Off the Wire

Off The Wire Archive

News items for September 2006

How to defeat the new No. 1 security threat: cross-site scripting
Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS was now the top security risk. [more]
Friday, 29 September 2006, 4:42 PM CET

Should Microsoft be in the anti-malware business?
New malware-fighting tools raise debate about making profit from holes in your own products. [more]
Friday, 29 September 2006, 4:41 PM CET

Think you're secure? Think again
If security is a people, process and technology problem, the weakest link in the chain are the people, which explains why social engineering attacks are on the rise, says Kevin Mitnick. [more]
Friday, 29 September 2006, 4:40 PM CET

Application security: countering the professionals
Attacks are moving up the stack and getting more sophisticated. Are you ready to deal with them? [more]
Friday, 29 September 2006, 4:39 PM CET

Measuring the value of metrics
Our security manager used to hate metrics, but now he’s the one telling his staff to collect and report them. [more]
Friday, 29 September 2006, 10:33 AM CET

MS antisphishing tool wins MS bakeoff
Microsoft sponsored a study comparing the effectiveness of antiphishing technologies and, surprise surprise, the company's IE 7 anti-phishing technology came out on top, according to a post on the IE Blog. [more]
Friday, 29 September 2006, 10:27 AM CET

Virtual desktop security close to reality
Symantec and Intel are collaborating to bring the benefits of virtualization technology to desktop security, executives from the two companies announced at the Intel Developer Forum in San Francisco. [more]
Friday, 29 September 2006, 10:22 AM CET

Google turns over Orkut data to Brazilian authorities
The company has provided data about Orkut users in response to 30 court orders. [more]
Friday, 29 September 2006, 10:20 AM CET

Judge opens door for former AG Ashcroft to testify in student computer terrorism lawsuit
Former U.S. Attorney General John Ashcroft could be called to testify in a lawsuit that claims a student was wrongly imprisoned in a computer terrorism case, a federal judge ruled Wednesday. [more]
Friday, 29 September 2006, 10:18 AM CET

Labour day hackfest will have security systems crash and burn
An underground community of Australia's "elite" will meet in Sydney for the fourth annual hacker conference, Ruxcon, this weekend. The two day conference kicks off on Saturday at the University of Technology, Sydney. [more]
Friday, 29 September 2006, 10:17 AM CET

U.S. deploys first e-Passport readers
The U.S. Department of Homeland Security (DHS) have deployed the first e-Passport readers into production, even though that have faced enough criticism from privacy advocates and security experts concerned about the technology. [more]
Friday, 29 September 2006, 1:55 AM CET

Another day, another zero-day MS exploit
Business users are being encouraged to be more cautious when opening PowerPoint files following the discovery of an as yet unpatched flaw in Microsoft's office application. [more]
Friday, 29 September 2006, 1:40 AM CET

VA installs encryption software on 15,000 laptops
The move is part of efforts to bolster security following the May data breach. [more]
Friday, 29 September 2006, 1:27 AM CET

Computer crime laws worry security pros
Hacking programs can be used for good as well as evil, so where should line be drawn by government? [more]
Friday, 29 September 2006, 1:15 AM CET

UK's worst spammer loses appeal
The UK's biggest spammer, convicted on a variety of charges ranging from fraud and blackmail to making threats to kill and sentenced to six years imprisonment, has failed in an appeal court bid to quash two of his convictions. [more]
Friday, 29 September 2006, 12:59 AM CET

Computer experts renew call for secure e-voting
With midterm elections less than six weeks away, computer experts are again warning Congress that electronic voting machines remain unreliable and that a paper trail is needed to verify election results. [more]
Friday, 29 September 2006, 12:34 AM CET

ID thieves turn sights on smaller e-businesses
Schuyler Cole needed an accessory for his Palm Treo 600 smartphone, so the Haleiwa, Hawaii, resident fired up his Web browser last month and ran a Google search. [more]
Thursday, 28 September 2006, 3:33 PM CET

Man escapes conviction over unsought bank probe
A man who accessed the Reserve Bank's telephone systems to find security weak spots then billed the bank for his unsolicited services told the Wellington District Court he was surprised when police questioned him about his actions. [more]
Thursday, 28 September 2006, 2:46 PM CET

Six charged in breakup of AOL identity theft ring
Six men have been charged with orchestrating a phishing scheme that targeted AOL users, the Department of Justice said Wednesday. [more]
Thursday, 28 September 2006, 2:41 PM CET

How to use your PC and Webcam as a security camera
This tutorial will take you step-by-step through setting up your PC and Webcam to act as a motion-detecting and recording security camera system. [more]
Thursday, 28 September 2006, 2:40 PM CET

One in three managers snub mobile security
Benefits outweigh the risks for many firms. [more]
Thursday, 28 September 2006, 2:38 PM CET

Contactless cards: are privacy jitters legit?
Nothing is being done with RFID that isn't already being done with credit cards today, say defenders of the technology. [more]
Thursday, 28 September 2006, 2:37 PM CET

Attackers targeting new PowerPoint bug
Trojan found in Microsoft's presentation software, says McAfee. [more]
Thursday, 28 September 2006, 4:01 AM CET

Congress orders more people to testify on HP scandal
More than a dozen people have been called on to testify. [more]
Thursday, 28 September 2006, 3:40 AM CET

Demo: This message self destructs
Anyone who's seen the TV show "Mission: Impossible" will remember the familiar "this message will self-destruct" bit that began episodes. Now, a company exhibiting at the Demofall '06 Conference is offering something that can be seen as a variation on that theme. [more]
Thursday, 28 September 2006, 3:28 AM CET

Research project targets radio tag security, privacy
Scientists seek to safeguard RFID, other wireless systems. [more]
Thursday, 28 September 2006, 3:06 AM CET

Naive 'hacker' escapes punishment
Here's a cautionary tale for would-be penetration testers: get permission from a bank before you try to bill them for helping to identify and fix the security short-comings of their services. [more]
Thursday, 28 September 2006, 2:24 AM CET

UK gov't security expert: Balance cybersecurity risks
Protecting global information infrastructure called one of the top challenges for governments, developers and providers. [more]
Thursday, 28 September 2006, 1:17 AM CET

IT security is a duty for all
New technologies offer great opportunities, but security must not be an afterthought. [more]
Thursday, 28 September 2006, 12:31 AM CET

Sharp rise in phishing emails
Concern for online banks and customers as report shows increase of 81 per cent in just six months. [more]
Thursday, 28 September 2006, 12:21 AM CET

Microsoft releases beta of file-server backup
System Center DPM marks Microsoft's first move into the data-protection software market. [more]
Thursday, 28 September 2006, 12:12 AM CET

CA offers insurance to security suite customers
Home and SOHO solution providers can offer customers insurance against identity theft and computer virus infections when they buy CA's Internet Security Suite 2007, released Wednesday. [more]
Thursday, 28 September 2006, 12:03 AM CET

Testing the effectives of your patch management system
If you've invested a lot of money into a commercial patch management system or perhaps you've grown your own, how do you know how effective it is? [more]
Wednesday, 27 September 2006, 11:41 AM CET

Peek at NSA's secret reading list
The tantalizing tables of contents to the best spy magazines you'll probably never get to read have been posted online, thanks to a Freedom of Information Act request that pried open four classified National Security Agency publications. [more]
Wednesday, 27 September 2006, 11:38 AM CET

Fear the Metasploit Framework
The Metasploit Project is one of the most popular penetration testing suites available. [more]
Wednesday, 27 September 2006, 11:36 AM CET

Do ex-hackers make good IT security hires?
Not necessarily, say industry experts. Making mischief is easier than tracking down the cause of problems and solving them. [more]
Wednesday, 27 September 2006, 11:35 AM CET

Cross-site scripting the top security risk
Web administrators beware: cross-site scripting vulnerabilities are now far more attactive targets than more notorious bugs such as buffer overflows, according to new figures from Mitre, a US government-funded research organisation. [more]
Wednesday, 27 September 2006, 11:32 AM CET

GE: Laptop with data on 50,000 staffers stolen
It was taken from a locked hotel room early this month. [more]
Wednesday, 27 September 2006, 3:15 AM CET

