Deconstructing Code

Half of All Computers Aren't Properly Patched

From InformationWeek:
According to McAfee's "AVERT" virus research team half or more of the computers connected to the Internet aren't properly patched or updated.

Posted by rshah on April 25, 2005| Comments (0)

Pacemakers, Hackers, and the FDA

From Engadget: The fear: hackers are after your pacemaker:

Jerry and the Pacemaker

A story in the Portsmouth Herald notes the security concerns of defibrillator technology. Defibrillators or pacemakers fit inside the body and can "shock" a heart back into rhythm. Newer devices that have been approved by the FDA are designed to relay information, such as an electrocardiogram by holding a wand besides the chest. The wand is then connected to a machine that encrypts the information and transmits it through phone lines. This allows a physician to remotely monitor a patient.

The security concerns arise for new models that will allow physicians to program the pacemaker through the phone line. Besides a programming error, there are concerns that a hacker could intercept and change the program for the pacemaker. However, this is currently theoretical, since the FDA has not approved any of these types of pacemakers.

Posted by rshah on February 25, 2005| Comments (0)

Routers with Virus Throttling Technology

HP is introducing new security features in its routers.
According to Infoworld:

Hewlett-Packard's ProCurve Networking unit today introduced a line of branch-office routers designed to provide secure communications with a headquarters site and unveiled "virus-throttling" technology aimed at stopping the spread of malicious code over a network. It also rolled out the ProCurve Switch xl Access Controller Module, designed to provide secure access to mobile users seeking to connect to a ProCurve switch at the edge of a network.

Posted by rshah on February 24, 2005| Comments (0)

Net users responsible for security, industry reps say

In the battle against online scams, consumers have a responsibility to use the tools provided by technology vendors to protect their personal data, privacy executives from eBay, HP, Microsoft and Truste said Thursday.

According to Microsoft's chief privacy strategist, Peter Cullen, the analogy is seat belts:

Cullen likened the adoption of security tools to when seatbelts were first introduced in cars. At first, not many drivers used the seatbelts, but usage rose after a concerted public information campaign.

I don't think the seatbelt example is too useful.
First, lets remember that seatbelts were a low cost regulation by government that has proven tremendously effective. Link
Second, seatbelt usage changed drastically over the last 20 years. It was not only accomplished by public education campaigns, but also by making it a criminal offense.
Finally, seatbelts were available for people to use. They were relatively simple to operate. The same cannot be said for security issues with computers. After all, computers must be constantly updated and users must be constantly learning new techniques to deal with security risks. People would not drive an automobile that required such a high degree of maintenance or constant training. (Link to mandatory joke comparing Windows to Cars).

Posted by rshah on February 09, 2005| Comments (0)

TCP vulnerability could lead to bigger gateway protocol problems

TCP vulnerability could lead to bigger gateway protocol problems
A vulnerability in the Transmission Control Protocol discovered by researchers last year could cause greater than anticipated problems with inter-domain routing using the Border Gateway Protocol, the Department of Homeland Security warned this week.

Posted by rshah on May 10, 2004| Comments (0)

Gov't Rolls Out Cyber Alert System

Gov't Rolls Out Cyber Alert System
The federal government's National Cyber Security Division (NCSD) on Wednesday launched a new unit to serve as a clearinghouse of data on malicious hacking and virus threats against computer systems. The new National Cyber Alert System plans to issue free e-mail alerts about potential security risks to businesses, government departments and home users.

Posted by rshah on February 08, 2004| Comments (0)

Security firms put up 'Personal Firewall Day'

Security firms put up 'Personal Firewall Day'
Straddling the line between public service and marketing, Microsoft and a handful of security companies are sponsoring a campaign to heighten consumer security awareness and have declared Jan. 15 "Personal Firewall Day."

Posted by rshah on February 08, 2004| Comments (0)

U.S. Gov't Plans Internet Security Ads

U.S. Gov't Plans Internet Security Ads
Consumers who ignore advice about how to protect themselves against hackers, viruses and fraudsters online will soon find it harder to tune out thanks to a nationwide media blitz being crafted by the Department of Homeland Security and a group of high-tech companies.

