IT security

ID theft victim to TJX customers: Mind your data

Customers should guard their own data, says one ID theft victim. Meanwhile, some in the banking industry say TJX may have stored more data than necessary. Continue Reading

By

• Bill Brenner

Vendors: Cut the hype, truth is what sells

Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy standing. Continue Reading

By

• Steve Duplessie, founder and senior analyst for the Enterprise Strategy Group

TJX gets little sympathy from blogosphere

TJX is taken to task by security bloggers for waiting until after a massive data breach to take steps to bolster its security. Continue Reading

Companies take IM threats seriously

Wesabe is a brand new money management community. It takes threats to IM as seriously as those targeting email and web applications Continue Reading

By

• Mark Baard

Did TJX take the right steps after data breach?

Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner. Continue Reading

By

• Bill Brenner and Robert Westervelt, SearchSecurity.com Staff

Data breach at TJX could affect millions

Retailer TJX Companies said a hacker gained access to its systems exposing the credit card data of millions of customers. Continue Reading

By

• Robert Westervelt, TechTarget

TJX breach: There's no excuse to skip data encryption

Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading

Fortify Software to acquire Secure Software

The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said. Continue Reading

By

• Bill Brenner

Network security threats and answers, by industry

Michael Gregg offers network pros in various industries security advice and step-by-step solutions to help lock down the network. Continue Reading

By

• Michael Gregg, Superior Solutions, Inc.

PatchLink offers solid flaw management

PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment. Continue Reading

By

• Tom Bowers

Core Security offers powerful testing tool

We highly recommend Core Impact 6.0 to security engineers to verify the vulnerability of their networks. Continue Reading

By

• Mike Poor, Contributing Writer

Apere's IMAG 500 a tough sell

Product review: Apere says many of the issues we encountered are addressed in its next release, but mid-enterprise businesses may not have the tolerance for this product. Continue Reading

By

• Brad Causey

Storage management software finalists

Find out who was selected as finalists in the storage management software category for our storage products of the year Continue Reading

Oracle emulates Microsoft with advance patch notice

Oracle will patch 52 security flaws across its product line Tuesday, according to its inaugural CPU advance notification bulletin. Continue Reading

By

• Bill Brenner

Network security -- Taking the layered approach

Network security is tricky business. In his new book Hack the Stack, author and security expert Michael Gregg outlines how to secure the network using the OSI model. Continue Reading

By

• Andrew R. Hickey

Sophos acquires Endforce to add NAC

Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software. Continue Reading

By

• Robert Westervelt, TechTarget

More users increase risk for Volkswagen AG

With 1.5 million users on the network, Volkswagen AG depends more than ever on strong ID and access management to safeguard intellectual property, according to its CISO. Continue Reading

By

• Bill Brenner

Remote flaw in Vista could earn finder $8,000

VeriSign Inc.'s iDefense Labs is offering an $8,000 bounty to any researcher who finds a remotely exploitable flaw in Windows Vista. Continue Reading

By

• Dennis Fisher

Federal government pushes full-disk encryption

Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products. Continue Reading

Network configuration management key to VoIP success

While companies spend millions on upgrading infrastructure for VoIP, little attention is given to solving the largest source of downtime – configuration-related outages due to human error. Continue Reading

By

• Zeus Kerravala, senior vice president, Yankee Group

Inside MSRC: Microsoft updates WSUSSCAN issue

Christopher Budd of the Microsoft Security Response Center is urging customers to deploy the latest versions of the Systems Management Server Inventory Tool for Microsoft Updates or Microsoft Baseline Security Analyzer to receive all the current software updates. Continue Reading

Critical fixes for Excel, Outlook and Windows

Microsoft starts the year with security updates for Excel, Outlook and Windows. Three of the fixes are rated critical. Continue Reading

By

• Bill Brenner

Attackers hide malicious code using new method

Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading

By

• Robert Westervelt, TechTarget

How far apart can SAN locations be?

Storage locations can potentially be very far apart, separated by thousands of miles, even around the globe. The real consideration in selecting distance is that of latency... Continue Reading

Bug Briefs: OpenOffice vulnerable to attack

Other flaws were reported in Apple QuickTime, Mac OS X, Adobe Flash Player, VideoLAN VLC, the Opera Web browser, and Cisco Access Control Server. Continue Reading

By

• SearchSecurity.com Staff

Microsoft nixes four patch bulletins

Eight security updates were originally scheduled for Patch Tuesday , but Microsoft has decided to hold back on half of them. Continue Reading

By

• Bill Brenner

NAC implementation slows as networking budgets grow

Network Access Control (NAC) implementations will decrease, despite growth in networking budgets. Continue Reading

By

• Kate Dostart

Adobe Reader users urged to upgrade

Adobe Reader 8 fixes serious flaws attackers could exploit for cross-site scripting and other attacks. Continue Reading

By

• Bill Brenner

Why don't we have clustered FC block storage?

