 2 September 2004, 3:15 PM CET

Big Brother watches Britain
The teenagers who stabbed wealthy Joao Da Costa Mitendele to death before burgling his home were careful to conceal the crime. They used a pretty girl to gain access to his apartment, where they wore rubber gloves while committing their crimes. [more]
Thursday, 2 September 2004, 3:12 PM CET

AIDE and chkrootkit
Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. [more]
Thursday, 2 September 2004, 3:11 PM CET

Hack to school
School wasn't even in session, and Dartmouth College chief information officer Lawrence Levine was penning the kind of letter technology executives dread. [more]
Thursday, 2 September 2004, 3:03 PM CET

802.11 Wireless Networks: The Definitive Guide
Despite providing a wealth of extensive in-depth technical pieces of information, which vary from cryptic shorts to descriptions of specific frame parts, the book is very easy to read. [more]
Thursday, 2 September 2004, 10:43 AM CET

WPA2-certified Wi-Fi toughens security
Wi-Fi Protected Access 2 is meant to significantly strengthen wireless security, and certified products are now available. [more]
Thursday, 2 September 2004, 12:16 AM CET

Affordable IT: desktop security
Protecting your organization means guarding against attackers as well as internal problems. Tools are essential, but so is user education. [more]
Thursday, 2 September 2004, 12:16 AM CET

Secure mobile phones will use fingerprint ID
The fingerprint locking system is already in use in Japan. [more]
Thursday, 2 September 2004, 12:15 AM CET

IT users seek to certify security
Industry-wide standards sought by IT experts at major companies. [more]
Thursday, 2 September 2004, 12:15 AM CET

Ballmer beats security drum
Microsoft CEO Steve Ballmer believes the software industry will create more positive change in the next 10 years than it did in the previous 10 -- provided that security threats are effectively handled. [more]
Thursday, 2 September 2004, 12:12 AM CET

MessageLabs, Symantec team on antispam service
MessageLabs, a provider of e-mail security services, will use Symantec's Brightmail filtering technology as part of its own antispam service, the company said Wednesday. [more]
Thursday, 2 September 2004, 12:11 AM CET

Xerox multifunction systems earn high standard for security
Xerox Corporation has earned the coveted international standard in security assessments for six of its office multifunction systems. [more]
Wednesday, 1 September 2004, 3:59 PM CET

Breaking into voicemail systems is a easy
Businesses are placing themselves at risk because they are failing to secure their internal voicemail systems from hackers. [more]
Wednesday, 1 September 2004, 12:21 PM CET

To catch a virus
Is there another attack in the pipeline? Will the Internet totally collapse? Graphs showing Internet activity have nothing significant to report. The Panda Technical Support network has not reported any increase in calls. All seems to be calm and peaceful. [more]
Wednesday, 1 September 2004, 12:18 PM CET

Circumventing web services security problems
When Aeroplan, an airline affinity program owned by Air Canada with over six million members worldwide, decided to rapidly expand its partnership program, it needed a secure way to bridge its XML infrastructure with partners’ systems. [more]
Wednesday, 1 September 2004, 12:09 PM CET

PDA security still dismal
Worker apathy about PDA security is putting corporate data in jeopardy. [more]
Wednesday, 1 September 2004, 12:07 PM CET

Passing the WLAN security buck
Company offers outsourced wireless LAN to overcome security vulnerabilities. [more]
Wednesday, 1 September 2004, 12:06 PM CET

Is encryption doomed?
Our entire information society rests on a fragile foundation that mathematicians are racing to dismantle. [more]
Wednesday, 1 September 2004, 12:05 PM CET

DOD reveals viral infection
The breach of security, Dodgen said, illustrated the need for "diligence, diligence, diligence" when it comes to information security and assurance — although he described his initial reaction to the incident as, "Who are we going to shoot?" [more]
Wednesday, 1 September 2004, 12:01 PM CET

Sendmail searches for antispam testers
Sendmail has taken a first stab at software to authenticate the source of e-mail messages, a technology that will be key to preventing the proliferation of spam. [more]
Wednesday, 1 September 2004, 1:23 AM CET

Hardware today - next-gen firewalls reach high
Firewalls have come a long way since 1985, when U.S. Department of Defense experiments spawned basic packet filtering technologies. [more]
Wednesday, 1 September 2004, 1:07 AM CET

Army CIO asks for better security
The Army's chief information officer wants service and industry information technology officials to do a better job of protecting networks and building more secure products. [more]
Wednesday, 1 September 2004, 1:02 AM CET

Report casts doubt on IRS hacking-detection system
The problems found raise questions about the agency's modernization plans. [more]
Wednesday, 1 September 2004, 1:00 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th