Time to end the FBI/CSI study?
The information security industry doesn't go more than a couple of weeks between the releases of surveys, most of which exist for marketing purposes rather than as reportage of major discoveries. [more]
Wednesday, 27 September 2006, 2:41 AM CET

RFID-enabled locks secure bags of blood
Ospedale Maggiore, a hospital in Bologna, Italy, has been using a system involving RFID-enabled seals to be sure patients are given only the blood intended for them. [more]
Wednesday, 27 September 2006, 2:35 AM CET

Cisco updates security exam, adds new specialty
Cisco Systems recently announced on its Web site that it has launched an updated Securing Cisco Network Devices (SND) exam as well as a new security-related specialty title. [more]
Wednesday, 27 September 2006, 1:22 AM CET

Citizens safe, citizens secure?
The era of more open borders, integrated economies and new technologies has thrown up new security challenges. [more]
Wednesday, 27 September 2006, 12:58 AM CET

California mulls RFID privacy law
California is on the brink of introducing privacy laws to safeguard personal data stored on radio frequency identification (RFID) tags in government-issued documents and identification cards. [more]
Wednesday, 27 September 2006, 12:50 AM CET

Hackers actively exploiting IE's VML flaw
Over the weekend an existing phishing operation started using the VML exploit in an effort to steal login data for financial Web sites, said Roger Thompson, chief technology officer with Exploit Prevention Labs. [more]
Wednesday, 27 September 2006, 12:40 AM CET

Researcher takes TRUSTe to task
A controversial survey of more than a half million Web sites released on Monday found that sites are twice as likely to be rated as bad actors if they have been certified by the TRUSTe non-profit industry group. [more]
Wednesday, 27 September 2006, 12:32 AM CET

Malware lurks behind safety seal
Sites handed the TRUSTe seal of approval are twice as likely to host malware or engage in spamming as those not endorsed by any security certificate, according to a study by spyware researcher Ben Edelman. [more]
Wednesday, 27 September 2006, 12:21 AM CET

Windows Genuine Advantage worse than we all feared
Venerable Windows expert Ed Bott has been carefully documenting his misadventures with Windows Genuine Advantage for a few months now. [more]
Wednesday, 27 September 2006, 12:09 AM CET

Apple security not yet cause for alarm
There's a persistent perception that because Apple is moving to the Intel platform and now allows Macs to boot to Microsoft's Windows, the potential for more security mischief rooted in Windows could raise a ruckus on the Mac. [more]
Tuesday, 26 September 2006, 3:25 PM CET

AOL members sue over search data release
Plaintiffs seek monetary relief as well as changes to AOL's privacy practices. [more]
Tuesday, 26 September 2006, 11:01 AM CET

Security row upsets Second Lifers
The creators of the Second Life online world have been criticised by members over a security breach that exposed confidential information. [more]
Tuesday, 26 September 2006, 11:00 AM CET

Malware hiding behind online safety certificates
Privacy certificate twice as likely to harbor badware than non-certified sites, study alleges. [more]
Tuesday, 26 September 2006, 3:56 AM CET

Data breach tally approaches 100 million
The total number of records containing sensitive personal information involved in security breaches over the past two years now stands at 93,754,333, according to the Privacy Rights Clearinghouse. [more]
Tuesday, 26 September 2006, 3:21 AM CET

USB memory sticks pose new dangers
The ability to use tiny USB memory sticks to download and walk away with relatively large amounts of data has already made the ubiquitous device a potent security threat in corporate environments. [more]
Tuesday, 26 September 2006, 2:33 AM CET

What federal smart cards could mean for corporate America
Issuance of smart cards is already impacting private Americans. What will they mean to businesses like yours? [more]
Tuesday, 26 September 2006, 1:20 AM CET

Number of browser vulnerabilities rising
According to the most recent update to security-firm Symantec's biannual Internet Security Threat Report, the last six months saw a significant uptick in the number of security vulnerabilities found in web browsers. [more]
Tuesday, 26 September 2006, 12:52 AM CET

Hackers target home users for cash
Consumers are now on the main target of malicious hackers intent on enriching themselves through the misery of others. [more]
Tuesday, 26 September 2006, 12:43 AM CET

Unbreakable passwords made easy
That may look like a confusing jumble of letters and numbers. And it is. But that's why it holds the promise of better computer security for you. [more]
Tuesday, 26 September 2006, 12:43 AM CET

Computer virus writers plan slow spread
In the past, virus writers seeking fame and attention wrote their malicious programs to spread as quickly and broadly as possible, boasting to colleagues when they manage to cripple hundreds of thousands of computers worldwide in a matter of hours. [more]
Tuesday, 26 September 2006, 12:32 AM CET

Energy Dept. told to improve cybersecurity
Its resources and data are at risk, says DOE's inspector general. [more]
Tuesday, 26 September 2006, 12:21 AM CET

Limiting the ports probed by Nessus scans
A common question our support group receives from Direct Feed customers is how to limit Nessus probes to specific ports. [more]
Tuesday, 26 September 2006, 12:06 AM CET

Browser bug could get early patch
Microsoft is considering the early release of a fix for a bug in Internet Explorer that malicious hackers are actively exploiting online. [more]
Tuesday, 26 September 2006, 12:03 AM CET

Unofficial IE patch saves humanity
Security researchers have released a patch designed to protect users against an outstanding Internet Explorer vulnerability in the absence of available security updates from Microsoft. [more]
Monday, 25 September 2006, 2:25 PM CET

Where data goes, security must follow
Over the last several years, well-publicized security breaches have been causing enterprises to develop security policies in order to protect their brands from the damaging publicity surrounding such an event. The only feasible approach to securing information is to take an encrypted, data-level approach to security. Anything less leaves companies, customers and partners at risk. [more]
Monday, 25 September 2006, 2:23 PM CET

Malware evolution: results of the first half of 2006
This latest half-yearly report covers the most significant changes in malicious code evolution over the last six months and included a number of predictions as to how the situation may develop based on the statistics we have today. [more]
Monday, 25 September 2006, 1:33 PM CET

Motorola hatching big plans for Symbol
RFID, Wi-Fi, and Wi-Max technologies seen as a good match. [more]
Monday, 25 September 2006, 1:31 PM CET

Golf sites fall into malware sand trap
Spyware, adware and Trojan authors tap Ryder Cup zeitgeist. [more]
Monday, 25 September 2006, 1:30 PM CET

Top 5 tips to NOT get hacked online
For those who are not experts in computer security, here are the top 5 tips to a safer online experience (in addition to having firewalls, anti-virus, and patching diligently). [more]
Monday, 25 September 2006, 1:20 PM CET

Internet crime to hit homes hard
Home computer users are now the favourite targets of hi-tech criminals, reveals research. [more]
Monday, 25 September 2006, 12:51 PM CET

Defending your clients against wireless hackers with sniffers
When probing for previous networks, a client exposes information about itself and opens itself up for attack. [more]
Monday, 25 September 2006, 11:43 AM CET

Encryption works wonders, but causes its own IT headaches
Encryption is effective, but applying it to PCs, databases, and networks means adding layers of software and hardware and taking on new costs stemming from product licenses, training, and support. [more]
Monday, 25 September 2006, 11:08 AM CET

Spam trail uncovers junk empire
An investigation into a seemingly routine series of spam messages has revealed how sophisticated the business of online crime has become. [more]
Monday, 25 September 2006, 10:58 AM CET

NSA cases face secret tribunal
A sprawling array of cases challenging the National Security Agency's warrantless surveillance of American's domestic and international communications may be moved to an obscure secret court in Washington. [more]
Monday, 25 September 2006, 10:53 AM CET

Symantec dismisses Vista security debate
Symantec Pacific region vice president David Sykes has thrown cold water on the Windows Vista security debacle which emerged last week pointing out that it is pointless speculating about software that isn't released yet. [more]
Monday, 25 September 2006, 10:50 AM CET

Configure Ubuntu for Active Directory authentication
There are two important concepts for users: authentication, and accounts. [more]
Monday, 25 September 2006, 12:42 AM CET

HostGator: cPanel security hole exploited in mass hack
HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. [more]
Monday, 25 September 2006, 12:36 AM CET

Security software competes for dominance
Experts warn against using multiple antispyware products. [more]
Monday, 25 September 2006, 12:32 AM CET

