Net Tracers Security News Blog

TIME.com: The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) -- Sep. 05, 2005 -- Page 1

2005-08-28T22:09:00.000-07:00

The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) -- Sep. 05, 2005 -- Page 1:

The most secure networks in the world are easily hacked by foreign states - how are businesses to secure themselves? If security is but an illusion, then American businesses must do better to expand business continuity and disaster recovery planning to deal with the real risk of economic terrorism. -Bryan

US Air Force scrambles after privacy breach | The Register

2005-08-25T11:54:00.000-07:00

"The US Air Force has been forced to notify more than 33,000 airmen that their personal details might have been exposed following the discovery of a computer security breach. The notification comes after Air Force personnel officers discovered suspiciously high activity on one account into a careers database, called AMS (Assignment Management System), dating back to June."

This hack was done using existing and valid login credentials....Shows the need for good multifactor authentication.

-Bryan

Exploit for unpatched IE vuln fuels hacker fears | The Register

2005-08-19T16:46:00.000-07:00

http://www.theregister.co.uk/2005/08/19/0day_ie_exploit_fears/ "Microsoft is investigating an IE security bug amid fears that a hacker attack based on the vulnerability is imminent. A flaw in Microsoft DDS Library Shape Control COM object (msdds.dll) is at the centre of the security flap."

This problem may be partially mitigated by blocking activeX at the perimeter until there is a patch/architecture fix from M$. Now, if the exploit comes in via HTTPS (secure tunnel) forget scanning for it - I know of only one company that makes an HTTPS scanning transparent firewall at this time...not Fortinet, not Cisco, not Checkpoint...

It may be that Finjan would stand a chance at stopping upcoming exploits that are 0-day, beating the AV community to the punch...we'll see.

Still, I recommend stopping ActiveX at the border preemptively.

Apache Security - The Complete Guide to Securing Your Apache Web Server

2005-07-14T00:30:00.000-07:00

Apache Security - The Complete Guide to Securing Your Apache Web Server: "This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more."

This book is a must read for anyone who maintains web security, and not just for Apache/PHP admins. The security topics and concepts are applicable in whatever environment you are maintaining. And go add Ivan Ristic's blog to your RSS feeds to stay up to date
http://www.modsecurity.org/blog/

Stay Secure! -Bryan

Personal Data for 3.9 Million Lost in Transit - New York Times

2005-06-07T12:49:00.000-07:00

Personal Data for 3.9 Million Lost in Transit - New York Times: "CitiFinancial has begun sending letters to all 3.9 million customers advising them of the loss and offering them 90 days of free enrollment in a credit-monitoring service. Other institutions with data-loss problems have also offered free credit-monitoring services, some for as long as a year."

I think that 90 days is a joke and that a couple of years is the least that CitiFinancial should offer, since identity theft is not a temporary condition.

Since it is not mentioned in this article, I am assuming that this data was transported in an un-encrypted form.

-Bryan

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD

2005-04-25T19:37:00.000-07:00

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD: "What is BartPE and PE Builder?

Bart's PE Builder helps you build a 'BartPE' (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.

It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!"

I have been using various methods over the years to recover, debug, crack, and fix Windows systems, and I think that Bart has created a very useful tool that all admins should learn to use before they are under the gun to get a sytem back into operation. Combine this Windows Live-CD with your in-house tools like Ghost, Mcafee/Trend/SymantecAV, Winternals/Sysinternals, etc., and you will be the hero of the day. -Bryan

Carjackers swipe biometric Merc, plus owner's finger | The Register

2005-04-25T18:00:00.000-07:00

Carjackers swipe biometric Merc, plus owner's finger | The Register: "Carjackers swipe biometric Merc, plus owner's finger
By John Lettice
Published Monday 4th April 2005 13:52 GMT

A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system. Accountant K Kumaran, the BBC reports, had at first been forced to start the S-class Merc, but when the carjackers wanted to start it again without having him along, they chopped off the end of his index finger with a machete."

