Off the Wire

Off The Wire Archive

News items for September 2007

Dot-name becomes cybercrime haven
The company that controls the .name registry is charging for access to domain registration information, a step that security researchers say frustrates their ability to police the internet and creates a haven for hackers who run internet scams. [more]
Friday, 28 September 2007, 10:13 AM CET

Guide to online antivirus solutions part 7: F-Secure online virus scanner
After Panda Security NanoScan and TotalScan, Trend Micro's HouseCall, Kaspersky Online Scanner, Norman SandBox Malware Analyzer, BitDefender Online Scanner and ESET Online Scanner this week we are taking a look at F-Secure's online AV solution. [more]
Friday, 28 September 2007, 10:03 AM CET

Not much anonymity for unprotected file-sharers
The same technology that allows easy sharing of music, movies and other content across a network also allows government and media companies easy access to who is illegally downloading that content. [more]
Friday, 28 September 2007, 12:09 AM CET

5 things I've learned about privacy
As founder of the Ponemon Institute, a privacy and business ethics think tank, Dr. Larry Ponemon worries society will give up on privacy ideals as protecting personal data becomes harder. [more]
Friday, 28 September 2007, 12:00 AM CET

Two Patriot Act provisions ruled unlawful
A federal judge issued a stern rebuke of a key White House antiterror law, striking down as unconstitutional two pillars of the USA Patriot Act. [more]
Thursday, 27 September 2007, 6:14 PM CET

Privacy secured?
U.S. border entry rules help protect innocent people, Homeland Security boss says. [more]
Thursday, 27 September 2007, 5:42 PM CET

Building a cheap and powerful intrusion-detection system
You can easily build a powerful open source-based IDS in less than a day. [more]
Thursday, 27 September 2007, 5:38 PM CET

US video shows hacker hit on power grid
A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down. [more]
Thursday, 27 September 2007, 5:33 PM CET

Making a backup reminder script
I use the at scheduling daemon to schedule the backup reminders, and xdialog to present a graphical interface for the reminders. [more]
Thursday, 27 September 2007, 11:24 AM CET

Deploy CardSpace on your site without a SSL certificate
CardSpace in .Net Framework 3.0 required that sites deploying CardSpace always have a SSL certificate. This meant that every site that wanted to use CardSpace was forced to deploy an https site. [more]
Thursday, 27 September 2007, 10:49 AM CET

GMail flaw lets anyone read your e-mail
Hackers have revealed that your GMail account is vulnerable to an attack that allows malicious folks to keep tabs on your e-mail traffic. [more]
Thursday, 27 September 2007, 10:42 AM CET

Critical steps to secure your virtualized environment
Virtualization is one of the hottest technologies in the data center today, and with good reason. The benefits are clear. Virtualization can help reduce the physical space of the data center, lower hardware, software support and facilities costs, increase speed to deploy new servers and applications and enhance disaster recovery and business continuity. [more]
Wednesday, 26 September 2007, 8:20 PM CET

Tech wonders on homeland security horizon
Americans are facing a brave new world of post-September 11 technology marvels that could soon find their way into billions of dollars of projected homeland security spending. [more]
Wednesday, 26 September 2007, 2:43 PM CET

AOL Instant Messenger worm attack feared
Another browser-linked bug could be big threat. [more]
Wednesday, 26 September 2007, 2:02 PM CET

Encryption faulted in TJX hacking
Hackers stole millions of credit card numbers from discount retailer TJX Cos. by intercepting wireless transfers of customer information at two Miami-area Marshalls stores, according to an eight-month investigation by the Canadian government. [more]
Wednesday, 26 September 2007, 2:01 PM CET

Video: Uli Drepper on buffer overflow and libc attacks
In the second of five films featuring Uli Drepper, he talks a little more about buffer overflows and another security implementation currently being used. [more]
Wednesday, 26 September 2007, 10:52 AM CET