HP chief apologizes, denies he knew of hacking
Technology giant Hewlett-Packard's CEO Mark Hurd announced on Friday that he would replace the board's chair Patricia Dunn immediately and apologized for the extent of the spying that took place in the chairwoman's investigation of a media leak on the board of directors. [more]
Monday, 25 September 2006, 12:25 AM CET

The hidden costs of security freeware
Some of the limitations in free security software packages "aren't always obvious to the end users until they run into a problem they thought might be addressed," said David Luft, a senior vice president for security vendor CA. [more]
Monday, 25 September 2006, 12:21 AM CET

CIA level computer security
Everyone wants to be a badass. Whether you want to admit it or not, if you are a self respecting geek, you want to protect your sensitive information in a way so the CIA can't even read it. [more]
Monday, 25 September 2006, 12:18 AM CET

Learning spammers' tricks doesn't mean less junk
The industry is learning more and more about tricks used by spammers to get their unwanted messages across, as evidenced by a handful of research studies made public this month from university and vendor labs. [more]
Monday, 25 September 2006, 12:12 AM CET

Germany proposes hacker law update
The German government this week published proposals to modernise the country's computer hacking laws. [more]
Monday, 25 September 2006, 12:06 AM CET

Learn how your ISA Server helps block VML vulnerability traffic
The first course of action taken against this attack must be protecting and patching all affected computers. Details of this issue can be found here. [more]
Monday, 25 September 2006, 12:02 AM CET

Raman amplification in Storage Area Networking
In context of storage services, the ability to lengthen the distance between data vaults rates is an even more compelling benefit. To gain the protection they want (and governments more and more frequently require), enterprises must be able to put more distance between their primary and backup data centers. [more]
Friday, 22 September 2006, 6:48 PM CET

Microsoft gets credit for tightening security
CodeRed, Nimda, and Blaster. These high-profile worms, which exploited flaws in Microsoft's Windows operating system and other applications, made Microsoft the butt of security jokes and forced the company to reexamine its approach to developing secure software. [more]
Friday, 22 September 2006, 3:45 PM CET

Free security tools that really work
Penetration testing, hack testing, and password cracking: Free utilities are out there to help you do all these tasks and more. [more]
Friday, 22 September 2006, 1:39 PM CET

Linux security basic guide
This article shows you how to quickly secure your Linux system after a fresh installation. [more]
Friday, 22 September 2006, 1:34 PM CET

In-depth Vista RC1 review with security details
Windows Vista RC1 was released this week with great fanfare. Coming after the highly-successful pre-RC1 build 5536, it had quite a lot of high expectations, and it certainly exceeded quite a few of them. [more]
Friday, 22 September 2006, 1:00 PM CET

Outlook vulnerable to critical VML bug
Malicious code can be executed without using scripting code. [more]
Friday, 22 September 2006, 12:56 PM CET

Police fingerprint themselves
West Midlands Police are trialing a system that controls police access to buildings and computer systems using a fingerprint scanner. Before now this technology has been used mostly in prisons, intelligence HQs, and schools. [more]
Friday, 22 September 2006, 12:53 PM CET

Apple updates strengthen wireless security
Apple on Thursday released a Security and AirPort update for Mac OS X that fixes vulnerabilities found in the company’s wireless drivers. [more]
Friday, 22 September 2006, 3:03 AM CET

Antispyware groups: Legislation still needed
Studies show a small decrease in spyware on PCs, but its use in logging keystrokes appears to be on the rise. [more]
Friday, 22 September 2006, 2:45 AM CET

Guarding against the new IE exploit
Earlier this week Security Fix wrote about a newly discovered vulnerability in Microsoft's Internet Explorer Web browser that bad guys were exploiting to install malicious software when users merely browsed certain nasty Web sites. [more]
Friday, 22 September 2006, 2:42 AM CET

Hurd to share HP board leak investigation analysis
In one of his first public acts to address the growing Hewlett-Packard Co. boardroom scandal, CEO Mark Hurd plans to brief reporters tomorrow about the findings of an analysis conducted by the company's law firm. [more]
Friday, 22 September 2006, 2:30 AM CET

Review: Belkin N1 Wireless Router
The N1 supports a full range of wireless security options, including WEP 64/128, WPA PSK and "Enterprise" and WPA2 PSK and "Enterprise". [more]
Friday, 22 September 2006, 2:15 AM CET

29% of departing directors admit stealing data - survey
Almost a third of company directors surveyed have admitted to stealing corporate information, with memory sticks making theft easier than ever. [more]
Friday, 22 September 2006, 1:12 AM CET

EU to MS: Don't shut out security rivals
If Microsoft bundles security software with Vista there could be renewed antitrust issues in Europe, says the European Commission. [more]
Friday, 22 September 2006, 12:50 AM CET

Symantec prepares for shift to "Security 2.0"
Symantec will venture into the areas of system availability and performance management, CTO Mark Bregman says. [more]
Friday, 22 September 2006, 12:45 AM CET

Screen-capture Trojans ramp up
In hopes of fighting Internet fraud, some online banking sites make customers use "virtual keypads" - a method of entering passwords on the screen, generally with a mouse. [more]
Friday, 22 September 2006, 12:36 AM CET

House surveillance bill passes committee
Controversial wiretap expansion now goes to full House. [more]
Friday, 22 September 2006, 12:30 AM CET

Network security: be afraid, be very afraid
There's a lot to be afraid of in the world of network security threats. [more]
Friday, 22 September 2006, 12:22 AM CET

Startup urges item registry for recovery after theft
Mission Viejo-based PropertyRoom contracts with more than 700 law enforcement agencies to collect, package and sell unreturned, found and seized goods, such as diamond rings, stereos, cars and even land. [more]
Friday, 22 September 2006, 12:15 AM CET

German law makes hacking a punishable crime
New legislation proposed by the German government aims to make computer hacking a punishable crime. [more]
Friday, 22 September 2006, 12:10 AM CET

Wiretap case: 'drop it,' say feds
The Bush administration asked an appeals court Thursday to step in immediately and dismiss a lawsuit over the government's warrantless eavesdropping program, calling a lower judge's ruling dangerous and wrong. [more]
Friday, 22 September 2006, 12:03 AM CET

RIM device would thwart thieves
Pickpocket-proof BlackBerry seen. [more]
Thursday, 21 September 2006, 7:03 PM CET

ATM hack uncovered
A security expert in New York has learned how to get free money from some ATMs by entering a special code sequence on the PIN pad. [more]
Thursday, 21 September 2006, 10:46 AM CET

Thumb-sized leaks in corporate security
Proliferating flash drives and other personal memory devices are causing corporate IT managers to rethink data security policies and enforcement. [more]
Thursday, 21 September 2006, 10:44 AM CET

Lessons from the Facebook riots
Earlier this month, the popular social networking site Facebook learned a hard lesson in privacy. [more]
Thursday, 21 September 2006, 10:18 AM CET

Bank machine reprogramming made easy
A bank machine in Virginia Beach has been reprogrammed to dispense four times the money requested, and the simplicity of the procedure has created questions about the security of independent bank machines. [more]
Thursday, 21 September 2006, 2:30 AM CET

VoIP presents major security risk, expert warns
Banks and other companies switching their phone systems to VoIP are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday. [more]
Thursday, 21 September 2006, 2:27 AM CET

Linux hackers get first dibs on next-gen DVR
Neuros Technology is offering Linux hackers first dibs on beta units of its next-gen DVR (digital video recorder). [more]
Thursday, 21 September 2006, 2:15 AM CET

Zero-day vulnerability detected in Windows VML
Microsoft has confirmed reports that a zero-day vulnerability has been detected in the Windows implementation of Vector Markup Language, or VML. [more]
Thursday, 21 September 2006, 1:09 AM CET

Corporate leaks go unnoticed
Research says UK businesses failing to deal with loss of sensitive data. [more]
Thursday, 21 September 2006, 12:58 AM CET

Point, click, root: System exploitation with open tools
IT managers face a problem determining what products and policies are best to properly secure their network. [more]
Thursday, 21 September 2006, 12:50 AM CET

How to: 3 steps to a more secure laptop
Laptop theft is one of the fastest growing problems in the security sector. Who can forget the nightmare scenario that occurred at the U.S. Department of Veterans Affairs this past May? [more]
Thursday, 21 September 2006, 12:36 AM CET

