Find network and information security news, reviews and analysis, covering data protection, privacy, endpoint security, and security management.
  • New Security Features in Internet Explorer 7

    Posted March 24, 2006 - 11:31 am

    In Internet Explorer 7, Microsoft seems to have addressed many of the security issues that have plagued Internet Explorer for the last decade. Of course only time will tell if Internet Explorer 7 is really secure or not, but in this article I want to introduce you to some of the new Internet Explorer security features.
  • Organizations report that security settings management suffers from manual labor

    Posted March 24, 2006 - 10:19 am

    Most companies -- 52 percent -- update their security settings manually, and 48 percent lack an established policy for updates, according to a survey of 233 security pros by St. Bernard Software.
  • One in five firms has no disaster recovery plan

    Posted March 24, 2006 - 10:18 am

    Although 45 percent of the companies surveyed for SteelEye Technology's Business Continuity Index said they have needed disaster recovery plans in the past, 19 percent do not have a plan for ensuring business continuity in the event of a disaster.
  • Sun's Grid DDOS-attacked

    Posted March 24, 2006 - 10:18 am

    Sun's new public Grid Compute Utility, which allows customers to buy computing power for $1 per hour per CPU, was hit by a distributed denial of service (DDoS) attack during its first day on the public grid.
  • DNS servers do hackers' dirty work

    Posted March 24, 2006 - 10:17 am

    A new type of distributed denial of service (DDoS) attack being waged through DNS servers rather than bot networks has lowered the bar for hackers, making it easier to "launch potentially crippling attacks," a security researcher says. This article takes an in-depth look at this new front in the IT security wars.
  • Engineering firm "white lists" vulnerable apps

    Posted March 24, 2006 - 10:16 am

    Patton Harris Rust & Associates, an engineering firm, has turned to SecureWave's Sanctuary application whitelisting software to bolster its defenses against zero-day attacks. This case study looks at the plusses and minuses of the company's approach.
  • 2 vendor megatrends and what they mean to you

    Posted March 24, 2006 - 10:16 am

    Vendor consolidation and the intersection of IT security and physical security are changing the way CSOs and other IT security professionals should evaluate and buy security solutions.
  • IE worries continue with critical bug

    Posted March 22, 2006 - 6:18 pm

    Security researchers have given Microsoft Corp. more work to do as it prepares an upcoming Internet Explorer (IE) security fix. On Wednesday, they disclosed a critical vulnerability in Microsoft's browser -- the third flaw to be disclosed in the past week.
  • Report identifies Kazaa, SpyAxe as 'badware'

    Posted March 22, 2006 - 11:50 am

    The popular Kazaa P-to-P (peer-to-peer) file-trading software and a supposed spyware-blocking application are among the first four programs identified as "badware" by the fledgling group in a report released Wednesday.
  • Trojan horse? Researchers warn of Trojan hearse

    Posted March 21, 2006 - 6:34 pm

    Security researchers at Sana Security Inc. are warning of a new type of malicious software designed to steal usernames and passwords from Web surfers. The malware, dubbed "rootkit.hearse," uses rootkit cloaking techniques, making it extremely difficult to detect.
  • Symantec's Internet Security Threat Report

    Posted March 20, 2006 - 5:03 pm

    Every six months, Symantec releases a report on how bad things are getting on the Internet. Of course, they're in the business of protecting us from bad Internet things, but each of us has plenty of evidence of Internet doom and gloom in our own systems. But Symantec's platform of worldwide security protection devices gives them a better view than almost any other company. The bad news? Worms, spyware, and viruses moved from the "look at me, I'm a hacker" mode to the criminal enterprise mode in far too many areas. This reminds me of the shift from stolen cars in suburbia being the work of drive and ditch teenagers to chop shop thieves supplying parts for dishonest repair shops.
  • French bill may drive away open-source developers

    Posted March 20, 2006 - 2:08 am

    French Deputy Fr
  • Spyware-killing Vista could take out rivals

    Posted March 17, 2006 - 12:03 pm

    Vista, Microsoft's long-awaited follow-up to Windows XP, will contain new core features that could help eliminate spyware without having to use third-party tools, analysts say.
  • 60% of WiFi networks lack protection

