Tech News

2002 April

2002/04/30 - CSI/FBI Security Survey: Questions Behind The Numbers - Esecurityplanet
The Computer Security Institute (CSI) recently published the results of its Computer Crime and Security Survey, the annual check on the security pulse of corporate, government and educational institutions it conducts along with the FBI.
2002/04/30 - Global Grid Forum gobbles up peer-to-peer working group - InfoWorld
THE GGF (GLOBAL Grid Forum) bolstered its ranks on Tuesday by joining forces with the P2PWG (Peer-to-Peer Working Group). By morphing the P2PWG's membership roster and intellectual property into the GGF, the Grid Forum acquires tools critical to the advancement of grid computing as an enterprise computing architecture, according to GGF representatives in San Diego.
2002/04/30 - In depth: Managing security information - TechRepublic
Technology alone can’t keep a company’s data safe. Firewalls, intrusion detection systems, and VPNs can provide a foundation of security, but people?end-users, developers, network administrators, and others?make the security system work. To make sure that employees know their roles in keeping the company secure, they will need access to relevant policies and documentation, according to Auerbach Publications author Steven Schlarman.
2002/04/30 - Klez: Don't Believe 'From' Line - Wired
Some Internet users have recently received an e-mail message from a dead friend. Others have been subscribed to obscure mailing lists. Some have lost their Internet access after being accused of spamming, and still others have received e-mailed pornography from a priest.
2002/04/29 - Wireless LAN investment protection - NetworkWorld
Now that businesses are gaining confidence that the wireless LAN industry has resolved its security snafus, you'll think massive horizontal-market deployment would be upon us. However, some companies might now be worrying about protecting new or imminent investments in IEEE 802.11b technology as 802.11a system shipments ramp up, and talk grows louder about as-yet-to-be-ratified 802.11g technology.
2002/04/29 - P2P user hits back at deceitful downloads - NetworkWorld
It was bound to happen. After the distributor of the popular Kazaa Media Desktop recently revealed that it had been bundling the P2P software with spyware linking users?machines to a second private network - someone hacked the Kazaa application and developed a spinoff called Kazaa Lite. (관련기사 : HelpNet-Security: Sharing Files Networks Under Attack, HelpNet-Security: Kazaa Worm Fix)
2002/04/29 - Switch tackles XML traffic - NetworkWorld
Sarvega, which means "universal" in Sanskrit, next month is unveiling its debut product - a switch that the start-up says will ease translation, encryption and priority-based routing of XML traffic. Slated for launch at NetWorld+Interop 2002 Las Vegas, Sarvega's XML switch is designed to handle XML traffic, offloading that processing from servers.
2002/04/29 - Vendors tout simple-to-use VPN wares - NetworkWorld
Users looking for Internet-based remote- access gear that is simpler to deploy and manage than IP Security VPN equipment soon will have two more options. Array Networks and TrueDisk are introducing products designed to simplify remote access to corporate network resources by eliminating the need for special client software on remote machines and avoiding major reconfiguration of firewalls.
2002/04/29 - When wireless networks collide - NetworkWorld
A few weeks back I raised the question whether interference with 2.4-GHz cordless phones made 802.11b network technology unfit for the home office. Since then, I've done some testing, and talked to readers and colleagues about their experiences. The verdict? While interference problems are common, they're more of a nuisance than a problem, and pretty easy to remedy.
2002/04/29 - USB 2.0 boosts bus speeds - NetworkWorld
Over the past five years, PC users, network managers and developers have grown to see the value of the Universal Serial Bus standard. USB offers universal plug-and-play and extreme ease of use. When a USB peripheral is connected to a USB-enabled PC, the system will autodetect and autoconfigure the device. USB also eliminates the need for multiple I/O standards, simplifying PC connectivity.
2002/04/29 - New Stealth Attack Found Against Personal Firewalls - SecurityFocus
A new technique for defeating personal firewall software has been discovered. But at least one firewall vendor said the trick poses little risk to computer users. Backstealth, a demonstration program that bypasses the outbound data filters in firewalls from Symantec, McAfee, and other firms, was posted last week to Packetstorm, a popular security tools site. (관련사이트 : Backstealth's site)
2002/04/29 - WinAmp's 'malicious MP3' vuln - SecurityFocus
A new technique for defeating personal firewall software has been discovered. But at least one firewall vendor said the trick poses little risk to computer users. Backstealth, a demonstration program that bypasses the outbound data filters in firewalls from Symantec, McAfee, and other firms, was posted last week to Packetstorm, a popular security tools site. (관련기사 : BBC: Employees seen as computer saboteurs, Newscientist: Music player bug could let in MP3 viruses)
2002/04/29 - The first rule of network security: Create a policy - Techrepublic
Today, Internet access is required for all enterprises, including small and midsize businesses (SMBs). Employees and executives must have unfettered access to online communities and trade associations. As e-commerce begins to make inroads into the SMB market, the security of enterprise computers and the data contained within them becomes critical.
2002/04/29 - Web Services Security Tightens - eWeek
Since security remains among the key challenges that must be met before Web services can become pervasive, some companies are moving to answer the call. Baltimore Technologies plc. and Hitachi Computer Products Inc.'s Quadrasis business unit this week will each deliver tools to help meet Web services' security challenge. (관련기사 : ITworld: Study-Web services, security top developer concerns)
2002/04/29 - Vivendi: Electronic vote may have been hacked - ITworld
An electronic vote at Vivendi Universal SA's shareholder meeting last Wednesday may have been hacked, throwing suspicion on shareholder votes at other companies using electronic voting technology, the company announced Sunday.
2002/04/29 - New LAN gear may put Nortel back in the game - NetworkWorld
Nortel this week will unveil new stackable switches aimed at making enterprise edge connections more resilient and convergence-ready. Meanwhile, the embattled vendor hopes the products will revive its dormant enterprise network business, observers say.
2002/04/29 - UDDI endures reality check debate - NetworkWorld
Although UDDI (Universal Description, Discovery, and Integration) has not yet fulfilled its promise to become the public registration technology for Web services, the concept is gaining a steady foothold, a panel of uddi.org members said during a session here at the Software Development Conference and Expo on Thursday.
2002/04/29 - Baltimore Tech first to add SAML - NetworkWorld
Baltimore Technologies this week will release the first Web access-management software that features an emerging security protocol designed to support interoperable authentication services. With SelectAccess 5.0, Baltimore is the first vendor to release an implementation of Security Assertion Markup Language (SAML). (관련기사 : NetworkWorld: Federation key to Web services)
2002/04/26 - How Much Bandwidth Does WiFi Need? - Networkcomputing
The good news is that the cost of bandwidth has come way down, at least during the 20 years I've been buying it. Most enterprise LANs give users fire hoses from which they take periodic sips. Five years ago, we asked ourselves if it was worth twice the cost to give users 100 Mbps of switched bandwidth rather than 10. Cisco convinced us the answer was yes -- only wimps buy 10-Mbps switches.
2002/04/26 - Tokyo Goes Dual-Mode in Public - 802.11-Planet
NTT Communications, which has been running public WLAN access trials in Tokyo since last July, announced today that on May 15th it will officially launch the first commercial WLAN that is compatible with both 802.11a and 802.11b multi-vendor equipment.
2002/04/26 - Crackers favour war dialling and weak passwords - TheRegister
With all the talk about zero day exploits and sometimes esoteric vulnerabilities its easy to lose sight of the role of older, less sophisticated techniques as a mainstay of cracker activity.
2002/04/26 - Microsoft patches e-mail editing hole in Outlook - ITworld
A security vulnerability that could affect users of Microsoft Corp.'s Outlook 2000 and 2002 e-mail clients who use the company's Word application as an e-mail editor has been patched, according to an advisory from Microsoft. (관련기사 : SecurityFocus: Microsoft Plugs Scripting Hole In Word/Outlook Combo, TheRegister: MS Word runs malicious e-mail scripts, NetworkWorld: Microsoft patches Outlook vulnerability)
2002/04/26 - Klez worm rating upgraded as spread continues - ITworld
The W32.Klez worm and its variants are still loose in the wild over a week after the latest variant was discovered, moving antivirus software vendor Symantec Corp. to upgrade it to a "level 4 virus threat" on its danger scale of five.
2002/04/26 - Hotmail at Risk to Cookie Thieves - Wired
MSN Hotmail users, guard your cookies. A simple technique for accessing Microsoft's free e-mail service without a password is in the wild and apparently being exploited. The trick involves capturing a copy of the victim's browser cookies file. Once the perpetrator gains two key Hotmail cookies, there's no way to lock him out because at Hotmail, cookies trump even passwords.
2002/04/26 - Hybrid threats overtake DoS attacks - VNUnet
Internet-facing devices are likely to be compromised less than a day after being connected, and hybrid threats have overtaken denial of service (DoS) attacks as the biggest security bugbear. The Internet Risk Impact Summary for the first quarter of 2002, released this week by Internet Security Systems' white hat hacker unit X-Force, painted a grim picture for IT administrators.
2002/04/25 - Privacy Watch: Don't Let Anyone Secretly Track Your Keystrokes - IDG
Of all the ways snoops can track you these days, perhaps the most invasive method is keystroke logging. With an inconspicuous piece of hardware or software, a nosy boss, jealous spouse, or ingenious hacker can see every character you enter into your PC.
2002/04/25 - VPNs Grapple With Administrator Concerns - Earthweb
As businesses work at adding more security to company communications, VPNs (virtual private networks) are getting a lot of play. If you've seen one VPN, though, you haven't necessarily seen them all. Just for starters, some network managers are implementing VPNs in-house, whereas others are outsourcing to service providers.
2002/04/25 - Check Point introduces SmartDefense - NetworkWorld
Check Point Thursday is introducing SmartDefense, a combination of new software and a service that make it simpler to configure its Firewall-1 to guard against known attacks from the Internet and provides users with updates about new threats and how to thwart them. (관련기사 : Internetweek: Check Point Adds Proactive Security Functions, EsecurityPlanet: Check Point To Deliver New Security Management Tool, Techrepublic: SmartDefense offers better protection against network intrusion)
2002/04/25 - .Net framework hailed as platform for XML, Web services - NetworkWorld
Microsoft's .Net framework provides a multilayered application development platform ideal for building XML-based Web services, a Microsoft engineer emphasized during a keynote presentation at the Software Development Conference and Expo on Wednesday.
2002/04/25 - PKI Group Turns To Teaching Technology - Earthweb
Beyond documents already released this week, The PKI Forum is now readying a series of tutorials aimed at helping network managers and other technology buffs comprehend the intricacies of public key infrastructure (PKI) security.
2002/04/25 - Flaws Found In MS Office's HTML Tools - Internetnews
An Israeli software company has pointed out potential security flaws in a group of HTML tools for Microsoft's (NASDAQ:MSFT) Office software. GreyMagic Security posted advisories that the Office Web Components (OWC), which includes HTML tools for spreadsheets, charts, tables, and databases suite, is automatically downloaded with all Office products. (관련기사 : Newsbytes: Microsoft Yanks Office Tools After Security Report)
2002/04/25 - Ending the 802.11 Network Card Power Drain - 802.11-Planet
Wireless LANs certainly provide the freedom of mobility as we use our laptops and PDAs without the constraints of network cabling. Of course to facilitate this benefit, we unplug our devices from AC power and operate them from batteries. As most of know, however, 802.11 network cards consume significant amounts of energy that drains batteries fast.
2002/04/24 - Security exhibitors set up insecure WLANs - TheRegister
Wireless networking insecurity was a key theme of this week's InfoSecurity show with a number of suppliers coming out with surveys on just how vulnerable world+dog is to drive by hackers. However a quick scout around the show yesterday revealed the problem is closer to home than most vendors would like to admit - half of the show's wireless LANs were wide open to attack.
2002/04/24 - Windows XP offers groundbreaking WLAN functionality - TechRepublic
Imagine that you're working on an important new project. You took your laptop home last night so that you could surf for some cool pictures to download and add to the PowerPoint presentation you created for today's meeting. This morning, you bring your laptop into work and pop it into its docking station, making a few last-minute additions and corrections to the presentation.