An short interview with the iPhone hacker
Several weeks ago, George Hotz, a 17-year-old student at the Rochester Institute of Technology, achieved cult status among hackers by being the first to unlock the iPhone from the AT&T network. [more]
Wednesday, 26 September 2007, 10:48 AM CET

Putting a stop to the cyberbullies
Stamping out bullying online is not going to be easy. [more]
Wednesday, 26 September 2007, 10:46 AM CET

Security experts pitch 'culture of data'
The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain. [more]
Wednesday, 26 September 2007, 10:44 AM CET

Book review - Security Metrics: Replacing Fear, Uncertainty, and Doubt
In the modern enterprise environment, investing in security and implementing is properly is a complex process that has to be based on certain metrics. Furthermore, how can one expect to efficiently protect and improve something that hasn't been measured? To help you with these problems comes a titles that promises to show you how to quantify, classify and measure information. Read on to see what it has to offer. [more]
Tuesday, 25 September 2007, 9:55 PM CET

(IN)SECURE Magazine issue 13 has been released
(IN)SECURE Magazine is a free digital security magazine in PDF format. In this issue you can read about social engineering, risk decision making, password management, PCI DSS compliance, data leakage, and much more. Download your FREE copy today! [more]
Tuesday, 25 September 2007, 6:17 PM CET

Contractor blamed in DHS data breaches
DHS spokesman Russ Knocke rejected the assertion. "We've taken the committee's allegations very seriously," he said. [more]
Tuesday, 25 September 2007, 10:34 AM CET

I was a cybercrook for the FBI
For 18 months beginning in April 2003, Thomas worked as a "paid asset" for the FBI. [more]
Tuesday, 25 September 2007, 10:31 AM CET

Mount a remote file system through SSH using SSHFS
If you want to access a remote file system through ssh you need to install SSHFS. SSHFS is a filesystem client based on the SSH File Transfer Protocol. [more]
Tuesday, 25 September 2007, 10:28 AM CET

CACI to expand high-security force
CACI International, an Arlington government contractor, said yesterday it was buying Athena Innovative Solutions, an intelligence-analysis firm with a coveted supply of employees with security clearances but also a controversial past. [more]
Tuesday, 25 September 2007, 10:19 AM CET

One view of why risk management takes too long
As I get back into the risk management arena after a sojourn in knowledge management (mainly designing knowledge-driven offerings and monetizing the associated intellectual property), I find yet another example of “the more things change, the more they stay the same.” [more]
Tuesday, 25 September 2007, 10:19 AM CET

Is cyber crime really the FBI's no. 3 priority?
The Federal Bureau of Investigation says that its No. 3 priority is protecting the United States "against cyber-based attacks and high-technology crimes." [more]
Tuesday, 25 September 2007, 12:00 AM CET

Interview with Jeremiah Grossman, CTO of WhiteHat Security
Jeremiah Grossman founded WhiteHat Security in 2001. Prior to WhiteHat, he was an Information Security Officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Jeremiah is a world-renowned leader in web security and frequent speaker at the Blackhat Briefings, NASA, Air Force and Technology Conference, Washington Software Alliance, ISSA, ISACA and Defcon. [more]
Monday, 24 September 2007, 10:41 PM CET

Kerberos may soon protect cellphones
Kerberos, a 20-year-old computer security technology with MIT roots, is about to be turbocharged for the mobile Internet era. [more]
Monday, 24 September 2007, 10:42 AM CET

Tech wonders on homeland security horizon
Lockheed Martin is working on a keychain-size, remote-controlled aerial vehicle that will transmit security data. [more]
Monday, 24 September 2007, 12:30 AM CET

Does antivirus have a future?
Creators of malware are no longer script kiddies after kudos - they're criminals after your cash. Can protection keep pace with them? [more]
Monday, 24 September 2007, 12:09 AM CET