Posted by rshah on December 26, 2003| Comments (0)

China implements new Wi-Fi security standard

China implements new Wi-Fi security standard
Chinese government agencies are prohibiting the import, manufacture and sale of Wi-Fi gear that does not use China's new security specification, which is incompatible with standards technology industry groups developed.

Posted by rshah on December 10, 2003| Comments (0)

Cybersecurity Talk Is Cheap

Cybersecurity Talk Is Cheap
Less than a year after the Bush administration unveiled its National Strategy to Secure Cyberspace, the finger pointing over who is to blame for failing to implement its recommendations has already begun.

Posted by rshah on December 03, 2003| Comments (0)

DNS servers prove resilient

DNS servers prove resilient
In the year since last October's high-profile attacks on the Internet's root Domain Name System servers, improvements in load distribution and processing capacity have made the Internet's core addressing system more resilient. But the lack of security at lower levels of the DNS stack remains worrisome, according to security experts.

Posted by rshah on November 19, 2003| Comments (0)

'Net security gets root-level boost

'Net security gets root-level boost
A year after surviving a massive distributed denial-of-service attack, the Internet's root servers are better fortified against hacker activity, thanks to behind-the-scenes deployment of a routing technique known as Anycast, experts say.

Posted by rshah on November 19, 2003| Comments (0)

New law would require computer security audits, status reports

New law would require computer security audits, status reports
New legislation being drafted in the U.S. House of Representatives, which could be introduced as early as next week, would require all publicly traded companies to conduct independent computer security assessments and report the results yearly in their annual reports.

Posted by rshah on November 19, 2003| Comments (0)

Fortifying BGP: No quick fix

Fortifying BGP: No quick fix
Yet seven years later, BBN's Secure BGP (S-BGP), which establishes a public-key infrastructure to stymie IP address spoofing, is still a work in progress and has yet to be implemented in Internet routers. Router memory constraints, processing overhead concerns and the downtrodden state of the telecom economy are cited as reasons why.

Posted by rshah on October 20, 2003| Comments (0)

Microsoft CEO Vows Better Security

Microsoft CEO Vows Better Security
Microsoft Corp. Chief Executive Officer Steve Ballmer said the battle against Internet-borne attacks on Microsoft products is a "defining moment" for the company, on a par with its antitrust fight with the federal government and its belated push into Internet software.

Posted by rshah on October 14, 2003| Comments (0)

U.S. Cybersecurity Efforts Lacking, Says Former Presidential Cybersecurity Advisor Clarke

U.S. Cybersecurity Efforts Lacking, Says Former Presidential Cybersecurity Advisor Clarke
The federal government has failed to implement its cybersecurity strategy and is less capable of helping protect the nation's critical infrastructure than it was a year ago, said Richard Clarke, former special advisor to the president on cybersecurity.

Posted by rshah on July 31, 2003| Comments (0)

Firms Raced to Fix Internet Hardware Flaw

Firms Raced to Fix Internet Hardware Flaw
Round-the-clock security upgrades were initiated across the globe last week in response to a Cisco Systems Inc. announcement that it had discovered a vulnerability in the software that operates its widely used router hardware.

Posted by rshah on July 31, 2003| Comments (0)

Grandiose Schemes for Electronic Eavesdropping May Hurt More Than They Help

Grandiose Schemes for Electronic Eavesdropping May Hurt More Than They Help
Israeli companies, spies, and gangsters have hacked CALEA for fun and profit, as have the Russians and probably others, too. They have used our own system of electronic wiretaps to wiretap US, because you see that's the problem: CALEA works for anyone who knows how to run it. Not all smart programmers are Americans or wear white hats.

Posted by rshah on July 16, 2003| Comments (0)

Uneasiness About Security as Government Buys Software

Uneasiness About Security as Government Buys Software
A tension in the information technology industry, as crucial computer programming is increasingly performed outside the United States, either in the form of jobs exported from this country or by a growing array of foreign competitors. The trend poses risks, in the view of some American government officials, because of the potential for foreign spies to sneak illicit code into critical programs, and simply because the United States is increasingly losing dominance in information technology.