Security designs must always prioritize the security of personnel over the security of objects...-Bryan

SecurityFocus HOME Infocus: WEP: Dead Again, Part 2

2005-03-15T14:40:00.000-08:00

SecurityFocus HOME Infocus: WEP: Dead Again, Part 2: "
WEP: Dead Again, Part 2
by Michael Ossmann
last updated March 8, 2005
Introduction
In part one we examined the latest generation of passive WEP cracking tools that use statistical or brute force techniques to recover WEP encryption keys from captured wireless network traffic. This time, in the second and final article, we take a look at active tools that use 802.11 transmissions to attack WEP networks."

If you thought that you could keep your WEP secure...read this and think again. Keep your WiFi in its own DMZ and consider its traffic an open book. -Bryan

High-Security Locks Are Key In Protecting Game Machine Revenue

2005-03-02T10:48:00.000-08:00

High-Security Locks Are Key In Protecting Game Machine Revenue

By Jim Samuel

Locks are a paradox for the gaming industry. Seeming simple mechanical devices that are easy to operate and have remained virtually unchanged for decades, locks can also be one of the most difficult security devices to properly manage.
The cause of the paradox? Like most security issues in casinos, the cause is people. No matter how well a lock performs or how well it is made, it can’t be secure if its keys are improperly managed. The fact is that even the strongest locks cannot protect against lost or duplicate keys.

This is a great article that is written for the casino industry, but has great parallels in any security consideration. Take for instance, the fact that I am contracted to recover or change Windows administrator passwords at least several times per year. All I need is physical access to any system and I can own it within 10 minutes (up to 4 hours in the worst case so far). So all I need is access to the server room to own the server....right? Not quite. All I need is access to any system that is currently or has been on the network that has a valid and cached Domain Admin password. By cracking that system, I can own the Windows Domain/AD servers. It is time to get proper access control and auditing processes into place in today's small business, especially since the tools are already in place, just unused. Access control in a casino may be easier than in the average modern business - which has the better payout?....you decide, it's your money. -Bryan

HNS - The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage

2005-02-16T14:52:00.000-08:00

HNS - The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage: "The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage
by Jamie Cowper - Senior Technical Consultant, Mirapoint - Monday, 14 February 2005.

In a few short years, email has become a major part of the national psyche and a business-critical tool of communication. However, while companies have been more than willing to embrace the business benefits of email, they continue to remain oblivious to many of the responsibilities this new form of communication brings, particularly as it affects their employees.
"
Security starts with policies, but those policies must have sharp teeth in the form of technology and defined IT processes. And while technology can help with the monitoring and enforcement of your policies, you still need periodic user education and proof that those policies are enforced without prejudice (in law enforcement, wars, and streetfighting this is called "a show of force"). Just make sure that your show of force can survive a wrongful termination suit by having properly executed policies in the first place. -Bryan

HNS - A Simple Guide to Securing USB Memory Sticks

2005-02-16T14:23:00.000-08:00

HNS - A Simple Guide to Securing USB Memory Sticks: "A Simple Guide to Securing USB Memory Sticks
by William Lynch - Senior Consultant for CTG's Information Security Services Practice - Wednesday, 2 February 2005."

This is a great article for every end-user who uses ANY portable media: CD's, USB, MicroDrives, etc. As well, any data on the local drives would be well protected using this same, free method.

Ping Identity Announces Risk-Free Trial, Pilot & Production use of PingFederate --Advanced Federation Software for Simplified Identity Federation - Pi

2005-02-15T21:11:00.000-08:00

Ping Identity Announces Risk-Free Trial, Pilot & Production use of PingFederate --Advanced Federation Software for Simplified Identity Federation - Ping Identity Corporation: "Ping Identity Announces Risk-Free Trial, Pilot & Production use of PingFederate --Advanced Federation Software for Simplified Identity Federation"

Federated identity management across domains, sites and organizations....and the server is free until 100,000 transactions. Plenty of time to get it running and realize its value. -Bryan

Welcome to SmartWater Technology

2005-02-14T15:24:00.000-08:00

Welcome to SmartWater Technology

SmartWater will provide your commercial property with a unique 'forensic fingerprint', which whilst being virtually invisible to the naked eye, glows under UV light and is practically impossible to remove entirely. SmartWater will protect individual items, especially mobile items such as laptops and phones, but it also protects the whole of your business or organisation from burglary and theft. It’s a chilling thought that the majority of theft for most organisations comes in the form of pilferage. So whilst you will be letting burglars know you’re protected by forensic coding, your staff can also be taking the message on board.

