IT security

RSA Conference 2007: Product announcements

RSA Conference 2007: Product announcements Continue Reading

RSA Conference 2007: Special news coverage

Check out news, interviews, product announcements, podcasts and more live from the RSA Conference 2007 in San Francisco. Continue Reading

Vista exploitable, researcher says

Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading

By

• Bill Brenner

CISOs mastering 'softer' skills

Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading

By

• Amber Plante, Assistant Managing Editor, Information Security magazine

Email security buying decisions

Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading

By

• Joel Dubin, CISSP, Contributor

Dozens of Web sites spread malicious Trojan

Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading

By

• Eric Parizo, Senior Analyst

New zero-day attack targets Microsoft Excel

Microsoft says maliciously crafted Excel files may permit the execution of arbitrary code. Other Microsoft Office applications may be at risk. Continue Reading

By

• Edmond X. DeJesus, Contributor

HDS to acquire Archivas for up to $120M

HDS will acquire archiving software partner, Archivas for close to $120 million stepping up its effort to compete with EMC in this market. Continue Reading

By

• Jo Maitland, TechTarget

HP fills in gaps with product updates

HP announced updates to several of its products, but analysts are wondering what its ultimate strategy will be for storage virtualisation. Continue Reading

By

• Beth Pariseau, Senior News Writer

Intrusion detection systems are alive and kicking

IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading

By

• Bill Brenner

New security vendors take on sophisticated attackers

IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading

Quiz: Using IAM tools to improve compliance

A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School. Continue Reading

Microsoft disputes Word zero-day report

Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new. Continue Reading

By

• Bill Brenner

Lawyers discuss e-discovery gotchas

During panel sessions at Legal Tech, lawyers provided their insights into the e-discovery process, retention policies and helping judges get up to speed. Continue Reading

By

• Jo Maitland, TechTarget

Symantec unveils 'universal ID system'

Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading

By

• SearchSecurity.com Staff

Using IAM tools to improve compliance

Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading

Entrust to sell cheaper hardware tokens

Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry. Continue Reading

By

• Robert Westervelt, TechTarget

TJX faces lawsuit over data breach

A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading

By

• Bill Brenner

IBM improves data recovery process for TSM users

Tivoli Storage Manager 5.4, released this week, establishes a disk cache for most recently backed-up files, improving the slow restore times associated with the product. Continue Reading

By

• Jo Maitland, TechTarget

IBM to acquire Softek, looks to pump up services biz

IBM says it intends to use Softek's Transparent Data Migration Facility within its Global Services business. Continue Reading

By

• Beth Pariseau, Senior News Writer

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats." Continue Reading

Attacks targeted to specific applications

The fourth tip in our series, "How to assess and mitigate information security threats." Continue Reading

How to assess and mitigate information security threats

Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage. Continue Reading

Malware: The ever-evolving threat

The first tip in our series, "How to assess and mitigate information security threats" Continue Reading

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats." Continue Reading

Threats to physical security

Tip No. 6 in our series, "How to assess and mitigate information security threats." Continue Reading

Information theft and cryptographic attacks

The third tip in our series, "How to assess and mitigate information security threats." Continue Reading

IBM tool makes online purchases anonymous

A new tool makes online purchases anonymous by using artificial identity information. Experts say enterprises need to adopt the technology before it can become a viable option. Continue Reading

By

• Robert Westervelt, TechTarget

Storm Trojan was worse than it should have been

The "Storm" attack made a big splash because people keep falling for social engineering and there was simply little else in the news, experts say. Continue Reading

Symantec makes major update to Enterprise Vault

Symantec adds automated data classification and integration with security products in Version 7.0 of its Enterprise Vault archiving tool; EMC reports record earnings for the fourth quarter. Continue Reading

By

• SearchStorage.com Staff

Apple fixes Mac Wi-Fi flaw

The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system. Continue Reading

By

• Bill Brenner

Quiz: Defending mobile devices from viruses, spyware and malware

A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School. Continue Reading

Microsoft investigates new Word zero-day

An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday. Continue Reading

By

• Bill Brenner

TJX data breach info used to make fraudulent purchases

Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco fixes IOS flaws

Attackers could exploit three Cisco IOS flaws to cause a denial of service or launch malicious code. The networking giant has released fixes. Continue Reading

By

• Bill Brenner

McAfee: Malware all about ID theft

The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee. Continue Reading

By

• Bill Brenner, Senior News Writer

ID theft victim to TJX customers: Mind your data

Customers should guard their own data, says one ID theft victim. Meanwhile, some in the banking industry say TJX may have stored more data than necessary. Continue Reading

By

• Bill Brenner

Vendors: Cut the hype, truth is what sells

Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy standing. Continue Reading

By

• Steve Duplessie, founder and senior analyst for the Enterprise Strategy Group

Data breach at TJX could affect millions

Retailer TJX Companies said a hacker gained access to its systems exposing the credit card data of millions of customers. Continue Reading

By

• Robert Westervelt, TechTarget

TJX breach: There's no excuse to skip data encryption

Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading

Companies take IM threats seriously

Wesabe is a brand new money management community. It takes threats to IM as seriously as those targeting email and web applications Continue Reading

By

• Mark Baard

Did TJX take the right steps after data breach?

Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner. Continue Reading

By

• Bill Brenner and Robert Westervelt, SearchSecurity.com Staff

TJX gets little sympathy from blogosphere

TJX is taken to task by security bloggers for waiting until after a massive data breach to take steps to bolster its security. Continue Reading

Fortify Software to acquire Secure Software

The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said. Continue Reading

By

• Bill Brenner

Network security threats and answers, by industry

Michael Gregg offers network pros in various industries security advice and step-by-step solutions to help lock down the network. Continue Reading

By

• Michael Gregg, Superior Solutions, Inc.

PatchLink offers solid flaw management

PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment. Continue Reading

By

• Tom Bowers

Core Security offers powerful testing tool

We highly recommend Core Impact 6.0 to security engineers to verify the vulnerability of their networks. Continue Reading

By

• Mike Poor, Contributing Writer

Apere's IMAG 500 a tough sell

Product review: Apere says many of the issues we encountered are addressed in its next release, but mid-enterprise businesses may not have the tolerance for this product. Continue Reading

By

• Brad Causey

Storage management software finalists

Find out who was selected as finalists in the storage management software category for our storage products of the year Continue Reading

Oracle emulates Microsoft with advance patch notice

Oracle will patch 52 security flaws across its product line Tuesday, according to its inaugural CPU advance notification bulletin. Continue Reading

By

• Bill Brenner

Network security -- Taking the layered approach

Network security is tricky business. In his new book Hack the Stack, author and security expert Michael Gregg outlines how to secure the network using the OSI model. Continue Reading

By

• Andrew R. Hickey

Sophos acquires Endforce to add NAC

Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software. Continue Reading

By

• Robert Westervelt, TechTarget

More users increase risk for Volkswagen AG

With 1.5 million users on the network, Volkswagen AG depends more than ever on strong ID and access management to safeguard intellectual property, according to its CISO. Continue Reading

By

• Bill Brenner

Remote flaw in Vista could earn finder $8,000

VeriSign Inc.'s iDefense Labs is offering an $8,000 bounty to any researcher who finds a remotely exploitable flaw in Windows Vista. Continue Reading

By

• Dennis Fisher

Federal government pushes full-disk encryption

Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products. Continue Reading

Network configuration management key to VoIP success

While companies spend millions on upgrading infrastructure for VoIP, little attention is given to solving the largest source of downtime – configuration-related outages due to human error. Continue Reading

By

• Zeus Kerravala, senior vice president, Yankee Group

How far apart can SAN locations be?

Storage locations can potentially be very far apart, separated by thousands of miles, even around the globe. The real consideration in selecting distance is that of latency... Continue Reading

Inside MSRC: Microsoft updates WSUSSCAN issue

Christopher Budd of the Microsoft Security Response Center is urging customers to deploy the latest versions of the Systems Management Server Inventory Tool for Microsoft Updates or Microsoft Baseline Security Analyzer to receive all the current software updates. Continue Reading

Critical fixes for Excel, Outlook and Windows

Microsoft starts the year with security updates for Excel, Outlook and Windows. Three of the fixes are rated critical. Continue Reading

By

• Bill Brenner

Attackers hide malicious code using new method

Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading

By

• Robert Westervelt, TechTarget

Bug Briefs: OpenOffice vulnerable to attack

Other flaws were reported in Apple QuickTime, Mac OS X, Adobe Flash Player, VideoLAN VLC, the Opera Web browser, and Cisco Access Control Server. Continue Reading

By

• SearchSecurity.com Staff

Microsoft nixes four patch bulletins

Eight security updates were originally scheduled for Patch Tuesday , but Microsoft has decided to hold back on half of them. Continue Reading

By

• Bill Brenner

NAC implementation slows as networking budgets grow

Network Access Control (NAC) implementations will decrease, despite growth in networking budgets. Continue Reading

By

• Kate Dostart

Adobe Reader users urged to upgrade

Adobe Reader 8 fixes serious flaws attackers could exploit for cross-site scripting and other attacks. Continue Reading

By

• Bill Brenner

Why don't we have clustered FC block storage?

Is it odd that the industry has made such serious strides toward incorporating clustering concepts in both file-based storage and IP -based storage, but not Fibre Channel storage? Continue Reading

Cisco bolsters security with IronPort buy

Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco software vulnerable to attack

Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication. Continue Reading

By

• Robert Westervelt, TechTarget

Adobe Reader flaws spook security experts

Security experts sound the alarm over Adobe Reader flaws that could be exploited for cross-site scripting attacks and other mayhem. Continue Reading

Information security market 2006 year in review

In part two of our two-part special edition of Security Wire Weekly, site editor Eric Parizo reveals his picks for top information security interviews of 2006. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. Continue Reading