2002/04/24 - Consider security and permissions issues before using Remote Assistance - TechRepublic
Windows XP's Remote Assistance can be a dream come true for those of you who support remote users. It allows you to share control of an end user's computer via your organization's network or the Internet. You can view the user's screen, control their keyboard and pointer, and even communicate with the user via a chat feature. Yet XP's Remote Assistance isn't all sunshine and daisies. Several security concerns might make you think twice about using this feature.
2002/04/24 - Mobile Storage Is on the Rise - InternetWorld
Study after study seems to prove that consumers desire content on their wireless devices--and therein lies a problem. Consumers want content on their devices, but they don't want to wait for it to download. Unfortunately, the alternative--caching--isn't possible on most cellular phones and handhelds available today because adequate storage isn't available. However, that's slowly changing.
2002/04/24 - Potential new security concern - NetworkWorld
Recently, a fellow who works for Redknee - a company that makes gateways that connect wireless LANs to 2.5G mobile WANs - pointed out a security consideration that enterprises might want to be aware of. Much talk about wireless LAN security has centered around the fact that the wireless LAN user population, in effect, bypasses the corporate firewall and is not a trusted entity.
2002/04/24 - PKI vendors get together on government project - Silicon
Government IT agencies have announced success in getting the products of disparate PKI (public key infrastructure) vendors to interoperate, removing one of the major barriers to increased adoption of the technology.
2002/04/24 - IPv6--what's in it, and what's in it for you - ZDnet
IPv6 increases IP address space to 128 bits, thus increasing the pool of addresses from IPv4's 2^32 to 2^128, or 340,282,366,920,938,463,463,374,607,431,768,211,456--a high number commonly referred to as "plenty." IPv6 also simplifies IP headers to improve packet handling. Even though IPv6 addresses are four times longer than IPv4's 32-bit addresses, IPv6 packet headers are only twice the size of IPv4's.
2002/04/23 - Brute force? card thieves attack - MSNBC
You might call it the least creative way to steal credit card numbers ? but it works, and it’s costing merchants thousands of dollars. In the past several weeks, computer criminals have taken to running thousands of nickel and dime charges through merchant accounts, picking credit cards numbers at random. Most are declined.
2002/04/23 - Web server security: New IT for new threats - TechRepublic
For most of history, business transactions occurred face to face. Participants in the village marketplace knew each other or could present letters of introduction to establish trust. But now, in our electronic “global village,” it is not so simple. The identity of the person on the other side of an e-business transaction is hard to determine. It is just as hard to identify persons on our own side of a transaction, if they are only “virtually” present.
2002/04/23 - Voice over Wireless LAN Making its Move into Verticals-Popularity of 802.11b & LAN Telephony Driving Growth - In-Stat
As the Wi-Fi Wireless LAN installed base looks to add voice to existing wireless networks and wireless IP handsets continue to constitute a percentage of the growing LAN telephony market, the Voice over 802.11x market will experience healthy growth in 2002 and beyond. According to In-Stat/MDR, additional demand from verticals such as education, healthcare, retail and logistics will help the overall Voice over Wireless LAN (VoWLAN) market to expand to over 80,000 handset shipments in 2002, a significant jump from the 20,000 shipments in 2001.
2002/04/23 - IDC: Demand for PDAs stalls in Q1 - ITworld
Worldwide demand for PDAs (personal digital assistants) continues to decline as manufacturers attempt to switch from selling electronic organizers to handheld wireless devices, according to IDC's quarterly PDA report.
2002/04/23 - Anti-Spyware Program Targeted By Multimedia Player - Newsbytes
Calling the tactic "malware at its worst," Lavasoft said its privacy software is being silently deleted when users install a third-party multimedia player. Newsbytes has confirmed that installing RadLight version 3.03 deletes Lavasoft's Ad-Aware program, as promised in a warning in the software's 1,100-word license agreement.
2002/04/22 - Honeynet looks to sting hackers - NetworkWorld
A group of 30 computer security researchers who set up inexpensive "fake" networks to observe how hackers behave as they break into them are finding out about new software vulnerabilities and warning the public. (관련기사 : NetworkWorld: Shoring up security)
2002/04/22 - Congress: Tighten IT security - NetworkWorld
Prompted by last year's terrorist attacks, momentum is building on Capitol Hill to expand the role of the National Institute of Standards and Technology in establishing IT security standards and best practices. But the prospect is raising concerns in some circles.
2002/04/22 - Warning! Why one virus alert system won't fit all - ZDnet
When Homeland Security chief Tom Ridge unveiled the new Homeland Security Advisory System, he added five new levels of alert--each distinguished by its own color--to our already crowded color-coded vocabulary. Ridge's plan is only the latest effort aimed at standardizing warning systems in the security community these days. There's even a semi-serious proposal afoot to have antivirus companies conform to a standard warning scale.
2002/04/22 - IETF blesses SNMPv3 - NetworkWorld
The Internet Engineering Task Force Steering Group recently approved Version 3 of the Simple Network Management Protocol (SNMPv3) as a full standard. The IESG also moved SNMPv3's predecessors, SNMPv1 and SNMPv2, to historical status - meaning there will be no more development on those standards.
2002/04/22 - Directory standard at a crossroads - NetworkWorld
In the spring of 1997, then University of Michigan student Tim Howes walked into a roomful of software vendors gathered on campus and detailed a standard directory access protocol he had helped develop as part of his master's degree work.
2002/04/22 - Security is poor because vendors are not held responsible - NetworkWorld
Network security is not a technological problem; it's a business problem. The only way to address it is to focus on business motivations. To improve the security of their products, companies - both vendors and users - must care; for companies to care, the problem must affect stock price. The way to make this happen is to start enforcing liabilities.
2002/04/22 - XML the glue for unified messaging - NetworkWorld
As a systems developer at the University of California, Berkeley, Kouba is spearheading an effort to create a unified communications system. The system will tie e-mail, voice mail and fax to a single in-box and allow access to it from anywhere - be it an e-mail client, a telephone, or a mobile phone or device.
2002/04/22 - Intel Unveils Plans to Support 802.11 Networking on the CPU - 802.11-Planet
While Intel is a latecomer to the 802.11 scene, analysts say the industry powerhouse's sneak peak at a prototype designed specifically for mobile users will definitely turn up the heat on competitors. Intel's new chip, dubbed "Banias," boasts 802.11b support that will eventually be embedded in a laptop Pentium 4.
2002/04/22 - WLAN client security: Using NICs that play tricks - TechRepublic
The IEEE 802.11b standard is now mainstream with PC notebook manufacturers. IBM, Compaq Computer, Hewlett-Packard, Toshiba, and Dell Computer all offer integrated Wi-Fi solutions. Wi-Fi is the certification standard for 802.11b sponsored by the Wireless Ethernet Compatibility Alliance (WECA) via a dual mini-Peripheral Component Interconnect (mini-PCI) slot that supports WLAN and a traditional modem.
2002/04/22 - Take precautions against peer-to-peer threats - TechRepublic
Think Napster and its file-swapping cousins are only a concern for the music industry? Think again. Peer-to-peer (P2P) file-sharing software poses a considerable threat to IT security. Plus, illegal file swapping could even result in a knock on the door from federal agents or the Recording Industry Association of America (RIAA).
2002/04/22 - PDA virus protection: Are your users' devices safe? - TechRepublic
Some PDA devices function as a cellular phone, pager, or even a laptop replacement, which provides more connectivity and power, but puts users at an increased risk for virus infection. Three bits of malicious code in particular have targeted Palm devices: the Liberty Crack Trojan horse and the Phage and Vapor viruses. This article will explore existing mechanisms for virus transmittal over PDAs and look at three different antivirus products available for the PDA. (관련기사 : ZDnet: Block PDA viruses)
2002/04/22 - IP VPNs: When, where and why - NetworkWorld
Every few years the concept of IP VPNs gets a lot of press. The idea is simple: A company can use one infrastructure (an IP network) to connect branch offices, headquarters, remote users, and third parties such as suppliers and customers.
2002/04/22 - Experts torn over mobile carriers?zeal for public Wi-Fi - NetworkWorld
I'll be often hinted in this space that the big mobile carriers should someday soon be stepping up to the plate to offer public wireless LAN services as an optional add-on to your overall 2/2.5/3G mobility service. However, I moderated a panel of experts representing the wireless industry earlier this month here in Silicon Valley where this issue was kicked around. The upshot was murky.
2002/04/21 - Keeping e-mail encryption alive - CNN
His invention for encrypting e-mail, Pretty Good Privacy, was so good that the government considered it munitions subject to tough export controls. Prosecutors threatened him with criminal charges when others leaked it overseas. The government ultimately backed off. But now, the company that makes the most popular version of PGP is the one pulling the plug.
2002/04/19 - Hacking Through the Wireless Jungle - Wirelessnewsfactor
Each time technology advances, a new underworld of cyber criminals appears, looking to exploit the latest systems. As companies strive to give employees more mobility -- without sacrificing productivity -- hackers have begun to slither around the wireless landscape, readying new assaults.
2002/04/19 - JavaScript security hole in IE 6 - .NetMagazine
A vulnerability has been discovered in Microsoft’s Internet Explorer 6 that enables JavaScript code to be delivered into the browser’s history list of URLs. The hole was discovered by Swedish security researcher Andreas Sandblad who posted his discovery to the Bugtraq mailing list. (관련기사 : Newsbytes: IE 6 Privacy Features Open Users To Attack - Expert, TheRegister: IE-6 privacy solution backfires, Extremetech: New, Serious Scripting Flaws in IE 5, 6)
2002/04/19 - Microsoft witness defends Passport - ITworld
Microsoft Corp.'s Passport authentication system again became the topic of testimony at the company's remedy hearing Thursday afternoon, as a Microsoft executive attempted to clarify what he said were mischaracterizations of the program made by earlier witnesses. (관련기사 : ZDnet: Survey-Passport required, not wanted)
2002/04/19 - What's cooking? Bluetooth hits the kitchen - ITworld
Toshiba Corp. started rolling out a line of Bluetooth-enabled networked home appliances this week, observing consumers' reactions to the new and as-yet-unproven products, while audio-equipment maker Kenwood Corp. announced with more confidence the development of Bluetooth wireless headphones. They were both demonstrated at Bluetooth Expo 2002, which opened here on Wednesday. (관련기사 : NetworkWorld: Adventures in Bluetooth)
2002/04/19 - Limiting Risks in Corporate Wireless Networks - Esecurityplanet
With wireless LANs cropping up on company grounds, network managers need to batten down the 802.11 hatches. That means setting the stage for wireless policies, to be implemented now as well as in the future.
2002/04/19 - IBM will not charge royalties for ebXML patent - ITworld
IBM Corp. has said it will not charge royalties on its patented technology within the Electronic Business XML (Extensible Markup Language) or ebXML standard. In late March, IBM contacted OASIS (Organization for the Advancement of Structured Information Standards), in Billerica, Massachusetts, to say that it had one patent and one patent pending on technology it had developed for the standard, Carol Geyer, director of communication for OASIS, said Friday.
2002/04/18 - Apache and SSL - Onlamp
Secure Sockets Layer (SSL), developed by Netscape Communications, and Transport Layer Security (TLS), the open-standard replacement for SSL from the Internet Engineering Task Force, are the two protocols that add encryption and authentication to TCP/IP. This article summarizes the basic concepts of how the two protocols work and how Apache implements these protocols so that one can transmit information securely over HTTP.
2002/04/18 - Defining WLAN Requirements: In Depth - 802.11-planet
In a previous article, we discussed the importance of requirements when deploying wireless LANs. It's very important to define requirements at the beginning of the project. If you don't do this, you'll likely install a solution that doesn't fully meet the needs of users or effectively interface with other systems.
2002/04/18 - Microsoft lobbies support for next-gen IP - ZDnet
At its WinHEC conference here, Microsoft executives urged hardware and software engineers to support IPv6, a replacement of the IPv4 version of Internet Protocol that underlies all communications across the Internet. IPv6's chief benefit is enabling a vastly larger number of computing devices to connect to the network by essentially boosting IPv4's limited number of addresses.
