IT security

Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems. Continue Reading

By

• Robert Westervelt, TechTarget

Mozilla fixes multiple Firefox flaws

Digital miscreants could exploit flaws in Mozilla's popular Firefox browser to bypass security programs, access sensitive information and conduct cross-site scripting attacks. Continue Reading

By

• Bill Brenner

Check Point gets big IDS boost from NFR deal

Analysts say Check Point would gain much-needed intrusion detection and prevention capabilities through its acquisition of NFR Security. The deal should erase bad memories of the aborted Sourcefire deal. Continue Reading

By

• Bill Brenner Senior News Writer

Top network security tips of 2006

The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading

VoIP hacking exposed in new book

VoIP hacking is a reality, and in a new book, two VoIP security experts outline the tools and tricks to avoid a system-crushing hack. Continue Reading

By

• Andrew R. Hickey, Senior News Writer

Criminals find safety in cyberspace

A new report from McAfee shows how criminals are enjoying a sense of safety and anonymity in cyberspace that they never had on the street. And they're making more money. Continue Reading

By

• Bill Brenner

Review: Reconnex's iGuard needs improvements

Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs. Continue Reading

By

• Tom Bowers

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading

By

• Steven Weil, Point B

Employers to seek more security talent in '07

Learn what certifications are growing in demand and how employers are looking at the job market in 2007. Continue Reading

By

• Krissi Danielsson, Contributor

Schneier: Data breach at UCLA barely newsworthy

This week in Security Blog Log: Security luminary Bruce Schneier and others sound off on the UCLA data breach that exposed 800,000 people to identity fraud. Continue Reading

Microsoft Vista could improve Internet security

Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading

Review: Lancope StealthWatch 5.5 offers more than IDS

Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading

By

• Sandra Kay Miller, Contributing Writer

Review: Sky's the limit with Skybox View 3.0

Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets. Continue Reading

By

• Brent Huston, Contributing Writer

Hot technologies for 2007

"Storage" magazine's editors reviewed technology developments, product introductions and storage standards to come up with this short list of must-have technologies for 2007. Continue Reading

Hosted VoIP eliminates cost, complexity

Hosted VoIP is being adopted at increasing rates as more and more companies look to avoid the excess costs and complexities of on-premise solutions. Continue Reading

By

• Kate Dostart, Associate Editor

Third zero-day found in Microsoft Word

For the third time in a week, a zero-day flaw has been found in Microsoft Word. Users should be cautious when opening attachments from unknown sources. Continue Reading

By

• Bill Brenner

Host-based replication

While the lines of distinction among data protection technologies such as backup, continuous data protection and replication have blurred, host-based replication can play a key role in your overall data protection strategy. Continue Reading

Expert offers tips to bolster messaging security

In this edition of Security Wire Weekly, Burton Group analyst Diana Kelley explains how to lock down messaging programs as part of our three-day special report on the subject. Continue Reading

By

• SearchSecurity.com Staff

Symantec issues NetBackup security alert

Symantec issues an alert and patch to vulnerabilities in NetBackup 6.0, 5.1 and 5.0. Continue Reading

By

• Jo Maitland, TechTarget

Data breach at Boeing exposes 382,000 employees

The third theft of a Boeing laptop in the last 13 months has exposed the data of nearly 400,000 employees and retirees. Continue Reading

By

• Dennis Fisher

Intrusion detection systems -- introduction to IDS and IPCop

This article, excerpted from the book ""Configuring IPCop Firewalls: Closing Borders with Open Source,"" explores how intrusion detection systems (IDS) and intrusion prevention systems (IPS) including Snort and IPCop protect the network from malicious attacks. Continue Reading

By

• Barrie Dempster & James Eaton-Lee

Storage Decisions Session Downloads: Smart Shopper Track (LV 2006)

Very few storage managers have carte blanche when it comes to storage spending. Sessions in our "Smart Shopper track" help managers get the most bang for their storage buck. Continue Reading