New Firefox 3.0 alpha blocks malware, secures plug-in updates
Security features debut in latest preview, as Firefox 3.0 heads down the stretch. [more]
Monday, 24 September 2007, 12:00 AM CET

Telcos seek wiretapping immunity as legal pressure mounts
Always eager to lighten the load of overworked bureaucrats, the Electronic Frontier Foundation has volunteered its services to FCC Chairman Kevin Martin. [more]
Friday, 21 September 2007, 5:48 PM CET

Detection and remediation
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information. [more]
Friday, 21 September 2007, 2:01 PM CET

Hackers control PCs while users unaware
A few weeks ago Candace Locklear's office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software. [more]
Friday, 21 September 2007, 1:55 PM CET

Security outsourcing on the rise
As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. [more]
Friday, 21 September 2007, 1:54 PM CET

Fight cyber bullies, schools told
Schools are being given guidance urging them to take firm action against pupils who use mobile phones and the internet to bully other children and teachers. [more]
Friday, 21 September 2007, 11:03 AM CET

NSA to defend against hackers
In a major shift, the National Security Agency is drawing up plans for a new domestic assignment. [more]
Friday, 21 September 2007, 10:03 AM CET

Tens of thousands of CCTV cameras, yet 80% of crime unsolved
London has 10,000 crime-fighting CCTV cameras which cost £200 million, figures show today. [more]
Friday, 21 September 2007, 10:00 AM CET

Privacy a hot topic as RFID tagging grows in use
Industry needs to explain the value of RFID, advocate says. [more]
Friday, 21 September 2007, 1:14 AM CET

Virtual servers: more or less secure?
Virtual servers can be treated just like thin, densely stacked servers. But that misses the point: virtualization frees the server from its physical "body" and gives it flexibility and portability. To take advantage of these traits we have to adopt security measures that also are dynamic and flexible. [more]
Friday, 21 September 2007, 1:14 AM CET

IT risk becomes board-level issue
IT systems have become so integral to businesses that their failure can have disastrous consequences for an organisation, according to analysts Gartner. [more]
Thursday, 20 September 2007, 4:37 PM CET

Researcher finally publishes notorious Apple Wi-Fi attack
Researcher David Maynor has published details of the controversial Apple Wi-Fi hack he disclosed at last year's Black Hat conference. [more]
Thursday, 20 September 2007, 3:56 PM CET

Security researcher finds flaw in Windows Media Player
Petko Petkov outlines Windows hack using malicious media files. [more]
Thursday, 20 September 2007, 3:40 PM CET

TransUnion to offer credit freeze in all U.S. states
TransUnion, one of the three major consumer credit reporting bureaus, said Tuesday that starting next month it will allow consumers to freeze and thaw their credit files as a means to prevent identity theft. [more]
Thursday, 20 September 2007, 2:53 PM CET

Lesson from Tor hack: anonymity and privacy aren't the same
As the name implies, Alcoholics Anonymous meetings are anonymous. You don't have to sign anything, show ID or even reveal your real name. But the meetings are not private. [more]
Thursday, 20 September 2007, 2:52 PM CET

Book review: Certified Ethical Hacker Exam Prep
This title takes you on a tour of all the areas you need to be proficient in to pass the Certified Ethical Hacker exam. If you manage to absorb everything in this book, and based on the quality of your overall knowledge, you may not need to take a class before the exam. [more]
Wednesday, 19 September 2007, 8:12 PM CET

Security gurus look for better ways to classify malware
Two senior security veterans from Trend Micro are trying to get the industry to change how it classifies malicious software. [more]
Wednesday, 19 September 2007, 7:01 PM CET

Three minutes with Nokia's Enterprise Chief
Nokia is well known for its consumer devices but maintains a range of enterprise products. [more]
Wednesday, 19 September 2007, 7:00 PM CET

Security in virtual worlds: blurring the borders
While it is difficult to know for certain how and if transactions within virtual communities are recorded, it is likely that there is little or no record keeping being done. [more]
Wednesday, 19 September 2007, 2:47 PM CET

