IT security

Industry chiefs to declare war on for-profit cyber criminals

IT industry leaders reaffirm the importance of security to a digital economy beset by money-driven cyber criminals. Continue Reading

By

• Brian McKenna, Senior Analyst, Business Applications

Not just a big switch

Fibre Channel directors don't just provide lots of ports, they also offer ways to connect disparate SANs, isolate data and devices within a fabric, and configure throughput for specific applications. We look at how the big three directors match up. Continue Reading

By

• Jerome Wendt

Be careful you don't get more than you pay for with VoIP

Implementing VoIP is attractive for all companies in particular SMBs. However, there are issues to address that may cost you more than what you save Continue Reading

By

• Joe O’Halloran, Computer Weekly

Tech roundup: WAFS products

A guide to wide-area file services (WAFS), which allow distant users to access files and applications from the datacentre as if they were local. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

Voicing concerns on Skype

Skype has blazed a trail in the Voice over IP arena; its popularity hasn’t gone unnoticed by the hacker community however Continue Reading

By

• Joe O’Halloran, Computer Weekly

Gaining access using application and operating system attacks

In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advantage. Continue Reading

Sony struggles to regain trust

The company is trying to mend a reputation bruised over its antipiracy practices. One advocate for online civil liberties explains why redemption is a long way off. Continue Reading

By

• Bill Brenner

Guidance turns investigative tools on itself

The forensics software firm says it was compromised by hackers in November. It's just one in a growing list of companies admitting to recent attacks or lax security. Continue Reading

By

• Anne Saita, TechTarget

Flaws reported in Trend Micro ServerProtect

Storage and security managers should be wary of vulnerabilities in the AV product that could enable a denial-of-service and malicious code execution. Workarounds are available. Continue Reading

By

• Bill Brenner

Hospital ditches EMC Centera for long-term archiving

UHCS in Augusta, Ga., is replacing its Centera archiving system from EMC with IBM's GMAS product after performance, reliability and cost issues forced it to seek alternatives. Continue Reading

By

• Jo Maitland, TechTarget

Roundup: 2005's 'curious malicious code'

These viruses, worms and Trojans sometimes escaped our notice. But it didn't get past one antivirus vendor, who rounded up some of the year's stranger offerings from the underground. Continue Reading

By

• Anne Saita, TechTarget

Two Windows patches coming, IE fix uncertain

It remains to be seen whether the software giant on Dec. 13 will address an outstanding Internet Explorer issue that is currently the target of a malicious Trojan. Continue Reading

By

• Eric Parizo, Senior Analyst

Titan Rain shows need for better training

SANS says the Chinese-based attacks demonstrate the growing sophistication of hackers, and the need for IT admins who can articulate the dangers to execs. Continue Reading

By

• Bill Brenner

Experts: Encryption not a security cure-all

Encrypting data offers some protection, but secure applications require much more than cryptography. Experts weigh in on your security options. Continue Reading

By

• Edward Hurley, News Writer

IP cloaking becoming a business necessity

Just by browsing your competitor's Web site, you might be giving away your company's most guarded secrets. Experts offer advice for countering the subterfuge and keeping secrets safe. Continue Reading

By

• Anne Saita, TechTarget

Security pros gain ground in the board room

Executives are paying more attention to their IT security managers and taking more responsibility for online threats against their companies, according to a new study. Continue Reading

By

• Bill Brenner

Cybersecurity policy takes cooperation, trust, experts say

At the Infosecurity confab, experts explain why sharing information -- even when it's embarrassing -- is vital to securing not only corporations, but also the national infrastructure. Continue Reading

By

• Bill Brenner

Out-of-cycle IE patch may be imminent

Microsoft may release a critical Internet Explorer fix before the next Patch Tuesday, amid reports that malicious code is targeting a memory corruption flaw. Continue Reading

By

• Bill Brenner

Step 6: Configuring wireless clients

With wireless networks proliferating it is a good idea to understand what it takes to build a VPN for a wireless gateway. Contributor and Microsoft MVP Brien Posey details the necessary steps in this step-by-step guide. Continue Reading

Wireless security: Public Wi-Fi could open security holes

A Michigan county is working to give everyone within its borders wireless Internet access. But when it comes to security, users are on their own. Continue Reading

By

• Bill Brenner

Wireless security crucial to railway safety

A transportation firm uses wireless technology to keep the trains running on time. But securing mobile devices isn't easy when they're spread across the globe. Continue Reading

