Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • Moving from Disaster Recovery Planning to Business Continuity

    Posted January 24, 2007 - 12:07 pm

    As the financial industry becomes more dependent on complex technologies, regulators have pressed institutions to pay continuous attention to business continuity.

  • Apple patches security flaw in QuickTime

    Posted January 24, 2007 - 9:56 am

    Apple Inc. has patched a vulnerability in its QuickTime media player. The problem concerns a buffer overflow that can occur when QuickTime processes a RTSP URL, which directs the player to a streaming file and allows a user to play and pause it.
  • By the book: How to prevent a dictionary attack

    Posted January 23, 2007 - 5:09 pm

    If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it. Here's why: Hackers are well aware that anything kept under lock and key is probably worth stealing.
  • Windows OneCare update coming worldwide Jan. 30

    Posted January 23, 2007 - 11:28 am

    Microsoft Corp. will begin the international roll-out of its consumer security software on Jan. 30 when it releases a new version of Windows Live OneCare in the U.S. and 16 other countries.
  • Symantec: Storm Trojan worst outbreak since 2005

    Posted January 23, 2007 - 9:33 am

    Malicious software that was sent out in millions of spam messages over the weekend has now infected about 300,000 computers, making it the worst malware outbreak since 2005.
  • Security Tip: Put Skype's security risks into perspective

    Posted January 22, 2007 - 3:20 pm

    Skype tends to bring out the extremes in the security community. They tend to hate Skype or love it. Few stand in the middle.While Skype use can create quite a bit of traffic on the network, and it can allow unmanaged inside to outside communications, it is hardly a high-risk application. The code has proven to be robust, more secure than many of the other chat clients and more worm-resistant than many attackers had hoped. The cryptography surrounding the voice and authentication data seems to have resisted known attacks and is rated by more than a few security researchers as highly effective. A quick check of known vulnerability databases showed only nine issues in total, with only three in the last year. All are patched in current versions.
  • Most organizations fail to manage risks associated with sharing data with third parties

    Posted January 19, 2007 - 5:30 pm

    David Geer recently spoke with Jose Granado, CISSP-certified and a Principal and Service Delivery Leader at the Security and Technologies Solutions Practice for Ernst & Young. Mr. Granado will be addressing findings on third-party data sharing risks from a 2006 Ernst & Young survey, "Achieving Success in a Globalized World: Is Your Way Secure?", which tallied the views of 1,200 senior information security professionals from 48 countries.
  • Storm Trojan floods e-mail boxes

    Posted January 19, 2007 - 4:48 pm

    Malicious Trojan horse software claiming to provide information on topics like the deadly storms that have battered Europe this week has infected thousands of computers over the past 24 hours, security vendor Sophos PLC warned Friday.
  • MySpace lawsuits headed for new legal ground

    Posted January 19, 2007 - 1:48 pm is facing pressure after a new round of lawsuits filed on Thursday that allege it failed to protect minors, and experts say the cases will enter murky legal territory.
  • Phishing site numbers soar in 2006

    Posted January 19, 2007 - 1:06 pm

    Few will be surprised at new figures from Netcraft showing the number of phishing URLs to have soared in 2006. But there is a alarming sting in this tail -- almost half the total came in a single month, December.
  • Microsoft reissues Excel patch

    Posted January 18, 2007 - 4:52 pm

    Microsoft Corp. has reissued an Excel security patch, published earlier this month, after the update made it impossible for some Excel 2000 users to open documents.
  • European registrars gain new tool to fight abuse

    Posted January 18, 2007 - 12:22 pm

    Under a new rule that will come into force next month, European registrars for the ".eu" domain will be able to immediately stop the transfer of ownership of a domain name if it's suspected of abuse.
  • Symantec to use SONAR to find zero-day attacks

    Posted January 17, 2007 - 11:13 am

    Starting next month, users of Symantec Corp.'s Norton products will have a new tool to help them avoid unpatched software flaws.
  • Vista's UAC security is hopeless, says Symantec

    Posted January 16, 2007 - 5:04 pm

    A key security feature of Windows Vista, User Account Control (UAC) is still nearly unusable, Symantec has said.
  • Phishing toolkit reels in content, punters

    Posted January 15, 2007 - 3:50 pm

    RSA Security Inc. has discovered a phishing toolkit for sale online designed to post legitimate and actual content on a fraudulent URL in real time.
  • Germany wants EU police to share personal data

    Posted January 15, 2007 - 3:12 pm

    European Union justice ministers are meeting this week in Dresden, Germany, to discuss a package of measures that could give police and other security forces in the region unprecedented access to a range of individuals' personal data.
  • Honeynets: Trapping attackers and naming names

    Posted January 12, 2007 - 8:04 pm

    The Web Honeynet Project, an independent group of Honeynet researchers from Securiteam and the ITOSF have decided to launch web application honeynets with a new twist. The twist is, they plan to name not only the attack details, as is usual, but also to divulge the IP addresses and other tracking information about the attackers themselves.
  • Oracle now giving early notice of security updates

    Posted January 12, 2007 - 9:14 am

    Oracle Corp. has taken a cue from Microsoft Corp. and started giving its customers an early warning of what they can expect from upcoming security patch releases. On Thursday, Oracle published its first-ever Critical Patch Update Pre-Release Announcement, detailing what it plans to fix in its next set of patches, due Tuesday.
  • Sophos buys Endforce for network access control

    Posted January 11, 2007 - 11:23 am

    Sophos PLC has bought Endforce Inc., a U.S. developer of enterprise network access control software, for an undisclosed sum.
  • New PayPal key to help thwart phishers

    Posted January 11, 2007 - 10:22 am

    Over the next few months, Ebay Inc. will be offering its PayPal users a new tool in the fight against phishers: a US$5 security key. The key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.
  • NSA helped Microsoft make Vista secure

    Posted January 10, 2007 - 9:16 am

    The U.S. agency best known for eavesdropping on telephone calls had a hand in the development of Microsoft's Vista operating system, Microsoft confirmed Tuesday.
  • U.K. Security Service to send terrorism alerts via e-mail

    Posted January 9, 2007 - 3:49 pm

    The U.K. Security Service, responsible for the country's counterterrorism efforts, plans to send out e-mail alerts to citizens warning them of changes to the "national threat level," a measure of the risk of terrorist attacks.
  • Microsoft fixes Office, Outlook, Windows flaws

    Posted January 9, 2007 - 3:43 pm

    Microsoft released three sets of critical patches Tuesday, fixing nine security bugs in its Office, Outlook and Windows software.
  • Sophos releases Web filtering appliance

    Posted January 9, 2007 - 12:34 pm

    Sophos PLC has released a Web filtering appliance for business users, one of several vendors adding the technology to their security product line-up.
  • Spam shows sudden slide

    Posted January 9, 2007 - 11:55 am

    Worldwide spam levels have mysteriously dropped off over the past week, according to managed e-mail provider SoftScan, possibly as a result of a major botnet going out of service.
Join us:






Join today!

See more content
Ask a Question