Hackers building botnet with AOL messaging worm
"The motivation for the bad guys seems to be in lining up as many 'install chains' as possible to insure a consistent pipeline that can be controlled by their rogue botnet," said FaceTime director of malware research Chris Boyd. [more]
Thursday, 21 September 2006, 12:27 AM CET

Cost determines security choices
Firms are being urged to shop around more to find the security system best suited to their needs. [more]
Thursday, 21 September 2006, 12:18 AM CET

DEFCON - security tool nirvana
DEFCON is one of the oldest and largest hacking conventions. Itýs essentially 3 days of great information about the latest and greatest in security, sans the vendor stuff. [more]
Thursday, 21 September 2006, 12:15 AM CET

Firefox variant lets users surf without a trace
It changes a computer's IP address every few minutes. [more]
Thursday, 21 September 2006, 12:10 AM CET

Police data sharing progresses
Second phase of Crisp project set to be in place by next summer. [more]
Thursday, 21 September 2006, 12:08 AM CET

Review: Acunetix Web Vulnerability Scanner 4.0
Acunetix Web Vulnerability Scanner 4 is a powerful and versatile scanner that proves to be an important piece of a web application-testing arsenal. As always with penetration testing, some things must be done manually, but from the perspective of an automated web vulnerability scanning procedure, you cannot miss with Acunetix WVS. [more]
Wednesday, 20 September 2006, 11:11 PM CET

Homeland Security adds cybersecurity czar
The job had been vacant for more than a year. [more]
Wednesday, 20 September 2006, 5:13 PM CET

Are we losing the security war?
As systems get more complex, they get less secure, says CTO of Internet security company. [more]
Wednesday, 20 September 2006, 5:13 PM CET

Free anonymising browser debuts
Web users worried about privacy can now use a modified version of Firefox that lets them browse the net anonymously. [more]
Wednesday, 20 September 2006, 5:12 PM CET

A week in DRM wonderland
Digital Rights Management (DRM) is a key issue on the emerging web; how will the benefits of free flowing data be balanced by the commercial interests of content creators or the corporations that own their content? [more]
Wednesday, 20 September 2006, 1:42 AM CET

Newly detected IE exploit spells massive spyware trouble
A previously undocumented flaw in Microsoft's Internet Explorer Web browser is reportedly being exploited by online criminals to install an entire kitchen sink of malicious software on any computer that visits any of a handful of sites currently exploiting the vulnerability. [more]
Wednesday, 20 September 2006, 1:12 AM CET

Securing Windows XP Professional in a P2P networking environment
This document explains how to implement security measures for a small or medium-sized business environment where peer-to-peer networking is used. [more]
Wednesday, 20 September 2006, 1:11 AM CET

Building and configuring a central logging server with syslog-ng
This article describes the process of replacing the venerable but limited syslog daemon with a versatile, flexible and customisable replacement, syslog-ng. [more]
Wednesday, 20 September 2006, 1:08 AM CET

Enterprises can win in security software deals
Security software is mandatory for enterprises facing an Internet community of aggressive hackers and criminals. [more]
Wednesday, 20 September 2006, 1:07 AM CET

IT lobbyist named as federal cybersecurity chief
ITAA vice president Gregory Garcia becomes the first assistant secretary for cybersecurity and telecommunications within the Department of Homeland Security, a post that has been vacant for more than a year. [more]
Wednesday, 20 September 2006, 1:07 AM CET

Attackers hit new IE vulnerability
Porn sites exploiting VML bug to install malware. [more]
Wednesday, 20 September 2006, 1:02 AM CET

Beginner's guide to wireless auditing
In this first article, we will discuss how to build an auditing environment, how to construct fuzzing tools and, finally, how to interpret the results. [more]
Wednesday, 20 September 2006, 1:02 AM CET

Goverment to inspect online shopping carts?
The subject has prompted some alarm among Internet service provider executives and civil liberties groups after the Justice Department took Google to court earlier this year to force it to turn over information on customer searches. [more]
Wednesday, 20 September 2006, 1:00 AM CET

New technology is scary, says Cisco CTO
New technology such as Windows Vista and IP v6 may solve some security problems but will bring new security threats as well, according to a senior Cisco security expert. [more]
Wednesday, 20 September 2006, 12:59 AM CET

Gov't wants ISPs' user data
Attorney General Alberto Gonzales said Tuesday that Congress should require internet service providers to preserve customer records, asserting that prosecutors need them to fight child pornography. [more]
Wednesday, 20 September 2006, 12:59 AM CET

Safe storage, Mac style
I know that most readers live in a world where Microsoft Windows runs on laptops, desktops and most of the servers. [more]
Wednesday, 20 September 2006, 12:56 AM CET

You've been 'pwned'
I just can't muster up enough paranoia to properly eliminate all those bill stubs and other documents with my personal data on them. [more]
Tuesday, 19 September 2006, 5:01 AM CET

Spammers cashing in on free hosters
Enterprising spammers have begun selling each other free Web pages, McAfee says. [more]
Tuesday, 19 September 2006, 4:30 AM CET

Rivals integrate security ID tools
Cisco and Microsoft make efforts to ensure NAC and NAP work together. [more]
Tuesday, 19 September 2006, 4:16 AM CET

Researcher demonstates Adobe Reader attack
Malicious code can be installed through legit features. [more]
Tuesday, 19 September 2006, 4:00 AM CET

HP probe included physical, e-mail tracking
The effort included attempts to place spyware on a reporter's computer. [more]
Tuesday, 19 September 2006, 3:18 AM CET

Hotel minibar keys open Diebold voting machines
Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. [more]
Tuesday, 19 September 2006, 3:03 AM CET

Finding security in a virtual world
An impenetrable firewall may not be the best way to keep your systems secure. [more]
Tuesday, 19 September 2006, 2:50 AM CET

Spam threat from video tribute sites
Steve Irwin fans are the latest target. [more]
Tuesday, 19 September 2006, 2:42 AM CET

Microsoft, EU spar over Vista security
"Monumental" decoupling request could further delay ship date. [more]
Tuesday, 19 September 2006, 2:32 AM CET

Scalable anonymity with I2P
The Invisible Internet Project (I2P) is a work in progress whose aim is to provide a secure version of the IP protocol that addresses threats common to the standard TCP/IP networking infrastructure - most importantly, the effortless identification and tracking of participating peers. [more]
Tuesday, 19 September 2006, 2:21 AM CET

Automating Nagios service checks via SSH
Today, we’ll learn how to automate Nagios service checks via SSH, even when the remote server does not support password-less (key-based) SSH logins. [more]
Tuesday, 19 September 2006, 2:15 AM CET

Spamhaus repels DDoS attack
Spamhaus, the leading anti-spam organisation, has restored its site and services to normal after a distributed denial of service attack rendered its site temporarily inaccessible for several hours on Monday. [more]
Tuesday, 19 September 2006, 12:53 AM CET

Security costs fall with good policies
Enterprises will increasingly face skilled IT criminals trying to infiltrate corporate networks for sensitive data stored in databases, but adopting new policies to evaluate risk should help drive the cost of defense down, computer security analysts said Monday. [more]
Tuesday, 19 September 2006, 12:40 AM CET

Cross-site scripting the top security risk
Web administrators beware: cross-site scripting vulnerabilities are now far more attractive targets than more notorious bugs such as buffer overflows, according to new figures from Mitre, a U.S. government-funded research organization. [more]
Tuesday, 19 September 2006, 12:26 AM CET

Web vulns top security threat index
Less rigor in web programming, an increasing variety of software, and restrictions on web security testing have combined to make flaws in web software the most reported security issues this year to date, according to the latest data from the Common Vulnerabilities and Exposures (CVE) project. [more]
Tuesday, 19 September 2006, 12:06 AM CET

Has Apple lost its security shine?
With the latest large sets of security patches and an alleged wireless driver vulnerability, Mac OS X no longer seems invincible. An expert delves into the real threats in the Apple world and outlines simple steps you can take to protect yourself. [more]
Tuesday, 19 September 2006, 12:03 AM CET

DVD chips 'to kill illegal copying'
Embedded radio transmitter chips to track movie, music and software discs. [more]
Monday, 18 September 2006, 5:15 PM CET

Renew your passport now!
If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. [more]
Monday, 18 September 2006, 5:15 PM CET