Is it odd that the industry has made such serious strides toward incorporating clustering concepts in both file-based storage and IP -based storage, but not Fibre Channel storage? Continue Reading

Adobe Reader flaws spook security experts

Security experts sound the alarm over Adobe Reader flaws that could be exploited for cross-site scripting attacks and other mayhem. Continue Reading

Cisco bolsters security with IronPort buy

Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco software vulnerable to attack

Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication. Continue Reading

By

• Robert Westervelt, TechTarget

Information security market 2006 year in review

In part two of our two-part special edition of Security Wire Weekly, site editor Eric Parizo reveals his picks for top information security interviews of 2006. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. Continue Reading

By

• SearchSecurity.com Staff

Security pros grumble over spam increase

Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading

By

• Edmund X. DeJesus, Contributor

Security pros glean insight from '06

Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading

Storage Outlook '07: Seeking better backups and archives

Tom Becchetti, senior infrastructure engineer for a major national financial services company, says compliance, backup and archiving will be top priorities in 2007. Continue Reading

By

• Beth Pariseau, Senior News Writer

Top Windows server hardening tips of 2006

Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more. Continue Reading

Looking back at information security in 2006

In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006. Continue Reading

By

• SearchSecurity.com Staff

Top 10 storage stories of 2006

SAN and NAS converged and shook up the industry, iSCSI went mission-critical, users conquered tiered storage and more. Continue Reading

By

• Beth Pariseau, Senior News Writer

Top client security tips of 2006

A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading

Top 10 storage acquisitions of 2006

Industry consolidation was fast and furious this year. We rank the deals by quality, not quantity. Continue Reading

By

• Jo Maitland, News Director and Beth Pariseau, News Writer

Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems. Continue Reading

By

• Robert Westervelt, TechTarget

Mozilla fixes multiple Firefox flaws

Digital miscreants could exploit flaws in Mozilla's popular Firefox browser to bypass security programs, access sensitive information and conduct cross-site scripting attacks. Continue Reading

By

• Bill Brenner

Check Point gets big IDS boost from NFR deal

Analysts say Check Point would gain much-needed intrusion detection and prevention capabilities through its acquisition of NFR Security. The deal should erase bad memories of the aborted Sourcefire deal. Continue Reading

By

• Bill Brenner Senior News Writer

Top network security tips of 2006

The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading

VoIP hacking exposed in new book

VoIP hacking is a reality, and in a new book, two VoIP security experts outline the tools and tricks to avoid a system-crushing hack. Continue Reading

By

• Andrew R. Hickey, Senior News Writer

Criminals find safety in cyberspace

A new report from McAfee shows how criminals are enjoying a sense of safety and anonymity in cyberspace that they never had on the street. And they're making more money. Continue Reading

By

• Bill Brenner

Review: Reconnex's iGuard needs improvements

Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs. Continue Reading

By

• Tom Bowers

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading

By

• Steven Weil, Point B

Employers to seek more security talent in '07

Learn what certifications are growing in demand and how employers are looking at the job market in 2007. Continue Reading

By

• Krissi Danielsson, Contributor

Schneier: Data breach at UCLA barely newsworthy

This week in Security Blog Log: Security luminary Bruce Schneier and others sound off on the UCLA data breach that exposed 800,000 people to identity fraud. Continue Reading

Review: Lancope StealthWatch 5.5 offers more than IDS

Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading

By

• Sandra Kay Miller, Contributing Writer

Review: Sky's the limit with Skybox View 3.0

Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets. Continue Reading

By

• Brent Huston, Contributing Writer

Hot technologies for 2007

"Storage" magazine's editors reviewed technology developments, product introductions and storage standards to come up with this short list of must-have technologies for 2007. Continue Reading

Hosted VoIP eliminates cost, complexity

Hosted VoIP is being adopted at increasing rates as more and more companies look to avoid the excess costs and complexities of on-premise solutions. Continue Reading

By

• Kate Dostart, Associate Editor

Microsoft Vista could improve Internet security

Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading

Third zero-day found in Microsoft Word

For the third time in a week, a zero-day flaw has been found in Microsoft Word. Users should be cautious when opening attachments from unknown sources. Continue Reading