2002/04/18 - Carnivore's New Leash on Life? - Wired
A graduate student at Dartmouth College wants to tame the FBI's Carnivore surveillance system. Alex Iliev has proposed a way to force anyone who wants to monitor e-mail or Web browsing to follow the rules -- and not snoop on private data that should be off-limits.
2002/04/18 - Announcement of OpenSSL 0.9.6d and 0.9.7 Release Plan and Schedule - Linuxsecurity
The OpenSSL developers team is pleased to announce the upcoming release of OpenSSL 0.9.7. OpenSSL 0.9.7 contains several changes and enhancements in many fields; please check out the NEWS and CHANGES files for details. Some of the changes made break compatibility, so that application developers and distribution providers may need a transition period.
2002/04/18 - DoS attack storms port 445 - VNUnet
Security experts have warned that default registry settings on Windows 2000 boxes could allow a malicious user to cause a denial of service (DoS) attack through port 445. Research from analyst KPMG Denmark found that default registry settings in the Windows 2000 Lanman network management service could allow a user with access to TCP port 445, also known as the Microsoft-ds port, to effect a DoS attack.
2002/04/17 - Cisco's Vision Of A Wireless Future - Commweb
Cisco Systems on Wednesday unveiled its latest piece of hardware for connecting employees to corporate LANs wirelessly, saying it envisions a future in which people can access business or personal data from anywhere. The Cisco Aironet 1200 wireless access point is a thin, rectangular metal box that can be mounted on walls or ceilings, or hidden behind ceiling panels and includes an embedded 802.11b radio that can transmit and receive data at 11 Mbytes per second. (관련기사 : NetworkWorld: Cisco launches dual-band wireless LAN base station, ZDnet: Cisco plugs in WLAN gear, eWeek: Cisco hedges 802.11 bets)
2002/04/17 - Protect your Palm OS from new viruses - TechRepublic
In 2000, Symantec Corp. discovered some unique viruses. They were written to attack Palm OS handhelds. It was only a matter of time before a hacker figured out how to exploit this operating system. In response, last year Symantec created Symantec AntiVirus for Palm OS. Recently, the company released a new version: Symantec AntiVirus 2002 for Palm OS (see Figure A).
2002/04/17 - Not just sci-fi: Uncrackable encryption - ZDnet
Imagine, if you will, a means of delivering encryption keys that is so secure that it's impossible to break because doing so would violate the laws of physics. In other words, the delivery method is so secure, it's protected by the very fabric of the universe.
2002/04/17 - The IE back-button attack - TheRegister
Swedish security researcher Andreas Sandblad has discovered that the MS Internet Explorer history list allows JavaScript in the URLs. The code will execute in the same zone as the last URL visited. The error page generated by IE functions in the local computer zone. Thus when an error page is generated, JavaScript can be injected in the history and executed by using the back button.
2002/04/17 - New Take On Klez Worm Spreading - SecurityFocus
Virus watchers say a variant of an already common Windows worm has begun making its way around the Internet, and this time it's packing the ability to replace legitimate executable programs with its own malicious code. Anti-virus companies said today that Klez.H is a revamped version of the three-month-old Klez.E worm, which is itself traced back to a mass-mailing worm first spotted in October of 2001. (관련기사 : VNUnet: Klez virus back with a vengence, ZDnet: Klez worm's on the loose again, InfoWorld: New variant of Klez worm detected, TechRepublic: Dangerous Klez worm could compromise sensitive data)
2002/04/17 - Microsoft defends Baseline Security Analyzer tool - Infoworld
RESPONDING TO ESCALATING criticism that its new Microsoft Baseline Security Analyzer (MBSA) vulnerability file scanning product is not up to snuff, Microsoft says users finding difficulty with the new software tool may be misinterpreting the results of the freeware product's findings. (관련기사 : ITworld: Microsoft offers free tool for security checks, eWeek: Microsoft Tool Scans for Flaws, Missing Patches)
2002/04/16 - New appliances geared for WLAN management - eWeek
Wireless LANs are getting faster, with better interoperability and more cost effective connectivity for mobile users. However, current 802.11x wireless standards offer limited security measures, as recently discovered vulnerabilities in the Wire Equivalent Privacy protocol demonstrate. IT managers need better products to secure their WLANs from eavesdroppers and unauthorized access, and to enable centralized management in enterprise environments.
2002/04/16 - Symantec: Blended security threats on the rise - NetworkWorld
Attacks on corporate computer systems will continue to get more sophisticated, simultaneously targeting several areas of vulnerability in "blended" attacks, according to executives from security vendor Symantec. (관련기사 : ZDnet: Blended threats brew vicious, ZDnet: 'Blended' attacks pose serious security threat, ZDnet: How to stay one step ahead of hackers)
2002/04/16 - U.S. Robotics doubles speed of 802.11b wireless LAN - NetworkWorld
U.S. Robotics has boosted the speed of its latest range of wireless LAN products for small businesses to 22M bit/sec, while retaining compatibility with 2.4-GHz systems built to the IEEE 802.11b standard, the company announced Tuesday.
2002/04/16 - XP Home vs. XP Pro networking: What's the difference? - TechRepublic
Whether you’re getting ready to roll out Windows XP for your users or you just want to get up to speed with it on your own computer, which Windows XP flavor is right for you in terms of networking features? Do you go with the vanilla Home Edition version or spring for the chocolate, nuts, and marshmallow chunks in Professional? The answer isn’t just about money, although with a $100 difference between the two, those extra munchies don’t come cheap.
2002/04/16 - W3C Give Blessing To New Privacy Standard - Newsbytes
A Web standard aimed at helping surfers determine their own Internet privacy protections received an important boost today when the World Wide Web Consortium (W3C) issued a formal recommendation that the standard be widely adopted. The Platform for Privacy Preferences (P3P) uses automated XML-based browser software to help consumers interpret Web site privacy policies and make decisions whether to accept or reject them.
2002/04/15 - Secure Web services with IP blocking - Builder
The one thing that can really push a new technology into the forefront of business executives’ minds is the ability to generate additional revenue. Web services allow you to sell your existing functionality as a service to anyone with an Internet connection. Now, the question becomes, once you publish your functionality as a Web service that anyone on the Internet can use, what's to stop anyone from using it?
2002/04/15 - Making the Choice: 802.11a or 802.11g - 802.11-Planet
If your wireless LAN applications require high performance, then you're probably facing a decision on whether to use 802.11a or wait for 802.11g. Before making the choice, you need to fully understand what both of these standards have to offer. Let's compare and contrast these two competing technologies and then see which one best fits your needs.
2002/04/15 - Flawed encryption leaves networks open to attack - Silicon
Companies are being warned to stop using short encryption keys as their only measure of protection against hackers. The most well-known application of short encryption is the Secure Sockets Layer (SSL) protocol, which is commonly used to protect internet transmissions. (관련기사 : nCipher: The Risks of Short RSA Keys for secure communications using SSL, eWeek: SSL Keys Coming Up Short)
2002/04/15 - Put to the test - NetworkWorld
Intrusion-detection systems work just fine when it comes to spotting and clamping down on attacks that have been seen before, but security experts warn that a new breed of stealthy network-attack techniques could run roughshod over today's IDS devices.
2002/04/15 - Web services will require application-level firewalls - TechRepublic
Firewalls will always be required at the trust boundaries of enterprise networks. However, the current generation of firewalls provides protection only at the network level, with minimal application awareness. The rise of Web services will require the addition of application-level firewalls to protect against external attacks and the effects of unintentionally malicious software being transferred between business partners.
2002/04/15 - Caching vendors adding security features to gear - NetworkWorld
Businesses looking to add another layer of protection beyond traditional firewalls will find a slew of new products from companies that are adding security features to their Web caching offerings. Inktomi last week unveiled its Traffic Edge Security Edition software, which adds virus scanning, content filtering, and user authentication and access control to its caching software.
2002/04/15 - Firewall recommendations - NetworkWorld
My company just completed an IS audit. One of the recommendations the auditor made was to use two firewalls instead of one. The report also mentioned setting up a DMZ and putting the servers that need to be visible from the outside world in it, keeping that traffic off our network. Isn't one firewall enough? Via the Internet
2002/04/15 - Multimode wireless chipsets advance - NetworkWorld
The next generation of wireless networks will involve multiple protocol standards, and a key consideration is that multimode chipsets can handle them all simultaneously. However, protocol candidates such as Wi-Fi, Wi-Fi5, HiperLAN, IEEE 802.11g and Bluetooth have different and incompatible operating conditions, so multimode chipsets will have to be developed to ensure compatibility.
2002/04/15 - Alcatel debuts seamless failover - NetworkWorld
Alcatel claims to have new technology that will allow its core routers to fail without dropping sessions, a feature that the company says will relieve some of the delay problems facing carriers that provide pieces of the Internet backbone. (관련기사 : Infoworld: Alcatel gets serious about IP)
2002/04/15 - IP telephony talk zeroes in on SIP - NetworkWorld
As voice over IP gains momentum in large organizations, experts say forward-thinking network executives should familiarize themselves with three letters: S, I and P. Session Initiation Protocol was on the minds of customers, analysts and the vendors who were pushing a lineup of new SIP-related products at the Voice on the Net show last week. (관련기사 : NetworkWorld: The skinny on SIP)
2002/04/15 - Secure Web Services Draw Closer - IT-director
It is quite clear that, to some degree, everybody loves to be involved in marketing hype, whatever the subject area. Often the participation may be limited to simply pouring scorn on the efforts of others to describe the situation.
2002/04/15 - New cumulative Microsoft patch fixes two critical threats - TechRepublic
At the end of March, Microsoft released Security Bulletin MS02-015. This is a cumulative patch that includes new patches for two critical threats, including the CodeBase Localpath vulnerability I described two weeks ago. The bulletin refers to this vulnerability as Local Executable Invocation via ObjectTag, but it’s the same as the CodeBase Localpath vulnerability (CAN-2002-0077).
2002/04/12 - MS, IBM propose SOAP security kit for Web services - TheRegister
A team of researchers from Microsoft, IBM and VeriSign have put together a preliminary proposal for securing Web services with SOAP (Simple Object Access Protocol) extensions which will work with a variety of authentication and encryption schemes.
2002/04/12 - Technology Issues Hindering Mobile Commerce - Mcommercetimes
Many in the entrepreneurial world rolled into 2002 still fondly spinning out their dreams of mobile-commerce bliss. There's no shortage of ideas - content to sell, transactions to facilitate -- but there is still a shortage of bandwidth, and as the folks at Boston-based research firm The Yankee Group pointed out recently, all these wondrous m-commerce plans will stand or fall on the carrier's network know-how.
2002/04/12 - Study: Damage from hackers and viruses increases - Startribune
Despite the near-ubiquity of firewalls and antivirus software, hacker attacks and viruses are causing more damage to computer networks every year, according to a survey by San Francisco's Computer Security Institute (CSI) and the FBI.
2002/04/12 - Buffer overloads: The big security hole - Anchordesk
Last month, Microsoft reissued its buffer-overflow vulnerability announcement for Simple Network Management Protocol (SNMP), which is included within every edition of Windows except Windows Me. This follows Microsoft's announcements earlier this year of buffer-overflow vulnerabilities in ISAPI in Microsoft Commerce Server 2000, Microsoft SQL Server, and Telnet Server in Windows 2000.
2002/04/12 - IT security a must for small-business survival - NZherald
New Zealand's small-business community is increasingly relying on technology and the internet. With this reliance comes a growing threat to small businesses as they become vulnerable to attack from complex viruses, network infiltration and malicious hacker activity aimed at stealing company and customer financial information.
2002/04/12 - The peer-to-peer push - InfoWorld
AS THE HYPE surrounding peer-to-peer networking recedes, vendors are surging ahead to deliver p-to-p-based collaboration applications designed to address enterprise concerns about security, control, and management of distributed systems. Vendors are also exploring links between p-to-p and Web services to extend services to different device types and technologies.