Hacking probe clouds Swedish election result
Hi-tech scandal cast its shadow over last weekend's Swedish elections after the incumbent Social Democratic Party accused its political rivals, the Liberal party, of hacking into its systems. [more]
Monday, 18 September 2006, 5:14 PM CET

Using Pict Encrypt for steganography purposes on Mac OS X
Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. Pict Encrypt 2.0 is very easy to use freeware application using which you can hide your text in any image you want in just a couple of clicks. [more]
Monday, 18 September 2006, 11:56 AM CET

Phishers spoof more brands
A report says 154 brands were hijacked in July, an 18% increase over the previous month. [more]
Monday, 18 September 2006, 11:38 AM CET

New Firefox fix patches security bugs
Mozilla developers have released an updated version of their Firefox browser that fixes a number of security issues, four of them rated critical. [more]
Monday, 18 September 2006, 11:37 AM CET

Optimizing your backup tape rotation strategy
Backups are a primordial part of any corporate disaster recovery plan, so to maximize their effectiveness you have to keep your data as long as you can, on the least number of medias possible. [more]
Monday, 18 September 2006, 1:27 AM CET

Spreadsheets seen as security hole
Bill Hostmann, an analyst at Gartner, said that while many organizations go to great lengths to secure transactional systems and Web applications, many more "do almost nothing, or a very limited amount," to protect data housed in BI applications and spreadsheets. [more]
Monday, 18 September 2006, 1:21 AM CET

Accused VoIP fraudster sought as fugitive
The feds issued an arrest warrant for Edwin Pena for violating his bail conditions. Investigators are searching for the man, who's been missing since last month. [more]
Monday, 18 September 2006, 1:15 AM CET

Piracy: all it takes is a garage
Piracy—it's not just for the high seas anymore. In fact, according to the MPAA, 44 percent of their piracy losses in the US come from college students. [more]
Monday, 18 September 2006, 1:03 AM CET

How a malformed installer package can crack Mac OS X
There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install. [more]
Monday, 18 September 2006, 12:55 AM CET

On card displays become reality, making cards more secure
It’s your credit card … spiked with something extra... a thin, flexible display with a readout similar to that of a calculator. [more]
Monday, 18 September 2006, 12:50 AM CET

Unisys subcontractor arrested in VA theft
D.C. man charged with stealing desktop with info on thousands. [more]
Monday, 18 September 2006, 12:50 AM CET

Mozilla security takes axe to redundant code
Mozilla Corporation has hired a former security strategist from Microsoft as part of its efforts to improve the security of its software, in particular its flagship Firefox web browser software. [more]
Monday, 18 September 2006, 12:45 AM CET

Web flaws race ahead in 2006
Less rigor in Web programming, an increasing variety of software, and restrictions on Web security testing have combined to make flaws in Web software the most reported security issues this year to date, according to the latest data from the Common Vulnerabilities and Exposures (CVE) project. [more]
Monday, 18 September 2006, 12:41 AM CET

Cybercrime is getting organized
Cyberscams are increasingly being committed by organized crime syndicates out to profit from sophisticated ruses rather than hackers keen to make an online name for themselves, according to a top U.S. official. [more]
Monday, 18 September 2006, 12:30 AM CET

Security products sell despite freebies
Microsoft gives away a security firewall with its latest operating system. [more]
Monday, 18 September 2006, 12:12 AM CET

Data breach insurers eye smaller firms
Insurance firm American International Group Inc. last week announced a new insurance policy designed to protect small and midsize businesses against the costs associated with a data breach. [more]
Monday, 18 September 2006, 12:06 AM CET

Security cleanup for Ajax apps
These solutions can help developers mitigate the vulnerabilities posed by Ajax-based Web applications. [more]
Friday, 15 September 2006, 4:32 PM CET

Anti-spam crusaders slapped with $11.7m judgement
A US court has ordered anti-spam organisation Spamhaus to pay $11.7m in damages for "illegally" listing email marketing firm e360insight as an affiliate of a known spammer, an entry that meant users of Spamhaus's mail filtering advisory system would not have received email from e360insight. [more]
Friday, 15 September 2006, 3:46 PM CET

Cybersecurity holes found in mock attacks
While the hacker test found gaps in security, the report did say that "by and large, the participating organizations and their practices met the challenges presented." [more]
Friday, 15 September 2006, 3:32 PM CET

Spam canned: FTC busts four operations
Sleazy pitches ran afoul of CAN-SPAM rules. [more]
Friday, 15 September 2006, 10:48 AM CET

Interview about IPCop future development
IPCop is a great firewall distribution: small, easy and secure. [more]
Friday, 15 September 2006, 10:47 AM CET

Certification: test your knowledge of RFID topics
CompTIA has released an exam on the topic, and there is discussion of other vendors following with their own offerings. [more]
Friday, 15 September 2006, 10:46 AM CET

US government secrecy costs soar to $7.7 billion
Clandestine CIA prisons get headlines, but a recent report says that secrecy is spreading to federal programs with little connection to national security. [more]
Friday, 15 September 2006, 10:43 AM CET

Secure your wireless network
If you just set up a wireless network in your home without securing it, you're just asking for trouble. [more]
Friday, 15 September 2006, 10:40 AM CET

New IE hole revisits an old bug
Hackers have discovered a new vulnerability in Internet Explorer, and they've released code that could be used to attack users of Microsoft Corp.'s popular browser. [more]
Friday, 15 September 2006, 10:40 AM CET

Mistakes in identity
No system works perfectly all the time, but for something as fundamental as being able to prove who you are and get access to what you’re supposed to be able to do, we need to set things up so there’s a fall-back plan. [more]
Friday, 15 September 2006, 10:38 AM CET

Senate committee approves surveillance bills
Civil liberties activists unhappy about National Surveillance Security Act. [more]
Friday, 15 September 2006, 12:37 AM CET

DOJ prosecutor: Criminals teaming up with hackers
A dynamic duo, and not in the good sense. [more]
Friday, 15 September 2006, 12:17 AM CET

Net simul-attacks expose US security holes
Simulated internet attacks in the US have uncovered gaps in the nation’s cybersecurity defences. [more]
Friday, 15 September 2006, 12:09 AM CET

Commission concerned about Vista security
Microsoft has fallen foul of the European Commission yet again over plans for its Vista operating system. [more]
Thursday, 14 September 2006, 11:23 AM CET

Delving deep into the hacker culture
Cybercrime is a science that studies and analyses the criminal behaviour when dealing with the Information Technology world. [more]
Thursday, 14 September 2006, 11:10 AM CET

Protect yourself from pretexting
Pretexting has long been a tactic used by private investigators and others to obtain personal information and records about people. [more]
Thursday, 14 September 2006, 11:09 AM CET

Microsoft wins £45,000 from spammer
Redmond brings civil case to maximise damages payment. [more]
Thursday, 14 September 2006, 11:08 AM CET

Princeton professor raises alarm over electronic voting
A Princeton University computer science professor added new fuel Wednesday to claims that electronic voting machines used across much of the country are vulnerable to hacking that could alter vote totals or disable machines. [more]
Thursday, 14 September 2006, 11:07 AM CET

Six tips to protect online search privacy
Concern over privacy and the use of online search is at an all-time high. Here's how-to create a strong shield for privacy. [more]
Thursday, 14 September 2006, 11:07 AM CET

Hacker's guide to QuickTime
QuickTime is one of the most commonly encountered digital video formats on the Internet. Most movie trailers released online are in QuickTime format. In short, QuickTime is ubiquitous. [more]
Thursday, 14 September 2006, 11:00 AM CET

NSA bill performs a Patriot Act
A bill radically redefining and expanding the government's ability to eavesdrop and search the houses of U.S. citizens without court approval passed a key Senate committee Wednesday, and may be voted on by the full Senate as early as next week. [more]
Thursday, 14 September 2006, 10:57 AM CET

Microsoft takes third shot at buggy security patch
Interent Explorer patch presents more problems than solutions. [more]
Thursday, 14 September 2006, 10:56 AM CET

iTunes 7 DRM already cracked
It's only been a day since Apple updated iTunes to version 7, but the folks over at the Hymn project already have a new version of the program that can be used to remove the DRM from songs purchased from it. [more]
Thursday, 14 September 2006, 2:45 AM CET

