Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • Identify and eliminate MD5 attacks in two easy steps

    Posted January 6, 2009 - 4:32 pm

    A group of international security researchers recently demonstrated successful attacks against the Public Key Infrastructure (PKI) used to issue security certificates to Web sites when the signatures are generated with the MD5 hash function. Happily, the vulnerability is simple to identify and easy to remediate.
  • Digital Gangster takes credit for Twitter hacks

    Posted January 6, 2009 - 3:47 pm

    Members of the online forum Digital Gangster may have been behind Monday's Twitter hack. On Monday, hackers gained access to, and posted messages from, 33 Twitter accounts including those of Bill O'Reilly, Britney Spears and CNN's Rick Sanchez.
  • Google comes in third on top 10 list of spam enablers

    Posted January 6, 2009 - 10:58 am

    Google hasn't stopped a rising number of spammers from abusing Google Docs, its Web-based collaboration and spreadsheet application, according to Spamhaus.
  • Twitter Hack: How It Happened and What's Being Done

    Posted January 6, 2009 - 10:33 am

    Twitter is tackling a series of security issues, starting with a hack that hit some well-known celebrity accounts. Someone broke into Twitter accounts belonging to President-elect Barack Obama, CNN anchor Rick Sanchez, and Britney Spears over the weekend. At the same time, a phishing scam is trying to trick regular users into handing over their passwords and compromising their profiles.
  • Hackers hijack Obama's, Britney's Twitter accounts

    Posted January 6, 2009 - 10:27 am

    Hackers hijacked the Twitter accounts of more than 30 celebrities and organizations, including President-Elect Barack Obama, Britney Spears and Fox News, early on Monday, the company confirmed today.
  • Tutorial On Telecommunications and Network Security

    Posted January 6, 2009 - 2:14 am

    This Chapter has been extracted from the book CISSP in 21 Days, by Packt Publishing. This book is written to serve as a concise quick revision guide for the CISSP exam preparation that ensures a disciplined study approach a month before exam, giving candidates a complete coverage of the prescribed syllabus.
  • Researchers hack into Intel's vPro

    Posted January 5, 2009 - 9:55 pm

    Security researchers said they've found a way to circumvent an Intel vPro security feature used to protect PCs and the programs that they run from tampering.
  • Maturity Scale for IT Data Management

    Posted January 5, 2009 - 9:28 pm

    How does the IT data management -- the market that is an umbrella for log management, security information management, and security event management -- look? What are some of the implications based on the maturity scale? Why do some SIM/SEM projects fail and others don't? Are you ripe for advanced analytics and visualization?
  • Encryption top IT security initiative in 2009

    Posted January 5, 2009 - 5:48 pm

    IT security budgets are increasing in 2009 to consume 12.6% of the entire IT operating budget, up from 11.7% in 2008, according to Forrester Research's survey of 942 IT and security managers in North America and Europe.
  • The 7 Worst Tech Predictions of All Time

    Posted January 5, 2009 - 5:02 pm

    Even the most successful tech prognosticators make their share of foolish predictions. Here are a few favorite forward-looking flubs of the past 65 years.
  • Stephen Fry hit by Twitter ID hack

    Posted January 5, 2009 - 12:17 pm

    Hackers are targeting Twitter users in a bid to steal personal information, says Sophos.
  • With Gaza conflict, cyberattacks come too

    Posted January 1, 2009 - 7:24 pm

    Pro-Palestinian hackers have defaced thousands of sites following attacks in Gaza.
  • Securing DNS should trump budget-cutting, experts say

    Posted December 31, 2008 - 11:29 am

    The discovery of a major DNS flaw in mid-2008 landed the technology in many headlines, but with econ

  • Security vendors ready fix for 'Curse of Silence' SMS attack

    Posted December 31, 2008 - 10:27 am

    Some Nokia smartphones are vulnerable to a DOS attack that prevents them receiving SMS and MMS messages, a German security researcher demonstrated Tuesday
  • Microsoft: MD5 hack poses no major threats to users

    Posted December 30, 2008 - 5:11 pm

    In reaction to the news today that security researchers have come up with a way to spoof the digital certificates that secure many Web sites, Microsoft Corp. downplayed the threat to users.
  • Security predictions for 2009

    Posted December 30, 2008 - 5:06 pm

    Though these predictions are based on primary research and many, many discussions with CSOs, they concern information security only and can be affected by external factors that are unpredictable (at least by me). Case in point: My predictions for 2008 did not take into account a severe downturn in the economy that was underway already at the beginning of the year. Let's hope that my 2009 predictions also miss the mark by assuming a continuation of economic difficulties that turn out to be less severe than predicted. Here goes:
  • The security imperative

    Posted December 30, 2008 - 4:37 pm

    Leslie Lambert, vice president and chief information security officer at Sun Microsystems Inc., returned from a three-week business trip to India with a few souvenirs and a whole new set of IT security priorities. In 2009, projects like server security, metrics, application security and Web security will likely take a back seat to new data-protection measures and deeper enhancement of user-access and identity management systems. "Those are the big hitters now," she says.
  • Researchers devise undetectable phishing attack

    Posted December 30, 2008 - 12:19 pm

    Researchers have discovered a way to launch an undetectable phishing attack, exploiting flaws in the MD5 algorithm.
  • Microsoft downplays Windows Media Player bug

    Posted December 30, 2008 - 11:38 am

    Microsoft Corp. today dismissed reports of a critical vulnerability in its Windows Media Player, saying that the researcher who claims the bug could be exploited is wrong.
  • Fry's Electronics VP faces criminal charges and lawsuit

    Posted December 30, 2008 - 11:27 am

    A vice president at Fry's Electronics Inc. is facing the inside of two different courtrooms for allegedly running a kickback scheme that netted him tens of millions of dollars.
  • Amazon warns customers of infected digital photo frames

    Posted December 29, 2008 - 4:42 pm Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold through earlier this month might have come with malware on the driver installation CD.
  • Hacking Windows: Eavesdropping on Network Password Exchange

    Posted December 29, 2008 - 4:19 pm

    Password guessing is hard work. Why not just sniff credentials off the wire as users log in to a server and then replay them to gain access? If an attacker is able to eavesdrop on Windows login exchanges, this approach can spare a lot of random guesswork.
  • Managing spam quarantine for Exchange Server 2007

    Posted December 29, 2008 - 12:15 pm

    Exchange Server 2007 includes anti-spam functionality that provides the capability to quarantine suspected spam that is received from the internet. Quarantining spam is generally done only for email with a moderate likelihood of being spam as opposed to email that has a very high likelihood of being spam which would normally be rejected entirely.
  • Short Straw 1

    Posted December 29, 2008 - 12:14 pm

    If you're reading this at work, it means you're a “short straw” person who picked the short straw to work during a holiday. Welcome to the club. If you're reading this at home because you're in the habit, then I'll try to entertain you a bit.
  • Three Global Risks to Business in 2009

    Posted December 29, 2008 - 10:52 am

    Control Risks, an independent, specialist risk consultancy, recently released its 2009 annual forecast of the global political and security risk environment. In this interview, Control Risks analyst and author Daniel Linsker discusses some of the highlights that businesses need to consider before investing.
Join us:






Join today!

See more content
Ask a Question