Now this is cool...permanent microdot watermarking for anything that you can imagine! Stealthily applied or overtly advertised....many possible uses. See this link for a real-life example of this in action:

http://www.met.police.uk/pns/DisplayPN.cgi?pn_id=2005_0007

-Bryan

Artists Against 419 - Is this a legit bank or company?

2005-02-14T15:07:00.000-08:00

Artists Against 419 - Is this a legit bank or company?: "Is this a legit bank or company?
Online search tools

Have you received an offer from a bank or a security or off-shore company, or perhaps a winning notification from a foreign lottery? Want to know if they're real? If you can't find your bank on our list of 419 fake banks and lottery websites, that doesn't mean it's legit! New fakes come online every day. The following tips and tools can help you identify and avoid fraudulent banks and other fake web sites. If you're suspicious about a site, contact the artists!"

I get so many questions about suspected fraudulent emails in this category. A danger in these sites is not only from the fraudsters themselves, but from the danger of their sites being cracked and that data getting into even more criminals hands. I investigated a site recently and found several security flaws that could have been used to crack the site and potentially gain fraudulently gathered bank account data. The banks, FED's and the ISP's simply do not have enough personnel to properly attack this growing problem. See my full-disclosure post regarding this incident and the resulting discussion thread:

http://www.networksecurityarchive.org/html/FullDisclosure/2005-01/msg00893.html

Institute for Information Infrastructure Protection

2005-02-14T14:41:00.000-08:00

Institute for Information Infrastructure Protection: "The I3P Knowledge Base has been developed to support the I3P's mission to protect the information infrastructure of the United States. This web-based resource provides access to events, funding opportunities, experts in the field, and I3P initiatives. As the I3P Knowledge Base matures, we will be integrating tools for online collaboration, and other services to support the work of the I3P Consortium."

A good place to find upcoming security conference events (see the event calendar) and to see what some of the security community is thinking up for the future.

-Bryan

SecurityFocus HOME Infocus: Penetration Testing IPsec VPNs

2005-02-14T11:59:00.000-08:00

SecurityFocus HOME Infocus: Penetration Testing IPsec VPNs: "Penetration Testing IPsec VPNs
by Rohyt Belani and K.K. Mookhey
last updated February 9, 2005
1. Introduction
As companies expand their presence globally, there arises a need for secure electronic communications between geographically dispersed locations. Virtual private networks (VPNs) provide an economically viable option to address this need."

All IT managers need to understand the points made in this article. The VPN can be the single most exposed point on the corporate network. Given a list of usernames, cracking the VPN is a great way to get ownership of the whole corporate LAN since most are configured for unfettered access to all devices in the LAN. And if there is a site to site VPN in aggressive mode with PreSharedKeys (PSK), then it is trivial to force the VPN server to send the PSK HASH, from which you can easily bruteforce the PSK at leisure on your own system. This can all be done without triggering any major alerts or doing noisy/detectable scans. -Bryan

Loren Bandiera's weblog � sussen

2005-02-08T12:57:00.000-08:00

Loren Bandiera's weblog � sussen: "Loren Bandiera's weblog"
Loren Bandiera's weblog...some interesting NASL and other network probe and vuln experiments going on here. -Bryan

WASC Articles: The 80/20 Rule for Web Application Security

2005-02-02T23:59:00.000-08:00

WASC Articles: The 80/20 Rule for Web Application Security: "...we'll look at a few techniques anyone can use to decrease the risk of their website being hacked. And to make it really easy you won't have to alter a single line of code!"

Some good points made in this article to quickly improve security while other improvements are being made as well. Just applying these rules does not create a healthy security implementaion.