Storage Decisions Session Downloads: Executive Track (LV 2006)

Our "Executive track" sessions give C-level technology executivesan idea of where their storage should be and ideas on where it's headed. Continue Reading

Microsoft fixes two zero-day flaws

The December security update from Microsoft includes patches for zero-day flaws in Visual Studio and Windows Media Player, but two zero-day flaws in Word remain unfixed. Continue Reading

By

• Bill Brenner

Podcast: Mobile device threats are real, white-hat hacker says

Learn how easy it is for a hacker to gain access to a mobile device, whether employees are aware of security for their devices and why Bluetooth headsets should be turned off. Continue Reading

By

• SearchSecurity.com Staff

Storage IPOs, brilliant or brainless

Just when we thought the fast and loose spending of the dot-com bubble was well behind us, a few recent storage company IPOs remind us that we really haven't gotten a lot smarter. Continue Reading

By

• Steve Duplessie is the founder and senior analyst for the Enterprise Strategy Group

IT pros look for ways to lock down IM

Special Report: To control growing IM threats, administrators are trying to limit which programs can be used or ban the technology altogether. But that's not always possible. Continue Reading

By

• Bill Brenner

Inside MSRC: Visual Studio flaw, tool extensions explained

Christopher Budd of the Microsoft Security Response Center sheds detail about a flaw in Visual Studio 2005 and explains that support for Software Update Services 1.0 will be extended. Continue Reading

Infrastructure security: Remote access DMZ

An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne. Continue Reading

Zantaz buys data classification partner Singlecast

Email archiving player Zantaz has purchased data classification startup Singlecast, which can categorise and apply policies to data before an email takes up storage space. Continue Reading

By

• Beth Pariseau, Senior News Writer

Messaging insecurity fuels data leakage fears

Special Report: The proliferation of messaging technology means more opportunity for malware to take root and sensitive data to be lifted. Continue Reading

By

• Bill Brenner

Microsoft suffers third zero-day in a week

A second zero-day flaw in Word has been uncovered, Microsoft said Sunday. It's the software giant's third zero-day in a week. Continue Reading

By

• Bill Brenner

Storage Decisions in the wild, wild west

Dedupe, iSCSI, backup, virtualisation and cowboys in Stetson hats -- Storage Decisions Las Vegas 2006 had it all. Continue Reading

By

• SearchStorage.com Staff

Windows Vista security settings

Microsoft's Windows Vista is here. Here, Current Analysis senior analyst Andrew Braunberg discusses what network admins need to know about tightening up Vista security. Continue Reading

By

• Andrew Braunberg

Zero-day tracker a hit, but IT shops need better strategy

This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading

Dell, Microsoft tout joint NAS product

The new NX1950 product is vastly more expensive than its counterparts from HP and NetApp, but it scales higher, supports clusters and has redundant controllers. Continue Reading

By

• Beth Pariseau, Senior News Writer

Microsoft to fix Visual Studio, Windows flaws

Microsoft plans to release five security updates to address vulnerabilities in Windows and a flaw in Visual Studio as part of its monthly security bulletin release cycle. Continue Reading

By

• Bill Brenner

Zero-day flaw found in Windows Media Player

Attackers could exploit a new zero-day flaw in Windows Media Player to cause a denial of service or launch malicious code. The threat is Microsoft's second zero-day flaw in a week. Continue Reading

By

• Bill Brenner

MP3 search site pushes spyware, watchdogs say

A Web site that gives users the ability to search for MP3s contains programs that behave like spyware, according to the Center for Democracy and Technology and StopBadware.org. Continue Reading

By

• Bill Brenner

IBM to acquire compliance software firm

IBM plans to acquire Consul Risk Management Inc., a Delft, Netherlands-based firm whose software tracks non-compliant behavior of employees. Continue Reading