2002/04/12 - Wanted: A Few Good Wi-Fi Pops - ISP-Planet
The newest mobile broadband wireless technology and its backers have everything a developing industry needs: big visionary names, venture capital budgets, fresh startups, and obvious benefits to end-users. However, the Wi-Fi industry lacks a national network, and the way executives in the trenches see it, ISPs might play a pivotal role in establishing one.
2002/04/12 - Insider threat to security may be harder to detect, experts say - IDG
Recent findings that insiders constitute the primary threat to enterprise security are being challenged by experts who insist the greater threat to security remains external. Only 38% of respondents to the latest computer crime survey sponsored by the FBI and the San Francisco-based Computer Security Institute said they detected insider attacks during the preceding 12 months.
2002/04/11 - COMMENTARY:Personnel and E-mail Security - InternetWorld
Have you ever had a rude person accuse you of making a mistake, when you knew you were right? When that happens, what could be sweeter than to show the other person -- very politely, of course -- why he is wrong. I had a chance to do just that the other day. The episode illustrated an important security problem, so let me tell you about it.
2002/04/11 - Security experts say voice mail systems vulnerable - Computerworld
Security consultants aren't surprised that someone managed to take a voice mail Hewlett Packard Co. Chairwoman and CEO Carly Fiorina left for HP Chief Financial Officer Robert Wayman last month and transmit it to the world. (관련기사 : ComputerWorld: Voice-Mail Systems Easy Prey for Hackers)
2002/04/11 - Tech standard secures Web services - ZDnet
The three companies on Thursday will release a new specification, called WS-Security, which will encrypt information and ensure that the data being passed between companies remain confidential. The companies, which are announcing the new security initiative at Microsoft's Tech Ed developer conference, also plan to build five more security specifications in the next 12 to 18 months that will provide additional security measures that businesses may need for Web services. (관련기사 : ITworld: MS, IBM, Verisign team on Web services security)
2002/04/11 - Industry group to define Web services - NetworkWorld
Work is now officially underway by the World Wide Web Consortium to hammer out a formal framework for Web services. In its first face-to-face meeting last week, the recently formed W3C Web Services Architecture Working Group began crafting a paper that will, among other things, describe what Web services are, the technologies needed for them, how they'll interact with each other, and how to address privacy and security. The paper is due out by year-end.
2002/04/11 - IDC: WLANs Are "Disruptive Technology" - 80211-Planet
Wireless local area networks (WLANs), particularly those used in the home and in small offices, are a so-called disruptive technology that will have the same impact on the networking industry that wireless phones did to the telecommunications industry, a study released Wednesday by market research firm IDC claims.
2002/04/11 - Storage Area Network Notes - ISP-Planet
It's that time of the year again when you can't possible attend every expo, seminar, or forum that catches your attention. The storage sector proves it is just like other technology hotspots of the past as it proves to be the darling of the conference industry this year.
2002/04/10 - AppGate's alternative to IPSec VPN - NetworkWorld
More and more alternatives to IPSec VPNs are cropping up for corporations that want to establish secure remote access connections over the Internet, and here is a brief description of one such alternative from a company called AppGate.
2002/04/10 - It's Back To Business for VoIP 2002 - Internetweek
The buzz over Internet telephony, while muted lately under the weight of the battered tech economy, is showing signs of humming again. Enterprise IT end-users are talking about the productivity features of unified messaging. The old rationale of IP telephony -- to dodge long-distance phone bills -- turned out not to be so far off base.
2002/04/10 - How to beat software's gaping security hole - ZDnet
Last month, Microsoft reissued its buffer-overflow vulnerability announcement for Simple Network Management Protocol (SNMP), which is included within every edition of Windows except Windows Me. This follows Microsoft's announcements earlier this year of buffer-overflow vulnerabilities in ISAPI in Microsoft Commerce Server 2000, Microsoft SQL Server, and Telnet Server in Windows 2000.
2002/04/10 - Take control with Windows XP Remote Desktop - TechRepublic
How many times have you or one of your users been at home or on the road and needed to access something on your office PC? Windows XP Professional’s Remote Desktop feature allows you to do anything that you could do on your office desktop from your home PC or from a laptop when you're out of the office. In this article, I will explain the basics on how to configure and use it.
2002/04/10 - New Worm Targets Outlook E-Mail and AIM Users - eWeek
Security software maker Symantec is warning of a new worm that uses the blended threat technique found in other recent worms. The worm comes in two forms, W32.Aphex@mm and W32.Aplore@mm. Its primary function is to mass-mail itself via a Microsoft Outlook address book, but it also uses IRC and AOL Instant Messenger (AIM) to propagate. (관련기사 : Newsbytes: Aphex E-mail Worm Has A Way With IRC, Instant Messenger, Computerworld: Tricky worm can spread via AOL's instant message)
2002/04/10 - Experts: Chat rooms a haven for hackers - CNN
"Once the hacker or someone in the underworld has personal information, credit card numbers, social security numbers, address, whatever it may be," says Harrington, once the hacker "has that information and wants to sell it, often they'll go to a hacker chat room, a place on the Web using an Internet Relay Chat which provides them some anonymity and allows them to mention that they have this personal information and they want to trade."
2002/04/10 - Microsoft releases critical security patch - ZDnet
Microsoft recommends that customers running a Web site on its Windows NT 4.0, Windows 2000 or Windows XP Professional operating systems install the patch immediately. "The really important thing is getting the patch on," said Scott Culp, manager of Microsoft's Security Response Center, adding that the software giant is pushing hard to get the advisory in front of everyone who runs IIS 4.0, 5.0 or 5.1. (관련기사 : Newsbytes: Microsoft Patches Ten New Security Bugs In IIS, Silicon: Microsoft-there's a hole in IIS, TheRegister: Eight new IIS security holes exposed, Techrepublic: Microsoft patches 10 new IIS vulnerabilities)
2002/04/10 - Top Layer Filters Traffic - eWeek
Top Layer Networks Inc.'s Attack Mitigator Version 1.0 provides powerful protection from DoS and distributed-denial-of-service attacks on Web servers and other network infrastructure devices and desktop systems. The Attack Mitigator is best suited for large organizations that need an extra layer of protection for their networks. It shouldn't be thought of as a firewall replacement.
2002/04/09 - Cert warns of automated attacks - VNUnet
The Computer Emergency Response Team (Cert) has released a report pinpointing the six fastest evolving trends in the black hat world of internet security. The organisation, which has been monitoring hacker activity since 1998, found that the most notable trend to evolve over recent years is the automation and speed of attack tools.
2002/04/09 - Boffin claims DoS attack breakthrough - VNUnet
A computer scientist at the University of Massachusetts claims to have worked out a new technique for combating Denial of Service (DoS) attacks that requires adding a single bit of information to messages sent across the web. (관련기사 : NewsFactor: New Defense Against Hack Attacks)
2002/04/09 - Cracks in the Firewall - Businessweek
Is your firewall toast? A new report by Web security giant Internet Security Systems (ISSX ) suggests it certainly could use a few upgrades and some additional help. The company combed through data collected from the logs of thousands of security devices it monitors for businesses ranging from mom-and-pops to multibillion-dollar global conglomerates. The conclusion: Perimeter defenses such as firewalls are not enough to ward off increasingly sophisticated worms and viruses.
2002/04/09 - How FTP port requests challenge firewall security - TechRepublic
The File Transfer Protocol (FTP) is one of the most popular, but also most misunderstood, protocols in use today. I get many questions every day from router and firewall administrators asking why a particular FTP client or server configuration isn’t working. If these administrators understood how FTP worked and how typical firewalls augment the protocol’s sometimes dicey security demands, they would be able to easily solve the FTP-related problems they encounter.
2002/04/09 - Configure Win2K IPSec to secure network traffic - TechRepublic
IPSec is fast becoming the de facto standard for secure communications on the Internet. However, did you know that you can also use it to secure sensitive transmissions on your LAN and/or WAN if you're running Windows 2000? My previous article introduced the Windows implementation of IPSec. Now, we'll walk through the process of setting up and configuring IPSec in Win2K.
2002/04/09 - A trio of MS-Office security vulns - TheRegister
Researchers at GreyMagic Software have uncovered three novel vulnerabilities provided by Microsoft Office Web Components (OWC), which can override security settings in Internet Explorer. First up, it's possible, using the spreadsheet component of OWC, to enable active scripting when the user has it disabled in IE.
2002/04/09 - IP phone vendors push towards SIP support - NetworkWorld
Pingtel and Polycom this week announced new voice-over-IP software and hardware aimed at enterprises interested in adopting the Session Initiation Protocol (SIP) standard for VoIP applications.
2002/04/09 - Get ready for 3G wireless - Zdnet
Worldwide, cellular and personal communications service (PCS) carriers are in the midst of upgrading or launching new wireless packet data networks. Packet data already exists using personal digital cellular (PDC) in Japan, iDEN and cellular digital packet data (CDPD; packet overlay on the old analog network) in the United States, Mobitex and DataTAC technology, and new CDMA2000 and W-CDMA launches worldwide. Mobitex and DataTAC are data-only networks, and cannot offer voice services.
2002/04/08 - Configure Windows XP Professional to be a VPN server - TechRepublic
For the Small Office/Home Office (SOHO), Windows XP Professional VPN features are a real boon. Traveling users with laptops or handheld computers will inevitably want files on the home network; you just can’t bring everything with you. This is where the beauty of the Windows XP Professional computer connected to an always-on connection, such as DSL or cable modem, shines.
2002/04/08 - Bandwidth: Quality over quantity? - NetworkWorld
There's been lots of talk about quality of service in LANs, but unless you're running voice, video or other unforgiving applications, you can probably solve congestion by simply throwing more bandwidth at the problem.
2002/04/08 - ISS ranks Net vulnerabilities - TheRegister
Advanced worms, or so-called hybrid and blended threats like Nimda and Code Red, continue to pose the greatest online risk according to investigations carried out by Internet Security Systems Inc, but the company rates multiple vulnerabilities uncovered in the SNMP v.1 Simple Network Management Protocol "the largest multi-vendor security flaw ever discovered to date." (관련기사 : Silicon: 'Smart' viruses plaguing end users)
2002/04/08 - WECA Wrestles With Wi-Fi - eWeek
The organization that drove the adoption of the popular 802.11b WLAN specification is now struggling with how to test and market future wireless LAN products. At issue in the Wireless Ethernet Compatibility Alliance is how to best route developers from Wi-Fi (802.11b) to the more prestigious Wi-Fi-5 certification. The task is formidable and could lead not only to confusion for users but also to a delay in product releases.
2002/04/08 - Assess Requirements Before Designing WLAN - 802.11-Planet
When deploying wireless LANs, most people begin the project by jumping into technical matters, such as deciding upon which version of 802.11 to use, which vendor to select, and how to overcome the limitations of 802.11 security. These are important elements of implementing a wireless LAN; however prior to getting too far with the project, you must give careful attention to requirements analysis and design in order to end up with an effective solution.
2002/04/08 - Denial-of-Service Attacks Still a Threat - IDG
Denial-of-service (DOS) attacks continue to present a significant security threat to corporations two years after a spate of incidents brought down several high-profile sites, including those of Yahoo Inc. and eBay Inc., users and analysts report. Since then, several technologies have emerged that help users detect and respond to DOS attacks far more quickly and effectively than before. (관련기사 : Theregister: Scottish ISP floored as DDoS attacks escalate)
2002/04/08 - Expert warns of Trojan explosion - VNUnet
A technology researcher at Berkeley, University of California, has described distributed computing systems that connect to a central server as security blunders waiting to happen. The warning follows the news last week that peer-to-peer file sharing software Kazaa contains a Trojan that puts millions of machines at risk.
2002/04/08 - Firewall program aims to protect remote offices - NetworkWorld
The firewall market is a pretty wild and wooly place. You've got hardware and software products targeting big companies and small, being built into routers and gateways, and gunning for consumers' desktops. Just as confusing is the variety of technologies in play. Do you want a proxy firewall; a network address translation firewall; one that employs stateful packet inspection?
2002/04/08 - In An Instant - Informationweek
A consortium of eight Wall Street firms is about to transform the way buyers and sellers of fixed-income securities do business using what, until recently, has been a grassroots technology: instant messaging. Traders who now use E-mail and rows of phones to manage a crush of information will have a new tool that promises even greater speed and efficiency. That is, if communication overload doesn't make things worse.