-Bryan

SecurityFocus HOME News: 'Thiefproof' car key cracked

2005-01-31T12:29:00.000-08:00

SecurityFocus HOME News: 'Thiefproof' car key cracked: "
'Thiefproof' car key cracked

By John Leyden, The Register Jan 31 2005 8:33AM
Researchers have discovered cryptographic vulnerabilities in the RFID technology used in high-security car keys and petrol pump payment systems. The attack against Texas Instruments DST tags used in vehicle immobilisers and ExxonMobil's SpeedPass system was identified by experts at Johns Hopkins University and RSA Laboratories. "

Security through obscurity really is neither.... -Bryan

Matt Blaze's Technical Papers - Safecracking and Physical Locks - AT&T Labs -- Research

2005-01-24T09:44:00.000-08:00

Technical Papers: "Physical Security

Cryptologic techniques can be applied outside of computers and networks, Perhaps surprisingly, the abstractions used in analyzing secure computing and communications systems turn out also to be useful for understanding mechnical locks and their keyspaces. Indeed, modeling master keyed locks as online authentication oracles leads directly to efficient solutions for what might naively seem like exponential problems for the attacker. In fact, it seems like almost a textbook example, as if master keying practices for locks were designed specifically to illustrate this class of weakness. We sometimes assume that hardware-based security is inherently superior to that based in software, but even the humble mechanical lock can be just as insecure as complex computing systems, and can fail in similar ways."

Matt's Master-Keyed Lock Vulnerability article is here

And Matt's safecracking PDF is here

Since information security and risk reduction invariably relies on physical security, it is time that infosec pushes the envelope on mandating physical security that is not based an illusion of security, but on provable security. That tape library with millions worth of intellectual property and trade secrets is sitting in a "Safe" somewhere right? Is that really safe? Probably in name only. As a great mind or two have concluded over the centuries: "security through obscurity is neither..."

-Bryan

Onion Routing

2005-01-24T09:28:00.000-08:00

Onion Routing: "Onion Routing

The Onion Routing project researches, designs, builds, and analyzes anonymous communications systems. The focus is on systems for Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network."

Been playing around with this since a friend pointed me back to it the other day (thanks Joel). A must use for browsing around sites that you may not want to know your identity. Will setup a hardened and malware resistant tor server here soon.

And since I don't want my tor server to be used to anonymously hack other systems, ingress/egress layer-7 screening will be used even if it upsets the cyber-anarchists out there.
-Bryan

On the discussion of security vulnerabilities

2005-01-23T21:59:00.000-08:00

On the discussion of security vulnerabilities: "Is it harmful to discuss security vulnerabilities?

The debate over the open discussion of security vulnerabilities long predates the Internet and computers. The recent reaction of some locksmiths to my master keying research paper heightened my interest in this subject. Here's what one of the 19th century's foremost inventors of mechanical locks had to say 150 years ago:"

Nerdlabs - Boot Disk Images

2005-01-18T18:10:00.000-08:00

Nerdlabs - Boot Disk Images

Need boot disks? Go here now and make some. -Bryan

Quiet Encoding: How Your Laser Printer Manufacturer Has Embedded An ID Code On Every Page You Print - Robin Good's Latest News

2004-11-29T18:21:00.000-08:00

Quiet Encoding: How Your Laser Printer Manufacturer Has Embedded An ID Code On Every Page You Print - Robin Good's Latest News
------------
Blue LED Flashlight + loupe = Gotcha!

the Bleeding Edge of Snort - Breaking Snort Signatures

2004-11-10T21:45:00.000-08:00

the Bleeding Edge of Snort - Breaking Snort Signatures: "The Aggregation Point for Snort Signatures and Research"

If you use Snort, then you should be familiar with this site...I was going through my bookmarks and re-discovered this one today. Good stuff!

Sender Policy Framework

2004-11-09T20:26:00.000-08:00

Sender Policy Framework

SPF: Sender Policy Framework
The Anti-Forgery solution
That's making the world a
Safer place for email.

---------------------

remote-exploit.org

2004-10-22T22:40:00.000-07:00

remote-exploit.org: "News: Auditor 081004-01 released

remote-exploit.org

Again it is time to make a major release of the Auditor Security Collection. It has hughe changes on it. Check out the project web site and the changes file. The Auditor Security Collection is the most advanced and up-to-date penetration testing linux live distro available. Its perfect for security analyses, wireless security analysis and ...... check it out."