By

• Robert Westervelt, TechTarget

Spam -- stop it at the network edge

Spam has become much more than just a nuisance; it can slow or crash the network. F5 recently added a module to its Big IP platform to stop spam at the network edge. Continue Reading

By

• Susan Fogarty & Andrew R. Hickey

Security Bytes: Phishing worm spreads through MySpace

Round up of security news Continue Reading

By

• SearchSecurity.com Staff

Terrorists may target financial sites

The U.S. government is warning of an al-Qaida call for a cyberattack against online stock trading and banking Web sites Continue Reading

By

• SearchSecurity.com Staff

Symantec blames piracy for Veritas licensing snafu

Weekly compilation of storage news: Symantec says that software counterfeiting is throwing a wrench in tech support ; FRCP rules take effect. Continue Reading

By

• SearchStorage.com Editors

Oracle responds to security critics

Security Blog Log: Oracle takes on researchers who have criticised its security procedures in recent weeks. Meanwhile, Symantec warns of new zombie malware. Continue Reading

Multiple flaws in Adobe Reader, Acrobat

Multiple flaws in Adobe Reader and Acrobat could allow attackers to execute malicious commands on victims' computers. Continue Reading

By

• Bill Brenner

Podcast: Security certifications pay could rebound in '07

Security certifications pay is languishing, according to skill and certifications pay expert David Foote of Foote Research. Foote examines the state of the IT security job market. Continue Reading

By

• SearchSecurity.com Staff

Symantec fixes NetBackup Puredisk flaw

An unauthorised user could launch malicious code by exploiting a flaw in Symantec's Veritas NetBackup PureDisk product. But a fix is available. Continue Reading

By

• Bill Brenner

Adware targets Mac OS X

As F-Secure notes what may be the first example of adware designed for Macs, researcher LMH reports more flaws in the operating system as part of the Month of Kernel Bugs. Continue Reading

By

• Bill Brenner

Study: Some firms balk at mobile security

Companies are failing to safeguard sensitive data on employee mobile devices, according to a survey by the Business Performance Management Forum. Continue Reading

By

• Robert Westervelt, TechTarget

Active Directory security school: Set up and configuration

An Active Directory security lesson. Continue Reading

Active Directory security school: Maintenance and testing

This is lesson three of our Active Directory security school. Continue Reading

Active Directory security school: Management

Lesson two of the Active Directory security school. Continue Reading

Active Directory Security School

An improperly configured Active Directory can render the rest of your security measures useless. So how can you protect yourself from a hacker with their eyes on your AD? How can you recover from such an attack? Find the answers to all of your AD questions Continue Reading

Recordless email: magical or menacing?

A new startup promises recordless email. Is this a stroke of genius that will reward the company with billions of Internet bucks, or is it the end of the world as we know it? Continue Reading

Commentary: We've never met a "thought follower"

A couple of days back, a vendor tried to convince us that their new security consultancy services should be of interest to you, our readers. Continue Reading

By

• Simon Sharwood

Zango defying FTC agreement, researchers say

This week in Security Blog Log: Two researchers accuse Zango of unsavory adware tactics, despite the company's pledge to clean up its act. Continue Reading

New Mac OS X flaw exposed

A Mac OS X flaw was exposed as part of the Month of Kernel Bugs. Also, a new Web site vows to follow the lead of researchers LMH and H.D. Moore with a week of Oracle zero-days. Continue Reading

By

• Bill Brenner

BakBone brushes up replication software

BakBone's NetVault Replicator version 5.0 includes automatic configuration of replication for remote sites, a capacity planning tool and a higher performance data movement engine. Continue Reading

By

• Beth Pariseau, Senior News Writer

Insider security threats come in many forms

Insiders could be the greatest threat to a company's security. The best defense is to let them know Big Brother is watching and a plan to deal with troublemakers. Continue Reading

By

• Bill Brenner

Virtualisation: friend or foe? [Day Two: The virtual appliance]

