• United States

Phishing sites stay up long enough to do some damage

Aug 18, 20049 mins

Latest security news.

Weblog: Phishing sites stay up long enough to do some damage, 08/17/04

An AntiPhishing Working Group report shows that the average phishing site stays up for 54 hours before somebody shuts it down.

Microsoft delays auto delivery of XP SP2 to corporate users, 08/16/04

Responding to customer complaints, Microsoft Monday said it would delay the automatic rollout of Windows XP Service Pack 2 to corporate users until the end of the month.

Weblog: Programs that won’t work with Windows XP SP2, 08/17/04

Here’s the official list from Microsoft, which also has some workarounds. Interesting that some of the programs are enterprise-level anti-virus apps (Symantec AntiVirus Corporate Edition 8.0, for example); isn’t SP2 supposed to increase security?

Windows users put on defensive by SP2, 08/16/04

Corporate customers that use Microsoft’s Automatic Updates feature to patch will have to install blockers on their desktops this week to thwart the delivery and installation of Windows XP Service Pack 2.

Hunt for XP SP2 flaws seen in full swing, 08/13/04

While users are testing Service Pack 2 for Windows XP to prevent compatibility problems, hackers are picking apart the security-focused software update looking for vulnerabilities, security experts said.

Audio: Windows XP Service Pack 2, 08/12/04

Windows XP Service Pack 2 is here. The latest upgrade for Microsoft’s flagship desktop operating system comes with a number of security enhancements, to say the least. Joe Wilcox, senior analyst at Jupiter Research and author of the Microsoft Monitor Weblog, joins us to discuss the impact of XP Service Pack 2 on your applications.

Initial Windows XP SP2 fallout limited, 08/12/04

Since Microsoft began the staged rollout of Windows XP Service Pack 2 late last week only minor compatibility issues have come up, but that might be because many users are waiting to install the update.

FDA reads riot act to device makers, 08/16/04

Amid growing concern about security in hospital patient-care systems, the federal agency that regulates medical devices last week announced a get-tough policy to improve equipment safety.

Opinion: A matter of life and death, 08/16/04

We need vendors to step up, the FDA to apply more pressure to get this resolved, and the finger-pointing to be replaced by collaborative effort.

Weblog: Microsoft on the medical equipment patching issue, 08/16/04

Microsoft ultimately decided not to have any spokesman discuss this topic [of patching medical devices] directly with us. But after some internal discussion, Microsoft did compose a written statement.

Alcatel switches gain security support, 08/16/04

Alcatel this week is expected to enter the fray of switch vendors looking to help users block viruses and network attacks.

PivX hardens Windows with Qwik-Fix Pro, 08/16/04

PivX Solutions of Newport Beach, Calif., Monday announced the availability of Qwik-Fix Pro, an intrusion prevention software product for Windows machines that disables or modifies features of Microsoft Windows and the Internet Explorer (IE) Web browser that are frequent targets of malicious computer hackers and virus writers.

Security today means playing ‘defense-in-depth’, 08/16/04

Network managers should reassess their security architectures in the overall context of “information stewardship” – and enabling defense-in-depth is a great first step.

Technical Update: Network modeling detects anomalies, 08/16/04

New relational network-modeling systems detect security threats by recognizing when network traffic patterns vary from the norm.

Vanquish fights the economics of spam, 08/16/04

Vanquish plans to halt unwanted e-mail messages by making spammers pay, but critics of this system say it requires widespread adoption to be effective.

Opinion: Problem with old e-mail server, 08/16/04

We’re having difficulty with an open relay on the e-mail server and mail is being rejected by several recipients to avoid spamming. I’m unable to find a setting on the server that might close the relay.

Opinion: E-mail’s declining value, 08/16/04

Here’s how rotten phishing has gotten for those brand-name companies that are most targeted: Some are promising their customers that they will never, ever ask them a question of any kind in an e-mail, meaning there would never, ever be any reason for the customer to volunteer any personal information in response.

On the lookout for spyware, 08/16/04

Organizations are increasingly eyeing spyware as a threat that needs to be blocked from reaching end users’ desktops.

Symantec releases patching tool, 08/16/04

Security company Symantec Monday plans to announce the release of a patch management product that it says will enable small and midsized businesses to stay on top of software vulnerabilities.