How to protect computer data
Encryption is effectively the last bastion of defense against information compromise. That is, when all else fails, we hope that the encryption employed is adequate. [more]
Wednesday, 19 September 2007, 11:06 AM CET

Tor node operator after run-in with police: "I can't do this any more"
Alexander Janssen, a Tor node operator located in Germany, has shut down his node after a second confrontation with police several months ago. [more]
Wednesday, 19 September 2007, 1:17 AM CET

The (practically) ultimate OpenSSH/Keychain howto
All right, so maybe this isn't quite the ultimate. But this howto will show you the fundamental ways to use OpenSSH and much more. [more]
Wednesday, 19 September 2007, 1:16 AM CET

Why application security is often overlooked
Most IT and security professionals recognize the importance of the applications we support. [more]
Tuesday, 18 September 2007, 5:43 PM CET

Hackers smack anti-piracy firm again and again
Hackers are taking credit for at least three breaches at anti-piracy firm MediaDefender. The newly revealed attacks threaten to turn what started as an embarrassing e-mail leak into a full-blown security meltdown for the company. [more]
Tuesday, 18 September 2007, 5:40 PM CET

The right formula for data leak protection
Whether on the race track, on the web or in the boardroom, data leaks are invariably bad news. Just ask Ferrari and McLaren, the F1 giants embroiled in controversy over allegedly stolen technical documents. Or, who made the monster mistake of losing over a million customer records to expert “phishers.” [more]
Tuesday, 18 September 2007, 2:32 PM CET

Intrusion detection in the age of compliance
While intrusion-detection technologies are clearly not a hot new thing anymore, they are still the subject of active industry debate. [more]
Tuesday, 18 September 2007, 10:49 AM CET

China has 750,000 zombie computers in U.S.
A former senior U.S. information security official says there are nearly three-quarter million personal computers in the United States taken over by Chinese hackers. [more]
Tuesday, 18 September 2007, 10:44 AM CET

Disable ldirectord checks
ldirectord is a daemon to monitor and administer real servers in a LVS cluster of load balanced virtual servers. ldirectord is typically used as a resource for heartbeat, but can also run standalone from the command line. [more]
Tuesday, 18 September 2007, 12:00 AM CET

Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
In this interview Mr. Gibson discusses various aspects of Windows Vista security, Internet Explorer 7 security and the upcoming Vista Service Pack 1. [more]
Monday, 17 September 2007, 7:47 PM CET

Volkswagen subpoena points up YouTube privacy risks
A legal spat between YouTube and Volkswagen is throwing light on the increasing copyright surveillance of social networking sites. [more]
Monday, 17 September 2007, 9:43 AM CET

Hi-tech crime 'is big business'
Internet crime is becoming a major commercial activity, according to a report by the security firm, Symantec. [more]
Monday, 17 September 2007, 9:42 AM CET

The dangers of automatic updates
When I started using GNU/Linux eight years ago, I was dumbfounded to encounter Debian users who started their day by upgrading their entire system. [more]
Monday, 17 September 2007, 6:18 AM CET

Abusing and misusing wireless cameras
No one likes having a bunch of wires hanging around, nor is it particularly easy to install networking wires and keep the office décor aesthetically pleasing. However, along with the benefits of keeping a wire-free office comes some serious and significant drawbacks. [more]
Monday, 17 September 2007, 12:21 AM CET

Formula One tells its spy story
A day after the world of Formula One was shocked by a $100 million fine over spying, the racing federation on Friday revealed some extraordinary details of the scandal. [more]
Monday, 17 September 2007, 12:00 AM CET

Digital security with GnuPG plugins
The GNU Privacy Guard (GnuPG) allows you to encrypt, decrypt, sign, and verify communications and data, as well as create and manage the keys needed for these tasks. [more]
Friday, 14 September 2007, 7:07 PM CET