    Posted March 17, 2006 - 11:22 am

    The majority of WiFi networks -- 60 percent -- are implemented without security, leaving them open to intrusion, according to a recent report by security vendor Panda Software.
  • Experts: RFID threat overblown

    Posted March 17, 2006 - 11:21 am

    Two leading security experts have said that the widely reported discovery that RFID chips could spread computer viruses is, while true, largely overstated and no known vulnerabilities currently exist in RFID middleware.
  • New denial-of-service threat emerges

    Posted March 17, 2006 - 11:20 am

    A new type of denial-of-service attack that leverages DNS servers, rather than bot networks, to make the direct attacks on the victims hit more than 1,500 IP addresses in less than two months after emerging in December, according to VeriSign.
  • 3 ways to do more with less

    Posted March 17, 2006 - 11:20 am

    Mid-sized companies have the same IT security challenges and stiff requirements as their larger counterparts but far less money in the coffers. This article provides three in-depth tips on how to manage big threats with little budgets.
  • It Doesn't Take an Attacker to Cause Damage

    Posted March 16, 2006 - 5:33 pm

    I recently worked on a quick data recovery project for a small business client. The mistakes and lessons learned from their problem served to reinforce that while many enterprises have made great strides in infosec basics, there are many folks out there still learning painful lessons. This is an example of a few of those lessons.
  • Vendors flunk wireless security test

    Posted March 16, 2006 - 2:45 pm

    More than half of the wireless networks deployed at the Cebit technology show in Hanover, Germany, last week had no encryption enabled, making the systems behind them prime targets, according to Kaspersky Lab Ltd., a security vendor.
  • Microsoft goes public with Blue Hat hacker conference

    Posted March 16, 2006 - 1:27 pm

    Microsoft Corp. is going public with some of the hacking information discussed at its Blue Hat Security Briefings event. On Thursday, just days after the end of its third Blue Hat conference, the software vendor posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event.
  • Trojan extortion blocked by e-gold

    Posted March 16, 2006 - 11:29 am

    The creators of the Cryzip extortion Trojan did not benefit from the fraud, Internet payment company e-gold has claimed.
  • New Trojan encrypts data, demands ransom

    Posted March 16, 2006 - 9:48 am

    A virus that encrypts documents and demands a ransom to get them back is circulating on the Internet, but at least one security company has released the password needed to recover the files.
  • Adobe fixes critical Flash vulnerabilities

    Posted March 15, 2006 - 4:09 pm

    Adobe Systems Inc. has patched a number of critical vulnerabilities in its Flash media player that could be used by attackers to take over an affected system. The bugs are severe enough that Microsoft Corp., which distributes the Flash software with its Windows operating system, has also warned its customers of the issue.
  • Wireless Vendors Stepping Up Security

    Posted March 15, 2006 - 3:31 pm

    I don't know if you have recently set up any new wireless gear, but things have certainly changed in terms of security through several of the vendors. I remember back in the early days of wireless, that setting up an out of the box wireless access point put it in a completely open, easy to compromise and wonderfully dangerous state. Well, rest assured that some wireless vendors have changed their ways and making earnest attempts to put the bad reputation that wireless networks have among many security practitioners to rest.
  • Unix Tip: Passwords: Baffle the Bad Guys, Not Your Users

    Posted March 15, 2006 - 11:46 am

    Not long ago, I received an announcement about a new book on constructing good passwords. My first reaction was an incredulous "An entire book on PASSWORDS?". I have written columns on passwords, good and bad, and on password aging, but the idea of someone writing more than a hundred pages or more on the subject of passwords baffled me. So I got myself a copy. The book, "Perfect Passwords: Selection, Protection, Authentication" has the phrase "Create Password Policies That Baffle the Bad Guys, Not Your Users" on the cover. I liked that phrase enough to use most of it in the title of today's column. The image of systems administrators making life hard for their users by applying strict rules for password construction is not new to me. In spite of the fact that I AM a systems administrator and I firmly believe in strong passwords, I am also a victim of the same kind of password "Nazi" that I have become. The college where I teach part-time, for example, seems to always require me to change my password in the middle of a semester and, as often as not, I select a password before the evening's class is over and then find that I simply cannot remember whatever it was I had imagined I would easily remember.
Join us:






Join today!

See more content
Ask a Question