IT security

Cisco, Black Hat litigation comes to a close

The vendor and partner ISS settle their dispute over a presentation that resulted in criminal charges and cease and desist orders. Continue Reading

By

• Shawna McAlearney, News Writer

VeriSign raises stakes in battle for threat intelligence

Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence. Continue Reading

By

• Bill Brenner

Experts weigh in on spyware's defining moment

We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement. Continue Reading

By

• Bill Brenner

VoIP encryption to have 'Pretty Good Privacy

 Continue Reading

By

• Shawna McAlearney, News Editor

Authentication takes a bite out of spam

Network and messaging experts offer helpful ammunition for network managers waving the white flag in the battle against spam. Continue Reading

By

• Amy Storer, News Writer

Business continuity keeps companies running

As we speak, it appears that disruption to IT services by the London bombings was minimised due to effective and realistic business continuity strategies. Sally Flood sees how you construct them. Continue Reading

By

• Sally Flood

Users look for value boost from Microsoft licence rejig

Software Assurance needs to offer better support, say IT directors Continue Reading

By

• Cliff Saran, Managing Editor

Sarbox draining corporate security budgets

Corporate investment to comply with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF). Continue Reading

Can alcohol mix with your key personnel?

I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud? Continue Reading

Pop quiz: E-mail security

Find out how much you know about securing your organization's e-mail. Continue Reading

Sarbox challenge drains security budgets

International corporate spending on compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum. Continue Reading

By

• Antony Savvas

Business continuity: Keep on running

Too many plans for business continuity do not reflect the true risks. Sally Flood looks at risk assessment and the creation a realistic strategy. Continue Reading

By

• Sally Flood

Phishing for the missing piece of the CardSystems puzzle

A banking insider examines the ties between customized phishing attacks this spring and the CardSystems breach announced soon after. Don't miss his revelations on how they're linked and what the phishers really needed. Continue Reading

This is not your father's hacker

While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism. Continue Reading

By

• Anne Saita, TechTarget

PING with Karen Worstell

The Microsoft CISO discusses how she keeps Redmond and its products secure. Continue Reading

By

• By Amber Plante

Sasser author issues courtroom confession

Sven Jaschan's mea culpa was expected after he earlier admitted to creating the last major malware outbreak more than a year ago. Continue Reading

By

• Anne Saita, TechTarget

Continuing education options for CISSPs: Top 10 ways to earn CPEs

Who says you can't have fun while earning CPE credits? Check out the top 10 ways to meet CISSP® and SSCP continuing professional education requirements. Continue Reading

How to survive a data breach

When Colin Crook offers advice on how companies should deal a security breach, he speaks from experience. He was CTO of Citicorp [now Citigroup, parent company of Citibank] 10 years ago when a hacker penetrated the company's network.

Crook is now senior advisor to the Wharton Fellows at the University of Pennsylvania, a member of the New York Academy of Sciences; fellow of the Royal Academy of Engineering and co-author of "The Power of Impossible Thinking." He shared his experiences with customers of Framingham, Mass.-based ID management firm Courion Corp. during the company's Converge05 conference last week. Business executives, he argues, must do better at listening to others and understand security is about humans, not machinery.

In the first of a two-part question-and-answer feature, Crook explains how companies can survive the fallout from a data heist.

 Continue Reading

By

• Bill Brenner

five star reception

 Continue Reading

By

• helen beckett

Gartner underscores five overblown threats

Two Gartner analysts debunk five overhyped security risks they claim are causing companies to miss out on some key emerging technologies. Continue Reading

By

• Amy Storer, News Writer

Latest Mytob worms phish for trouble

Mytob's data-drumming tactics and the appearance of new Trojan horse programs add to concern that the underground is perfecting ingredients for a major attack. Continue Reading

By

• Bill Brenner

Spyware removal checklist

A step-by-step guide on how to remove spyware using antispyware tools including Spybot -- Search and Destroy, and HijackThis. Continue Reading

Know your enemy: Why your Web site is at risk

In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Continue Reading

Developer's active content delivery checklist

Rules for developing secure dynamic content for an IIS Web server. Continue Reading

Quiz: Secure Web directories and development, answer No. 3

Quiz: Secure Web directories and development, answer No. 3 Continue Reading

Quiz: Secure Web directories and development, answer No. 4

Quiz: Secure Web directories and development, answer No. 4 Continue Reading

Quiz: Secure Web directories and development, answer No. 5

Quiz: Secure Web directories and development, answer No. 5 Continue Reading

Quiz: Secure Web directories and development, answer No. 1

Quiz: Secure Web directories and development, answer No. 1 Continue Reading

Quiz: Secure Web directories and development, answer No. 2

Quiz: Secure Web directories and development, answer No. 2 Continue Reading

Analysts say 'cloudy' forecast is OK

 Continue Reading

By

• Michael Mimoso, TechTarget

Compliance shouldn't be a primary security driver

 Continue Reading

By

• Shawna McAlearney, News Editor

Quiz: Secure Web directories and development

Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management. Continue Reading

