Sensitive corporate data can be stolen at this very second; unfortunately, breaches can be invisible. As cyber threats multiply at an exponential rate, reacting to them like before no longer works. The answer lies in more innovative threat intelligen...
Biometrics have garnered increasing attention and backing in the last few years. We are promised a utopian existence: never again will you forget your password or need to remember your access card to get into the building. Unfortunately, it isn't quite . . .
A Romanian hacker has launched a major distributed denial of service (DDoS), forcing one of the largest IRC (Internet Relay Chat) networks, Undernet, to shut down much of its service, system administrators said Monday.. . .
In addition to photographs and sketches of the crime scene, a detailed accounting of all computer evidence is required. The search and seizure evidence log should incude brief descriptions of all computers, devices or media located during the search for evidence. . . .
This article provides a brief overview of programs including OpenSSH, GPG, and pointers to further information. "If you're like most LinuxPPC users, a large portion of your computing time is spent using network-based applications, either explicitly or implicitly. Unless you maintain . . .
Most e-commerce sites use sophisticated encryption to encode sensitive information and make it unreadable to outsiders. Whale's system, called "E-Gap," goes another route. What it does is ensure that hackers cannot jump from the Internet into a company's "back office" -- . . .
A new strain of viruses written in the widespread scripting language PHP could be on the way according to Anti-virus company Central Command. A "proof of concept" virus, dubbed PHP.NewWorld, written in Hypertext Preprocessor (PHP) scripting language, was found . . .
Programmers and software developers interested in security applications for component technology should keep tabs on work underway at Stanford Research Institute (SRI) International, a nonprofit research institute based in Menlo Park, California. Stanford Research Institute (SRI) has been tasked by the . . .
Broadband ISP and video-on-demand outfit HomeChoice has admitted it suffered a denial of service attack yesterday from hackers which disrupted its service to customers. Details of what happened are still somewhat sketchy but a spokesman for HomeChoice said: . . .
In the rush to adopt e-commerce, businesses are looking at network security from a perspective that requires both technology and an intuitive sense of how and where to allow access to information. Network security is no longer a matter of . . .
EBay. Amazon. CNN. None of these Internet heavy hitters was adequately prepared to withstand a series of DDoS (distributed denial of service) attacks that made headlines and disrupted operations early last year. What makes you think you're in any better position? . . .
Derrick Lewis writes: "As the computer industry intensifies, so does the amount of cyber attacks. Many Web sites are open to all sorts of "web hacking." According to the Computer Security Institute and the FBI's joint survey, 90% of 643 computer . . .
Here is a large collection of DDoS related tools, papers, essays, analyses, news reports, and interviews. The DoS Project's "trinoo" distributed denial of service attack tool and the "Tribe Flood Network" distributed denial of service attack tool are outlined. . . .
Federal computer security experts are urging system administrators to take added precautions in securing Web servers and network firewalls in advance of the New Year's holiday weekend, citing FBI reports indicating an increase in activity that often precedes widespread cyber attacks. . . .
One of the coolest things about UNIX has been that there is not one but several different ways to administer systems from remote consoles. Sad to say, most of these methods (Telnet, rsh and X, to name a few) send everything . . .
Here's a really good article by Steve Bellovin and others from CERT that attempt to provide "risk management" instead of "risk avoidance". "... this paper serves not only to dispel unwarranted myths about the safety of using ActiveX but also to . . .
Are your servers as secure as Fort Knox or as open as a revolving door? The newly formed Center for Internet Security hopes to answer that question by creating a suite of tests that would give computer owners a rating--on a . . .
I've discussed written security policies in the past--every business needs to have a set in place. If you don't have a written security policy, your employees remain the biggest security risk for your business. If you do have a security policy . . .
Back in the old days security was a pretty straight-forward affair. If you wanted to secure something, you just kept buying locks and alarm systems until you felt secure. Back then, it actually took a good deal of planning and physical . . .
A question that often arises when planning vulnerability analysis is whether "social engineering" techniques should be used. My consistent answer is no - not unless you are prepared to do an awful lot of work before trying it. Vulnerability analysis is . . .
The way operating system vendors issue security patches is insecure, in many cases, and could let crackers exploit this to trick users into loading trojan horses onto their systems. Security firm BindView, whose Razor team of security researchers . . .