Surfing anonymously has its drawbacks
It makes some of us nervous that Google and other Web companies are building huge collections of data about our surfing habits. [more]
Thursday, 14 September 2006, 2:11 AM CET

IT to secure airport check-in
A wave of new technologies aims to bolster security and speed up boarding. Dave Friedlos reports. [more]
Thursday, 14 September 2006, 1:22 AM CET

Apple fixes 7 flaws in Mac, Windows QuickTime
The newest version of QuickTime, 7.1.3, patches 7 bugs in how the application checks a variety of file formats. [more]
Thursday, 14 September 2006, 12:45 AM CET

Microsoft debates Vista security with EU
Microsoft's inclusion of new security capabilities in Windows Vista could put smaller security software companies out of business or force them to make adjustments, said Joe Wilcox, a Jupiter Research analyst. [more]
Thursday, 14 September 2006, 12:34 AM CET

Adobe patches Flash
Adobe tells users to update Flash Player immediately, to correct five critical bugs that can let attackers take control of a target computer. [more]
Thursday, 14 September 2006, 12:21 AM CET

EDonkey settles music industry suits for $30 million
One of the last large file-sharing services falls. [more]
Thursday, 14 September 2006, 12:15 AM CET

Zotob Virus writers jailed in Morocco
Two Moroccan men have been sentenced to prison terms for helping write the Zotob computer virus that attacked major U.S. networks last year, a court official said Wednesday. [more]
Thursday, 14 September 2006, 12:10 AM CET

Cisco, Microsoft talk about their NAC for security
Cisco and Microsoft recently revealed how they are working toward interoperability between Cisco's Network Access Control and Microsoft's Network Access Protection technologies. [more]
Thursday, 14 September 2006, 12:08 AM CET

Constructing secure Storage Area Networks
Increasingly concerned about the availability of their business data, many enterprises over the last five years have implemented sophisticated storage area networks (SANs). With metro optical networks cost-effectively satisfying the huge bandwidth requirements, services such as business continuity and disaster recovery have helped enterprises avoid costly network downtime, improve corporate resource utilization and efficiently manage growing amounts of data. [more]
Wednesday, 13 September 2006, 8:27 PM CET

Massive DoS attacks against ISPs on the rise
ISPs are spending more to defend against massive denial-of-service attacks than they are protecting themselves against highly-publicized worm attacks. [more]
Wednesday, 13 September 2006, 11:56 AM CET

Two-thirds of phishing scams target single US bank
Fifth Third Bank heads August phishing list by a mile. [more]
Wednesday, 13 September 2006, 11:51 AM CET

Police probe Schwarzenegger audio 'hack'
The leak of an audio file containing embarrassing comments by California governor Arnold Schwarzenegger to news media has triggered a police probe. [more]
Wednesday, 13 September 2006, 11:50 AM CET

Group releases spec for cellphone security
The Trusted Computing Group (TCG) officially rolls out its standard for cellphone security. [more]
Wednesday, 13 September 2006, 11:49 AM CET

Most insider-related data breaches go unreported
Companies don't have the resources they need to manage the problem. [more]
Wednesday, 13 September 2006, 12:16 AM CET

Microsoft, EC tangle over Vista security
The European Commission has again warned Microsoft Vista’s ship date is threatened by antitrust concerns. [more]
Wednesday, 13 September 2006, 12:12 AM CET

Pa. man pleads guilty to copyright theft
First case involving BitTorrent tech moves to sentencing phase. [more]
Wednesday, 13 September 2006, 12:06 AM CET

New spec targets mobile phone security
Efforts to establish security standards for mobile devices were boosted Tuesday with the release of the Mobile Trusted Module (MTM) specification. [more]
Tuesday, 12 September 2006, 5:23 PM CET

Secure your Wi-Fi traffic using FOSS utilities
To facilitate encrypting your Wi-Fi traffic, first set up dynamic DNS service so you can locate your server when you're away from home. [more]
Tuesday, 12 September 2006, 1:45 PM CET

Schwarzenegger computer may have been hacked
California police are looking to find out whether hackers broke into the governor's computer and downloaded a recording of a private conversation in which he said African-Americans and Latinos are "hot-blooded." [more]
Tuesday, 12 September 2006, 1:44 PM CET

Bank fined $50m for buying drivers' data
A bank which purchased the names and addresses of more than 650,000 people in the US has been ordered to pay a $50m fine. [more]
Tuesday, 12 September 2006, 1:38 PM CET

Third of UK directors steal company secrets
Internal data theft is widespread, claims survey. [more]
Tuesday, 12 September 2006, 1:37 PM CET

E.U., U.S. still haggling over passenger data sharing
European and U.S. security officials were locked in talks in Brussels Monday to replace a passenger data sharing agreement that was outlawed by a European court in May. [more]
Tuesday, 12 September 2006, 12:27 AM CET

UK online shoppers still wary of security
ISPs and security firms 'not doing enough', say users. [more]
Tuesday, 12 September 2006, 12:24 AM CET

New approaches on attacking malware
The approach can dynamically adjust to an application's privileges or stop an application from launching. [more]
Tuesday, 12 September 2006, 12:12 AM CET

Analyzing malicious SSH login attempts
Malicious SSH login attempts have been appearing in some administrators' logs for several years. [more]
Tuesday, 12 September 2006, 12:09 AM CET

Cisco and Microsoft promise more secure networks... next year
After two years of working together, the vendors say it will take another year before their integrated network security products are available. [more]
Monday, 11 September 2006, 3:55 PM CET

HP back on the couch over phone record hacks
Like a good friend who has just gotten out of a terrible relationship, Hewlett-Packard seemed to be on the rebound and all the happier for it in recent months. [more]
Monday, 11 September 2006, 2:17 PM CET

Security breach hits online world
Every player of Second Life has been asked to change the password they use to enter the popular online world. [more]
Monday, 11 September 2006, 1:50 PM CET

Bank deals of 5,000 terror suspects tracked
The bank accounts of more than 5,000 suspected terrorists are being monitored by Britain's biggest financiers following fresh intelligence from MI5. [more]
Monday, 11 September 2006, 1:48 PM CET

Germany: crackdown on TOR-node operators
The public prosecutor’s office of Konstanz raided computing centres of seven providers in Germany, seizing ten servers. [more]
Monday, 11 September 2006, 1:37 PM CET

Kismet sniffs out Wi-Fi access
Today, Wi-Fi access points everywhere, and users becoming increasingly more sophisticated in their wireless network knowledge. [more]
Monday, 11 September 2006, 11:36 AM CET

The convergence of physical and IT security
In today's world, technology is playing an ever-increasing role—at work, at home and as we move around. [more]
Monday, 11 September 2006, 10:50 AM CET

IT staff needs to sell security
Successful network security requires extraordinary marketing measures by IT security staff, said speakers at a Forrester Research Security Conference. [more]
Monday, 11 September 2006, 10:46 AM CET

Attacks spurred security sector
Companies are pitching ideas for a digital emergency alert network, a 10-finger and palm-print scanner and a Web site dedicated to bioterrorism. [more]
Monday, 11 September 2006, 3:30 AM CET

Securing your laptops
Theft and loss of laptops is a growing problem as the workforce becomes increasingly mobile. Available technologies work along with best practices to secure hardware and the data on it. [more]
Monday, 11 September 2006, 3:11 AM CET

The new reality for IT security
Security executives from around the country converged in Boston this week to hear how their peers are tackling enterprise security and managing risk. [more]
Monday, 11 September 2006, 1:55 AM CET

Discover RFID-enabled solutions in the retail industry
Radio Frequency Identification (RFID) is popping up in many sectors, including the retail industry. [more]
Monday, 11 September 2006, 1:47 AM CET

Software pirate gets 7 years
The owner of one of the nation's largest internet software piracy websites has been sentenced to more than seven years in prison. [more]
Monday, 11 September 2006, 1:21 AM CET

Criminal charges 'likely' in HP case
Charges are "likely" over the alleged spying scandal, but HP Chairwoman Patricia Dunn says she will not resign. [more]
Monday, 11 September 2006, 1:04 AM CET

Quantum cryptography tested
Photon technology trialled. [more]
Monday, 11 September 2006, 12:30 AM CET