Posted by rshah on July 07, 2003| Comments (0)

Government Forms Cybersecurity Unit

Government Forms Cybersecurity Unit
The Department of Homeland Security on Friday said it created a new division to address threats to the nation's technological infrastructure. Called the National Cyber Security Division (NCSD), the 60-person unit is charged with addressing potential security breaches to private-sector and government computer systems

Posted by rshah on June 24, 2003| Comments (0)

Bluetooth security should raise red flags

Bluetooth security should raise red flags
Because much of the Bluetooth wireless security model is optional, network executives should start setting policies for handling the short-range radio technology, according to new Gartner research.

Posted by rshah on January 09, 2003| Comments (0)

Fed plan exposes 'Net's weak links

Fed plan exposes 'Net's weak links
In the fine print of the Bush administration's recently released cybersecurity strategy is the stark admission that three critical components of the Internet's infrastructure are highly vulnerable to a variety of attacks. The three troublesome components underpin all Internet communications. They are: IP; DNS, which matches lengthy, numeric IP addresses to simple names for Web and e-mail traffic; and Border Gateway Protocol (BGP), which controls interdomain routing between carriers.

Posted by rshah on October 11, 2002| Comments (0)

Microsoft: Does it pay to be safe?

Microsoft: Does it pay to be safe?
Microsoft is considering charging for additional security options and acknowledges that it didn't move on security until customers were ready to pay for it. The company "may offer new security abilities on a paid basis," Microsoft Chief Technical Officer Craig Mundie said here at this week's RSA Conference on tech security. Such a possibility is one of many under consideration within Microsoft's security business unit, recently set up under its own vice president, Mike Nash.

Posted by rshah on October 10, 2002| Comments (0)

Universities tapped to build secure Net

Universities tapped to build secure Net
The National Science Foundation (NSF) is expected to announce that it has enlisted five university computer science departments to develop a secure, decentralized Internet infrastructure. The joint project, dubbed Infrastructure for Resilient Internet Systems (IRIS), aims to use distributed hash table (DHT) technology to develop a common infrastructure for distributed applications.

Posted by rshah on September 26, 2002| Comments (0)

Government's Seal of Security

Government's Seal of Security
Creating a "Good Housekeeping" approval seal of sorts, the government is releasing standards and a software program that will help computer users configure their systems for maximum security against hackers and thieves. The program will be made available free to anyone and mandated for some federal agencies.

Posted by rshah on July 17, 2002| Comments (0)

Palladium concerns Microsoft's competitors, not lawyers

Palladium concerns Microsoft's competitors, not lawyers
Palladium is the code-name for Microsoft's new security initiative, announced Monday, which is designed to create a "trusted space" within a PC for certain programs and other sensitive operations to run in. The system will require security hardware, in the form of a chip, as well as software.

Posted by rshah on June 28, 2002| Comments (0)

CONSORTIUM CREATED TO IMPROVE SOFTWARE RELIABILITY

CONSORTIUM CREATED TO IMPROVE SOFTWARE RELIABILITY
Eighteen organizations are joining Carnegie Mellon University to improve software reliability and security. The Sustainable Computing Consortium (SCC) includes Oracle, Microsoft, Cisco Systems, American International Group (AIG) and NASA. The National Research Council recently released statistics that last year U.S. companies spent $12.3 billion to repair systems affected by computer viruses and $175 billion on damages caused by software defects.

Posted by rshah on May 23, 2002| Comments (0)

Congress: Tighten IT security

Congress: Tighten IT security
Prompted by last year's terrorist attacks, momentum is building on Capitol Hill to expand the role of the National Institute of Standards and Technology in establishing IT security standards and best practices. But the prospect is raising concerns in some circles.

Posted by rshah on April 24, 2002| Comments (0)

Anti-Trustworthy computing

Anti-Trustworthy computing
Microsoft's new security drive aims to appease Hollywood, comfort consumers and reinvigorate the PC. But will the price for such safety be too high?

Posted by rshah on April 09, 2002| Comments (0)

Microsoft Programmers Focus on Secure Software

Microsoft Programmers Focus on Secure Software
The shift in focus began early in February, when the company held a dozen half-day training sessions for its programmers, about 1,000 at a time.

