Cyber Security Institute
Monday, January 31, 2005
CSIRT groups take on new roles
Creating and sustaining a computer security incident response team calls for ample preparation. Traditionally, computer security incident response teams are thought of as a way for large organizations to respond to hacking incidents, rogue employees or virus outbreaks. Now they are coming into the mainstream as a critical tool for maintaining business operations and regulatory compliance.
Friday, January 28, 2005
MySQL worm halted
A worm exploiting weak database passwords on Windows computers had essentially stopped spreading on Friday, after the systems infected with the program were cut off from the control of several central computers.
Tuesday, January 25, 2005
Start-up aims to improve internal security
A start-up has launched software designed to stop leaks of sensitive business information by focusing on the greatest risk: insiders.
Tough local laws drive corporate security
Cautious corporations are applying the most restrictive local and national laws globally to ensure they obey compliance regulations.
Londoners top world in leaving laptops in taxis
Thousands of valuable mobile phones, PDAs and laptops are forgotten in taxis every day, according to a survey.
Symantec Goes After Email Security
Symantec made big news as it announced the creation of its first email security appliance.
Monday, January 24, 2005
Laptop Data At Risk, Vendor’s Study Finds
Data stored by laptops used by employees of small and medium-sized companies are at risk because many of those companies don’t have procedures in place for that data, according to a study released by backup storage media vendor Imation.
Hackers use old-fashioned eavesdropping to steal data
Computer hackers have taken to stealing data the easy way—- by eavesdropping on phone and e-mail conversations to find the keys to seemingly impregnable networks, security experts say.
Thursday, January 20, 2005
Flaw found in Office encryption
The data protection feature in Microsoft Word and Excel documents has a major flaw that could allow snoopers to decode password-protected files, a security researcher has warned.
‘Evil twin’ fear for wireless net
People using wireless high-speed net (wi-fi) are being warned about fake hotspots, or access points. The latest threat, nicknamed evil twins, pose as real hotspots but are actually unauthorised base stations.
Tuesday, January 18, 2005
Some Companies Switching From Microsoft’s IE Browser
A month after Penn State University advised 80,000 students to drop Microsoft’s Internet Explorer for alternatives such as Mozilla’s Firefox, more than 100 companies tell InformationWeek they’re doing the same.
Monday, January 17, 2005
Companies Arm Themselves For New Fight Against Spyware
The battle against spam and its spawn, spyware and adware, is escalating for Lynda Fleury, assistant VP and chief information security officer at UnumProvident Corp.
Friday, January 14, 2005
FBI retires its Carnivore
FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday.
Thursday, January 13, 2005
Online and offline security merging
Companies will increasingly integrate physical and computer security systems in 2005, spending over $1bn in the United States and Europe, Forrester Research concluded in a report published recently.
Wednesday, January 12, 2005
Risk rises up the agenda, but IT issues remain a challenge
Four out of five major financial firms now have a chief risk officer, but the quest for enterprise risk management remains an elusive goal, according to a global industry survey conducted by Deloitte.
Tuesday, January 11, 2005
The Perils of Deep Packet Inspection
This paper looks at the evolution of firewall technology towards Deep Packet Inspection, and then discusses some of the security issues with this evolving technology.
Monday, January 10, 2005
Mcafee - Google hacking tool looks for security gaps
McAfee has released an update to its tool that uses Google to automatically search for security holes in Web sites.
Securing data from the threat within
A company’s biggest security threat isn’t the sinister hacker trying to break into the corporate network, but employees and partners with easy access to company information.
Thursday, January 06, 2005
Microsoft hurries antispyware, holds Exchange updates
Microsoft (Profile, Products, Articles) Corp. is ready to release a beta version of antispyware technology it purchased last month to the public, but will delay promised antispam and antivirus improvements to the Exchange e-mail server, according to information provided by the company.
The 2038 date bug… Y2k again!
The year-2038 bug is similar to the Y2K bug in that it involves a time wrap not coped for by programmers.
The precise date of this occurrence is Tue Jan 19 03:14:07 2038. At this time, a machine prone to this bug will show the time Fri Dec 13 20:45:52 1901.
Wednesday, January 05, 2005
US court allows work PC to be seized without warrant
US police do not need a search warrant to examine an employee’s computer for incriminating files, a Washington state appeals court has ruled.
SSL VPNs Will Grow 54% A Year, Become Defacto Access Standard
Forrester survey says SSL VPNs will surpass traditional IPsec VPNs as the de-facto remote access security standard by 2008.
A Long Way to Grow
First results from a new security management survey indicate that many companies have only rudimentary practices in place