Previous
Sans Institute warns of cookie-stealing threat
News A tool to harvest cookies left from secure browser sessions can now be built, following the release of information on the CookieMonster exploit, security training organisation the Sans Institute has warned.
[September 12, 2008, 15:50]
SANS Tool Talk Webcast: Desktop Security - A Multi-Layered Approach to Protecting Your Investment
White Papers This informative Webcast hosted by The SANS Institute explores the threat environment that host systems face and addresses the confusion surrounding desktop technology. SANS Institute's Tool Talks are opportunities for you to hear from Information...
[September 2, 2008, 7:34]
Hackers' favourite security holes revealed
News On Thursday, the System Administration, Networking and Security (SANS) Institute published a list of exploits most often used to gain illegal access to network servers. The SANS Institute started soliciting input from security experts in February...
[June 2, 2000, 8:53]
CIA: Cyberattack caused multi-city blackout
News Security training body the Sans Institute reported the CIA's disclosure on Friday. CIA senior analyst Tom Donahue told a Sans Institute conference in New Orleans on Wednesday that the CIA had evidence of successful cyberattacks against various...
[January 21, 2008, 11:58]
Researchers redefine the internet blacklist
News At next week's 17th Usenix Security Symposium, researchers from the Sans Institute and SRI International will present the results of their experiments with 'highly predictive blacklisting' (HPB), a service that tailors blacklists for particular...
[July 25, 2008, 16:03]
Storm worm resurfaces, tries love angle again
News After a hiatus, the gang behind the Storm worm is attempting to exploit people's curiosity about a fictional love interest to tempt users into downloading the malware, according to security training organisation the Sans Institute.
[June 3, 2008, 11:42]
FBI aims to patch security holes
News The FBI's National Infrastructure Protection Center and the SysAdmin, Audit, Networking and Security (SANS) Institute, a research and education organisation made up of government, corporate and academic experts, will unveil the initiatives on...
[October 1, 2002, 13:23]
Top 25 'most dangerous' coding errors revealed
News Participants from more than 30 organisations worked together to agree on the 25 "most dangerous" errors, the SANS Institute said in a statement on Monday. They included experts from the US National Security Agency, the US Computer Emergency...
[January 13, 2009, 17:05]
PHP exploit code found on image-hosting site
News The exploit code slipped through the site's defences with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institute's Internet Storm Center. Once this type of malicious GIF is uploaded to a server...
[June 21, 2007, 14:10]
US Homeland Security gives cyber-protection advice
News On Wednesday, as part of the initiative, security institute Sans called for IT professionals to send in ideas about how to develop security policies, how to engage management support, and how to raise user awareness within organisations.
[October 1, 2008, 16:39]
US Dept of Defense lists top 20 security controls
News Called Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance, the list was published on Monday by a conglomerate of US government agencies, including the NSA, US-Cert, various US Department of...
[February 23, 2009, 14:20]
BP hits out at security standards
News Open source has a role to play, as well as academia," said Dorey, speaking at the launch of the latest SANS Institute security research on Tuesday. Today, application security is inadequate because it "relies on the good will and good citizenship...
[November 25, 2005, 15:10]
Schneier: Cyber-extortion on the rise
News He wrote the blog post in response to a CIA statement, reported by security training body the Sans Institute, that a cyberattack had caused a power blackout in multiple cities in a country outside the US.
[January 23, 2008, 16:28]
WPA crack details revealed
News Raul Siles, an incident response handler for security training organisation the Sans Institute, wrote that "it is important to highlight that [proof-of-concept] exploit code is available". Mitigation recommendations from the Sans Institute include...
[November 10, 2008, 14:16]
Linux/UNIX threats: SANS top 10
News For the past four years the SANS Institute has partnered with the FBI's National Infrastructure Protection Centre to compile and publish its list of the most commonly exploited IT security vulnerabilities for both Windows and UNIX systems.
[November 22, 2004, 12:10]
Hackers steal one million credit cards
News More than 40 e-banking and e-commerce sites have been targeted and compromised by teams of Russian and Ukrainian hackers, said experts at the FBI's SANS (System Administration, Networking, and Security) Institute on Thursday.
[March 9, 2001, 11:53]
US agencies demand tighter software security
News The government effort could lead to improvements in computer security for all consumers of information technology, said Alan Paller, research director at the Sans (SysAdmin, Audit, Network, Security) Institute.
[September 23, 2003, 11:14]
Linux exploit gets around security barrier
News Security training organisation the Sans Institute called the exploit "fascinating". In a blog post on Friday, Sans Institute incident handler Bojan Zdrnja said that the exploit uses the Linux compiler to overcome the security features.
[July 20, 2009, 15:37]
Apple patch fails to address DNS flaw, say experts
News Security experts from security training organisation the Sans Institute also criticised Apple's DNS patch. Sans Institute incident handler Swa Frantzen wrote on Friday that, following the patch, OS X 10.5.4 was still using incremental ports.
[August 4, 2008, 14:17]
Australian gov't calls on experts over DDoS attack
News The AGD spokesperson did not clarify whether ACMA had chosen to take down its site before the attack, though on Wednesday IT security body the Sans Institute suggested, if possible, switching off a target site before the attack.
[September 10, 2009, 10:18]
