A security flaw in a popular Web portal system could enable attackers to completely compromise a site and is actively being exploited by Web page defacers, security experts warned. The bug in all current versions of PHP-Nuke allows unauthorized users to copy files to and from the server hosting the program, according to an advisory from a hacking group known as TWLC.
An industry and governmental taskforce has been formed to tackle the growing threat of cybercrime, inspired directly by silicon.com's Fighting Fraud campaign.
Set up under the auspices of the DTI-sponsored Digital Content Forum (DCF) by the British Web Design and Marketing Association (BWDMA), the action group will work to encourage innovations in the fight against web fraud.
PricewaterhouseCoopers (PWC) has teamed up with Computer Associates (CA) Thailand and Loxley Information Service (Loxinfo), a Thai Internet service provider, to promote its outsourcing-diverse e-security solution. Their first collaboration in this arena, which is limited only to the Thai market, is aimed at creating an awareness among Thai businesses of the importance of e-security.
Responding to the increased frequency of cyber terrorism, Network Security Systems, Inc. announced today the availability of iNETPATROL™, a web-based solution for determining the vulnerability of computer networks to unauthorized entry. iNETPATROL provides network administrators with a cost-effective, easy to use means for obtaining a "hacker's view" of their networks; a means for identifying, assessing and eliminating found vulnerabilities.
The National Infrastructure Protection Center (NIPC) continues to observe hacking activity targeting the e-commerce or e-finance/banking industry. Over the past several months, hackers have increased their targeting of several third-party service providers that employ weak security practices. This advisory reemphasizes NIPC Advisory 01-003, "E-Commerce Vulnerabilities," dated March 08, 2001, in view of the continuing threat to e-commerce networks.
Security Focus Inc. this week will formally launch a subscription service, called ARIS Predictor, that the company says will alert corporations to pending network and virus attacks before they occur. The service works by automatically collecting and analyzing intrusion and incident data from more than 7,000 computers scattered across 130 countries, according to the San Mateo, Calif., security firm.
Security software maker Symantec announced Monday a new line of drop-in network appliances to protect companies against Internet attackers and to secure communications between offices.
After the first terror attacks of Sept. 11--and shortly before tons of debris buried its offices--the New York Board of Trade, a commodities-futures and options exchange, safely evacuated all 260 of its employees from 4 World Trade Center. Mark Fichtel, the exchange's CEO, says, "We were incredibly lucky." But it wasn't luck that six days later traders were back at work bidding on coffee, cocoa and orange juice futures at a makeshift facility just across the East River in Queens.
September 11, 2001... that date will be engraved upon the memories of most Americans for many years to come. That is the date when Terrorists brought their battle to the U.S. soil. One week later, the Internet came under attack by the Nimda worm. Many claimed this was an act of Information Warfare. This was not the first "attack" on the Internet, and it certainly won't be the last, but was this an act of Info War? I don't believe it was. Let's compare the tragic events from the 11th with the Nimda worm to see if we can draw some conclusions about Information Warfare.
Subterrian.net has a copy of the presentation delivered by Sean Lewis at ToorCon 2001, held last weekend in San Diego, Calif. Lewis discusses BSD essential BSD security issues, working well as a primer for new and experienced users alike. Read all about encrypted communication, filesystem lockdowns, kernel securelevels, services, ftpd, Apache, and security auditing.
