Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • Microsoft patches security bugs in products

    Posted July 8, 2008 - 4:40 pm

    Microsoft has patched bugs in its Exchange, SQL Server and Windows software that could give hackers new ways to break into computers.
  • MessageLabs secures e-mail backup

    Posted July 8, 2008 - 1:08 pm

    MessageLabs, best known as a provider of e-mail security services, last week introduced a managed e-mail backup service that has as a selling point the same security features built into the company's other products.
  • Failures of Information Security: Observing the World and Asking Why

    Posted July 8, 2008 - 12:30 pm

    Information security matters; it is important. It matters to companies and their shareholders. It is of great importance to the general public, whose personal data is stored by the companies and organizations with which they interact (and by some with which they don’t). We all hope our private files and email correspondence remain secure. The security industry and security professionals are the guardians of that personal information. They seek to frustrate criminals by employing standard ways of working and by deploying security technologies. Unfortunately, these efforts have not always been successful. This chapter delves into some of the most apparent failures of information security.
  • Adware company refines opt-out, notification technology

    Posted July 8, 2008 - 11:32 am

    Facing heat over privacy worries, NebuAd said Tuesday it has a new notification and opt-out system for its targeted advertising system that critics say is invasive and spies on users.
  • Off-network security: From knowing better to doing better

    Posted July 8, 2008 - 10:33 am

    When Redemtech commissioned the Ponemon Institute to study data breaches last summer, they confirmed something we all probably understood: most breaches result from the loss or theft of a data bearing asset, often a laptop. They also confirmed that a large majority of surveyed companies have existing policies to govern the handling of data bearing equipment once it is taken "off the wire," or off-network. Not anticipated was that a majority of companies report doing nothing to measure or govern the effectiveness of those policies.
  • SNMP scans on the rise

    Posted July 8, 2008 - 9:49 am

    There has been a sharp increase in SNMP port scans, according to State of Security a blog run by MicroSolved, a security and penetration testing firm.

  • Microsoft warns of new Access attack

    Posted July 7, 2008 - 3:22 pm

    Cybercriminals are exploiting a bug in software used by Microsoft's Access database program in a new online attack, Microsoft warned Monday.
  • XP SP3 to reach most users 'shortly,' says Microsoft

    Posted July 7, 2008 - 2:00 pm

    Microsoft Monday said that it would begin pushing Windows XP Service Pack 3 (SP3) to most users "shortly."

  • AVG fixes antivirus software skewing Web site statistics

    Posted July 7, 2008 - 11:25 am

    Security company AVG is upgrading a component of its antivirus software so as not to place an undue traffic load on the Web sites it scans.
  • Coreflood, more Microsoft-Yahoo, iPhone plans

    Posted July 4, 2008 - 3:53 pm

    A Trojan horse program that has been around for about six years is now being used to steal system-administrator passwords, including those at banking and brokerage houses, according to security researchers. And it could be that six years from now we'll still be talking about Microsoft's aim to buy Yahoo's search business, which could involve obtaining the entire company and breaking it apart. Meanwhile, early adopters will undoubtedly be out in force on July 11 to be among the first to buy the new iPhone 3G.
  • Google gives away free Web application security scanner

    Posted July 3, 2008 - 9:39 am

    Google has released for free one of its internal tools used for testing the security of Web-based applications.
  • Swedish Data Inspection protects messy apartment dwellers

    Posted July 2, 2008 - 9:57 am

    The Swedish housing corporation Eslvs Bostads AB is not allowed to use log files collected from its electronic key system to keep track of who has made a mess in the common washing machine room, according to the local Data Inspection Board.
  • Microsoft to sell Office 'value pack' for $70 per year

    Posted July 2, 2008 - 9:35 am

    Microsoft has chosen the name "Equipt" for a forthcoming package of products that includes its Office suite, Internet security software and other services, and will sell it for an annual subscription fee of US$69.99.
  • Trojan lurks, waiting to steal admin passwords