Posted by rshah on April 08, 2002| Comments (0)

Security-flaw guidelines hit pothole

Security-flaw guidelines hit pothole
A proposal on how security bugs in software should be responsibly disclosed to the public was withdrawn from the Internet's primary technical-standards body, the IETF. The IETF signaled in comments on the draft submitted in February that human procedures are not its purview, said Steve Christey. Christey is lead information security engineer for government engineering firm MITRE and one of the two authors of the guidelines.

Posted by rshah on March 19, 2002| Comments (0)

The Best Way to Make Software Secure: Liability

The Best Way to Make Software Secure: Liability
To date, there has been little incentive for Microsoft and other off-the-shelf software makers to do more. Why? Because they have insulated themselves by disclaiming all product liability. The courts have decided that buyers waive their right to sue after clicking the "I accept" button when they install software.

Posted by rshah on March 12, 2002| Comments (0)

Do OS Vendors Sell Lemons?

Do OS Vendors Sell Lemons?
Government Web intrusions mainly occur because vendors sell systems with security holes, a researcher told a federal advisory panel on Thursday. Alan Paller, director of research at the SANS Institute, presented his findings to a National Institute of Standards and Technology body that was meeting to discuss minimum cybersecurity standards for the U.S. government.

Posted by rshah on March 08, 2002| Comments (0)

Cyber Attacks on the Rise, Study Says

Cyber Attacks on the Rise, Study Says
Cyber attacks are becoming more common and targeted, according to a study, and security experts warned that the trend is only going to increase. Tracking the security breaches of more than 300 clients across the world, Internet security firm Riptech said it verified at least 128,678 cyber attacks from July to December 2001.

Posted by rshah on January 28, 2002| Comments (0)

Gates: Security a top priority

Gates: Security a top priority
In an e-mail sent to employees Wednesday and leaked to the Associated Press, Gates said that the company intends to shift from focusing on features to spotlighting security and privacy. "When we face a choice between adding features and resolving security issues, we need to choose security," Gates wrote in the e-mail. "Our products should emphasize security right out of the box."

Posted by rshah on January 17, 2002| Comments (0)

Software security law call

Software security law call
An influential body of researchers, US National Academy of Sciences (NAS), is calling on the US Government to draft laws that would punish software firms that do not do enough to make their products secure.

Posted by rshah on January 16, 2002| Comments (0)

Security Flaws May Be Pitfall for Microsoft

Security Flaws May Be Pitfall for Microsoft
Microsoft's decade-long focus on cramming new features into its products has come at the expense of protecting computers against viruses and hacking attacks, which are costing customers billions of dollars a year and becoming a top concern of companies and government officials.

Posted by rshah on January 15, 2002| Comments (0)

Microsoft's security push lacks oomph

Microsoft's security push lacks oomph
Microsoft's security initiatives and the release of the company's "most secure operating system yet" haven't quashed myriad holes that security experts say put customers in harm's way.

Posted by rshah on January 11, 2002| Comments (0)

U.S. Cyber Security Weakening

U.S. Cyber Security Weakening
U.S. computer systems are increasingly vulnerable to cyber attacks, partly because companies are not implementing security measures already available, according to a new report released in Jan 2002. "From an operational standpoint, cyber security today is far worse that what known best practices can provide," said the Computer Science and Telecommunications Board, part of the National Research Council.

Posted by rshah on January 09, 2002| Comments (0)

Latest Hacker Target: Routers

Latest Hacker Target: Routers
Carriers and ISPs can implement stronger authentication, filters to direct traffic and tools to detect and trace attacks, but the bottom line is that protocols such as BGP need enhanced security, said Jim Lippard, director of computer network security at carrier Global Crossing.

Posted by rshah on December 31, 2001| Comments (0)

FBI Develops Eavesdropping Tools

FBI Develops Eavesdropping Tools
The Magic Lantern technology, part of a broad FBI project called "Cyber Knight," would allow investigators to secretly install over the Internet powerful eavesdropping software that records every keystroke on a person's computer, according to people familiar with the effort.

Posted by rshah on November 26, 2001| Comments (0)

FBI Presses Telcos For Expanded Wiretap Access

FBI Presses Telcos For Expanded Wiretap Access
But Lee Tien, a lawyer with the Electronic Frontier Foundation - a digital rights advocacy group based in San Francisco – said the FBI probably is focusing more on priming carriers to consider its needs as they design the systems they’ll deploy in the years to come. “The bureau would love to get people to design in these capabilities where it’s not legally required, and in fact that’s what’s going to happen,” said Stewart Baker.