Opinion: USB wireless and security adapters, 08/16/04

As more opportunities come up for mobile workers to access corporate networks without actually having to carry a laptop, so will the opportunities for people to take advantage of that access.

McAfee to buy Foundstone for $86 million, 08/16/04

Anti-virus software company McAfee Monday said it is buying Foundstone, which makes software for detecting and managing software vulnerabilities, for $86 million in cash.

Vendors target remote-access security, 08/16/04

Juniper and WatchGuard are coming out with new gear to provide small businesses and corporate offices with remote-access technology that can be managed from central consoles.

EBay taps WholeSecurity to fend off phishers, 08/16/04

WholeSecurity has struck a deal to help protect eBay’s customers from phishing scams.

New tool identifies ‘phishy’ Web sites, 08/16/04

A new software tool from WholeSecurity can spot fraudulent Web sites used in online cons known as “phishing” scams, according to a statement from the company.

McAfee upgrades security management software, 08/16/04

McAfee next week plans to ship an updated version of its anti-virus management product, ePolicy Orchestrator, that adds capabilities such as intrusion-prevention management and rogue-computer detection.

Check Point primps for small firms, 08/16/04

President Jerry Ungerman talks about SMB needs, the company’s SofaWare and Zone Labs acquisitions, and more.

Olympic-size security demands advance planning, 08/13/04

If there’s one thing the Atos Origin SA team understands as lead contractor for the Olympic IT infrastructure, it’s that you must learn from your mistakes.

Symbian bugged by Mosquito bite, 08/13/04

Users of mobile phones running the Symbian operating system are vulnerable to a Trojan contained in an illegally adapted version of the Mosquitos game, Symbian said Thursday.

Blaster suspect pleads guilty to spreading worm, 08/12/04

A 19-year-old pleaded guilty in a Minnesota federal court on Wednesday to spreading the W32.Blaster-B worm over the Internet.

IronPort, others support Microsoft’s Sender ID, 08/12/04

Products and services from e-mail security company IronPort Systems will support Microsoft’s Sender ID e-mail authentication standard, the company said on Thursday.

Newsletter: Q&A: The virus writers are winning, 08/12/04

Mikko Hyppönen has made a name for himself as a computer security expert in directing anti-virus research at Finland’s F-Secure, a $45 million company that regularly issues alerts warning of network threats. He spoke recently with Network World News Editor Bob Brown and Features Editor Neal Weinberg about the latest viruses and what enterprise network executives are up against.

Newsletter: AEP delivers failover option, 08/12/04

AEP Systems, which started life as the maker of the A-Gate Secure Sockets Layer remote access gear that supports up to 50 users at a time, is issuing its fourth AG model device, which connects up to 1,000 users.

Newsletter: Microsoft offers $1 million for security education, 08/11/04

Three cheers for Microsoft. Last week the Redmond giant told a gathering of about 400 faculty researchers from institutions worldwide that it will make available $1 million to help create courses that promote secure computing.

Check Point blend ensures remote nodes meet security policies, 08/11/04

Check Point Software has integrated its VPN software with tools that check remote computers meet security policies, making it simpler to install endpoint security on computers accessing VPNs.

AOL, Yahoo rolling out sender authentication, 08/11/04

ISPs AOL and Yahoo plan to begin using technology to verify the source of e-mail messages in coming months, as both companies step up efforts to stop spam e-mail, according to information provided by the companies.

Survey: 86% of spam from U.S., 08/11/04

Just under 86% of spam sent to 1,000 enterprises between May and July came from U.S. spammers, according to a survey by e-mail security tools vendor CipherTrust.

Newsletter: Sorting out the 802.11i/RADIUS security confusion, 08/11/04

If you have been reading about potential vulnerabilities in the new 802.11i security standard lately, stop fretting.

Weblog: Raindance enhances security, 08/11/04

Raindance Communication today rolled out a new version of its Raindance Meeting Edition featuring increased security options, new installation methods and enhancements to its presentation system.

Tales from the copy room, 08/11/04

It wasn’t long ago when the biggest security issue in the photocopier industry was how to keep randy employees from scanning body parts. But times have changed.

Newsletter: The hidden cost of VPNs, 08/10/04

Some users are finding that despite the cost savings of VPNs, they aren’t saving money overall when they use them to replace more traditional networks. This is especially true of build-your-own VPNs that businesses monitor, manage and maintain themselves.