    Posted July 2, 2008 - 9:23 am

    Writers of a password-stealing Trojan horse program have found that a little patience can lead to a lot of infections.
  • Disabling the Hidden Administrative Shares

    Posted July 2, 2008 - 5:54 am

    I mentioned in my previous post that you can add $ to a share name to hide the share, and that it was a good idea to also modify the share name to something not easily guessable by some snoop. Note, however, that Windows Vista sets up certain hidden shares for administrative purposes, including one for drive C: (C$) and any other hard disk partitions you have on your system. Windows Vista also sets up the following hidden shares:

  • Study: Unpatched Web browsers prevalent on the Internet

    Posted July 1, 2008 - 3:28 pm

    Only 59.1 percent of people use up-to-date, fully patched Web browsers, putting the remainder at risk from growing threats from diligent hackers, according to a new study published by researchers in Switzerland.
  • Japanese military loses data again

    Posted July 1, 2008 - 8:26 am

    Japan's Self Defense Force lost sensitive data pertaining to a joint U.S.-Japan military exercise last year, the Ministry of Defense said Tuesday.
  • Laptops lost like hot cakes at US airports

    Posted June 30, 2008 - 5:05 pm

    Close to 637,000 laptops are reported lost at around 106 U.S. airports each year, according to a survey by Ponemon Institute.
  • Creator of Nugache worm reaches plea agreement

    Posted June 30, 2008 - 1:15 pm

    The teenage creator of a botnet that used a clever worm to infect PCs and then steal users' personal data has agreed to a plea deal with federal prosecutors.
  • MySpace users struggle to overcome cybervandalism

    Posted June 30, 2008 - 11:10 am

    MySpace is facing continuing security problems that threaten to spoil many of the innovative features that make the site useful.
  • F-Secure warns against new, efficient malware

    Posted June 30, 2008 - 10:55 am

    Watch out for the newest generation of malware that is difficult to crack and efficient, warns anti-virus firm F-Secure. The Finnish firm has warned that today's malware is characterized by the packing, encryption, and obfuscation of existing families of Trojans, backdoors, exploits, and other threats, which is now done with industrial efficiency.
  • Security advisory: IE6 and IE7 vulnerable

    Posted June 27, 2008 - 4:20 pm

    A vulnerability in IE7 allows for websites to modify the location of another frame in another window by setting the location to an object instead of a string. This could lead to malicious sites loading content into frames of legitimate sites. An input validation vulnerability in IE6 could result in the execution of arbitrary script code. This is due to errors in the handling of properties of a window object. Users should upgrade to IE7 as it is not affected by this vulnerability.

  • Hiding Your Shared Folders

    Posted June 27, 2008 - 8:21 am

    Setting up user accounts with strong passwords and then applying shared-folder permissions on those accounts are the necessary network security tasks, and in most small networks they're also sufficient for achieving a decent level of security. However, when it comes to securing your network, a healthy dose of paranoia is another good "tool" to have at hand. For example, the properly paranoid network administrator doesn't assume that no one will ever infiltrate the network, just the opposite: The admin assumes that someday someone will get access, and then he or she wonders what can be done in that case to minimize the damage.

  • Mod_security, a free web application for Apache

    Posted June 25, 2008 - 10:05 pm

    If your organization runs Apache as the primary web server of choice, you should definitely be looking into mod_security. It is an open source web application firewall that is custom integrated with Apache and works so well that in most cases, its operations are transparent to normal users. However, don't mistake simplicity with lack of capability. Mod_security is plenty capable of protecting most applications from a variety of common attacks, including injections and cross site scripting (XSS).
  • Tips for input validation

    Posted June 25, 2008 - 9:43 pm

    Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done incorrectly, they are little more than a false sense of security. The bad news is that input validation is difficult.
Join us:






Join today!

See more content
Ask a Question