Adding printers to your security planning
When talking about secure printing, two issues arise—securing a printer as a network device and then restricting access to the papers that get printed. Printers and copiers are no longer just dumb devices. [more]
Friday, 14 September 2007, 7:06 PM CET

Review: Spyware Terminator 2.0
Over the years, hundreds of anti malware applications started popping out on the Internet but only the best prevailed. One of these tools is Spyware Terminator and this review goes deep inside version 2.0. [more]
Friday, 14 September 2007, 11:41 AM CET

Google plans privacy crusade
Drawing upon its clout as the internet's most powerful company, Google is calling on businesses and regulators throughout the world to adopt international standards for protecting consumer privacy online and offline. [more]
Friday, 14 September 2007, 11:35 AM CET

Web stalkers targeted
The abuse of social networking sites such as MySpace and Facebook by internet stalkers is the focus of a new taskforce established by Communications Minister Helen Coonan. [more]
Friday, 14 September 2007, 1:38 AM CET

Microsoft sued by Beijing student for privacy infringement
A Beijing university student is suing Microsoft for infringing upon his privacy, demanding 1,350 yuan (180 U.S. dollars) in compensation and an apology printed in a national newspaper. [more]
Friday, 14 September 2007, 1:35 AM CET

St. Petersburg consulate Web site hacked
According to Sophos and McAfee, two U.S. Department of State Web sites based in Russia could contain malware and should be avoided. [more]
Friday, 14 September 2007, 1:32 AM CET

Microsoft downplays stealth update concerns
Windows must silently update its Update feature, says company. [more]
Friday, 14 September 2007, 1:12 AM CET

Exploit code appears for Microsoft Agent bug
Less than 24 hours after Microsoft released September's security patches, a proof-of-concept JavaScript exploit code that attacks Microsoft Agent was posted online. [more]
Friday, 14 September 2007, 12:12 AM CET

Video: Uli Drepper on buffer overflow
Find out how stack buffer overflows work, the vulnerabilities abused by such attacks, and a security implementation that can stop the attack before it even begins. [more]
Thursday, 13 September 2007, 11:46 PM CET

Google maps under scrutiny again
The Street View feature of Google Maps, with its close-up views of city streets and recognizable shots of people, could violate a Canadian law protecting individual privacy, officials said. [more]
Thursday, 13 September 2007, 11:59 AM CET

Online games and fraud: using games as bait
This article will explore how MMORPG passwords and virtual property are stolen and how other malicious acts are committed against MMORPG players. [more]
Wednesday, 12 September 2007, 10:31 PM CET

Real Life: How I broke into a hospital computer
Recently I was able to break into a hospital computer system. [more]
Wednesday, 12 September 2007, 4:06 PM CET

The Internet Firewall: R.I.P.?
Is the Internet firewall headed for extinction? [more]
Wednesday, 12 September 2007, 4:06 PM CET

Attack of the clones?
The world of misleading applications (aka "rogue antispyware") never ceases to amaze with clever social engineering and tricks to con and persuade users into parting with their hard-earned cash. [more]
Wednesday, 12 September 2007, 3:13 PM CET

Ex-FBI hacker informant arrested for alleged wire fraud
A computer expert who served as a confidential source for an elite FBI computer crime squad has been arrested on wire-fraud charges, five years after being released from federal prison for hacking into government computers. [more]
Wednesday, 12 September 2007, 2:18 PM CET

Anonymous browsing with JAP
When it comes to anonymous Web access, Tor is not the only fish in the sea. If you are looking for a lightweight utility that [more]
Wednesday, 12 September 2007, 11:00 AM CET

A month in the life of a HoneyPoint deployment
Hello. I am a HoneyPoint deployment. My administrator has deployed me on a small business network of a financial institution. [more]
Wednesday, 12 September 2007, 10:47 AM CET