Virtualisation slashes costs, makes management easier, unshackles software configurations from hardware. And it is being embraced around the world. But is it secure? In this three-part series, Patrick Gray explores the security implications of this important new technology. Continue Reading

By

• Patrick Gray

Trojan poses as Adobe software update

The Trojan keylogger comes in an email that asks users to download the latest version of Adobe Reader. It then tries to steal the user's confidential information. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Sailing a sea of spam

This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading

Podcast: Tor peer-to-peer privacy could be hacked

In this edition of Security Wire Weekly, Andrew Christensen of FortConsult explains how the Tor peer-to-peer network can be hacked to track down user identities. Continue Reading

By

• SearchSecurity.com Staff

Storage virtualization acquisitions need careful consideration

Storage virtualization alleviates traditional storage growth problems by implementing a layer of abstraction between applications and physical storage, allowing storage to be combined and treated as a ubiquitous resource, regardless of location. This buying guide helps you understand the most important considerations involved in storage virtualization product selection, identifies specific points of interest for software, hardware and VSAN product categories, and presents a series of basic product specifications that will start you pick the best product for your organization. Continue Reading

Microsoft to patch critical zero-day flaws in Windows

Microsoft plans to repair five critical flaws in Windows and a flaw in XML Core Services as part of its monthly patch update next week. Continue Reading

By

• SearchSecurity.com Staff

Mozilla fixes Firefox flaws

Attackers could exploit multiple flaws in Firefox, SeaMonkey and Thunderbird to crash machines, bypass security restrictions and launch malicious code. Continue Reading

By

• Bill Brenner

How to manage encryption keys

Encryption is an effective way to secure data, but the encryption keys used must be carefully managed to ensure data remains protected and accessible when needed. Continue Reading

Agency improves security grades under CISO's watch

CISO Philip Heneghan has made security a way of life for the U.S. Agency for International Development (USAID). His work earned him a Security 7 award. Continue Reading

By

• Kelley Damore

Sourcefire IPO could fuel Snort, users say

Snort users frowned when Check Point tried to acquire Sourcefire last year. But they are more optimistic about Sourcefire's plans to go public. Continue Reading

By

• Bill Brenner

Microsoft eyes second zero-day threat in a week

This time, attackers are going after a zero-day flaw in Windows, and Microsoft has released some workarounds until a patch is available. Continue Reading

By

• Bill Brenner

Mobile device encryption - a practice not often applied

Encryption is the best way to protect data on mobile devices -- but too few companies are actually deploying this critical technology. Continue Reading

By

• Shamus McGillicuddy, Enterprise Management Associates

Security Blog Log: Dissecting Firefox 2.0

This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7? Continue Reading

Review: Arbor Networks' Peakflow X 3.6

Hot Pick: Peakflow isn't cheap and requires an intimate understanding of data flows, applications and network infrastructure. But the investment will pay dividends. Continue Reading

By

• Sandra K. Miller, Contributing Writer

Review: Network Intelligence's enVision

enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it. Continue Reading

By

• Brent Huston, Contributing Writer

Review: SPI Dynamics' WebInspect 6.1

SPI Dynamics has created a powerful tool for novices as well as advanced users who will appreciate the time and effort it saves. Continue Reading

By

• Phoram Mehta, Contributing Writer

Tor network privacy could be cracked

The Tor network is used by those who want to keep their IP addresses private. But new research shows that it's possible to compromise the system and unmask the user. Continue Reading

By

• Bill Brenner

Download Advanced Storage Guide Chapter 2: Backup/Data protection (PDF)

A printable version of our Advanced Storage All-In-One Guide. Download Chapter 2: Backup/Data protection in .pdf format now. Continue Reading

Flaw found in Firefox 2.0

Attackers could exploit the security flaw to crash versions 1.5.0.7 and 2.0 of the browser, according to various security advisories. Continue Reading