Posted by rshah on November 26, 2001| Comments (0)

Vinton Cerf on the future of e-mail

Vinton Cerf on the future of e-mail
I think people are beginning to realize that privacy is of real value and that it would be helpful if encrypted e-mail were as easy to generate as the encrypted link we all use on the World Wide Web when filling out e-commerce forms

Posted by rshah on November 16, 2001| Comments (0)

U.S. prepares to launch cyber-offensives

U.S. prepares to launch cyber-offensives
The U.S. military has been working on tools that could wreak electronic havoc on countries accused of harboring terrorists as well as on ways of defending global networks against cyberattack.

Posted by rshah on November 09, 2001| Comments (0)

Microsoft: Stop leaking bug code!

Microsoft: Stop leaking bug code!
Microsoft, whose software has been at the center of several recent high-profile security incidents, has decided to turn up the heat on those the company considers at least partially responsible: security firms and hackers who release sample programs to exploit software flaws.

Posted by rshah on October 19, 2001| Comments (0)

MS Security Plan: OK, Kind Of

MS Security Plan: OK, Kind Of
Many experts said Microsoft's Strategic Security Protection Program plan announced Wednesday is nothing more than a half-hearted attempt to assuage increasing demands from government, industry and consumers for better product security, before the government intervenes and business falls.

Posted by rshah on October 04, 2001| Comments (0)

Experts: Easy Installations Kill

Experts: Easy Installations Kill
The biggest computer security threat isn't a vicious virus or a skilled and malicious hacker. The real danger, according to dozens of experts, is easy-to-install software and software vendors who focus too heavily on adding convenient features instead of solid security solutions into their applications.

Posted by rshah on October 03, 2001| Comments (0)

Who's Protecting Our Infrastructure?

Who's Protecting Our Infrastructure?
No one. Computer-security standards that would thwart hacker terrorism against utility, telecom, health-care, or power systems don't exist

Posted by rshah on September 25, 2001| Comments (0)

Undefended Airwaves

Undefended Airwaves
Sadly, though, the makers of portable computing devices and wireless communications systems have led us down a false path by failing to make security a top priority.

Posted by rshah on August 21, 2001| Comments (0)

The trouble with Hotmail

The trouble with Hotmail
Microsoft can't seem to get its free e-mail act together. So what does that mean for the company's plans for total Net domination?

Posted by rshah on August 21, 2001| Comments (0)

Proposed Web protocol sparks tampering fears

Proposed Web protocol sparks tampering fears
A proposal, Open Pluggable Edge Services (OPES), to create a standard communications protocol that would let Internet devices automatically personalize, translate or otherwise adapt Web pages in useful ways is generating strong criticism in the Internet engineering community because it also could be used to tamper with Web content.

Posted by rshah on August 15, 2001| Comments (0)

So much for secure e-mail

So much for secure e-mail
More than five years after standards were created and vendors rushed to support them, virtually no one secures e-mail today, despite widespread concerns about prying eyes and corrupted data.

Posted by rshah on August 15, 2001| Comments (0)

Solaris blueprints still open to viewing

Solaris blueprints still open to viewing
When Sun released Solaris 8 in January 2000, the company tried to tap into some of the energy of the open-source movement by announcing that people would be able to examine, though not change, the source code of Solaris. While the move didn't grant people the right to modify and redistribute the software, as is the case with Linux, it was a step closer to openness than the hard-line policy of Microsoft, with its proprietary code and campaign against open-source software.

Posted by rshah on July 03, 2001| Comments (0)

Computer passwords reveal workers' secrets

Computer passwords reveal workers' secrets
According to this study, people's password choices put them into four groups: "Family", "Fan", "Self-Obsessed", or "Cryptic", see also Slashdot

Posted by rshah on June 29, 2001| Comments (0)

Another Nasty MS Server Hole

Another Nasty MS Server Hole
A new security hole has been discovered in Microsoft's Internet Information Server that allows malicious hackers easy access and complete remote control over a vulnerable computer system. The hole affects all machines that are running Windows NT 4.0, Windows 2000 or Windows XP and using Microsoft's Internet Information Server (IIS) Web Server software.

