News

IT strategy

September 05, 2005 05 Sep'05
Extending perimeters

The news that, up until 2006, 70% of successful wireless local area network (WLAN) attacks will be because of the misconfiguration of WLAN access points and client software is disquieting on a number of levels.
August 30, 2005 30 Aug'05
Myfip's Titan Rain connection

LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks.
August 30, 2005 30 Aug'05
Antivirus can introduce dangerous network security holes into any OS

AV software is one of the most basic security steps available. It's also yet another gateway for security breaches.
August 30, 2005 30 Aug'05
Passive fingerprinting: Applications and prevention

In this excerpt from the book Silence on the Wire, author Michal Zalewski discusses both malicious and beneficial uses for passive fingerprinting, and how to prevent successful passive fingerprinting on your network.

August 26, 2005 26 Aug'05
High profile breach brings security to top of agenda

There’s nothing like an apparent breach at a global company to concentrate the mind when it comes to information and data security.
August 23, 2005 23 Aug'05
HP sales boost as restructuring costs

HP reported a 10% increase in sales for the third quarter, and said it would spend $900m (£530m) on redundancy costs in the final quarter.
August 16, 2005 16 Aug'05
Reduce risks of disaster recovery testing

Untested business continuity plans can leave your firm in the lurch, but taking down live environments is risky and complicated.
August 02, 2005 02 Aug'05
Raising risk prospects with a new SQL injection threat

"Inference attacks" could deliver up your so-called secure database to an attacker.
July 31, 2005 31 Jul'05
Attack: USB could be the death of me

Seemingly innocent Universal Serial Bus driver bugs may allow device attacks that many won't see coming, according to Black Hat presenters.
July 28, 2005 28 Jul'05
Sarbox compliance costing companies

Companies’ required investments to attain compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF).

July 27, 2005 27 Jul'05
Combining technology and social engineering: Hacking behind bars

In this excerpt from Chapter 11 of "The Art of Deception: Controlling the Human Element of Security," authors Kevin Mitnick and William L. Simon begin a story that shows how social engineering can be used with technology.
July 27, 2005 27 Jul'05
Cisco, Black Hat litigation comes to a close

The vendor and partner ISS settle their dispute over a presentation that resulted in criminal charges and cease and desist orders.
July 26, 2005 26 Jul'05
VeriSign raises stakes in battle for threat intelligence

Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence.
July 26, 2005 26 Jul'05
Experts weigh in on spyware's defining moment

We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement.
July 26, 2005 26 Jul'05
VoIP encryption to have 'Pretty Good Privacy
July 25, 2005 25 Jul'05
HP attempts to reassures anxious customers on impact of job losses
July 21, 2005 21 Jul'05
HP slashes jobs and shuts enterprise divison

HP has announced 14,500 redundancies and will close down its separate enterprise sales division as part of its attempt to streamline operations and cut costs.
July 21, 2005 21 Jul'05
Users look for value boost from Microsoft licence rejig

Software Assurance needs to offer better support, say IT directors
July 21, 2005 21 Jul'05
Sarbox draining corporate security budgets

Corporate investment to comply with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF).
July 21, 2005 21 Jul'05
Can alcohol mix with your key personnel?

I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud?
July 12, 2005 12 Jul'05
Tony Asaro: Blogs and more

Read what Tony Asaro is talking about in this month's blog, and listen to him speak in a number of webcasts.
July 12, 2005 12 Jul'05
Sarbox challenge drains security budgets

International corporate spending on compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum.
July 06, 2005 06 Jul'05
This is not your father's hacker

While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism.
July 06, 2005 06 Jul'05
PING with Karen Worstell

The Microsoft CISO discusses how she keeps Redmond and its products secure.
July 04, 2005 04 Jul'05
Sasser author issues courtroom confession

Sven Jaschan's mea culpa was expected after he earlier admitted to creating the last major malware outbreak more than a year ago.
June 21, 2005 21 Jun'05
Continuing education options for CISSPs: Top 10 ways to earn CPEs

