Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • Another image problem, this time for Linux

    Posted September 16, 2004 - 12:05 pm

    Another highly critical image-based security hole has been found, sparking a flurry of patches from Linux vendors.
  • Man in the middle

    Posted September 16, 2004 - 10:05 am

    At Geisinger Medical Center in rural Danville, Pa., the chief information security officer grapples with balancing the demand for more open access to patient medical records online with security and compliance requirements.
  • Critical flaws flagged in Mozilla, Thunderbird

    Posted September 16, 2004 - 9:43 am

    The Mozilla Project, the open-source developer of the Mozilla and Firefox Web browsers and Thunderbird email program, has warned of "highly critical" holes in its three core products and is urging users to upgrade immediately to patch the vulnerabilities.
  • On fed payroll, hackers seek to save America

    Posted September 16, 2004 - 9:15 am

    The new cyber security center in the Idaho National Engineering and Environmental Laboratory, sponsored by the U.S. Department of Energy, is relying on a team of White Hat hackers to test the security of the nation's infrastructure, including the computer systems that run railroads, utilities and other fundamental services.
  • Man pleads guilty in massive credit info theft case

    Posted September 15, 2004 - 1:35 pm

    A man charged in one of the largest identity theft scams in U.S. history pleaded guilty to charges of conspiracy, wire fraud, and fraud in connection with identity documents Tuesday and could face up to 50 years in prison, according to a statement from U.S. Attorney David Kelley, of the Southern District of New York.
  • JPEG handling flaw threatens PCs, Microsoft warns

    Posted September 14, 2004 - 5:03 pm

    A security flaw in the way many Microsoft Corp. applications process JPEG images could allow an attacker to gain control over a computer running the software. Any program that processes JPEG images could be vulnerable, Microsoft said in Security Bulletin MS04-028.
  • IETF deals Microsoft's e-mail proposal a setback

    Posted September 14, 2004 - 4:46 pm

    A proposed technology for identifying the source of e-mail messages suffered a blow last week when a group within the Internet Engineering Task Force (IETF) established to study the proposal sent it back for more work, citing concerns over vague intellectual property claims made by Microsoft Corp. covering some of the technology.
  • Relocation services firm digs out worms

    Posted September 14, 2004 - 1:18 pm

    When a wave of worms and viruses -- including Blaster and SoBig.F -- started causing network outages and altering business data at a $2.2 billion relocation services firm, the company cleaned house with two applications: One rooted out all the worms in the network and unearthed the source of the infection while the other uses behavior-based technology to search-and-destroy at the perimeter.
  • Want more secure software? Then give your vendor hell

    Posted September 14, 2004 - 1:15 pm

    Owing to the proliferation of mobile networking technologies and corporate reliance on the Internet, downtime related to security issues will triple, from 5 percent to 15 percent of total downtime, between now and 2008, according to research from the Gartner Group.
  • Talking worm attacks Windows users

    Posted September 14, 2004 - 1:11 pm

    In the "curiouser and curiouser" category, a new worm, dubbed Amus and apparently from Turkey, uses the Windows Speech Engine embedded in Windows XP to play an audio greeting to users on boot-up.
  • New worm installs network traffic sniffer

    Posted September 14, 2004 - 1:07 pm

    Signaling a new trend in auto-propagating worms, a worm discovered earlier this month tries to install a network sniffer on the infected computer to capture login and banking information from other computers connected to the same network.
  • Hundreds of products fall through MIME security flaw

    Posted September 14, 2004 - 1:04 pm

    Security firm Corsaire has warned that 190 discrete attack vectors in the widely used MIME (Multi-Purpose Internet Mail Extensions) protocol could have a serious impact on myriad e-mail gateway products.
  • Unix and Linux admin console exposed by bug

    Posted September 14, 2004 - 10:47 am

    A bug in Usermin, a widely-used administration console for Unix and Linux, could allow an attacker to run malicious code via a specially-crafted email, according to security researchers.
  • Apple fixes OS X security update

    Posted September 14, 2004 - 10:44 am

    Just days after releasing a security update, Apple Computer Inc. has posted a new update to fix a number of problems with it, including the correction of the path to the configuration directory, and, for Safari 10.3.5 users, changing the Safari version number to provide compatibility with Web sites that use an old version-checking mechanism.
  • Patents keep Sender ID in limbo

    Posted September 13, 2004 - 11:57 pm

    Microsoft wants its Sender ID spam-fighting technology to be accepted by the IETF as a standard, but open source advocates say Redmond's patent terms will make it impossible to incorporate the technology into any open source products. Attempts at compromise are underway; read on to find out more.
  • Hardening Network Infrastructure

    Posted September 13, 2004 - 3:34 pm

    ISBN: 0-07-225502-1

    Posted with permission of McGraw-Hill/Osborne. Click here for a detailed description and to learn how to purchase this title.

  • Hardening Windows Systems

    Posted September 13, 2004 - 3:33 pm

    ISBN: 0-07-225354-1

    Posted with permission of McGraw-Hill/Osborne. Click here for a detailed description and to learn how to purchase this title.

  • Protecting Linux servers

    Posted September 13, 2004 - 12:12 pm

    If you move from Windows to Linux, you need to pick up a whole set of new security skills. This tip will help you get started by explaining your firewall options.
  • Symantec launches antiphishing service

    Posted September 13, 2004 - 10:08 am

    Symantec Corp. is fishing for dollars with a new brand protection service that will use its global network of researchers and its desktop software to help companies combat the ongoing epidemic of online identity theft, or "phishing," scams.
  • Author: Insiders top high-tech crime threat

    Posted September 10, 2004 - 1:43 pm

    The author of a new book, High-Tech Crimes Revealed, discusses insider threats, high-tech forensics and real cybercrimes vs. the hype in this Q&A.
  • Firewall/VPN security appliance market heating up as big business deploys solutions

    Posted September 10, 2004 - 1:37 pm

    Secure Socket Layer (SSL) VPN shipments increased by 160% during 2003, in an otherwise soft IT market, driven by the need to provide mobile employees with secure remote access. Overall, firewall/VPN security appliance shipments grew by 27 percent, as large corporations moved from product trials to mass deployment.
  • Telenor takes down 'massive' botnet

    Posted September 10, 2004 - 1:26 pm

    In Norway, telecommunications company Telenor announced that its security staff has located and dismantled a network of more than 10,000 zombie PCs that were being controlled across Internet Relay Chat (IRC) channels.
  • Trillian MSN module flaw warning

    Posted September 10, 2004 - 11:41 am

    Security researchers have found a flaw in the popular Trillian cross-platform instant messaging client that can be exploited to cause a buffer overflow. The vulnerability is within Trillian's MSN module, which connects it to the Microsoft chat network.
  • Tech industry presents less-than-unified defense

    Posted September 10, 2004 - 11:33 am

    In part 2 of a two-part investigative series, security experts and industry executives tell USA Today that relying on end-users to secure their own PCs is "akin to making car drivers responsible for installing their own seat belts," and assert that the industry must join forces to put up a unified defense against cyberattacks.
  • Lies, damned lies and computer security

    Posted September 10, 2004 - 11:21 am

    A corporate executive who regaled attendees of a conference on HIPAA compliance with a story about how his IT security pros had thwarted a phishing attack by breaking into the perpetrator's Hong Kong-based server was himself the victim of an IT spoof, says columnist Paul Murphy. The tactics his team said they used might be doable by someone like the character Marshall on "Alias," but in the real world, unlikely.
Join us:






Join today!

See more content
Ask a Question