2002/04/08 - Vendors up the volume on VoIP - NetworkWorld
This week's Voice on the Net show will feature new wares that help customers mix legacy phone gear with an IP PBX, add multimedia communications to call centers and better integrate the latest voice-over-IP technologies with existing network and security infrastructures. The heightened vendor activity comes as customer appetites for large-scale IP telephony are growing, experts say.
2002/04/08 - Microsoft makes wireless case - NetworkWorld
Microsoft is taking a new approach to the mobile and wireless markets that observers say might finally result in the company getting it right. The company is blending wireless and mobile support directly into its enterprise network software. That's a departure from its past efforts, and a twist on the current strategies of other vendors.
2002/04/08 - Wireless LAN TCO may be less than you think - TechRepublic
Enterprises are evaluating the use of the wireless LAN as a replacement or an extension of their wired LANs, but they are not aware of the real total cost of ownership (TCO) beyond hardware and software. In many cases, individual users or departments have already set up an unauthorized wireless LAN system to use locally.
2002/04/08 - Cost of IT security breaches doubles - FBI - TheRegister
Two in three US firms say they lost money after falling victim to security breaches last year, according to an FBI survey. The cost of intrusions was almost double that of 2000. Eighty-five percent of respondents taking part in the sixth annual Computer Crime and Security Survey, detected computer security breaches in 2001. Most resulted in a financial hit, with 64 per cent saying their firms had lost money due to security lapses. (관련기사 : CSI: Cyber crime bleeds U.S. corporations, survey shows: financial losses from attacks climb for third year in a row)
2002/04/08 - Master the basics of Java Cryptography Extension (JCE) - Builder.com
The Java Cryptography Extension (JCE) is now a core part of Java SDK 1.4. Basically, it's a set of packages that provide a framework and implementations for encryption, key generation and agreement, and Message Authentication Code (MAC) algorithms. This article will explore the installation and utilization of JCE.
2002/04/08 - FBI: Cybercrime on the rise, but few victims report it - NetworkWorld
The cost of computer security incidents continued to rise in 2001, to a total of $456 million, while only 34% of victims of such crime reported it to law enforcement, according to the seventh annual Computer Crime and Security Survey conducted by the Computer Security Institute and the San Francisco Bureau of the FBI. (관련기사 : MSNBC: Survey-Hacking often unreported, Miami Herald: Computer security breaches up, but many unreported, poll says, SecurityFocus: FBI-Businesses Loath To Report Hacks, Salon: FBI-Computer hacking on the rise)
2002/04/08 - Light at the end of the L2TPv3 tunnel - NetworkWorld
Companies and carriers have been looking for ways to maximize the efficiency and cost of their infrastructures and simplify management by transporting multiple Layer 2 services across a common IP backbone. Unlike IP-based VPNs, Layer 2 VPNs are multiprotocol, allowing the transport of IP and non-IP traffic across a common router infrastructure. With Layer 2 VPNs, complexity is reduced by eliminating the need for edge routers to support every enterprise VPN routing table and Layer 3 routing environment.
2002/04/05 - IP VPN Services - Networkmagazine
An IP VPN is commonly defined as a routed link between two or more points across a heterogeneous network topology with various degrees of security that ensure privacy for all parties. The idea behind the IP VPN is to leverage the Internet's reach-and low cost-to eliminate the more expensive dedicated links common today. Some industry experts also claim IP VPNs will guarantee secure data transmission for businesses and, in the process, allow service providers to offer more-profitable value-added services.
2002/04/05 - Colleges, companies fail computer security - NetworkWorld
The security holes exploited by Code Red and Nimda, worms that experts said had the potential to knock the entire Internet offline, attacked long-standing vulnerabilities in Microsoft's Internet Information Services Web server software caused by a type of error made through bad code writing: the buffer overflow.
2002/04/05 - Stores find security in Linux - ZDnet
The fact that Linux is an open operating system makes it inherently more secure, says CIO Mike Prince. "Anybody can examine the source code looking for vulnerabilities, but you can't look at the Windows source code for vulnerabilities," he explains. "If there is a problem, anyone can address and fix it. There is an entire community of people who can plug the gap virtually instantaneously." That last factor also makes Linux a less inviting target for virus writers, he says.
2002/04/05 - Worldcom's IP Voice Communicator - NetworkMagazine
If PBX costs have you seeing red, then Worldcom's (www.worldcom.com) IP Voice Communicator should bring a little green to your life-dollar green, that is. This recently upgraded Voice over IP (VoIP) service brings Centrex-like functionality over an IP network. In doing so Worldcom claims to dramatically undercut the costs of outfitting offices of around 250 users with a PBX or key system: Just how much of those greenbacks will a customer see?
2002/04/05 - Microsoft patches two Windows security holes - InfoWorld
MICROSOFT ANNOUNCED TWO new moderate-risk security holes that affect Windows NT and Windows 2000 late Thursday and offered patches to fix both. The more serious of the two holes affects most versions of Windows NT and 2000, including server versions, and could allow an attacker to elevate privileges or run code on a local machine, according to Microsoft. (관련기사 : TheRegister: New Win-NT, 2K, XP security holes, HelpNet-Security: Microsoft Windows MUP overlong request kernel overflow, Microsoft: Microsoft Security Bulletin MS02-016)
2002/04/05 - Warning: IE6 "comprehensive" patch may not be comprehensive - ExtremeTech
On March 28th--shortly after we published an ExtremeTech Security newsletter detailing unfixed security holes in Internet Explorer 6.x--several readers wrote to tell us that Microsoft had published a new patch. This "comprehensive" patch purported to fix all known security holes up to that time.
2002/04/05 - Stop the IPv4 World, I Wanna Get Off - ISP-Planet
The Internet Engineering Task Force (IETF) wants development on new IPv6 transition tools stopped?at least for the time being. But this doesn't mean that the updated addressing protocol has been laid to rest permanently. IPv6 is still being pushed forward by developers in Asia and Europe right now. But IPv6 won't receive the same kind of love and attention from U.S. developers for another year or two.
2002/04/05 - Understanding the Win2K implementation of IPSec - TechRepublic
One of the many exciting new features introduced in Windows 2000, and perhaps one of the better ones, is support for IPSec. You may have heard some of the talk about IPSec?probably in relation to VPN?but you may not know the full story about how IPSec can secure network communications in Windows 2000. Don't worry. I'm going to show you the ins and outs of IPSec in Win2K and tell you why you may want to implement it on your LAN.
2002/04/04 - Cisco Secure ACS webserver Format String Vulnerability - HelpNet-Security
Cisco Secure ACS has a webserver interface listening on port 2002. The webserver has a format string condition, making it possible to overwrite EIP, resulting in a service crash and arbitrary code execution. (관련기사 : Cisco Security Advisory: Web Interface Vulnerabilities in Cisco Secure ACS for Windows)
2002/04/04 - Firm warns of NetWare security hole - NetworkWorld
IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of a vulnerability in the operating system that makes it subject to intrusions that could cause the system to crash. IXSecurity.com, an IT security firm, Thursday reported that NetWare 5.1 and 6 are vulnerable to a buffer overflow condition that could affect server operation.
2002/04/04 - PDASecure Keeps Microdrives Secure - PCworld
A new encryption software allows users of IBM's Microdrive hard drives to use the same drive in different mobile devices without having to reconfigure its security settings. Trust Digital announced that its PDASecure software is now available for the Microdrive, a one-inch wide hard drive that offers up to 1GB of storage for mobile devices, the company says in a statement.
2002/04/04 - Weak crypto casts shadow over ecommerce - TheRegister
US export restrictions and local legislation on cryptography still casts a shadow over the security of ecommerce site even years after regulations to permit the use of strong encryption. That's according to a survey of SSL servers by Netcraft, carried out last month, which discovered 18 per cent of supposedly secure servers use potentially vulnerable key lengths.
2002/04/04 - Flash glitch throttles bandwidth - TheRegister
A problem in Flash Player 6 means users are unable to stop the download of large files once they have been started, resulting in a bandwidth drain to surfers. In previous versions of the Macromedia Flash Player, loading another file, leaving the web site, or closing the browser window will stop this transfer but this doesn't happen with Flash Media Player 6, according to tests using Internet Explorer 6 in Windows XP.
2002/04/04 - Nuking MS Messenger - TheRegister
We've been blessed with scores of memos from readers offering numerous tips for nuking Microsoft Messenger, since we reported that an update which MS is touting as 'critical' sneakily re-installs it. First, if you're sure you'll never use it, you can take the flamethrower approach and delete the entire Messenger directory (C:\Program Files\Messenger). The problem here is that some future MS 'upgrade' may well re-create the directory for you. You know how helpful MS likes to be.
2002/04/04 - DivX, MP3 developers unite for security - Cnet
Under a deal announced Wednesday, the companies said they would work together to create a digital watermark system. Watermarking technology places a unique bit of code into a video or audio file, making the file difficult to copy or play without permission from copyright holders.
2002/04/04 - Why con artists are your biggest security threat - ZDnet
That's not what you want to hear after laying out six figures to arm yourself with firewalls, antivirus software, and intrusion-detection applications, is it? Nevertheless, forewarned is forearmed, and there is something you can do to fight this threat.
2002/04/03 - FBI spy-hunters will use 'electronic tripwires' to protect secrets - SiliconValley
Tighter security against possible spies inside the FBI will require sophisticated ``electronic tripwires'' activated when employees try to review off-limits secrets, says a former FBI and CIA director. The tripwires ``will make it more difficult (for spies) in a deterrent sense -- knowing they'll be more apt to be observed,'' said William H. Webster, who led a commission of experts investigating security inside the FBI after the February 2001 arrest of agent Robert Hanssen.
2002/04/03 - Bluetooth and WLANs may clash - ZDnet
Bluetooth is emerging as the standard wireless PAN protocol. It provides simple access for devices over ranges up to 10 meters. As a PAN, it replaces cables such as those between computers and their peripherals or those between a cellular telephone handset and a PC or a headset. Because Bluetooth capability is being designed into cellular handsets, Bluetooth nodes will be commonplace.
2002/04/03 - Tokens: No password to paradise - TechRepublic
I shoved my salad out of the way and leaned over the lunch table to inspect the thing that looked like a purple key fob. Joe Grajewski, president of Mandylion Labs, was showing me his solution to keeping track of passwords. The device, which is intended to be carried on a key chain, has five buttons and a tiny LCD screen.
2002/04/03 - Password chaos threatens e-commerce - TechRepublic
It's bad enough when you go to Amazon.com to order a book and can't remember your username and password. But at least it's probably not mission critical; if you have to wait until Amazon sends you your reminder, you can still find something to read. When you're trying to make things flow smoothly through your company's supply chain, however, you can't afford to wait. You're ordering supplies for just-in-time delivery, and delays can cost you in a big way.
2002/04/03 - New vulnerability products are old hat - ZDnet
Network Associates, for example, introduced ThreatScan, a software package that's designed to proactively search every device on your network and look for holes through which worms could slip. And the recently released FoundScan Vulnerability Management System looks for and tracks vulnerabilities until they're fixed.
2002/04/03 - ISS: Worms overtake DoS as top attacks in 2002 - ITworld
The Internet has become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems Inc., which released its security incident figures for the first quarter of 2002 Wednesday. (관련기사 : InfoWorld: Server port 80 plagues Internet security)
2002/04/03 - Study: SSL encryption weaker in Europe than US - ITworld
Up to 18 percent of servers using SSL (Secure Sockets Layer) encryption technology for Web site encryption are potentially vulnerable to hackers, with the problem being far more pronounced in Europe than in the U.S., according to the latest monthly survey of Web server usage conducted by Netcraft Ltd.
2002/04/03 - Study: Corporate PDA buyers wait for wireless - NetworkWorld
Worldwide shipments of handheld computers are expected to continue their slow growth in 2002 as the IT industry rebounds from financial woes and corporate users wait for more advanced wireless capabilities, a research firm said Wednesday.