Posted by rshah on June 20, 2001| Comments (0)

EU proposes plan to secure Internet

EU proposes plan to secure Internet
In an effort to eradicate security threats to the member countries of the European Union, the European Commission released a plan Wednesday to increase cooperation between members to better secure the Internet. The plan calls for more effective threat-warning systems, larger investments in security research and education, a standardized policy for encryption, and harsher punishments for cybercriminals.

Posted by rshah on June 07, 2001| Comments (0)

Who's reading your instant messages?

Who's reading your instant messages?
Instant messaging may be a handy and quick communications tool, but experts on the technology warn that it's also a security risk--vulnerable to eavesdropping and even physical tracking.

Posted by rshah on May 30, 2001| Comments (0)

Insurer Considers Microsoft NT High Risk

Insurer Considers Microsoft NT High Risk
J.S. Wurzler Underwriting Managers, one of the first companies to offer hacker insurance, has begun charging its clients 5 percent to 15 percent more if they use Microsoft's Windows NT software in their Internet operations. Wurzler's announcement indicates growing frustration with the ongoing discoveries of vulnerabilities in Microsoft's products, see also Slashdot

Posted by rshah on May 29, 2001| Comments (0)

Gene Spafford on the sorry future of computer security

Gene Spafford on the sorry future of computer security
Consider new architectures, different software, and minimal solutions, which will cost less in the long run. Second, we need to start holding companies and people accountable for their choices. If a company decides to release software with flaws that would have been caught with even minimal testing, they should be held liable. Third, realize that the average user is pretty darned average.

Posted by rshah on May 21, 2001| Comments (0)

Security Flaw Found in FTP

Security Flaw Found in FTP
PGP Security has identified a hole in File Transfer Protocol (FTP) server systems from many major vendors, including Sun Microsystems, Silicon Graphics and Hewlett Packard.

Posted by rshah on April 11, 2001| Comments (0)

Germany Denies Plans to DoS Neo-Nazis

Germany Denies Plans to DoS Neo-Nazis
Germany's Minister of the Interior, Otto Schily, was thinking about DoS'ing neo-Nazi sites -- not a new form of censorship, but the first time a government has put it on the table.

Posted by rshah on April 09, 2001| Comments (0)

Mobile security flaw delivers yet another blow to IPv6

Mobile security flaw delivers yet another blow to IPv6
The discovery of security flaws in the proposed Mobile IPv6 protocol means the Internet Engineering Task Force (IETF) will have to develop a new method for authenticating roaming devices that use IPv6 addresses. This development means delays of months for Mobile IPv6, which was conceived a decade ago and thought to be in its final form.

Posted by rshah on April 02, 2001| Comments (0)

Dutch police fight cell theft with text 'bombs'

Dutch police fight cell theft with text 'bombs'
The Amsterdam police force Tuesday announced that it has found a new weapon against the rising theft of mobile telephones: text message "bombs." After a user reports his GMS handset stolen, the police start sending out one Short Message Service text message to the phone every three minutes: "This handset was nicked, buying or selling is a crime. The police." "We hope this will make mobile phones an unattractive loot."

Posted by rshah on March 29, 2001| Comments (0)

How Secure Is Digital Hospital?

How Secure Is Digital Hospital?
Vitelle also said he discussed the dangers of wireless transmission with other doctors and hospital administrators at a recent medical conference in New Orleans. He said he was troubled at the news of HealthSouth's planned wireless network, since recent reports have indicated that wireless networks aren't completely secure.

Posted by rshah on March 28, 2001| Comments (0)

World Wide Web of Organized Crime

World Wide Web of Organized Crime
An Eastern European ring may have lifted over a million credit-card numbers from the Net. The sirens are wailing for tougher security standards.