By

• Bill Brenner

Host-based replication

While the lines of distinction among data protection technologies such as backup, continuous data protection and replication have blurred, host-based replication can play a key role in your overall data protection strategy. Continue Reading

Expert offers tips to bolster messaging security

In this edition of Security Wire Weekly, Burton Group analyst Diana Kelley explains how to lock down messaging programs as part of our three-day special report on the subject. Continue Reading

By

• SearchSecurity.com Staff

Symantec issues NetBackup security alert

Symantec issues an alert and patch to vulnerabilities in NetBackup 6.0, 5.1 and 5.0. Continue Reading

By

• Jo Maitland, TechTarget

Data breach at Boeing exposes 382,000 employees

The third theft of a Boeing laptop in the last 13 months has exposed the data of nearly 400,000 employees and retirees. Continue Reading

By

• Dennis Fisher

Intrusion detection systems -- introduction to IDS and IPCop

This article, excerpted from the book ""Configuring IPCop Firewalls: Closing Borders with Open Source,"" explores how intrusion detection systems (IDS) and intrusion prevention systems (IPS) including Snort and IPCop protect the network from malicious attacks. Continue Reading

By

• Barrie Dempster & James Eaton-Lee

Storage Decisions Session Downloads: Executive Track (LV 2006)

Our "Executive track" sessions give C-level technology executivesan idea of where their storage should be and ideas on where it's headed. Continue Reading

Storage Decisions Session Downloads: Smart Shopper Track (LV 2006)

Very few storage managers have carte blanche when it comes to storage spending. Sessions in our "Smart Shopper track" help managers get the most bang for their storage buck. Continue Reading

Storage IPOs, brilliant or brainless

Just when we thought the fast and loose spending of the dot-com bubble was well behind us, a few recent storage company IPOs remind us that we really haven't gotten a lot smarter. Continue Reading

By

• Steve Duplessie is the founder and senior analyst for the Enterprise Strategy Group

Inside MSRC: Visual Studio flaw, tool extensions explained

Christopher Budd of the Microsoft Security Response Center sheds detail about a flaw in Visual Studio 2005 and explains that support for Software Update Services 1.0 will be extended. Continue Reading

IT pros look for ways to lock down IM

Special Report: To control growing IM threats, administrators are trying to limit which programs can be used or ban the technology altogether. But that's not always possible. Continue Reading

By

• Bill Brenner

Infrastructure security: Remote access DMZ

An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne. Continue Reading

Microsoft fixes two zero-day flaws

The December security update from Microsoft includes patches for zero-day flaws in Visual Studio and Windows Media Player, but two zero-day flaws in Word remain unfixed. Continue Reading

By

• Bill Brenner

Podcast: Mobile device threats are real, white-hat hacker says

Learn how easy it is for a hacker to gain access to a mobile device, whether employees are aware of security for their devices and why Bluetooth headsets should be turned off. Continue Reading

By

• SearchSecurity.com Staff

Zantaz buys data classification partner Singlecast

Email archiving player Zantaz has purchased data classification startup Singlecast, which can categorise and apply policies to data before an email takes up storage space. Continue Reading

By

• Beth Pariseau, Senior News Writer

Messaging insecurity fuels data leakage fears

Special Report: The proliferation of messaging technology means more opportunity for malware to take root and sensitive data to be lifted. Continue Reading

By

• Bill Brenner

Microsoft suffers third zero-day in a week

A second zero-day flaw in Word has been uncovered, Microsoft said Sunday. It's the software giant's third zero-day in a week. Continue Reading

By

• Bill Brenner

Storage Decisions in the wild, wild west

Dedupe, iSCSI, backup, virtualisation and cowboys in Stetson hats -- Storage Decisions Las Vegas 2006 had it all. Continue Reading

By

• SearchStorage.com Staff

Windows Vista security settings

Microsoft's Windows Vista is here. Here, Current Analysis senior analyst Andrew Braunberg discusses what network admins need to know about tightening up Vista security. Continue Reading

By

• Andrew Braunberg

Dell, Microsoft tout joint NAS product

The new NX1950 product is vastly more expensive than its counterparts from HP and NetApp, but it scales higher, supports clusters and has redundant controllers. Continue Reading

By

• Beth Pariseau, Senior News Writer

Zero-day tracker a hit, but IT shops need better strategy

This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading

Microsoft to fix Visual Studio, Windows flaws

Microsoft plans to release five security updates to address vulnerabilities in Windows and a flaw in Visual Studio as part of its monthly security bulletin release cycle. Continue Reading