By

• Bill Brenner

Podcast: The state of Oracle security

In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format. Continue Reading

By

• SearchSecurity.com Staff

E-vaulting's many faces can confuse IT efforts

E-vaulting is the process that describes how enterprise IT departments ship backup tapes and replicate data to remote disk arrays and VTLs. E-vaulting is not a new concept, but more recently it has grown to mean remote backups and replication for SMBs/SMEs using third-party services. This article examines e-vaulting, highlights the major considerations and roadblocks in implementation, examines the impact of e-vaulting on real-life users and looks ahead at future e-vaulting trends. Continue Reading

Messaging Security School

SearchSecurity.com's Messaging Security School has brought together some of the most knowledgeable experts in the messaging security field to offer you personal instruction on how to secure the information handled by your organization's knowledge workers. Continue Reading

Countermeasures for malicious email code

Today's malware continues to raise the security stakes. Enterprises are now facing numerous evolving threats like targeted and blended attacks, zero-day exploits, botnets and phishing schemes. The attacks aren't the only things evolving; so are today's product sets. In this lesson, attendees will get an overview of the email threat landscape, tips for malware protection success and guidance on the future of email attacks. Continue Reading

By

• Tom Bowers

Survey: Data breach costs surge

A new study by the Ponemon Institute finds a 31% increase in the costs associated with a data breach. Continue Reading

By

• Robert Westervelt, TechTarget

Achieving compliance: a real-world roadmap

A security manager's responsibilities extend beyond the technical aspects of the job. These days, effective governance and compliance are just as essential. Continue Reading

Security Blog Log: The never-ending PatchGuard debate

This week, security vendor fright over the Windows Vista PatchGuard feature permeates the blogosphere. Is Microsoft the boogeyman, or just misunderstood? Continue Reading

Research shows massive botnet growth

Reports from McAfee and Microsoft show bot herders are gaining ground and threatening national infrastructure. Some suppliers hope to strike back by sharing resources. Continue Reading

By

• Bill Brenner

What storage managers are buying and why, page 7

What storage managers are buying and why Continue Reading

What storage managers are buying and why, page 6

What storage managers are buying and why Continue Reading

Security researcher, professor influences students for life

Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School, has contributed to the field of data security. Her work earned her a Security 7 award. Continue Reading

By

• Marcia Savage, Editor

SDL expected to help fulfil Vista security promises

Windows Vista is expected to be the most secure Microsoft product released thanks to the company's implementation of the Security Development Lifecycle (SDL). Continue Reading

By

• Michelle Davidson, TechTarget

Information Security Decisions Session Downloads

Session Downloads from Information Security Decisions 2006 Conference. Continue Reading

Enhanced Identity and Access Management

From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Continue Reading

Snyder On Security: An insider's guide to the essentials

Joel Snyder, senior partner with consultancy Opus One, provides an in-depth look at information security trends and technologies. Continue Reading

Rural Payments Agency project failed after IT system costs spiralled

Delays in implementing a bespoke IT system led to the Rural Payments Agency (RPA) failing to pay subsidies to farmers on time, according to a National Audit Office report. Continue Reading

By

• Will Hadfield

Nmap Technical Manual

By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in collaboration with security expert Michael Cobb, has produced an Nmap Tutorial, detailing how this free tool can help make your organization more secure. Continue Reading

Security Bytes: Flaws fixed in Bugzilla

Meanwhile, security holes are also plugged in Cisco's Wireless Location Appliance software and Clam AntiVirus. Continue Reading

By

• Bill Brenner

Microsoft caves to pressure over Vista security

To accommodate third-party security vendors and appease antitrust regulators in Europe, Microsoft will make some final tweaks to Windows Vista. Continue Reading

By

• Bill Brenner

Microsoft to fold security into Windows division

The software giant said the move would make future Windows development efforts more efficient. The changes take effect after Microsoft releases Vista. Continue Reading

By

• SearchSecurity.com Staff

Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading