News

Hackers and cybercrime prevention

September 22, 2005 22 Sep'05
Telework key to surviving security disaster, expert says

Cybersecurity Industry Alliance Executive Director Paul Kurtz explains why telework may be crucial to surviving The Big One.
September 21, 2005 21 Sep'05
Leave no trace: Understanding attackers' motives

This excerpt from Chapter 1 of "Rootkits: Subverting the Windows Kernel," explains the purpose of back doors and how hackers use them, as well as how stealth plays a major role in most successful attacks.
September 21, 2005 21 Sep'05
IT infrastructure risks key to averting major cyberattack

Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down.
September 21, 2005 21 Sep'05
Catastrophic cyberattack unlikely, experts say

Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down.

July 31, 2005 31 Jul'05
Attack: USB could be the death of me

Seemingly innocent Universal Serial Bus driver bugs may allow device attacks that many won't see coming, according to Black Hat presenters.
July 26, 2005 26 Jul'05
VeriSign raises stakes in battle for threat intelligence

Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence.
July 26, 2005 26 Jul'05
Experts weigh in on spyware's defining moment

We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement.
July 21, 2005 21 Jul'05
Can alcohol mix with your key personnel?

I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud?
July 06, 2005 06 Jul'05
This is not your father's hacker

While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism.
June 07, 2005 07 Jun'05
Latest Mytob worms phish for trouble

Mytob's data-drumming tactics and the appearance of new Trojan horse programs add to concern that the underground is perfecting ingredients for a major attack.

June 06, 2005 06 Jun'05
Know your enemy: Why your Web site is at risk

In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them.
June 05, 2005 05 Jun'05
Quiz: Secure Web directories and development

Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management.
June 04, 2005 04 Jun'05
Top tools for testing your online security, part 2

Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources.
June 04, 2005 04 Jun'05
Top tools for testing your online security

Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success.
June 03, 2005 03 Jun'05
Quiz: Identify and analyze Web server attacks, answer No. 5

Quiz: Identify and analyze Web server attacks, answer No. 5
June 03, 2005 03 Jun'05
Quiz: Identify and analyze Web server attacks, answer No. 3

Quiz: Identify and analyze Web server attacks, answer No. 3
May 23, 2005 23 May'05
Pre-CISSP: Options for the security newbie

Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.
March 14, 2005 14 Mar'05
HIPAA security rules set hurdles for struggling hospitals

Most healthcare organizations have one more month to meet the security requirements of the Health Insurance Portability and Accountability Act (HIPAA). Will they make it?
March 09, 2005 09 Mar'05
Exploit code targets critical CA flaws

Anyone who ever evaluated CA software is potentially at risk. The good news is patches are available and a free scanner is out now to identify systems vulnerable to attack.
March 08, 2005 08 Mar'05
Passwords still the weakest link

Businesses are still struggling to convince their staff of the importance of password security, according to a survey of 67,000...
February 24, 2005 24 Feb'05
Security Bytes: Cisco patch available for ACNS flaws

Workaround outlined for new php exploit. IBM issues patch for DB2 flaw. Payroll service goes offline to investigate security claims , and BoA loses personal data on customers.
February 15, 2005 15 Feb'05
Federal agency security still poor, but improving

Report cards give federal security a D-plus average, but the Homeland Security Department is still failing.
February 02, 2005 02 Feb'05
Compressed files strike another blow to AV

The "alternative" .rar files are picking up where popular .zip files left off as attack vectors.
January 11, 2005 11 Jan'05
A 'critical' Patch Tuesday

Microsoft issues three security bulletins for January, two of them critical. Attackers have already exploited some of the vulnerabilities.
January 10, 2005 10 Jan'05
Security on a Shoestring: Creating Internet policies on the cheap

No matter how small the organization, it's impractical to stand over employees and make sure they properly use the Internet. So here's how to write a decent acceptable use policy, and make sure everyone abides by it.
December 19, 2004 19 Dec'04
Transforming the cybersecurity culture

Eleven New Year's resolutions can help employees at all levels empower the security function at their organization.
December 08, 2004 08 Dec'04
The security lingo of 2004

This was the year of botnets, zombie PC armies and phishying online schemes.
October 03, 2004 03 Oct'04
Training for CISSP Certification: SearchSecurity.com's Security School

Study guides for each of the ten domains of the CBK for those preparing to take the CISSP exam or expanding their knowledge of security concepts and practices.
September 26, 2004 26 Sep'04
Authorize.Net says it has 'learned' from attack

The credit card processing service was unprepared for the kind of attack it suffered last week, but it will use the experience to improve security.
September 19, 2004 19 Sep'04
Hackers costing enterprises billions

Symantec's semi-annual Internet Threat Report finds hackers continued adding billions to the cost of doing business on the Internet.
July 27, 2004 27 Jul'04
New attacks and vulnerability trends highlighted at Black Hat

Presentations beginning today will analyze vulnerabilities, zero-day code, phishing and secure wireless deployment, among many other topics.
July 25, 2004 25 Jul'04
Learning about Security Threats: Profiling

A look at what it means to be a hacker.
July 18, 2004 18 Jul'04
Debian fixes multiple flaws

Denial-of-service, buffer overflow and format string vulnerabilities in Debian GNU/Linux that an attacker could use to remotely execute malicious code has been fixed.
June 21, 2004 21 Jun'04
Users at risk after web host attack

Users have been warned to brace themselves for attacks on sites which provide patch downloads and web hosting services.
May 23, 2004 23 May'04
Hacking for Dummies: Chapter 10 -- Wireless LANs

Read Chapter 10, Wireless LANs, from the book "Hacking for Dummies" written by Kevin Beaver.
May 13, 2004 13 May'04
Hacking For Dummies: Chapter 7 -- Passwords

In his latest book, "Hacking For Dummies," Kevin Beaver takes the reader into the mindset of a hacker in order to help admins fend off vulnerabilities and attacks.
April 11, 2004 11 Apr'04
IBM and Cisco battle remote attack vulnerabilities
January 04, 2004 04 Jan'04
Security legislation: Where's the breach?

Security legislation isn't all that it's cracked up to be. Find out how California's SB 1386 is letting some breaches fall through the cracks.