By

• Bill Brenner

Wireless security: Companies deal with software updates

A health care provider found it could use wireless technology to dramatically boost patient care. But first it had to figure out how to deploy security updates over a wireless network. Continue Reading

By

• Bill Brenner

Hackers installing keyloggers at a record rate

iDefense researchers have found that keylogger infections are up 65% over the year before, putting the private data of tens of millions of users at risk. Continue Reading

By

• Bill Brenner

Sony rootkit uninstaller causes bigger threat

Princeton researchers say a security hole that appears when users try to remove Sony's copy protection software presents an even greater risk than the original rootkit. Continue Reading

By

• Bill Brenner

Security Bytes: FTC cracks down on alleged spyware distributors

Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in question; patches fix Veritas flaws and TransUnion suffers a security breach. Continue Reading

By

• SearchSecurity.com Staff

Trojans target Sony DRM and Windows

Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week. Continue Reading

By

• Bill Brenner

Sony takes second stab at DRM patch

But a top executive's response to criticism over the company's use of rootkit technology has added fuel to the backlash. Continue Reading

By

• Bill Brenner

Hacking Windows: MSRPC vulnerabilities

In this excerpt from "Hacking Exposed, Fifth Edition: Network Security Secrets & Solutions," authors Stuart McClure, Joel Scambray and George Kurtz introduce MSRPC vulnerabilities and countermeasures. Continue Reading

Reporter's Notebook: NYC 'controls the software industry'

At Information Security Decisions: a security "rock star" rages against the Microsoft machine; banging the drum for enterprise security; a sour note on zero-day exploits. Continue Reading

By

• Michael S. Mimoso, Senior Editor and Anne Saita, News Director

Author delves into novel attack methodologies

Review of Silence on the Wire, a book about security attack methodologies such as passive fingerprinting. Continue Reading

Elements of a data protection strategy

In this excerpt from Data Protection and Lifecycle Management, Tom Petrocelli addresses the importance of securing data for regulatory compliance and outlines the five components of a data protection strategy. Continue Reading

How avian flu could threaten IT security

Experts say a potential bird flu pandemic could have a disastrous effect on IT infrastructures. But if companies plan well, those infrastructures could also help minimize chaos. Continue Reading

By

• Bill Brenner

Quiz: What's your infosec IQ?

We've collected our toughest questions to see how well you stand up to a challenge. Put your knowledge to the test and let us know how you do. Continue Reading

Symantec fixes 'critical' Veritas flaw

Attackers could launch malicious code by exploiting a security hole in Veritas NetBackup servers and clients. But Symantec has released a fix. Continue Reading

By

• Bill Brenner

Secure your extended enterprise

How do you achieve the fine balance between ensuring that there is truly free access to sensitive information, without sacrificing security? Continue Reading

Secure the interests of your extended enterprise

How do you achieve the fine balance between ensuring that there is truly free access to sensitive information and applications from both inside and outside the firewall, without sacrificing security? Continue Reading

Who best to avert data security disaster: government or business?

People look to government to prevent catastrophe. But in the Information Age, some of those people, namely those working in IT shops, need to do their part to protect us. Continue Reading

By

• Bill Brenner

Telework key to surviving security disaster, expert says

Cybersecurity Industry Alliance Executive Director Paul Kurtz explains why telework may be crucial to surviving The Big One. Continue Reading

By

• Bill Brenner

Leave no trace: Understanding attackers' motives

This excerpt from Chapter 1 of "Rootkits: Subverting the Windows Kernel," explains the purpose of back doors and how hackers use them, as well as how stealth plays a major role in most successful attacks. Continue Reading

IT infrastructure risks key to averting major cyberattack

Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down. Continue Reading

By

• Bill Brenner

Catastrophic cyberattack unlikely, experts say

Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down. Continue Reading

By

• Bill Brenner

SAS drives product roundup

Serial-attached SCSI (or SAS) drives offer significant storage capacity at a much lower cost, while maintaining reasonable performance. Find out who the vendors are in this market. Continue Reading

By

• Stephen J. Bigelow, Senior Technology Editor

Security tools help reduce insider threat.

