Cyber Security Institute

Monday, January 31, 2005

CSIRT groups take on new roles

Creating and sustaining a computer security incident response team calls for ample preparation.  Traditionally, computer security incident response teams are thought of as a way for large organizations to respond to hacking incidents, rogue employees or virus outbreaks.  Now they are coming into the mainstream as a critical tool for maintaining business operations and regulatory compliance.


Friday, January 28, 2005

MySQL worm halted

A worm exploiting weak database passwords on Windows computers had essentially stopped spreading on Friday, after the systems infected with the program were cut off from the control of several central computers.


Tuesday, January 25, 2005

Start-up aims to improve internal security

A start-up has launched software designed to stop leaks of sensitive business information by focusing on the greatest risk: insiders.


Tough local laws drive corporate security

Cautious corporations are applying the most restrictive local and national laws globally to ensure they obey compliance regulations.


Londoners top world in leaving laptops in taxis

Thousands of valuable mobile phones, PDAs and laptops are forgotten in taxis every day, according to a survey.


Symantec Goes After Email Security

Symantec made big news as it announced the creation of its first email security appliance.


Monday, January 24, 2005

Laptop Data At Risk, Vendor’s Study Finds

Data stored by laptops used by employees of small and medium-sized companies are at risk because many of those companies don’t have procedures in place for that data, according to a study released by backup storage media vendor Imation.


Hackers use old-fashioned eavesdropping to steal data

Computer hackers have taken to stealing data the easy way—- by eavesdropping on phone and e-mail conversations to find the keys to seemingly impregnable networks, security experts say.


Thursday, January 20, 2005

Flaw found in Office encryption

The data protection feature in Microsoft Word and Excel documents has a major flaw that could allow snoopers to decode password-protected files, a security researcher has warned.


‘Evil twin’ fear for wireless net

People using wireless high-speed net (wi-fi) are being warned about fake hotspots, or access points.  The latest threat, nicknamed evil twins, pose as real hotspots but are actually unauthorised base stations.


Tuesday, January 18, 2005

Some Companies Switching From Microsoft’s IE Browser

A month after Penn State University advised 80,000 students to drop Microsoft’s Internet Explorer for alternatives such as Mozilla’s Firefox, more than 100 companies tell InformationWeek they’re doing the same.


Monday, January 17, 2005

Companies Arm Themselves For New Fight Against Spyware

The battle against spam and its spawn, spyware and adware, is escalating for Lynda Fleury, assistant VP and chief information security officer at UnumProvident Corp.


Friday, January 14, 2005

FBI retires its Carnivore

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday.


Thursday, January 13, 2005

Online and offline security merging

Companies will increasingly integrate physical and computer security systems in 2005, spending over $1bn in the United States and Europe, Forrester Research concluded in a report published recently.


Wednesday, January 12, 2005

Risk rises up the agenda, but IT issues remain a challenge

Four out of five major financial firms now have a chief risk officer, but the quest for enterprise risk management remains an elusive goal, according to a global industry survey conducted by Deloitte.


Tuesday, January 11, 2005

The Perils of Deep Packet Inspection

This paper looks at the evolution of firewall technology towards Deep Packet Inspection, and then discusses some of the security issues with this evolving technology.


Monday, January 10, 2005

Mcafee - Google hacking tool looks for security gaps

McAfee has released an update to its tool that uses Google to automatically search for security holes in Web sites.


Securing data from the threat within

A company’s biggest security threat isn’t the sinister hacker trying to break into the corporate network, but employees and partners with easy access to company information.


Thursday, January 06, 2005

Microsoft hurries antispyware, holds Exchange updates

Microsoft (Profile, Products, Articles) Corp. is ready to release a beta version of antispyware technology it purchased last month to the public, but will delay promised antispam and antivirus improvements to the Exchange e-mail server, according to information provided by the company.


The 2038 date bug… Y2k again!

The year-2038 bug is similar to the Y2K bug in that it involves a time wrap not coped for by programmers.
The precise date of this occurrence is Tue Jan 19 03:14:07 2038. At this time, a machine prone to this bug will show the time Fri Dec 13 20:45:52 1901.


Wednesday, January 05, 2005

US court allows work PC to be seized without warrant

US police do not need a search warrant to examine an employee’s computer for incriminating files, a Washington state appeals court has ruled.


SSL VPNs Will Grow 54% A Year, Become Defacto Access Standard

Forrester survey says SSL VPNs will surpass traditional IPsec VPNs as the de-facto remote access security standard by 2008.


A Long Way to Grow

First results from a new security management survey indicate that many companies have only rudimentary practices in place