2002/04/03 - Study: WLANs on "Incredible Journey" - 80211-planet
Wireless local area networks outperformed much of the technology sector in 2001 and are about to take off on an "incredible journey," according to a study released Wednesday by In-Stat/MDR. The study found that more than eight million WLAN chipsets were sold in 2001, an increase of about 23 percent over the previous year. However, strong indications are that WLAN chipset sales are already increasing sharply this year and the study predicts sales of 14 million units, an increase of 75 percent over 2001. (관련기사 : In-Stat: WLAN Chips to Embark on Incredible Journey)
2002/04/03 - Take these precautions against inside security attacks - ZDnet
What's the biggest threat to your computer network? If you said unpatched Microsoft flaws, worms, viruses, or even a weak firewall, unfortunately, you're living in a fool's paradise. The biggest single threat to your IT operation is someone you probably know by name. Think about it. Who knows better how to penetrate your systems?a hacker or someone down the hall who already has access to your systems?
2002/04/03 - eBay closes password security hole - NetworkWorld
Online auction powerhouse eBay late Tuesday closed a security hole in a password-maintenance feature that could have allowed attackers to take over a user's account and commit fraud. The vulnerability existed in the feature that allowed registered eBay users to change the passwords that they use to log on to the site, according to Kevin Pursglove, senior director of communications at the San Jose company. (관련기사 : Cnet: eBay plugs password security hole, WashTech: Ebay Takes Action To Plug Password Hole, Newsbytes: Security Flaw Opens Ebay Accounts To Hijack)
2002/04/03 - Manageability, Compatibility Top VPN Selection Criteria - Internerweek
Manageability and compatibility with other products are the two most important criteria that corporations are using in evaluating virtual private network appliances, according to a new study by In-Stat/MDR. The company found that 73.4 percent of companies said manageability was most important, while 70.6 percent said compatibility with other equipment was critical. The study, which polled a total of 405 LAN managers in corporations of varying sizes, had a total of 405 responses.
2002/04/03 - 10 Gig glitch - NetworkWorld
It has been very quiet on the standardization front for 10 Gigabit Ethernet, so last week I checked in with Jonathan Thatcher to find out how things are going. There was a glitch recently in the efforts of the IEEE task force working on the standard, as you might imagine with a group that is really pushing Ethernet into unknown territory. That glitch had to do with testing compliance with the standard, says Thatcher, chair of the IEEE 802.3ae task force and principal engineer of World Wide Packets.
2002/04/02 - XML Security Risks - PCmagazine
Few things have lubricated the wheels of commerce better than the ability to have virtually any computer talk to any other. But mere connection is not enough. Without a common data-interchange language, programming can be as frustrating as the general contractor's job at the Tower of Babel.
2002/04/02 - Simplifying Network Security - SCmagazine
Network security can be complex. Products from multiple vendors, running on platforms not necessarily built to handle security software, equal network complexity and a lack of security that would give Linus Torvalds a headache. Too much time is consumed integrating software, hardware and the security application itself, and not enough time on planning and implementing, and ongoing support - thereby compromising the security and reliability of your actual network.
2002/04/02 - What Isn't Intrusion Detection - InformationSecurity
One thing everybody can agree on is that infosecurity is hard. Think about it: It's one of the few things that touches every layer of the IT infrastructure-physical, network, application, OS, etc. And that's only the half of it. Securing the other half-the carbon-based units operating all this technology-makes the other stuff look easy.
2002/04/02 - Security researcher uncovers two Office XP flaws - ITworld
Two new security flaws in Microsoft Corp.'s Office XP productivity suite could be combined to allow attackers to take over a system, according to independent security researcher Georgi Guninski. Guninski sent an advisory about the issues to security e-mail lists and posted it on his Web site Monday.
2002/04/02 - Windows Messenger 'Trojan update' - TheRegister
This is too cute. You can wipe Windows Messenger from XP with a simple hack, and yet MS will defy you with a 'Critical Update'. That's how desperate they are to force this little Trojan on you. Following a tip from a Messenger-averse reader whose uninstall got thwarted, I looked into it, starting with a clean install of Win-XP. Messenger was, of course, lurking in the background and consuming RAM though I have no use for it. And of course MS doesn't allow you to uninstall it.
2002/04/02 - MyLife variant viruses spawned over Easter - ZDnet
Four mutations of the destructive MyLife virus were released over the weekend, according to anti-virus companies. Of the four, only one appears to be spreading widely. Email outsourcing company MessageLabs said it had stopped over 140 copies of MyLife.f on Tuesday morning -- about half of these appeared to originate from Australia, and many of the rest were from the UK. A small number were from Hong Kong, the company said.
2002/04/02 - Virus top 10: Party over for MyParty? - Silicon
The Klez worm knocked MyParty off the top spot in the last month's virus chart. Figures for March from anti-virus software company Sophos revealed Klez, an old worm making a comeback, had managed to infect many computers because it was timed to deliver its payload after the machine had been infected. (관련기사 : TheRegister: Undead virus infects the dim-witted)
2002/04/01 - Analysis: The wireless LAN security quagmire - NetworkWorld
The more you explore the subject of wireless LAN security, the more complex it seems to get. The reason? When security holes were discovered last year in the Wired Equivalent Privacy (WEP) encryption portion of the IEEE 802.11 standard, a slew of hungry industry players were off in a frenzied race to solve the problem. And, since standards were scarce, these players wound up implementing a hodgepodge of security algorithms.
2002/04/01 - Your biggest threat - ZDnet
Not what you want to hear after laying out six figures to arm yourself with firewalls, antivirus software, and intrusion-detection applications, is it? Nevertheless, forewarned is forearmed, and there is something you can do about this threat.
2002/04/01 - Malware's Destructive Appetite Grows - ComputerWorld
An evil array of computer viruses, worms and Trojan horses will in coming years propagate to your cell phone, invade your personal digital assistant (PDA), open back doors into your PC and more, experts are forecasting.
2002/04/01 - Whatever Happened to Carnivore? - Newsfactor
Its name may have changed from Carnivore to DCS-1000, but the controversial cybersnooping software used by the Federal Bureau of Investigation is still on the hunt for information, and likely is scouring vast amounts of Internet communication.
2002/04/01 - Experts Warn of a New Wave of Viruses - PCworld
An evil array of computer viruses, worms, and Trojan horses will in coming years propagate to your cell phone, invade your personal digital assistant, open back doors into your PC, and more, experts are forecasting. Predicting what form rogue software will take is difficult, they say, but current trends offer clues.
2002/04/01 - Managing passwords and PINs is the key to confidentiality - TechRepublic
Long before the widespread proliferation of computers, businesses risked fraud and error in almost every transaction?bad checks, expired credit cards, forgeries, impostors, and corporate espionage. In electronic transactions, however, the risk is greater. Anyone who has shopped via the Internet knows that business transactions frequently take place remotely between people who don’t know each other.
2002/04/01 - Hybrid firewalls can dig up worms - NetworkWorld
Recent attacks, such as the Nimda and Code Red worms, have made it look as if firewalls don't offer enough protection. In fact, these attacks simply highlight the differences between garden-variety firewalls and more sophisticated ones. Serving as a high-speed inspector, a firewall accepts or rejects traffic based on predefined rules. A more detailed inspection provides a higher level of security.
2002/04/01 - Gigabit Ethernet prices in free fall - NetworkWorld
An abundance of inexpensive Gigabit Ethernet switches and network interface cards is changing the way networks of all sizes are connecting servers and end users. Copper-based Gigabit Ethernet began shipping en masse last year. Since then prices have dropped steadily as vendors - even market newbies such as Dell - have raced to put 1000Base-T products in their portfolio.
2002/04/01 - Help To Combat The Next Big Blended Threat - Informationweek
No one knows when it will happen, but most security experts expect that the day is coming--and soon--when a sophisticated "blended threat" attack will again wreak havoc on businesses' networks. Last year, Nimda and Code Red were the first to combine virus and worm propagation techniques with automated hacking capabilities in separate deadly programs, causing billions of dollars in damage to companies.
2002/04/01 - As Network Security Concerns Heighten, Companies Rely Most on VPNs and Firewalls - InStat
Network security has become increasingly important as companies and organizations store and transfer ever-growing amounts of critical data over local and wide area networks. After surveying those with decision-making and/or purchasing authority for networking equipment and services, In-Stat/MDR has found that, as they face growing network security challenges, companies and organizations of all sizes, are turning to Firewall technologies as the preferred method of protection, with larger companies favoring hardware based-solutions and smaller companies using those that are software-based. (관련기사 : Commweb: Firewalls The Popular Choice For Enterprise Security, WashTech: Hackers, Viruses Fuel Security Market, Not 9-11, TheWHIR: Companies Rely on VPNs, Firewalls, Says In-Stat/MDR)

Industry News

2002 April

2002/04/30 - 802.1X Clients and Servers Released - 802.11-Planet
Two product announcements have put 802.1X security in reach of any enterprise wireless LAN. Meetinghouse Data Communications of Portsmouth, NH, is actively beta testing AEGIS Server and AEGIS Client, with the full product to ship on May 30, 2002. Funk Software of Cambridge, MA, has meanwhile announced the release of Odyssey, its own 802.1X security client/server solution for Wireless LANs.
2002/04/29 - Ascom’s Embedded Encryption Now Out In The Open - HelpNet-security
WAKAN, the first cryptographic toolkit for embedded systems to bring end-to-end data communication security to small networked devices is being launched by Ascom. Scalable and adaptable, WAKAN is readily installed into existing environments to provide security "out in the open".
2002/04/29 - WatchGuard Announces Gigabit Firebox Vclass Appliances - Earthweb
WatchGuard Technologies has announced its Vclass line of firewall appliances: a series of devices aimed at the gigabit market that support up to 20,000 IPSEC VPN tunnels and 75-600 Megabit firewall throughput.
2002/04/29 - WLANs to Get More Secure - eWeek
ReefEdge Inc. is readying a wireless solution for carriers that want to offer WLAN services and IT managers who want assurances data is secure. The Fort Lee, N.J., company this week will introduce ReefEdge SPS (Service Provider Solution), a combination of servers and controllers that supports wireless LANs and WANs and links them to enterprise security and management systems.
2002/04/29 - Lucent's Video Over DSL Solution - ISP-Planet
Lucent Technologies announced a new high-performance solution for delivering Internet Protocol (IP) video over digital subscriber line (DSL), which may let service providers offer new revenue-generating services to their customers.
2002/04/29 - SOHOware Just Misses the Mark With Broadband Commercial Gateway - Networkcomputing
Coming from a company called SOHOware, you'd think the Broadband Commercial Gateway would be the perfect wireless gateway for the small office/home office. Unfortunately, that is not the case -- the product has potential but currently falls short of perfection.
2002/04/29 - Jetstream failure casts doubt on VoDSL - NetworkWorld
The recent demise of voice-over-DSL equipment provider Jetstream Communications raises questions about the future of voice-over-DSL technology. Jetstream was the leading voice-over-DSL gateway manufacturer, accounting for almost one-third of voice-over-DSL gateway revenue in the first half of 2001.
2002/04/29 - RSA Frees SAML-related Patents - InternetNews
RSA Security (NASDAQ:RSAS), in an effort to clear the way for the widespread adoption of the Security Assertion Markup Language (SAML) specification, announced Monday that it will grant non-exclusive royalty-free license use of two of its patents to companies deploying applications using SAML.
2002/04/29 - Quantum bulks up with NAS appliance - NetworkWorld
Quantum beefed up its networked storage product line Monday with the announcement of a Linux-based appliance targeted at small and medium-size businesses. A few customers will get early access next month to the Guardian 14000 appliance, designed to provide a relatively low-cost product that fits into a NAS (network-attached storage) architecture.
2002/04/26 - Omnicluster's Check Point Partnership - ISP-Planet
Server blade vendor OmniCluster Technologies is expanding its plug-and-play server blade offerings and launching into the blade appliance space. The first of its new offerings is a security appliance that integrates Check Point's VPN-1/FireWall-1 technology (popular with Managed Security Service Providers) with OmniCluster's SlotShield appliance blade technology.
2002/04/25 - ISS launches new RealSecure versions - IDG
INTERNET Security Systems (ISS) unveiled two new versions of its RealSecure security product at the Infosecurity Europe 2002 show in London this week. The Atlanta-based company launched Version 7 of its RealSecure Network Sensor product for enterprise customers, and a new product called RealSecure Server Sensor for Microsoft's Internet Security and Acceleration (ISA) Server 2000, aimed at small- to medium-sized businesses.
2002/04/25 - User Plans To Secure Developer Web Sites With Single Sign-On - Internetweek
CommWorks, a 3Com company, plans to deploy single sign-on technology to secure access to Web sites used by its 500 software-development professionals to manage their projects, company officials said Thursday.
2002/04/25 - NextPage taking P2P content sharing offline - NetworkWorld
NextPage, which develops peer-to-peer content sharing software, this week released a module that allows for offline access to content stored on corporate networks. The company's new NextPage Solo module for its Nxt3 platform allows users to download files from a Nxt3 content-sharing network and store them on their laptops or burn them onto a CD-ROM. Previously, users had to be connected to a network to gain access to any information on Nxt3.
2002/04/24 - Check Point boosts firewall/VPN performance - NetworkWorld
Check Point Software Technologies boosted the top speed of its firewall and VPN software Wednesday with the announcement of its new Performance Pack. The announcement was made in conjunction with the Check Point Experience user conference being held this week in Anaheim, Calif. (관련기사 : Internetweek: Check Point Boosts Firewall Performance)
2002/04/24 - NetScreen puts heat on software firewall vendors - Theregister
NetScreen has boosted the speed and added a new customised ASIC to its line of hardware firewall and VPN appliances. The NetScreen-5000 Series, based on its GigaScreen-II ASIC, boasts firewall speeds of up to 12 Gigabits per second and virtual private network (VPN) speeds of up to 6 Gbps. The NetScreen-5000 Series comprises the NetScreen-5200, which was introduced in Europe at the InfoSecurity show yesterday, and the NetScreen-5400 (which trebles the performance of the 5200), which will be available in Q3.
2002/04/23 - Symantec to unveil new VelociRaptor firewalls - ITworld
Symantec Corp. will unveil three new models of its VelociRaptor firewall appliance line in early May, adding better performance and scalability, expanded protocol proxies and more to the devices. The firewalls will sport new support for redundant configurations to ensure high availability and load balancing, along with better performance and scalability, said Barry Cioe, senior director of product management at Cupertino, California, Symantec. (관련기사 : TheRegister: Symantec preps Linux firewall for IBM iSeries)
2002/04/23 - RSA adds SchlumbergerSema smart cards to SecurID - ITworld
Some smart card users will now be able to use a single card to gain access to buildings and work areas, as well as log on to PCs and applications, thanks to the integration of RSA Security Inc.'s SecurID product with SchlumbergerSema's line of smart cards, which was announced Tuesday.
2002/04/23 - Keep your files safe with these encryption tools - ZDnet
Worried someone might read your confidential files? Your data is vulnerable. It could be viewed by a hacker, or even a coworker who sits down at your PC when you're away. So what can you do? Use encryption software and digital file shredders. I've found three great programs at ZDNet Downloads that make sure no one can snoop on your private files.
2002/04/23 - IBM outlines enterprise storage roadmap - NetworkWorld
With emphasis on storage management software, Linux-based storage virtualization, and the open storage architectures proposed by the SNIA (Storage Networking Industry Association), IBM Tuesday outlined its enterprise storage roadmap.
2002/04/23 - Juniper unveils Gibson router - NetworkWorld
Juniper Monday unveiled its long anticipated next generation core router, a 640G bit/sec device that, for now, raises the bar in terms of 10G bit/sec density and is intended to scale to multiterabit throughput levels.
2002/04/22 - Sigaba secures transactions - NetworkWorld
Sigaba Software next week will introduce the next version of its secure software for electronic document delivery with an eye on helping IT executives comply with government regulations for secure communications, especially in the financial services and healthcare arena.
2002/04/22 - NetSilica debuts secure remote file access product - NetworkWorld
Chris Hastings had a problem. The manager of network security at Nashville's Vanderbilt University Medical Center had installed a VPN on the hospital's 13,000 node network - two Cisco 3030 concentrators - that about 400 doctors, nurses and IT professionals used to remotely access and manage production medical systems such as patient records databases.
2002/04/22 - Check Point comes to flexible network platform - NetworkWorld
Network security from Check Point Software Technologies later this year will become available on a fast, low-cost hardware platform from Bivio Networks, Bivio announced Monday. With the Bivio 1000-CP, enterprises and service providers will be able to deploy Check Point's FireWall-1 software with a device that has a list price of $35,000.
2002/04/22 - Nokia, IBM set sights on public wireless LAN market - NetworkWorld
IBM and Nokia, the world's largest mobile-phone maker, have agreed to jointly pursue the public wireless LAN market with the hope that in combining their strengths, they can add extra momentum to the spread of WLAN networks, the companies announced Monday.
2002/04/22 - Infinity Technology Services Releases High Speed IDS - Earthweb
Infinity Technology Services has announced shipment of the INDESYS Network Intrusion Detection System. The company says the product is capable of full duplex capture at 100Mbps. Components of the INDESYS package include:
2002/04/22 - Cisco to Release WLAN Products - eWeek
Cisco Systems Inc. last week announced WLAN offerings designed for IT managers who eventually want to deploy faster wireless products but still support existing ones. The Cisco Aironet 1200 Series Access Point supports the simultaneous operation of 802.11b and 802.11a wireless LAN radios. 802.11b, also known as Wi-Fi, is the prevalent WLAN standard today, offering data transmission rates of up to 11M bps. (Laptop computers that support WLAN generally support 802.11b.)
2002/04/22 - Avici takes peering, DoS defense to the edge - NetworkWorld
In an effort to broaden the application and revenue opportunities of its Internet core routers, Avici Systems last week unveiled software designed for aggregating lower-speed links and peering between service providers' networks.
2002/04/21 - A Personal Firewall to Foil Intrusions - Washingtonpost
You might think that only corporate servers loaded with credit card numbers are at risk from break-in attempts over the Internet, but these days any Internet-enabled PC can be a target of automated breaking-and-entering scripts.
2002/04/19 - Nokia Releases Entry-Level Intrusion Detection System Appliance - Earthweb
Nokia has released an addition to its RealSecure intrusion detection system (IDS) line: the IP120, an entry-level device aimed at small, medium, and enterprise branch offices. The IP120 is built around software from Internet Security Systems and custom hardware from Nokia.
2002/04/19 - WLAN security tools on the horizon - InfoWorld
EMBARKING UPON TWO different approaches to proactively secure the number of mushrooming WLANs (wireless local area networks) cropping up, Funk Software and Network Instruments have new security solutions on tap for release next Monday.
2002/04/18 - Microsoft hardware smiles with Bluetooth - ZDnet
Microsoft also will push Bluetooth software, releasing a development kit in May to help programmers support the technology and posting a download that will give Windows XP built-in Bluetooth abilities this fall.
2002/04/18 - Switch Virtualizes IP, Security Services For Scalability - InternetWeek
Startup Inkra Networks on Monday will unveil a switch that "virtualizes" IP services including firewall, VPN, SSL acceleration, and other security applications. The company and some beta customers say its virtualization technology reduces the cost and complexity of delivering security and other services in service provider networks and large-scale corporate data centers.
2002/04/17 - CipherTrust Brings VPN Concept To Email - Esecurityplanet
CipherTrust this week announced two additions to its IronMail email security appliance, one that enables companies to create virtual private networks (VPNs) especially for email and another that extends IronMail support to popular Web-based email systems.
2002/04/17 - Test time for Microsoft's wireless .Net - ITworld
Microsoft Corp. on Wednesday is expected to release the first public beta version of a software product that will help extend its .Net initiative to mobile devices and to elaborate on its strategy for bringing .Net services and applications to wireless users, a company official said.
2002/04/16 - Symantec Announces Integrated Firewall/Antivirus/VPN Appliance - Earthweb
Symantec has announced the release of the Symantec Gateway Security Appliance, an integrated firewall, content filter, VPN, and intrusion detection device aimed at small and medium businesses as well as branch offices of larger organizations. The device is administered from a GUI interface that permits control of local and remote appliances. (관련기사 : TheRegister: Symantec touts security in a box)
2002/04/16 - McAfee Launches SecurityCenter - InternetNews
McAfee.com (NASDAQ:MCAF) is getting a leg up on its competition, announcing Tuesday its strategy to bring security to distributed computing and Web services networks. In what is becoming an industry standard, McAfee.com is launching a free download to introduce new users to the new strategy before charging for the service: SecurityCenter, a Web-based application that scans and rates a PCs security (on a scale of 1 to 10). (관련기사 : NetworkWorld: McAfee.com unveils networkwide security 'grid')
2002/04/16 - Smartcards with huge memories - PCadvisor
Gemplus's new Sumo (Secure hUge Memory On-card) technology will put a new generation of applications to run on smartcards, according to Gilles Michel, Gemplus' president of financial and security services. Sumo packs seven 32MB Flash memories driven by a Risc (reduced instruction set computing) processor, for a total of 224MB bytes of on-chip storage.
2002/04/16 - Compaq rolls out networked storage gear - NetworkWorld
Compaq brought out two new storage systems Tuesday designed to bolster the lower end of its line of network-attached storage (NAS) products. Both the StorageWorks NAS B3000 and the StorageWorks NAS S1000 are available immediately for users looking to build out their networked storage resources.
2002/04/15- NetScreen 5000 series boosts speed, adds chip - ITworld
Raising the high end of its product line and boosting the performance threshold of its devices, firewall and virtual private network (VPN) vendor NetScreen Inc. announced the release of two new appliances, the NetScreen 5200 and NetScreen 5400. (관련기사 : NetworkWorld: NetScreen bolsters security wares, Lightreading: NetScreen Goes Carrier-Grade)
2002/04/15- MS to intro Windows-only 'Soft Wi-Fi' 802.11x system - TheRegister
At this week's Windows Hardware Engineering Conference (WinHEC) in Seattle Microsoft will take the wraps off its big push into home wireless networking and open up on the Microsoft Connected Home Architecture. As a part of this, Microsoft will be introducing what is essentially a proprietary, Windows-only version of 802.11, "Soft Wi-Fi," which looks pretty much like a re-run of the Winmodem scenario. (관련기사 : ZDnet: Microsoft prepares to unveil Wi-Fi 'lite')
2002/04/15- ActiveLane builds on Microsoft VPN technology - NetworkWorld
If you have thought of using the remote-access VPN capabilities imbedded in Windows 2000 Server but backed off because they were too complex, ActiveLane's new offering might be for you. This week, the start-up will introduce a hardware and software package called V3000 VPN Server Appliance designed to streamline the process of setting up Windows-based VPNs.
2002/04/15- IBM announces Secure Web Services Technology - TheRegister
IBM Corp is delivering new security features and functions in its Web services toolkit - (WSTK) 3.1 - to help e-business application developers build secure Web services. The recently introduced WSTK 3.1 consolidates Web services-related technologies from various IBM development and research labs, and provides an implementation based on non-proprietary interfaces that supports a variety of platforms.
2002/04/12- Check Point Introduces VPN-1 Net, VPN-1 Pro - TheWHIR
Check Point Software Technologies (checkpoint.com), a leader in securing the Internet, Introduced on Monday two additions to its VPN-1/FireWall-1 family of network security solutions, VPN-1 Net and VPN-1 Pro. A dedicated virtual private network solution, says Check Point, VPN-1 Net addresses the connectivity concerns of networking or telecommunications managers looking for a simple, cost-effective way to multiple offices and remote workers.
2002/04/11- Arbor Adds Support for Cisco Firewall to DoS Appliance - Esecurityplanet
Arbor Networks has announced a new version of its Peakflow DoS (Denial of Service) appliance that adds support for Cisco firewalls, the netForensics security console and new traffic management capabilities.
2002/04/11 - Inktomi aims to block Web-based viruses - ZDnet
Web-software company Inktomi announced on Tuesday that it has signed a deal with Symantec to include the security company's antivirus technology in Inktomi's caching software. The company hopes the deal will block a relatively new path that viruses have into corporate networks: Web pages.