 Continue Reading

By

• Bill Brenner

Insider threat seen as biggest data security issue

Whether they oversee physical or online defenses, security officers say the disaster scenario that scares them most begins with an insider with malicious intentions. Continue Reading

By

• Bill Brenner

Ensure that legal responsibilities are clear -- Especially when trouble strikes

Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Continue Reading

CCSP courses, exam changing next month

Those seeking Cisco's security credential and specialization in VPN, firewall and IDS will soon follow different curricula that better reflect the vendor's current product lines. Continue Reading

By

• Anne Saita, TechTarget

VoIP turns up the heat on firewalls

New research shows that many organizations are increasingly concerned about VoIP security and plan to augment their firewalls within the next year, changing the landscape of the firewall market. Continue Reading

By

• Eric Parizo, Senior Analyst

Firewalls can help or hurt, so plan carefully

 Continue Reading

By

• Laura E. Hunter, Contributor

IE 7.0 may usher in wave of RSS exploits

Experts warn that Web-feed enhancements in Microsoft's new Web browser may be just the thing crackers need to compromise networks and private data. Continue Reading

By

• Mark Baard

Extending perimeters

The news that, up until 2006, 70% of successful wireless local area network (WLAN) attacks will be because of the misconfiguration of WLAN access points and client software is disquieting on a number of levels. Continue Reading

Symantec glitch could expose user names, passwords

Symantec announced a fix for a flaw in AntiVirus Corporate Edition Friday afternoon. The security hole could be exploited to view user names and passwords. Continue Reading

By

• Bill Brenner

Myfip's Titan Rain connection

LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks. Continue Reading

By

• Bill Brenner

Antivirus can introduce dangerous network security holes into any OS

AV software is one of the most basic security steps available. It's also yet another gateway for security breaches. Continue Reading

By

• Shawna McAlearney, News Editor

Passive fingerprinting: Applications and prevention

In this excerpt from the book Silence on the Wire, author Michal Zalewski discusses both malicious and beneficial uses for passive fingerprinting, and how to prevent successful passive fingerprinting on your network. Continue Reading

High profile breach brings security to top of agenda

There’s nothing like an apparent breach at a global company to concentrate the mind when it comes to information and data security. Continue Reading

By

• Joe O’Halloran, Computer Weekly

Reduce risks of disaster recovery testing

Untested business continuity plans can leave your firm in the lurch, but taking down live environments is risky and complicated. Continue Reading

By

• Matt Stansberry, TechTarget

Strategic Storage: Storage security -- Change old habits and stop data theft

 Continue Reading

By

• Maxine Kincora, contributing writer

Trusted Computing Group releases server specs

The Trusted Computing Group released a new set of trusted server specifications it hopes will help vendors protect their platforms against security breaches. Continue Reading

By

• Luke Meredith, News Writer

Raising risk prospects with a new SQL injection threat

"Inference attacks" could deliver up your so-called secure database to an attacker. Continue Reading

By

• Shawna McAlearney, News Editor

Attack: USB could be the death of me

Seemingly innocent Universal Serial Bus driver bugs may allow device attacks that many won't see coming, according to Black Hat presenters. Continue Reading

By

• Victor R. Garza, Contributor

Lost at sea: securing the channel

As attacks seem to proliferate almost unabated, it’s worrying to think that of the three interested parties in the security technology market — the technology makers, the technology sellers and the technology users—not everyone shares a common view on the importance of the technology. Continue Reading

Sarbox compliance costing companies

Companies’ required investments to attain compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF). Continue Reading

Cisco, Black Hat litigation comes to a close

The vendor and partner ISS settle their dispute over a presentation that resulted in criminal charges and cease and desist orders. Continue Reading

By

• Shawna McAlearney, News Writer

VeriSign raises stakes in battle for threat intelligence

Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence. Continue Reading

By

• Bill Brenner

Experts weigh in on spyware's defining moment

We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement. Continue Reading

By

• Bill Brenner

VoIP encryption to have 'Pretty Good Privacy

 Continue Reading

By

• Shawna McAlearney, News Editor

Authentication takes a bite out of spam

Network and messaging experts offer helpful ammunition for network managers waving the white flag in the battle against spam. Continue Reading

By

• Amy Storer, News Writer

Business continuity keeps companies running

As we speak, it appears that disruption to IT services by the London bombings was minimised due to effective and realistic business continuity strategies. Sally Flood sees how you construct them. Continue Reading

By

• Sally Flood

Users look for value boost from Microsoft licence rejig

Software Assurance needs to offer better support, say IT directors Continue Reading

By

• Cliff Saran, Managing Editor

Sarbox draining corporate security budgets

Corporate investment to comply with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF). Continue Reading

Can alcohol mix with your key personnel?