China's eye on the Internet
The "Great Firewall of China," used by the government of the People's Republic of China to block users from reaching content it finds objectionable, is actually a "panopticon" that encourages self-censorship through the perception that users are being watched, rather than a true firewall, according to researchers at UC Davis and the University of New Mexico. [more]
Wednesday, 12 September 2007, 10:45 AM CET

Dark secrets and ugly truths: When ethics and IT collide
With IT's unfettered access to both professional and personal data, should "follow your conscience" be part of the job description? [more]
Wednesday, 12 September 2007, 10:42 AM CET

Algorithms keep fraud in check
Next time you travel overseas, complex mathematical formulas may be used to check that your spending patterns are not too far out of the ordinary. [more]
Wednesday, 12 September 2007, 10:36 AM CET

Expert do's and don'ts for dealing with data breaches
A data breach victim shares his advice for addressing leakage incidents, while another expert highlights the missteps taken by TJX in dealing with its information theft. [more]
Wednesday, 12 September 2007, 12:37 AM CET

All systems go for validation of updated OpenSSL module
When the Open Source Software Institute (OSSI) sought Federal Information Processing Standards (FIPS) 140-2 validation for its OpenSSL toolkit last year, it was anything but smooth sailing. [more]
Wednesday, 12 September 2007, 12:03 AM CET

French reveal China hacks
French information systems fell prey to cyber attacks "involving China", similar to those reported by the US, British and German governments, a top French security official said. [more]
Tuesday, 11 September 2007, 6:09 PM CET

Querying session data based on Snort rule IPs
Sometimes Snort rules can contain useful information but are not practical to use in production. The Bleeding Snort rules recently added a set of rules to detect connection attempts to known compromised hosts. If you take a look at the rules, you'll see that it is essentially a large list of IP addresses. [more]
Tuesday, 11 September 2007, 4:23 PM CET

Book review: The Practice of System and Network Administration 2/e
Despite being thick as a phone book, you'll see that this title is very clearly organized and can serve not just as a learning tool but also as an effective reference guide for seasoned system and network administrators. [more]
Tuesday, 11 September 2007, 3:55 PM CET

The perfect start with Smoothwall Express 3.0
Smoothwall Express is an internet firewall, which allows you to protect your network, as well as providing NAT functionality. [more]
Tuesday, 11 September 2007, 12:25 PM CET

11 essential tools for managing Active Directory
For a small Active Directory environment or one where you're only working with one or two additions or changes at a time, the GUI tools such as Active Directory Users and Computers might be sufficient for day-to-day administration. [more]
Tuesday, 11 September 2007, 9:46 AM CET

Creating packet traces of Nessus scans
Nessus 3 UNIX scanners have the ability to save all of their generated packets as a convenient libpcap compatible file. This means you can save your scans and view them under applications such as TCPDUMP or Wireshark. [more]
Tuesday, 11 September 2007, 9:39 AM CET

Sleeping on the job? Security at work-applicant sites faulted
In the face of criticism that they provided fertile ground for Web predators, online job sites have responded by posting warnings about work-at-home schemes and positions forwarding money or potentially stolen goods. [more]
Tuesday, 11 September 2007, 9:37 AM CET

Implement IPSec on Win2k3: clients and servers
In this installment, we'll continue our look at the implementation process, and configure IPSec secured communications between a Windows XP Professional system and a Windows Server 2003 system. [more]
Tuesday, 11 September 2007, 9:35 AM CET

Security changes coming in Vista SP1
Microsoft will unveil three security enhancements as part of its upcoming Windows Vista Service Pack 1 (SP1) release, slated for early 2008. [more]
Tuesday, 11 September 2007, 12:21 AM CET

NZ spies uncover cyber attacks
Government computer systems have been hacked into by foreign governments, the country's chief spymaster says. [more]
Tuesday, 11 September 2007, 12:00 AM CET

