Stories by Ann Harrison

Companies Applaud Encryption Export

White House Chief of Staff John Podesta announced this week that the Clinton administration is lifting restrictions on exports of software with strong encryption to certain countries. Current regulations require a U.S. company wishing to export such software to obtain a license and to allow a technical review of the software.

Critics Bash US Plan for Surveillance Standards

Privacy advocates yesterday said they are deeply disappointed with a White House proposal intended to strengthen legal requirements for Internet surveillance by law enforcement agencies.

EarthLink: FBI Won't Monitor Our Network

EarthLink Inc., an Atlanta-based Internet service provider, says it has reached an agreement with the U.S. Federal Bureau of Investigation in which the agency has agreed not to install its Carnivore Internet surveillance system on EarthLink's network.

Interview: Security a 'horrible, complex problem'

Gregory Schaffer is a director in the digital risk management and forensics investigations practice at PricewaterhouseCoopers. He spoke with Computerworld reporter Ann Harrison about information technology security issues.
Q: Why do so many businesses have weak IT security?
A: This is a horrible, complex problem that is not easily solved by simply implementing some off-the-shelf system.

Companies Point Fingers over Nike Web Hijacking

The hijacking of Nike Inc.'s Web site earlier this month has sparked an international argument over whether the footwear company or Internet domain-name registrar Network Solutions Inc. (NSI) should bear responsibility for the temporary theft of www.nike.com.

AOL Investigates Theft of Account Data

Customer service representatives at the world's largest consumer online service apparently failed to heed a computer security warning impressed upon the public in recent months: Don't open suspicious e-mail attachments.

Popular firewall vulnerable to DoS attacks

A security researcher has discovered a flaw in a popular firewall that he says makes the tool vulnerable to denial-of-service attacks. The FireWall-1 product, developed by Checkpoint Software Technologies, can apparently be disabled by bombarding the tool with incomplete fragments of data packets.

Denial-of-Service Victims Share Lessons Learned

When online news service ZDNet was hit with a ferocious denial-of-service attack in February, its server was overwhelmed with 50 percent to 100 percent more data traffic than its peak load, rendering three-quarters of the site inaccessible for almost three hours. Site managers discovered there was little they could do to halt the first of two attacks that consumed all their available bandwidth.

Microsoft Says Web Site Violates Copyright

The Kerberos security protocol, which has been adopted by the Internet Engineering Task Force as an open standard, is the subject of an ongoing dispute between Microsoft Corp. and the Slashdot.org Web site, which hosts discussions about open-source software.

Microsoft, Slashdot at Odds Over Kerberos

The Kerberos security protocol, which has been adopted by the Internet Engineering Task Force as an open standard, is the subject of an ongoing dispute between Microsoft Corp. and the Slashdot.org Web site, which hosts discussions about open-source software.

Xerox Unit Farms Out Security in $20M Deal

Xerox Europe, the European arm of Stamford, Connecticut-based Xerox Corp., has signed a five-year, US$20 million managed security services contract with Axent Technologies Inc. to secure Xerox's mobile workforce and its digital business initiatives.

Xerox Europe Outsources Security Services

Xerox Europe, the European arm of Stamford, Connecticut-based Xerox Corp., has signed a five-year, $20 million managed security services contract with Axent Technologies Inc. to secure its mobile workforce and digital business initiatives.

Flaw Found in PGP 5.0

A security flaw has been discovered in the process by which an older version of Pretty Good Privacy (PGP) reads random numbers, making the cryptographic keys produced by this release of the popular encryption program potentially insecure.