I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud? Continue Reading

Pop quiz: E-mail security

Find out how much you know about securing your organization's e-mail. Continue Reading

Sarbox challenge drains security budgets

International corporate spending on compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum. Continue Reading

By

• Antony Savvas

Business continuity: Keep on running

Too many plans for business continuity do not reflect the true risks. Sally Flood looks at risk assessment and the creation a realistic strategy. Continue Reading

By

• Sally Flood

Phishing for the missing piece of the CardSystems puzzle

A banking insider examines the ties between customized phishing attacks this spring and the CardSystems breach announced soon after. Don't miss his revelations on how they're linked and what the phishers really needed. Continue Reading

This is not your father's hacker

While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism. Continue Reading

By

• Anne Saita, TechTarget

PING with Karen Worstell

The Microsoft CISO discusses how she keeps Redmond and its products secure. Continue Reading

By

• By Amber Plante

Sasser author issues courtroom confession

Sven Jaschan's mea culpa was expected after he earlier admitted to creating the last major malware outbreak more than a year ago. Continue Reading

By

• Anne Saita, TechTarget

Continuing education options for CISSPs: Top 10 ways to earn CPEs

Who says you can't have fun while earning CPE credits? Check out the top 10 ways to meet CISSP® and SSCP continuing professional education requirements. Continue Reading

How to survive a data breach

When Colin Crook offers advice on how companies should deal a security breach, he speaks from experience. He was CTO of Citicorp [now Citigroup, parent company of Citibank] 10 years ago when a hacker penetrated the company's network.

Crook is now senior advisor to the Wharton Fellows at the University of Pennsylvania, a member of the New York Academy of Sciences; fellow of the Royal Academy of Engineering and co-author of "The Power of Impossible Thinking." He shared his experiences with customers of Framingham, Mass.-based ID management firm Courion Corp. during the company's Converge05 conference last week. Business executives, he argues, must do better at listening to others and understand security is about humans, not machinery.

In the first of a two-part question-and-answer feature, Crook explains how companies can survive the fallout from a data heist.

 Continue Reading

By

• Bill Brenner

five star reception

 Continue Reading

By

• helen beckett

Gartner underscores five overblown threats

Two Gartner analysts debunk five overhyped security risks they claim are causing companies to miss out on some key emerging technologies. Continue Reading

By

• Amy Storer, News Writer

Latest Mytob worms phish for trouble

Mytob's data-drumming tactics and the appearance of new Trojan horse programs add to concern that the underground is perfecting ingredients for a major attack. Continue Reading

By

• Bill Brenner

Spyware removal checklist

A step-by-step guide on how to remove spyware using antispyware tools including Spybot -- Search and Destroy, and HijackThis. Continue Reading

Know your enemy: Why your Web site is at risk

In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Continue Reading

Developer's active content delivery checklist

Rules for developing secure dynamic content for an IIS Web server. Continue Reading

Quiz: Secure Web directories and development, answer No. 3

Quiz: Secure Web directories and development, answer No. 3 Continue Reading

Quiz: Secure Web directories and development, answer No. 4

Quiz: Secure Web directories and development, answer No. 4 Continue Reading

Quiz: Secure Web directories and development, answer No. 5

Quiz: Secure Web directories and development, answer No. 5 Continue Reading

Quiz: Secure Web directories and development, answer No. 1

Quiz: Secure Web directories and development, answer No. 1 Continue Reading

Quiz: Secure Web directories and development, answer No. 2

Quiz: Secure Web directories and development, answer No. 2 Continue Reading

Analysts say 'cloudy' forecast is OK

 Continue Reading

By

• Michael Mimoso, TechTarget

Compliance shouldn't be a primary security driver

 Continue Reading

By

• Shawna McAlearney, News Editor

Quiz: Secure Web directories and development

Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management. Continue Reading

Top tools for testing your online security, part 2

Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources. Continue Reading

Top tools for testing your online security

Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success. Continue Reading

Life at the edge part 3: Resistance to failure

Learn how architecture, protocol and application-level protections work together to safeguard a Web infrastructure. Continue Reading

Life at the edge part 4: When things go wrong

A checklist and other hints to protect your Web servers from a worst-case scenario. Continue Reading

Life at the edge part 2: Divide and conquer with DMZs

Learn how a DMZ works and how it can protect Web servers. Continue Reading

Quiz: Identify and analyze Web server attacks, answer No. 5

Quiz: Identify and analyze Web server attacks, answer No. 5 Continue Reading