Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • Guarding the crown jewels

    Posted April 13, 2006 - 2:09 pm

    Protection of critical data assets begins with a sound data security strategy. This article provides an overview of best practices that should be of part of any organization's data security strategy. By adopting these practices, you can help prevent unauthorized access to sensitive corporate data while preserving legitimate access to data resources and supporting the detection of misuse of data by authorized users.
  • Hard and fast

    Posted April 13, 2006 - 1:51 pm

    The outlook for people who are illegally sharing files and making counterfeit copies of software and films took a turn for the worse on two fronts recently.
  • ISS adds Linux security to line-up

    Posted April 13, 2006 - 11:54 am

    Internet Security Systems (ISS) has added Linux support to its Proventia Server Intrusion Prevention System (IPS) platform.
  • ActivIdentity releases new identity sign-on product

    Posted April 13, 2006 - 11:45 am

    IT security vendor ActivIdentity Inc. has released a new version of its single sign-on identity management product for large businesses, including new integrated support for smart cards, the company said Wednesday.
  • Critics hit SF Wi-Fi plan on privacy, interference

    Posted April 13, 2006 - 11:43 am

    San Francisco's choice of Google Inc. and EarthLink Inc. to build a citywide Wi-Fi network is likely to interfere with some residents' privacy and many Wi-Fi users' radio signals, critics of the plan said this week.
  • Microsoft releases critical Internet Explorer patch

    Posted April 11, 2006 - 4:05 pm

    Microsoft Corp. has released its security software patches for April, addressing an unpatched bug in the Internet Explorer browser that hackers had been exploiting for several weeks.
  • HP: Enterprises struggling with privacy management

    Posted April 11, 2006 - 2:13 pm

    Enterprises are under increasing pressure to safeguard the privacy and security of personal data, but the complexity of the task is making it difficult to meet higher expectations, a Hewlett-Packard Co. project manager said Tuesday.
  • Identity Theft Primer

    Posted April 11, 2006 - 12:49 pm

    Learn best practices for approaching the challenge of identity theft using a detailed matrix that explores the various types of identity theft and possible mitigating strategies as well as an identity theft lifecycle that presents discrete stages of the identity theft problem. (PDF)
  • McAfee unveils threat center portal

    Posted April 11, 2006 - 10:12 am

    McAfee Inc. has jazzed up its Web site with a new online portal designed to help users research a wide range of security problems. Called the McAfee Threat Center, the portal was launched Monday as part of a redesign of the Web site.
  • Oracle releases, then pulls, database exploit code

    Posted April 10, 2006 - 4:42 pm

    Oracle Corp. appears to have accidentally released details about an unpatched security vulnerability in its database software, including sample code that could be used to exploit the problem. Details of the vulnerability were published last Thursday in a note that was briefly posted to Oracle's Metalink customer support portal.
  • Study: Employees emerging as biggest security threat

    Posted April 10, 2006 - 1:33 pm

    According to the IBM Global Business Security Index released last month, insider attacks represent an emerging security threat for business. The CSI/FBI 2005 Computer Crime and Security Survey echoes these findings, indicating that 56 percent of organizations reported some level of security breach from within their organization.
  • File Sharing Continues to be a Serious Risk

    Posted April 10, 2006 - 9:57 am

    File sharing is indeed a risk to consider. Whether you choose to embrace technical solutions to help protect against information being removed from your company control or policy and awareness solutions to help your users understand the risks of file sharing, it is a very good idea to have this risk on your radar. While it is certainly not a new risk or even one with growing importance, it remains yet another exposure that folks should be knowledgeable of. If you haven't spent some time looking for keywords and filenames associated with your organization on some of the networks, such an assessment may be in order. It is likely to turn up some interesting results.
  • Virus threatens PCs running Linux or Windows

    Posted April 7, 2006 - 6:19 pm

    Hackers have released a sample code for a virus that could infect both Linux and Windows PCs.
  • Companies spooked about smart phone security

    Posted April 7, 2006 - 11:02 am

    More than 60 percent of the respondents to a Symantec survey said mobile security concerns were the main reason they had not provided their employees with Smartphones.
  • HP warns of new printer flaw