2002/04/11 - Red Hat Unveils CVE Security Compatibility - Linuxtoday
Red Hat, Inc. (Nasdaq:RHAT) today announced that security alerts and advisories, including updates issued through the Red Hat Network, will now use Common Vulnerabilities and Exposures (CVE) standard names. The CVE project, maintained by the MITRE Corporation, is a list of standardized names for vulnerabilities and security exposures. The common list makes it easier to share data across a broad group of technologies, and can improve the accuracy of alerts and updates that correct potential security issues.
2002/04/10 - McAfee OKs Network Associates' New Offer - SecurityFocus
Web security firm Network Associates [NYSE:NET] said today that McAfee.com [NASDAQ:MCAF] has approved a new buyout bid that is 15 percent greater than its previous offer. Under terms of the new bid, McAfee stockholders are offered 0.78 of a Network Associates share for each of their shares, compared to the 0.675 exchange ratio in a March 16 bid. The new offer represents a 15.6 percent increase over the initial bid's exchange ratio.
2002/04/09 - SonicWall boosts VPN, management features - NetworkWorld
Firewall and VPN appliance maker SonicWall Tuesday announced an upgrade to the firmware powering all of its products, which will bring users new VPN and bandwidth management features. The new firmware, version 6.3, will upgrade all current SonicWall devices and is available immediately, said Erik Hutsler, senior product manager at SonicWall, based in Sunnyvale, Calif. The firmware update is free and available for download from SonicWall, Hutsler said.
2002/04/08 - Security concerns inspire simplicity - InfoWorld
RIDING UNIQUELY different approaches to secure Web and server applications, security vendors are simplifying their products as they march toward a Web services protection showdown. This week, Okena will announce that it is going to release the beta of the Sun Solaris agent of its StormWatch product. This will allow customers to extend application intrusion prevention to Microsoft Windows desktops, Solaris servers, and Windows servers from a central management console, said Ted Doty, director of product management at Waltham, Mass.-based Okena.
2002/04/08 - McAfee updates antivirus for Microsoft Exchange - NetworkWorld
McAfee Security, a division of Network Associates, introduced Monday a new version of its GroupShield antivirus software for Microsoft's Exchange 5.5, giving administrators the option to scan e-mail via multiple methods and extending content filtering to attachments and file names.
2002/04/08 - Speedera expands security - NetworkWorld
Content delivery service provider Speedera Networks is pumping up its security capabilities, giving customers the means to secure downloads and protect Web sites. The services come in response to growing customer demand to help steel Web sites against threats such as denial-of-service (DoS) attacks and content theft. With the new offerings announced this week, Speedera will have security packages specifically designed for streaming media, Web site delivery and digital downloads, says Gordon Smith, a Speedera vice president.
2002/04/08 - Funk allows Pocket PC users to link to IPSec VPNs - NetworkWorld
Funk Monday announced the immediate availability of the beta version of its AdmitOne VPN client with the final release scheduled to go on sale in May. The client will allow Pocket PC users to connect to any VPN that complies with the IP Security standard including those from Check Point, Cisco, Nortel and Alcatel, said, said Jeff Kleiman, director of engineering at Funk.
2002/04/08 - New IBM software secures, delivers digital content - NetworkWorld
Predicting that many companies will soon be clamoring to protect their digital content, IBM Monday formally unveiled its Electronic Media Management software Version 2, which allows companies to secure and distribute a variety of digital media content. The new software expands on the capabilities of the previous version, which IBM offered as a stand-alone product aimed at helping the music industry protect audio files. (관련기사 : Newsfactor: IBM To Unveil Antipiracy Software)
2002/04/08 - VPN: Hold the firewall - NetworkWorld
Check Point Software will introduce this week a stripped-down version of its popular virtual private network software in an effort to get users to make the leap to VPNs even if they have firewalls from other vendors. According to Check Point, users are reluctant to try VPNs because the gear often comes bundled with firewalls, and customers don't want to pay for something they already have. (관련기사 : Cnet: Check Point updates VPN software, TheRegister: Check Point brings out budget VPN)
2002/04/05 - NetScreen Products Named Award Finalists - TheWHIR
NetScreen Technologies Inc. (netscreen.com), a developer of Internet security systems, announced this week that two of its flagship products, the NetScreen-1000 Multi-Gigabit Security System and NetScreen-Global PRO policy-based security management platform, have been selected by Network Computing (networkcomputing.com) as finalists in the publication's Well Connected Awards.
2002/04/05 - WatchGuard Completes RapidStream Acquisition - TheWHIR
WatchGuard Technologies Inc. (watchguard.com), a leading provider of Internet security solutions, announced this week that it has completed its acquisition of RapidStream Inc. (rapidstream.com), a privately held provider of firewall and VPN appliances.
2002/04/05 - Symantec's Five-in-One Security Gateway - Networkmagazine
Security vendor Symantec (www.symantec.com) has launched a gateway product that combines firewall, intrusion detection, anti-virus, content filtering, and site-to-site VPN functions in a single appliance. Targeted at small and medium-sized enterprises and branch offices, the product provides layered security, simplified management, and potential cost savings.
2002/04/05 - Multi-Tech SOHO RouteFinder VPN Internet Security Appliance - PracticallyNetwork
Let's say you are an information technology manager for a small NY company looking to setup a branch office in NJ with 10 people onsite, four of which will be telecommuting on a bi-weekly basis. Both the branch office and the telecommuters need to have access to the NY servers. The data stored on these servers is sensitive and must be kept secure. However, upper management doesn't have much capital available to fund this project (big surprise). Your job is to accomplish all of the desired objectives and do it on a shoe string budget.
2002/04/04 - Cisco security not up to the job - Check Point - Silicon
Check Point has slammed its rival vendor Cisco claiming the company does not understand security and keeps on failing its customers with faulty products. Cisco, the world's largest firewall maker, was accused of being ignorant of security technologies by Check Point who said it should stick to networking products and leave the security to the experts.
2002/04/04 - Sophos Reduces Virus Threat With New Gateway Protection - HelpNet-Security
Sophos, a world leader in corporate anti-virus protection, today announced new threat reduction features in its latest product which can help prevent companies from being infected from previously unseen viruses and email-aware worms. As well as protecting customers from more than 73,000 known viruses at the email gateway, MailMonitor for SMTP v1.1 also enables corporate customers to automatically activate additional safe computing precautions.
2002/04/04 - Microsoft Will Produce Line of Security Products - WinInfo
Microsoft has established a new Security Business Unit (SBU) under the direction of Vice President Mike Nash. The new SBU will develop a line of security products and solutions for desktops, servers, and networks. The SBU will first determine what types of products and services customers need and then be responsible for delivering those solutions.
2002/04/03 - Radware Teams on Secure VPNs - eWeek
Radware Ltd., Pyramid Computer Systeme and CheckPoint Software Technologies Ltd. announced on Tuesday a new joint solution providing high-availability, secure, Gigabit VPNs. The new offering will combine Radware's FireProof Security Application Switch, originally released in February, with Pyramid Computer's "Charlie" brand Linux enterprise servers. These servers include Check Point's VPN-1/FireWall-1. (관련기사 : TheWHIR: Radware, Pyramid, Check Point Deliver VPN Solution)
2002/04/03 - IBM partners to encrypt Microdrives - Infoworld
A NEW ENCRYPTION software allows users of IBM's Microdrive hard drives to use the same drive in different mobile devices without having to reconfigure its security settings. Trust Digital, in Farifax, Va., announced that its PDASecure software is now available for the Microdrive, a one-inch wide hard drive that offers up to 1GB of storage for mobile devices, the company said in a statement.
2002/04/03 - Avanade Introduces Site-to-Site VPN Solution - TheWHIR
Avanade Inc. (avanade.com), a technology integrator for Microsoft solutions, announced on Tuesday that it has made available its site-to-site virtual private network solution. According to Avanade, its VPN solution can help enterprises cut networking costs dramatically by integrating security applications with other platform components, creating an integrated, multi-layer security perimeter.
2002/04/03 - Unisphere Delivers Carrier-Grade VPN Services - TheWHIR
Unisphere Networks Inc. (unispherenerworks.com), a provider of carrier-class IP infrastructure products, introduced on Tuesday a new suite of IP Services designed to provide carrier-grade migration, performance and scale for network-based virtual private networks.
2002/04/02 - NetScreen 208 - InformationSecurity
Like new cars, new firewalls have become something of a commodity. Most basic features are now standard across both software- and hardware-based products. In this environment, it takes something new and unusual for a firewall to stand out. Automakers have done this by building brand; NetScreen has done it by designing its product line to be as functional and reliable as, say, an Accord.
2002/04/02 - Unisphere injects VPN smarts into edge router - NetworkWorld
Carriers and other service providers will be able to set up several different kinds of VPNs using an enhanced VPN platform that Unisphere Networks will introduce on Tuesday, company officials said. A new hardware module and additional software features for Unisphere's ERX edge router will support several types of VPNs, all at the maximum speed of a customer's network connection, said Karen Livoli, manager of product marketing for IP routing at Unisphere, in Westford, Mass. That gives carriers the headroom to offer more VPNs to more customers in the future, she said.
2002/04/02 - Secure VPN for Small Businesses - eWeek
Zone Labs, the maker of the popular ZoneAlarm personal firewall product, and Imperito Networks, the VPN solutions company, have entered into a joint development initiative to integrate their products for sale to small and mid-size businesses. NetworkWorld: Creating a safety zone for home nets)
2002/04/02 - McAfee punts proactive virus protection - TheRegister
McAfee, the AV division of Network Associates, has released a virus vulnerability assessment tool designed to help firms spot weaknesses in anti-virus defences. McAfee's ThreatScan software works in conjunction with McAfee's anti-virus management console, ePolicy Orchestrator, to scour the enterprise network for devices which may be vulnerable to virus infection.
2002/04/01 - BizGuardian Offers Free VPN/Firewall Software Trial - TheWHIR
Firewall Security Solutions, Inc (bizguardian.com), maker of the BizGuardian security software solution, announced last week that it is offering free a free 10-day trial of BizGuardian Version 3.2. The program's integrated VPN Firewall, designed for small- to medium-sized businesses, can be quickly and easily installed by distributors, resellers and IT personnel. The trial version of the software can be downloaded from the company's site, and installed in minutes. After the trial period, the product can be purchased online.
2002/04/01 - PolyCom releases IP phone for Cisco's business VoIP system - NetworkWorld
PolyCom last week announced an IP phone that is compatible with Cisco's CallManager software - the first third-party enterprise IP handset to be certified on Cisco's IP PBX system. The PolyCom SoundPoint 500CS handset gives Cisco IP telephony users another option for purchasing IP phones, as CallManager systems only worked previously with Cisco IP phones.
2002/04/01 - With Flatrock Instant Extranet, Building a VPN Is as Easy as Skipping Stones - NetworkComputing
Growing up in Connecticut, I saw a lot of practical uses for flat rocks. A landscape dotted with stone walls, stone houses, stone wells, stone bridges and stone pathways speaks of Yankee ingenuity. Exhibiting similar creativity, Flatrock's Instant Extranet is an easy-to-use, centrally managed VPN solution.
2002/04/01 - Weapons emerge to fend off DDoS attacks - NetworkWorld
Mazu Networks, which makes equipment to stop distributed denial-of-service attacks, last week said it has added a way to determine what legitimate traffic is being filtered out in the process. Typically, the legitimate traffic filtered out by Mazu's distributed DoS Enforcer boxes during a massive attack wouldn't be more than 5% of the overall incoming traffic, but customers have sought more detailed information on any legitimate traffic that gets set aside.
2002/04/01 - Nauticus to Combine Load Balancing, SSL - eWeek
A networking startup wants to make deploying Internet applications easier by combining load balancing and SSL in a single switch. Nauticus Networks Inc. this week will announce its plan to develop a series of application switches that combine load balancing and Secure Sockets Layer technologies in hardware and later add such other network services as caching. The first switch, a two-rack unit called the 2000 series, should be in beta testing this summer.