Posted by rshah on March 19, 2001| Comments (0)

Electronic price tag alteration

Electronic price tag alteration
An estimated one-third of all shopping cart applications at Internet retailing sites have software holes that make them vulnerable to the price switching scam, see also Slashdot

Posted by rshah on March 07, 2001| Comments (0)

Honeypots: Bait for the Cracker

Honeypots: Bait for the Cracker
Set up a server and fill it with tempting files. Make it hard but not impossible to break into. Then sit back and wait for the crackers to show up. Observe them as they cavort around in the server. Log their conversations with each other. Study them like you'd watch insects under a magnifying glass.

Posted by rshah on March 07, 2001| Comments (0)

Listening in on wireless AirPort

Listening in on wireless AirPort
A group of respected security researchers has found vulnerabilities in one of the most popular data-networking technologies that could expose corporate computer networks to eavesdropping and unauthorized access, see also Slashdot

Posted by rshah on February 05, 2001| Comments (0)

Internet companies begging for attack, experts say

Internet companies begging for attack, experts say
Conventional wisdom holds that the Internet was made to withstand nuclear attack. In reality, outages caused by both bad network design and failures of critical equipment are becoming more commonplace, experts say.

Posted by rshah on January 29, 2001| Comments (0)

Software "fixes" routinely available but often ignored

Software "fixes" routinely available but often ignored
Although software makers routinely release "fixes" designed to plug holes and reassure worried customers, these antidotes are often ignored by administrators in charge of the affected systems--if they are aware of the problem at all.

Posted by rshah on January 24, 2001| Comments (0)

Romainan Hacker Attacks Internet Relay Chat Network

Romainan Hacker Attacks Internet Relay Chat Network
A hacker based in Romania has launched a major distributed denial-of-service attack, forcing one of the largest Internet Relay Chat networks, Undernet, to shut down much of its service, system administrators said. DDoS attacks jumped to prominence earlier this year when such attacks were blamed for temporarily bringing down Web sites of major Internet companies.

Posted by rshah on January 10, 2001| Comments (0)

HoneyPots (intentionally vulnerable computers placed on the net in hopes of attracting hackers)

HoneyPots (intentionally vulnerable computers placed on the net in hopes of attracting hackers)
See also Slashdot

Posted by rshah on December 20, 2000| Comments (0)

Bugtraq & Microsoft

Bugtraq & Microsoft
The administrator of a popular computer security mailing list banned postings from Microsoft Corp. on Thursday after the company stripped detailed information out of its advisories, but a compromise is likely on the way.

Posted by rshah on December 14, 2000| Comments (0)

An Electronic Pearl Harbor?

An Electronic Pearl Harbor?
The idea is that some critical infrastructure could be disrupted to the point that society loses some ability to function normally. This could mean anything from businesses shutting down, to lives being put in peril or people losing their life savings.

Posted by rshah on December 13, 2000| Comments (0)

FTC, FBI sites leave opening for hacker access

Posted by rshah on December 13, 2000| Comments (1)

Feeling Secure, Opening Kimonos

Feeling Secure, Opening Kimonos
Growing concerns over security are finally motivating companies to trust one another.

Posted by rshah on November 21, 2000| Comments (0)

Visa to lay down the law on Web security

Visa to lay down the law on Web security
Visa is sending online merchants a tough message: Bulk up your Web site security or else.

Posted by rshah on November 15, 2000| Comments (0)

Computer Incident Advisory Capability by the U.S. Department of Energy

Computer Incident Advisory Capability by the U.S. Department of Energy
Latest computer security info

Posted by rshah on November 03, 2000| Comments (0)

New Jersey Turnpike electronic toll collection system hacked

Posted by rshah on November 03, 2000| Comments (0)

FAA Criticized for Computer Security Problems

FAA Criticized for Computer Security Problems
Despite its efforts to remedy serious security problems outlined in a government study this summer, the Federal Aviation Administration is still failing to protect its critical computer systems, including those used for air traffic control, according to a new government report on computer security.

Posted by rshah on October 04, 2000| Comments (0)

Ex-NSA Analyst Warns Of NSA Security Backdoors

Posted by rshah on September 26, 2000| Comments (0)

DNA Authentication at the 2000 Summer Olympics

DNA Authentication at the 2000 Summer Olympics
While much of the noise over DNA revolves around the potential of the Human Genome Project, authentication experts already are singing its praises.

Posted by rshah on September 26, 2000| Comments (0)