By

• SearchSecurity.com Staff

Security pros grumble over spam increase

Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading

By

• Edmund X. DeJesus, Contributor

Top Windows server hardening tips of 2006

Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more. Continue Reading

Security pros glean insight from '06

Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading

Storage Outlook '07: Seeking better backups and archives

Tom Becchetti, senior infrastructure engineer for a major national financial services company, says compliance, backup and archiving will be top priorities in 2007. Continue Reading

By

• Beth Pariseau, Senior News Writer

Looking back at information security in 2006

In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006. Continue Reading

By

• SearchSecurity.com Staff

Top 10 storage stories of 2006

SAN and NAS converged and shook up the industry, iSCSI went mission-critical, users conquered tiered storage and more. Continue Reading

By

• Beth Pariseau, Senior News Writer

Top client security tips of 2006

A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading

Top 10 storage acquisitions of 2006

Industry consolidation was fast and furious this year. We rank the deals by quality, not quantity. Continue Reading

By

• Jo Maitland, News Director and Beth Pariseau, News Writer

Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems. Continue Reading

By

• Robert Westervelt, TechTarget

Mozilla fixes multiple Firefox flaws

Digital miscreants could exploit flaws in Mozilla's popular Firefox browser to bypass security programs, access sensitive information and conduct cross-site scripting attacks. Continue Reading

By

• Bill Brenner

Check Point gets big IDS boost from NFR deal

Analysts say Check Point would gain much-needed intrusion detection and prevention capabilities through its acquisition of NFR Security. The deal should erase bad memories of the aborted Sourcefire deal. Continue Reading

By

• Bill Brenner Senior News Writer

Top network security tips of 2006

The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading

VoIP hacking exposed in new book

VoIP hacking is a reality, and in a new book, two VoIP security experts outline the tools and tricks to avoid a system-crushing hack. Continue Reading

By

• Andrew R. Hickey, Senior News Writer

Criminals find safety in cyberspace

A new report from McAfee shows how criminals are enjoying a sense of safety and anonymity in cyberspace that they never had on the street. And they're making more money. Continue Reading

By

• Bill Brenner

Review: Reconnex's iGuard needs improvements

Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs. Continue Reading

By

• Tom Bowers

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading

By

• Steven Weil, Point B

Employers to seek more security talent in '07

Learn what certifications are growing in demand and how employers are looking at the job market in 2007. Continue Reading

By

• Krissi Danielsson, Contributor

Schneier: Data breach at UCLA barely newsworthy

This week in Security Blog Log: Security luminary Bruce Schneier and others sound off on the UCLA data breach that exposed 800,000 people to identity fraud. Continue Reading

Microsoft Vista could improve Internet security

Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading

Review: Lancope StealthWatch 5.5 offers more than IDS

Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading

By

• Sandra Kay Miller, Contributing Writer

Review: Sky's the limit with Skybox View 3.0

Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets. Continue Reading

By

• Brent Huston, Contributing Writer

Hot technologies for 2007

"Storage" magazine's editors reviewed technology developments, product introductions and storage standards to come up with this short list of must-have technologies for 2007. Continue Reading

Hosted VoIP eliminates cost, complexity

Hosted VoIP is being adopted at increasing rates as more and more companies look to avoid the excess costs and complexities of on-premise solutions. Continue Reading

By

• Kate Dostart, Associate Editor

Third zero-day found in Microsoft Word

For the third time in a week, a zero-day flaw has been found in Microsoft Word. Users should be cautious when opening attachments from unknown sources. Continue Reading

By

• Bill Brenner

Host-based replication

While the lines of distinction among data protection technologies such as backup, continuous data protection and replication have blurred, host-based replication can play a key role in your overall data protection strategy. Continue Reading

Expert offers tips to bolster messaging security

In this edition of Security Wire Weekly, Burton Group analyst Diana Kelley explains how to lock down messaging programs as part of our three-day special report on the subject. Continue Reading

By

• SearchSecurity.com Staff

Symantec issues NetBackup security alert

Symantec issues an alert and patch to vulnerabilities in NetBackup 6.0, 5.1 and 5.0. Continue Reading

By

• Jo Maitland, TechTarget

Data breach at Boeing exposes 382,000 employees

The third theft of a Boeing laptop in the last 13 months has exposed the data of nearly 400,000 employees and retirees. Continue Reading

By

• Dennis Fisher

Intrusion detection systems -- introduction to IDS and IPCop

This article, excerpted from the book ""Configuring IPCop Firewalls: Closing Borders with Open Source,"" explores how intrusion detection systems (IDS) and intrusion prevention systems (IPS) including Snort and IPCop protect the network from malicious attacks. Continue Reading

By

• Barrie Dempster & James Eaton-Lee

Storage Decisions Session Downloads: Smart Shopper Track (LV 2006)

Very few storage managers have carte blanche when it comes to storage spending. Sessions in our "Smart Shopper track" help managers get the most bang for their storage buck. Continue Reading

Storage Decisions Session Downloads: Executive Track (LV 2006)

Our "Executive track" sessions give C-level technology executivesan idea of where their storage should be and ideas on where it's headed. Continue Reading