A closer look at the CCNP Video Mentor
The CCNP Video Mentor helps CCNP candidates prepare to pass the series of CCNP exams by supplying 16 instructional videos. Each video presents a unique lab scenario, with both visual references and audio explanations of what you should expect to happen in a particular lab. [more]
Monday, 10 September 2007, 4:04 PM CET

Pfizer breach exposes data on 34,000 people
Pfizer Inc. last week confirmed that the personal data of as many as 34,000 people may have been illegally accessed and downloaded from a company computer system by a former employee. [more]
Monday, 10 September 2007, 3:56 PM CET

Rainbow hash cracking
The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password "Fgpyyih804423" in 160 seconds. [more]
Monday, 10 September 2007, 10:50 AM CET

Tor at heart of embassy passwords leak
Tor advertises itself as a means for people and groups to improve their privacy. And when used properly, the distributed, anonymous network does just that. [more]
Monday, 10 September 2007, 10:39 AM CET

Police busted after tracking device found on car
A police operation to covertly follow a Central Otago man came to an abrupt halt this week when the man found tracking devices planted in his car, ripped them out and listed them for sale on Trade Me. [more]
Monday, 10 September 2007, 12:15 AM CET

Python for system administrators
The examples in this article demonstrate different Python features that you can put to practical use. [more]
Monday, 10 September 2007, 12:03 AM CET

Alum charged with hacking into Texas A&M
A recent graduate of Texas A&M University is charged with hacking into the school's computer system and illegally accessing information on 88,000 current and former students, faculty and staff members. [more]
Friday, 7 September 2007, 12:33 PM CET

Make mashups secure
Mashups offer unprecedented agility in developing lightweight Web applications for the enterprise. Here’s how to keep them from becoming a security risk. [more]
Friday, 7 September 2007, 12:32 PM CET

Taxpayers, State wrestle with data breaches
It's not likely that you spent more of your Labor Day weekend thinking about the omnipresent and growing threat of identity theft than Jackie Legnos did. [more]
Friday, 7 September 2007, 12:26 PM CET

Indictment here marks "new age" of ID theft
Like millions of computer users, Gregory Kopiloff used the file-sharing program known as LimeWire to swap digital content with people all over the world. But federal prosecutors say Kopiloff, 35, was not only using LimeWire to download music, movies or video games. [more]
Friday, 7 September 2007, 12:25 PM CET

The security trickle down effect
Sarbanes Oxley, ISO 27002, GLBA - what do they all have in common? [more]
Friday, 7 September 2007, 11:22 AM CET

Guide to online antivirus solutions part 6: ESET Online Scanner
After Panda Security NanoScan and TotalScan, Trend Micro's HouseCall, Kaspersky Online Scanner, Norman SandBox Malware Analyzer and BitDefender Online Scanner this week we are taking a look at Eset's online AV solution. [more]
Thursday, 6 September 2007, 12:21 PM CET

Zombie Pfizer computers spew spam
Computers inside pharmaceutical giant Pfizer's network are spamming the internet, but the e-mails are not part of Pfizer's official marketing efforts. [more]
Thursday, 6 September 2007, 11:22 AM CET

Monitor your servers with SNMP and Cacti
This tutorial will show how to configure the network manager to use Cacti and how to set up snmp on the managed host. [more]
Thursday, 6 September 2007, 11:21 AM CET

Implement IPSec on Windows Server 2003
Here we'll take a look at the process of implementing IPSec on a Windows Server 2003 system. [more]
Thursday, 6 September 2007, 11:15 AM CET

Practical 10 minutes security audit: Oracle case
This paper will show an extremely simple technique to quickly audit a software product in order to infer how trustworthy and secure it is. It will show you step by step how to identify half dozen of local 0day vulnerabilities in few minutes just making a couple of clicks on very easy to use free tools, then for the technical guys enjoyment the vulnerabilities will be easily pointed out on disassembled code and detailed, finally a 0day exploit for one of the vulnerabilities will be demonstrated. [more]
Wednesday, 5 September 2007, 4:06 PM CET