Who says you can't have fun while earning CPE credits? Check out the top 10 ways to meet CISSP® and SSCP continuing professional education requirements.
June 13, 2005 13 Jun'05
Gartner underscores five overblown threats

Two Gartner analysts debunk five overhyped security risks they claim are causing companies to miss out on some key emerging technologies.
June 06, 2005 06 Jun'05
Spyware removal checklist

A step-by-step guide on how to remove spyware using antispyware tools including Spybot -- Search and Destroy, and HijackThis.
June 06, 2005 06 Jun'05
Know your enemy: Why your Web site is at risk

In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them.
June 06, 2005 06 Jun'05
Developer's active content delivery checklist

Rules for developing secure dynamic content for an IIS Web server.
June 05, 2005 05 Jun'05
Quiz: Secure Web directories and development, answer No. 4

Quiz: Secure Web directories and development, answer No. 4
June 05, 2005 05 Jun'05
Quiz: Secure Web directories and development, answer No. 5

Quiz: Secure Web directories and development, answer No. 5
June 05, 2005 05 Jun'05
Analysts say 'cloudy' forecast is OK
June 05, 2005 05 Jun'05
Compliance shouldn't be a primary security driver
June 05, 2005 05 Jun'05
Quiz: Secure Web directories and development

Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management.
June 04, 2005 04 Jun'05
Top tools for testing your online security, part 2

Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources.
June 04, 2005 04 Jun'05
Life at the edge part 4: When things go wrong

A checklist and other hints to protect your Web servers from a worst-case scenario.
June 03, 2005 03 Jun'05
Quiz: Identify and analyze Web server attacks, answer No. 3

Quiz: Identify and analyze Web server attacks, answer No. 3
June 01, 2005 01 Jun'05
Zombie machines used in 'brutal' SSH attacks

IT managers use SSH to gain secure access to remote computers. Hackers are using it to crack your network, with help from their zombie friends.
May 29, 2005 29 May'05
Patching resource kit

From vulnerability scanning to patching flubs, here's a collection of other helpful resources to ensure your patching efforts are effective.
May 23, 2005 23 May'05
Pre-CISSP: Options for the security newbie

Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.
May 17, 2005 17 May'05
Should the government define spyware?

Who's best qualified to define what is and isn't spyware -- your congressman or your online user community? Security experts say no entity can do it alone.
May 17, 2005 17 May'05
Some vendors get labeled as spyware pushers

To win the battle with spyware, you must be able to spot it. That's not as easy as you think.
May 11, 2005 11 May'05
A new era of computer worms: Wireless mobile worms

In this excerpt of Chapter 9 from "The Art of Computer Virus Research and Defense," author Peter Szor dissects the Cabir worm.
April 25, 2005 25 Apr'05
Tight contract management vital, users told at SSRG debut

The Strategic Supplier Relationships Group, which brings together 10 of the UK's most influential IT user groups, was formally...
April 19, 2005 19 Apr'05
LogicaCMG on Met payroll

The Metropolitan Police Authority has selected LogicaCMG to provide a £31m fully-managed payroll and pension administration...
April 14, 2005 14 Apr'05
Who should be on (and off) the hook for ID theft?

An influential cryptographer and a panel of technologists today debate how best to fight false authentication and fraudulent transactions.
April 14, 2005 14 Apr'05
Spike ** LogicaCMG to manage Met payroll

The Metropolitan Police Authority (MPA) has selected LogicaCMG to provide a £31m fully-managed payroll and pension administration...
April 12, 2005 12 Apr'05
Met Police gets LogicaCMG on payroll

The Metropolitan Police Authority (MPA) has selected LogicaCMG to provide a £31m fully-managed payroll and pension administration...
April 03, 2005 03 Apr'05
Are identities safer on laptops than central databases?

Microsoft pledges better ID security. Given the theft of a laptop storing 100,000 Social Security numbers, Redmond's approach could prove controversial.