Five years later, are we more secure?
As we approach the fifth anniversary of the terrorist attacks on America, the thing to do is ask, "Are we any safer today than we were on Sept. 11, 2001?" [more]
Monday, 11 September 2006, 12:26 AM CET

Concerns over security software
There are many ways to provide security, one of which is to keep harmful elements away from those parts or people they may want to damage. Exclusion is often the only way society can defend itself. [more]
Monday, 11 September 2006, 12:18 AM CET

Banks invest in better security online
Online banking, a service that has spared consumers a trip to the branch and given them access to accounts with a few keystrokes, is about to become more complicated. [more]
Monday, 11 September 2006, 12:10 AM CET

MS exec gives company B+ on security
Since Microsoft launched its TWC (Trustworthy Computing) initiative in January 2002, the company has substantially improved the overall security of its products, a company executive said this week at the Security Standard conference being held in Boston. [more]
Monday, 11 September 2006, 12:06 AM CET

Airlines stress reality of new security measures
US airlines have been sending out reassuring messages to customers and statt since UK authorities arrested several suspected terrorists who were targeting commercial airlines traveling from Britain to the US. [more]
Monday, 11 September 2006, 12:00 AM CET

Hackers winning DRM 'arms race'
Entertainment-industry executives are trying to figure out the best ways to steer consumers to legal Web content, but in the meantime the thieves are way ahead. [more]
Friday, 8 September 2006, 3:46 PM CET

The box that broke Enigma code is rebuilt
Enthusiasts have succeeded in rebuiling a Nazi code cracking device, signaling the culmination of a 10-year project. [more]
Friday, 8 September 2006, 3:44 PM CET

Security is SOP for business
At this week's Security Standard conference in Boston - which was hosted by Network World and other IDG publications - speakers talked as much about the business of security as the technical options and details. [more]
Friday, 8 September 2006, 1:36 PM CET

Review: How Personal & Internet Security Works
For majority of us working in information technology, knowledge on security and privacy topics is something that we need to possess. There are hundreds, or better say it thousands, of quality books aimed toward expanding our skills, but there is not a lot of them aimed at the average Internet user which is the main target of ever-popular threats such as viruses, assorted malware and malicious attacks. Que's "How Personal & Internet Security Works" is a publication that takes a unique approach on addressing these issues. [more]
Friday, 8 September 2006, 11:07 AM CET

Exploring the RFID+ certification
One of the newest IT certifications to become available is that of RFID+ from CompTIA, the organization behind such certifications as A+, Network+, Security+, and many others. [more]
Friday, 8 September 2006, 11:06 AM CET

San Diego man pleads guilty to USC computer hack
He broke into the school's network after being denied admission in 2005. [more]
Friday, 8 September 2006, 11:05 AM CET

Malware scrambles to evade defenses
A Trojan horse program designed to compromise systems uses the Microsoft Windows' Encrypted File System to scramble its payload and evade detection, warned a researcher at security firm McAfee this week. [more]
Friday, 8 September 2006, 11:05 AM CET

New VoIP threats to listen for
As the business world rapidly embraces VoIP technology for its cost savings, little heed is given to the new dangers that are introduced into our telephone networks. [more]
Friday, 8 September 2006, 11:01 AM CET

'Wide open' means extra security
There's a reason nearly every security appliance vendor uses open source tools, and it has little to do with licensing. [more]
Friday, 8 September 2006, 10:48 AM CET

HP dragnet grabbed 9 reporters
At least nine journalists were swept up in Hewlett-Packard chairman Patricia Dunn's furious search for a media leak on the company's board of directors, according to a source familiar with the matter. [more]
Friday, 8 September 2006, 10:47 AM CET

Red alert over London on credit card fraud map
London is the UK capital of credit card fraud, according to a study by online fraud prevention firm Early Warning. [more]
Friday, 8 September 2006, 1:10 AM CET

Examining defects in the Firefox code base
Using Klocwork’s K7 static analysis tool, I examined the large and complicated code base of the popular open source browser, Firefox. [more]
Friday, 8 September 2006, 12:55 AM CET

The death of privacy
In privacy circles, a mostly forgotten incident from the end of the dot-com euphoria aptly illustrates the lack of regard most companies have toward protecting personal data, even if they make a point of promising to do so. [more]
Friday, 8 September 2006, 12:48 AM CET

Schools can fingerprint children without parental consent
Parents cannot prevent schools from taking their children's fingerprints, according to the Department for Education and Skills and the Information Commissioner. [more]
Friday, 8 September 2006, 12:39 AM CET

Phishing becomes more localised
Banks outside US begin to be targeted. [more]
Friday, 8 September 2006, 12:34 AM CET

Personal data-backup options proliferate
Network storage has not been as popular as regular hard drives, said Stephen Baker, vice president for industry analysis at NPD, because of privacy and trust issues. [more]
Friday, 8 September 2006, 12:25 AM CET

Considering the consequences of shortsighted policy
Like many government policies across the globe, this directive was apparently drafted with a clear social goal in mind, but little understanding of the use and pace of technology. [more]
Friday, 8 September 2006, 12:18 AM CET

How to portscan your computer for security holes
If you're smart and you're connected to the net, you're concerned about computer security. [more]
Friday, 8 September 2006, 12:05 AM CET

Interview with Vladimir Katalov, CEO of ElcomSoft
Vladimir Katalov is working in ElcomSoft from the very beginning. He created the first program the password recovery software line has started from: Advanced ZIP Password Recovery. In this interview he answers some questions related to current security threats, the protection of sensitive information at the enterprise level, and much more. [more]
Thursday, 7 September 2006, 6:42 PM CET

Protecting against EFS based attacks
EFS uses public key cryptography that makes use of a user’s account login and password pair to encrypt a private key. [more]
Thursday, 7 September 2006, 12:41 PM CET

Spammer fighting sentence
Yesterday, the Washington Post reported that the conviction of spammer Jeremy Jaynes had been upheld in a Virginia Court of Appeals. [more]
Thursday, 7 September 2006, 12:39 PM CET

RFID passports raise security fears
Information stored on RFID is at risk from skimmers, says security firm. [more]
Thursday, 7 September 2006, 11:43 AM CET

Quickest patch ever
If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM. [more]
Thursday, 7 September 2006, 10:57 AM CET

Zombies crawl over wiki exploits
Hackers are exploiting vulnerabilities in wiki software packages to establish networks of compromised computers.
Thursday, 7 September 2006, 10:55 AM CET

Bank of Ireland agrees to phishing refunds
The Bank of Ireland has backtracked on an earlier decision and has agreed to refund victims of a phishing scam in which customers lost a total of €113,000 (£76,770). [more]
Thursday, 7 September 2006, 10:54 AM CET

Privacy fears shock Facebook
Millions of people have flocked to social networking sites to post information about themselves and share it with friends. [more]
Thursday, 7 September 2006, 10:54 AM CET

Review: Check Point VPN-1 UTM Edge security device
Check Point’s VPN-1 UTM Edge is a security appliance designed to protect remote branch offices where expertise may be limited or non-existent. [more]
Thursday, 7 September 2006, 10:52 AM CET

Mozilla taps former Microsoft executive for security
Strategist needed to secure open source products against online attacks. [more]
Thursday, 7 September 2006, 12:48 AM CET

Securing a website with client SSL certificates
Let's assume that you have an Apache webserver and a website that you want VERY finite access controls on. You could do it a number of ways, right? [more]
Thursday, 7 September 2006, 12:40 AM CET

Cisco, Microsoft demo network security cooperation
Demo to be held in Boston this week. [more]
Thursday, 7 September 2006, 12:33 AM CET

Malware authors hungry for profit
Hackers creating increasing numbers of Trojans and bots for financial gain. [more]
Thursday, 7 September 2006, 12:16 AM CET

HP's pretext to spy
Authorized by Hewlett-Packard's chairwoman Patricia Dunn to find a director who leaked the company's plans to the media, private investigators used pretexting. [more]
Thursday, 7 September 2006, 12:01 AM CET

Pump-and-dump spammers shift tactics
Pump-and-dump spammers are refining their tactics and marketing techniques in an attempt to drum up new business. [more]
Wednesday, 6 September 2006, 6:03 PM CET

Localised attacks add to phishing increase
More targets also contribute to rise in malware. [more]
Wednesday, 6 September 2006, 6:02 PM CET