All UK 'must be on DNA database'
The whole population and every UK visitor should be added to the national DNA database, a senior judge has said. [more]
Wednesday, 5 September 2007, 3:47 PM CET

Set up a Web server cluster in 5 easy steps
Construct a highly available Apache Web server cluster that spans multiple physical or virtual Linux servers in 5 easy steps with Linux Virtual Server and Heartbeat v2. [more]
Wednesday, 5 September 2007, 11:02 AM CET

DoJ, states divided on Microsoft antitrust success
The US Department of Justice and five States have declared themselves satisfied with the antitrust enforcement efforts taken against Microsoft despite a further seven States maintaining they have had 'little or no discernible impact in the marketplace.' [more]
Tuesday, 4 September 2007, 5:51 PM CET

Book review: Securing VoIP Networks
With the proliferation of VoIP networks and a substantial amount of FUD (Fear, Uncertainty and Doubt) that surrounds the process of implementing security on these networks, this book couldn't have arrived on the shelves at a better time. [more]
Tuesday, 4 September 2007, 4:59 PM CET

China denies Pentagon cyber-raid
China has denied reports that its military hacked into the computer network of the US Department of Defense in Washington. [more]
Tuesday, 4 September 2007, 4:54 PM CET

Pentagon hacked, Chinese Army suspected: report
If you live in China and want to take a shot at hacking into American military computer systems, there may be a place for you in the Chinese military. [more]
Tuesday, 4 September 2007, 9:54 AM CET

Senate blocks mandatory ID implants in employees
Tackling a dilemma right out of a science fiction novel, the state Senate passed legislation Thursday that would bar employers from requiring workers to have identification devices implanted under their skin. [more]
Tuesday, 4 September 2007, 1:21 AM CET

Safeguarding information
Information security is critical for any organization that depends on information systems and computer networks to carry out its mission. It is especially important for government agencies, where maintaining the public’s trust is essential. [more]
Tuesday, 4 September 2007, 12:00 AM CET

Log management in PCI compliance
The importance of effective and efficient log data management in payment networks cannot be under emphasized. In fact, the result of data mismanagement can be devastating. [more]
Monday, 3 September 2007, 8:42 PM CET

Sony confirms security problem
Electronics giant Sony has confirmed a recently discovered security flaw in some of its products that could leave PCs vulnerable to attack by hackers. [more]
Monday, 3 September 2007, 3:55 PM CET

Understanding federated identity
Federated identity management is a relatively new concept that is an extension of identity management, which is a centralized, automated approach to regulating access to enterprise resources by employees and other authorized individuals. [more]
Monday, 3 September 2007, 11:34 AM CET

The privacy market has many sellers, but few buyers
Privacy is fast becoming the trendy concept in online marketing. [more]
Monday, 3 September 2007, 11:32 AM CET

Nmap from an ethical hacker's view
What, another Nmap tutorial? Yes that's true, but I am hoping to approach it a little differently than what I have seen available. [more]
Monday, 3 September 2007, 11:30 AM CET

Feds plan IDs to restrict volunteers at disasters
In an effort to provide better control and coordination, the federal government is launching an ambitious ID program for rescue workers to keep everyday people from swarming to a disaster scene. [more]
Monday, 3 September 2007, 2:06 AM CET

Fast FPGA-based SHA-1 and MD5 bruteforce cracker
NSA@home is a fast FPGA-based SHA-1 and MD5 bruteforce cracker. It is capable of searching the full 8-character keyspace (from a 64-character set) in about a day in the current configuration for 800 hashes concurrently. [more]
Monday, 3 September 2007, 12:09 AM CET

Mobile workers undo security measures
IT departments go through all kinds of headaches to lock down their computers, only to have their employees undermine everything with foolish behavior out of the office. [more]
Monday, 3 September 2007, 12:00 AM CET


Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 2nd