By

• Bill Brenner

Zero-day flaw found in Windows Media Player

Attackers could exploit a new zero-day flaw in Windows Media Player to cause a denial of service or launch malicious code. The threat is Microsoft's second zero-day flaw in a week. Continue Reading

By

• Bill Brenner

MP3 search site pushes spyware, watchdogs say

A Web site that gives users the ability to search for MP3s contains programs that behave like spyware, according to the Center for Democracy and Technology and StopBadware.org. Continue Reading

By

• Bill Brenner

IBM to acquire compliance software firm

IBM plans to acquire Consul Risk Management Inc., a Delft, Netherlands-based firm whose software tracks non-compliant behavior of employees. Continue Reading

By

• Robert Westervelt, TechTarget

Spam -- stop it at the network edge

Spam has become much more than just a nuisance; it can slow or crash the network. F5 recently added a module to its Big IP platform to stop spam at the network edge. Continue Reading

By

• Susan Fogarty & Andrew R. Hickey

Security Bytes: Phishing worm spreads through MySpace

Round up of security news Continue Reading

By

• SearchSecurity.com Staff

Terrorists may target financial sites

The U.S. government is warning of an al-Qaida call for a cyberattack against online stock trading and banking Web sites Continue Reading

By

• SearchSecurity.com Staff

Symantec blames piracy for Veritas licensing snafu

Weekly compilation of storage news: Symantec says that software counterfeiting is throwing a wrench in tech support ; FRCP rules take effect. Continue Reading

By

• SearchStorage.com Editors

Oracle responds to security critics

Security Blog Log: Oracle takes on researchers who have criticised its security procedures in recent weeks. Meanwhile, Symantec warns of new zombie malware. Continue Reading

Multiple flaws in Adobe Reader, Acrobat

Multiple flaws in Adobe Reader and Acrobat could allow attackers to execute malicious commands on victims' computers. Continue Reading

By

• Bill Brenner

Podcast: Security certifications pay could rebound in '07

Security certifications pay is languishing, according to skill and certifications pay expert David Foote of Foote Research. Foote examines the state of the IT security job market. Continue Reading

By

• SearchSecurity.com Staff

Adware targets Mac OS X

As F-Secure notes what may be the first example of adware designed for Macs, researcher LMH reports more flaws in the operating system as part of the Month of Kernel Bugs. Continue Reading

By

• Bill Brenner

Symantec fixes NetBackup Puredisk flaw

An unauthorised user could launch malicious code by exploiting a flaw in Symantec's Veritas NetBackup PureDisk product. But a fix is available. Continue Reading

By

• Bill Brenner

Study: Some firms balk at mobile security

Companies are failing to safeguard sensitive data on employee mobile devices, according to a survey by the Business Performance Management Forum. Continue Reading

By

• Robert Westervelt, TechTarget

Active Directory security school: Set up and configuration

An Active Directory security lesson. Continue Reading

Active Directory security school: Maintenance and testing

This is lesson three of our Active Directory security school. Continue Reading

Active Directory security school: Management

Lesson two of the Active Directory security school. Continue Reading

Active Directory Security School

An improperly configured Active Directory can render the rest of your security measures useless. So how can you protect yourself from a hacker with their eyes on your AD? How can you recover from such an attack? Find the answers to all of your AD questions Continue Reading

Recordless email: magical or menacing?

A new startup promises recordless email. Is this a stroke of genius that will reward the company with billions of Internet bucks, or is it the end of the world as we know it? Continue Reading

Commentary: We've never met a "thought follower"

A couple of days back, a vendor tried to convince us that their new security consultancy services should be of interest to you, our readers. Continue Reading

By

• Simon Sharwood

Zango defying FTC agreement, researchers say

This week in Security Blog Log: Two researchers accuse Zango of unsavory adware tactics, despite the company's pledge to clean up its act. Continue Reading

New Mac OS X flaw exposed

A Mac OS X flaw was exposed as part of the Month of Kernel Bugs. Also, a new Web site vows to follow the lead of researchers LMH and H.D. Moore with a week of Oracle zero-days. Continue Reading

By

• Bill Brenner

BakBone brushes up replication software

BakBone's NetVault Replicator version 5.0 includes automatic configuration of replication for remote sites, a capacity planning tool and a higher performance data movement engine. Continue Reading

By

• Beth Pariseau, Senior News Writer