    Posted April 7, 2006 - 11:00 am

    Hewlett-Packard has found a vulnerability in the software that controls two of its color printers that could allow hackers to access private information on users' PCs. The company released a patch through its HP Color LaserJet 2500/4600 Software Update version 3.1
  • Another security hole found in IE

    Posted April 7, 2006 - 10:59 am

    Security research firm Secunia has advised that a newly discovered flaw in the way Internet Explorer loads Web pages and Flash animations could aid phishing scams. The flaw exists in IE 6.0 with all current patches as well as IE7 Beta.
  • Compliance, not spyware, drives IT budgets, security execs say

    Posted April 7, 2006 - 10:58 am

    Regulatory compliance is the top-ranked IT security budget driver, according to a group of 50 leading chief security officers surveyed by Merrill Lynch & Co. Protecting against intrusions and unplanned downtime placed second and third. In spite of their concerns, however, 78 percent of the respondents said that less than 10 percent of the overall IT dollars go to security purchases.
  • Researcher: Web services security risks largely ignored

    Posted April 7, 2006 - 8:58 am

    During a conference presentation, researcher Alex Stamos outlined how a number of Web services technologies, including the AJAX (Asynchronous JavaScript and XML) and the XQuery query language could be exploited by hackers to dig up secret information and attack systems.
  • Microsoft set to patch IE, Windows, Office next week

    Posted April 6, 2006 - 4:39 pm

    Microsoft Corp. is set to release five security patches for its products next Tuesday, including a highly anticipated Internet Explorer (IE) fix that will address a bug that hackers have been exploiting over the past two weeks. Along with the critical IE patch, Microsoft will repair three other issues in its Windows operating system, as well as an unspecified problem in Office that is rated moderate.
  • McAfee buys SiteAdvisor

    Posted April 5, 2006 - 4:03 pm

    McAfee Inc. has purchased Web-site rating company SiteAdvisor Inc., the two companies announced Wednesday. Founded by a group of Massachusetts Institute of Technology engineers in April 2005, SiteAdvisor develops automated software that tests Web sites to see whether they install nasty things like spyware or computer viruses.
  • Security fears, cost delay mobile deployments at work

    Posted April 4, 2006 - 1:56 pm

    Around 60 percent of businesses are shying away from deploying mobile devices primarily due to security concerns, according to a new survey conducted by the Economist Intelligence Unit and commissioned by security vendor Symantec Corp.
  • Patch is recommended for McAfee filtering software

    Posted April 4, 2006 - 11:09 am

    A vulnerability in McAfee Inc.'s e-mail filtering software could allow unwanted code to run on a computer, but a patch should fix the problem, according to a security advisory published Tuesday.
  • Symantec Research Labs

    Posted April 3, 2006 - 5:00 pm

    When I visited Symantec's Santa Monica facility for the release of their Internet Security Threat Report last month, I also had a meeting with two of the leaders of their research lab. Two of their initiatives seemed particularly interesting. First, and timely after all the Sony Rootkit mess (hey, Feds, why no arrests of major spyware perpetrators with Sony name badges?), Symantec engineers are rolling out "raw disk virus scanning" technology. Rootkits hide from the file system, so Symantec wants to scan for viruses at the disk block level. If the virus scan ignores the operating and file systems, typical rootkit hiding techniques won't work.
  • WebGoat provides a safe place to learn application security

    Posted April 3, 2006 - 11:08 am

    WebGoat is an interesting tool. It is a complete, java-based environment for exploring web application vulnerabilities, attack techniques and best-practice mitigations. It runs in Windows, Linux and, yes, on Mac OS X. You simply download, install and execute it to get a nice self-guided tour through the world of application security. You can hack away, explore ideas, learn the attack techniques and even use it to teach yourself or others about application security.
  • Trend Micro data revealed due to virus

    Posted April 3, 2006 - 10:49 am

    The failure of a Trend Micro Inc. employee to install his company's own antivirus software led to the uploading of some company reports to a popular Japanese peer-to-peer file sharing network, the company said Monday.
Join us:






Join today!

See more content
Ask a Question