New Apache compliance audit policy
Tenable's research team has released a Nessus 3 audit policy file which can be used to audit the configuration of Apache web servers running on various UNIX platforms. [more]
Wednesday, 6 September 2006, 5:56 PM CET

NIST offers secure Web services tips
The National Institute of Standards and Technology has released for comment a draft of Guide to Secure Web Services. [more]
Wednesday, 6 September 2006, 5:00 PM CET

10 tips to secure your small business network
They offer big security payoffs without spending a lot of time and money. [more]
Wednesday, 6 September 2006, 4:55 PM CET

Phishing attack targets Spanish mobiles
A mass mailing worm that attempts to trick users into downloading malware in response to bogus text messages is spreading in Spain. [more]
Wednesday, 6 September 2006, 4:42 PM CET

New Word flaw being used in attacks
Symantec warns that an unpatched flaw in the Windows 2000 version of Microsoft Office 2000 is being used by attackers to run unauthorized software on a victim's computer. [more]
Wednesday, 6 September 2006, 4:39 PM CET

How to: building a BlueSniper rifle
Watching the news these past few weeks, you would think that hackers have taken over our cellphones. [more]
Wednesday, 6 September 2006, 4:29 PM CET

IBM puts native data encryption on tape drives
IBM also announced it will be offering encryption key management software. [more]
Wednesday, 6 September 2006, 11:39 AM CET

Fingerprinting WiFi could secure MAC addresses
MAC address spoofing on wireless networks could come to an end with a new security technique that would allow network administrators to see a unique WiFi fingerprints for each device. [more]
Wednesday, 6 September 2006, 11:35 AM CET

BoI to refund phishing victims
Bank of Ireland has agreed to compensate victims of a recent phishing scam, backtracking from its earlier position. [more]
Wednesday, 6 September 2006, 11:32 AM CET

Hackers hijack wiki
An attempt by a UK cabinet minister to discuss proposed environment policy using a wiki has ended in embarrassment after pranksters made merry at the expense of the Department for Environment Food and Rural Affairs' (Defra). [more]
Tuesday, 5 September 2006, 2:36 PM CET

Sept. 11th spawned tech-security market
During the Cold War, Canada's National Optics Institute developed a system to detect which type of enemy tank or fighter jet was approaching. [more]
Tuesday, 5 September 2006, 2:35 PM CET

SMS phishing attacks hit mobile users
A security firm has warned that malware writers are attempting to fool mobile phone users with bogus text messages. [more]
Tuesday, 5 September 2006, 2:34 PM CET

The changing face of disaster recovery
Disaster recovery and remote office replication are increasingly becoming top-of-mind issues for IT professionals. It is ironic that tape, the most operationally unpredictable and error-prone media for backup and recovery, over time has become the primary media deployed in enterprise backup and disaster recovery implementations. The Gartner Group estimates that one-in-ten recovery images on tape is actually unrecoverable. [more]
Tuesday, 5 September 2006, 11:27 AM CET

A third of dodgy emails are phishing attacks
The lazy, hazy days of summer witnessed a continuation of the ongoing shift from large-scale virus outbreaks toward phishing and more targeted attacks, according to a study by net security firm MessageLabs. [more]
Tuesday, 5 September 2006, 11:13 AM CET

Year-long hunt fails to find IT security chief for NHS
Connecting for Health has failed to appoint a senior security director to oversee IT security across the NHS National Programme for IT despite a year-long search. [more]
Tuesday, 5 September 2006, 11:12 AM CET

Used cell phones, PDAs are treasure trove of confidential data
Most used cell phones and PDAs contain personal or business information that their former owners never got around to deleting. [more]
Tuesday, 5 September 2006, 12:33 AM CET

Quantum cryptography demo is a security first
Northwestern University researchers have joined forces with BBN Technologies to demonstrate what they are calling the first truly quantum cryptographic data network. [more]
Tuesday, 5 September 2006, 12:17 AM CET

Johnny Cache breaks silence on Apple Wi-Fi exploit
Jon Ellch -- aka Johnny Cache -- was one of the presenters of the now infamous "faux disclosure" at Black Hat and DEFCON last month. [more]
Tuesday, 5 September 2006, 12:09 AM CET

Virus threat not limited to AMD platforms
AMD has been quick to deny press reports that its processors are exclusively targeted by a proof-of-concept virus identified last week in a blog posting by security firm Symantec. [more]
Tuesday, 5 September 2006, 12:01 AM CET

Check Point defiant following departures
Security giant claims loss of high-profile staff will not affect growth. [more]
Monday, 4 September 2006, 4:12 PM CET

Google developing eavesdropping software
The first thing that came out of our mouths when we heard that Google is working on a system that listens to what's on your TV playing in the background, and then serves you relevant adverts, was "that's cool, but dangerous". [more]
Monday, 4 September 2006, 2:56 PM CET

RIAA doesn't like independent experts
For the past few years, the Recording Industry Association of America has battled file sharing by threatening those it suspects of illegally downloading music with lawsuits. [more]
Monday, 4 September 2006, 2:55 PM CET

List of data breach notices lengthening
AT&T, Sovereign and Verizon Wireless among latest to report security snafus. [more]
Monday, 4 September 2006, 2:55 PM CET

'Adware' attack on privacy tool
Software that claimed to provide increased privacy whilst surfing the web has been criticised by computer experts and the blogging community. [more]
Monday, 4 September 2006, 2:53 PM CET

Quantum cryptography demo is a security first
Northwestern University researchers have joined forces with BBN Technologies to demonstrate what they are calling the first truly quantum cryptographic data network. [more]
Monday, 4 September 2006, 2:34 PM CET

Microsoft preps seven July security patches
Microsoft plans to release seven security patches as part of its monthly security update on 11 July. [more]
Monday, 4 September 2006, 2:25 PM CET

Wi-Fi guidance becomes law in California
California legislators have passed a law which will force makers of wireless internet equipment to include guidance on keeping data secure on wireless connections. The law now awaits signature by Governor Arnold Schwarzenegger. [more]
Monday, 4 September 2006, 2:25 PM CET

Attention IT managers: malware is not your biggest threat
Automatic graylists can be an ideal approach to managing today's dynamic desktop environments. [more]
Friday, 1 September 2006, 8:17 PM CET

'Video-hams' tap into insecure surveillance cams
Surveillance cameras outfitted with internet technology are open to tampering and interception, security experts warn. [more]
Friday, 1 September 2006, 8:16 PM CET

The rise of behavioral biometrics
Enterprises often balk at the cost, constraints, and fickle performance of more traditional biometric technologies such as fingerprint, face, and iris scanners. Because of this, so-called behavioral biometrics -- including keystroke, mouse pattern, and voice analysis, in addition to such soft authentication methods as challenge/response questions -- have become more popular. [more]
Friday, 1 September 2006, 7:20 PM CET

Freenigma: Encryption for webmail
Until now, security-conscious email users could employ encryption with traditional email clients, but were out of luck with webmail services. Freenigma, a service to add encryption to third-party webmail services via a Firefox plugin, aims to add security to the convenience of webmail. My trial of the service indicates that it's making a good start, but has room to improve. [more]
Friday, 1 September 2006, 7:19 PM CET

Using images to fight phishing
So-called "phishing" Web sites set up by scammers to mimic financial institutions and swindle unwitting consumes often "inlink" or borrow logos and other images directly from the targeted institution's Web sites as a way of making their scam pages look more legitimate. [more]
Friday, 1 September 2006, 12:53 AM CET

Hackers renew Windows 'MS06-040' attacks
Two security companies say they have detected a significant increase in activity on one of two ports that an exploit against the MS06-040 vulnerability would use in an attack. [more]
Friday, 1 September 2006, 12:43 AM CET

Trusted computing a shield against worst attacks?
Trusted computing proponents may have found their best argument yet for incorporating specialized security hardware into every computer system. [more]
Friday, 1 September 2006, 12:12 AM CET

The many faces of authentication
Among other technologies, a new generation of behavioral biometrics is gaining traction. Financial risk management vendor Fair Isaac recently introduced a new product called Falcon One for Online Access, which monitors customer behaviors, such as typing and mouse pad patterns. [more]
Friday, 1 September 2006, 12:09 AM CET


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Aug 28th