...Old news, but a great set of tools for auditing networks. Check it out even if only to find out what kinds of snooping can take place.

Cheers,
-Bryan

Schneier on Security

2004-10-15T15:40:00.000-07:00

Schneier on Security

Bruce Schneier on Security

A weblog covering security and security technology.
Schneier: Security outsourcing widespread by 2010

Bruce Schneier is founder and chief technology officer of Mountain View, Calif.-based MSSP Counterpane Internet Security Inc. and author of Applied Cryptography, Secrets and Lies, and Beyond Fear. He also publishes Crypto-Gram, a free monthly newsletter, and writes op-ed pieces for various publications. Schneier spoke to SearchSecurity.com about the latest threats, Microsoft's ongoing security struggles and other topics in a two-part interview that took place by e-mail and phone last week. In this installment, he talks about the safety of open source vs. closed source, the future of security management and spread of blogs.

.........If you have not read any of Bruce's books or articles...then your geekdom is in question. Here is your chance to gain some knowledge from an expert whom I consider to be a very practical and realistic security expert. -Bryan

TaoSecurity Richard Bejtlich's Blog Post on Fascinating .gov and .mil Docs

2004-08-31T18:04:00.000-07:00

TaoSecurity Fascinating .gov and .mil Docs

Perhaps 'fascinating' is too strong a word, but I've come across several intriguing government reports and documents which security professionals might find interesting. First, the CERT/CC and the Secret Service released a joint report titled Insider Threat Study. It's based on '23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002. Organizations affected by insider activity in this sector include credit unions, banks, investment firms, credit bureaus, and other companies whose activities fall within this sector. Of the 23 incidents, 15 involved fraud, four involved theft of intellectual property, and four involved sabotage to the information system/network.' One of the incidents, mentioned in the beginning of the report, was the case prosecuted by the DoJ on behalf of UBS."

-------------

A great find by Richard Bejtlich. Documents for security pro's and CXO's who want to know more about real exploit incidents, prosecution, threats, and security posturing.

United States Secret Service: National Threat Assessment Center (NTAC)

2004-08-31T17:56:00.000-07:00

United States Secret Service: National Threat Assessment Center (NTAC): "National Threat Assessment Center - Insider Threat Study

In August 2004, the U.S. Secret Service and Carnegie Mellon University Software Engineering Institute's CERT� Coordination Center (CERT/CC) announced the findings of the first Insider Threat Study report, a collaborative effort to better understand insider activities affecting information systems and data in critical infrastructure sectors."

--------------------
Even if you are not in the banking and finance industry, this is a revealing article on the who's, how's and why's of insiders and cybercrime.

Stay secure! -Bryan

---------------------

WinAmp flayed by skins attack | The Register

2004-08-31T17:22:00.000-07:00

WinAmp flayed by skins attack | The Register

Take a widely used media player, find a hole and exploit it...this exploit is going around in the wild, so if you have Winamp installed on your system, read this article and download the new, safe version of Winamp here: http://www.winamp.com/player.

Stay safe! -Bryan

Microsoft SQL Server FAQ How Windows XP Service Pack 2 SP2 Affects SQL Server and MSDE

2004-08-16T23:29:00.000-07:00

Microsoft SQL Server FAQ How Windows XP Service Pack 2 SP2 Affects SQL Server and MSDE

Microsoft Windows XP SP2 Screenshots

2004-08-16T22:53:00.000-07:00

Microsoft Windows XP SP2 Screenshots Updated Aug. 2004

---------
You have to see the new SP2 for Windows XP screenshots....and look in the right side of the screen for other SP2 resources.

...click the link above for that page

Secunia - Multiple Browsers Frame Injection Vulnerability Test

2004-08-16T22:36:00.000-07:00

Multiple Browsers Frame Injection Vulnerability Test to see if your browser is vulnerable to the Multiple Browsers Frame Injection Vulnerability.

----------------
Take a 6 year old vulnerability and add some malicious intent to grab your identity...and cash.

Test your Browser at this page from Secunia. Click the link above to go to the test page.

Sasser kid blamed for viral plague - The Register

2004-08-16T22:30:00.000-07:00

By John Leyden
Published Friday 30th July 2004 10:26 GMT
A staggering 70 per cent of viral activity in the first half of this year can be linked to just one German teenager, according to anti-virus firm Sophos.

Sven Jaschan, 18, the self-confessed author of the NetSky and Sasser worms is blamed by Sophos for the vast majority of viral reports it recorded during the first six months of 2004. Just two of Jaschan's viruses - the infamous Sasser worm and NetSky-P - account for almost 50 per cent of all virus activity seen by Sophos up until the end of June. Counting Jaschan's other released variants of the NetSky worm, the total figure comes to over 70 per cent.

...
-----------
One bad apple can spoil the whole bunch. What would happen if there was a more concerted effort put to attacking the masses of unpatched systems out there? We are lucky that this kid did not have more malicious motives.

...click link above for the full article

McAfee, Inc.

2004-08-16T11:03:00.000-07:00

McAfee, Inc.: "McAfee Inc. To Acquire Foundstone, Inc. For $86 Million In Cash Combined Companies To Offer Market's First Dynamic Risk Management and Mitigation Solutions SANTA CLARA, Calif., August 16, 2004 McAfee, Inc. (NYSE: MFE), the leading provider of intrusion prevention solutions, today announced a definitive agreement to acquire Foundstone, Inc., the leader in vulnerability management, for $86 million in cash, less various adjustments. Together the companies will offer organizations and government agencies the market's first comprehensive solution to help protect IT infrastructure and optimize business availability in a dynamic risk environment."

-------------
Big news in the security industry today....and some telling numbers regarding the expected growth of the computer security industry:

"According to industry research firm IDC, the vulnerability assessment and management (VA&M) and intrusion detection market is expected to experience increasing growth over the next few years, reaching $1.6 billion by 2008. The most significant growth is expected during the next three years."

-----------
Click the link above for more info.

Bay Area Free Wi-Fi Wireless Hotspots

2004-08-16T10:33:00.000-07:00

Bay Area Free Wi-Fi Wireless Hotspots

Never pay for wi-fi access again!
The San Francisco Bay Area is full of free wi-fi locations so why pay for them? Skip Starbucks and other paid access locations and support local businesses and your community for free. Stop into your local free hotspot, buy a mocha, and let them know how much you appreciate the free wi-fi!

------------------

Not security news....although without a personal firewall and vpn encryption, you may be calling me to de-0wn your system from some hacker-punk...now that would be security news! Remember that all WiFi users who share the same WEP Key can snoop each others data very easily! VPN, antivirus and personal firewall use is a must when using wireless hot-spots, so that you leverage the security systems in place at your corporate network.

...click link above for more detail

IrishEyes: AirPort JustePort Crack

2004-08-16T10:25:00.000-07:00

IrishEyes: AirPort JustePort Crack

August 12, 2004
AirPort JustePort Crack
GVSV -- Jon Johansen, author of DeCSS, has discovered the public key that the AirPort Express uses to allow software to play audio through it and posted it to So Sue Me. The public key for AirPort Express is out in the open (see below but no need to check Jon's blog because it's withering under the load). Until Apple "patch[es]" it, anyone could encrypt data using it and get Apple's device to play the music.

He's also released the source code to a JustePort, a small Windows command-line tool. His crack clears the DRM bridles around iTunes because other applications could now broadcast music to your home stereo wirelessly by using Express, rather than just iTunes 4.6. Andrew Orlowski says, "For users on Linux machines, or with WMA or OGG format files, this could be a boon, as iTunes supports neither format out of the box."

....see link above for more

netTracers Security News and Views Blog is now online!

2004-08-16T10:08:00.000-07:00

Welcome to the netTracers Security blog site! This forum will provide a simple way for me to keep you up to date on the latest security issues that affect your data security. Come by often, as this will be updated constantly.

Cheers,
- Bryan K. Watson
- Proprietor of netTracers Security Consulting
- http://www.nettracers.com