Top tools for testing your online security, part 2

Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources. Continue Reading

Top tools for testing your online security

Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success. Continue Reading

Life at the edge part 3: Resistance to failure

Learn how architecture, protocol and application-level protections work together to safeguard a Web infrastructure. Continue Reading

Life at the edge part 4: When things go wrong

A checklist and other hints to protect your Web servers from a worst-case scenario. Continue Reading

Life at the edge part 2: Divide and conquer with DMZs

Learn how a DMZ works and how it can protect Web servers. Continue Reading

Quiz: Identify and analyze Web server attacks, answer No. 5

Quiz: Identify and analyze Web server attacks, answer No. 5 Continue Reading

Quiz: Identify and analyze Web server attacks

Test your knowledge of the material covered in the "Identify and analyze Web server attacks" section of Intrusion Defense School. Continue Reading

Quiz: Identify and analyze Web server attacks, answer No. 3

Quiz: Identify and analyze Web server attacks, answer No. 3 Continue Reading

Quiz: Web attack prevention and defense

Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server. Continue Reading

Zombie machines used in 'brutal' SSH attacks

IT managers use SSH to gain secure access to remote computers. Hackers are using it to crack your network, with help from their zombie friends. Continue Reading

By

• Bill Brenner

Network configuration: IIS SMTP mail relay service and Microsoft Exchange Server

Learn how to use the IIS SMTP mail relay service to prevent spammers from directly interacting with your Microsoft Exchange Server. Continue Reading

Patching resource kit

From vulnerability scanning to patching flubs, here's a collection of other helpful resources to ensure your patching efforts are effective. Continue Reading

Pre-CISSP: Options for the security newbie

Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®. Continue Reading

Should the government define spyware?

Who's best qualified to define what is and isn't spyware -- your congressman or your online user community? Security experts say no entity can do it alone. Continue Reading

By

• Bill Brenner

Some vendors get labeled as spyware pushers

To win the battle with spyware, you must be able to spot it. That's not as easy as you think. Continue Reading

By

• Bill Brenner

A new era of computer worms: Wireless mobile worms

In this excerpt of Chapter 9 from "The Art of Computer Virus Research and Defense," author Peter Szor dissects the Cabir worm. Continue Reading

Learning Guide: Low-cost storage

Resources on low-cost networking, iSCSI, SATA and IP storage Continue Reading

By

• Andrew Burton

Your shout: Security and skills

Have your say at computerweekly.com Continue Reading

The acceptable rules of the mobile game

Mobile networks allow you to connect to your network from almost anywhere by the appropriate methodology. Yet that may also mean... Continue Reading

Who should be on (and off) the hook for ID theft?

An influential cryptographer and a panel of technologists today debate how best to fight false authentication and fraudulent transactions. Continue Reading

By

• Anne Saita, TechTarget

Are identities safer on laptops than central databases?

Microsoft pledges better ID security. Given the theft of a laptop storing 100,000 Social Security numbers, Redmond's approach could prove controversial. Continue Reading

By

• SearchSecurity.com Staff

Quiz: Do you have a firm e-mail security foundation?

This Security School quiz is the first in a series of three on e-mail security essentials. Continue Reading

Linux lags Windows in new security report

A controversial research paper takes a critical look at two popular platforms' track record on vulnerabilities and fixes. In turn, its findings are facing sharp scrutiny as well. Continue Reading

By

• Anne Saita, TechTarget

Botnets more menacing than ever

Researchers from the Honeynet Project and iDefense say bots are spreading quickly, digging their heels into more than a million machines around the world. Continue Reading

By

• Bill Brenner

RootkitRevealer turns root kits' tactics back at them

A contributor reviews freeware RootkitRevealer from Sysinternals. Continue Reading

Managed services: Looking to the long term

IT directors looking for an easy way to manage increasing volumes of data by buying more hardware could be storing up problems... Continue Reading

By

• Jessica Twentyman

ID theft and national security

Check out what some ITKnowledge Exchange members had to say about this controversial issue. Continue Reading

HIPAA causes data security problems for small businesses

If your local dentist isn't complying with HIPAA's security rules, he's not alone. Experts say most doctors' offices aren't getting it. Continue Reading

By

• Bill Brenner

HIPAA security rules apply to firms with healthcare plans

 Continue Reading

By

• Bill Brenner

HIPAA security rules set hurdles for struggling hospitals

Most healthcare organizations have one more month to meet the security requirements of the Health Insurance Portability and Accountability Act (HIPAA). Will they make it? Continue Reading

By

• Bill Brenner

Winning the cyber arms race in the classroom

In the struggle for cybersecurity, Lenny Zeltser's most important weapons are the classroom and the pen.

For the past few years he has taught part-time at the SANS Institute, creating a course on how to analyze malicious software,. He's also directed security efforts for several organizations as a consultant and employee. As a writer, he co-authored Inside Network Perimeter Security and contributed a few chapters to the book Malware: Fighting Malicious Code.

In this Q&A, Zeltser outlines his latest course offerings and book projects, and what he sees as today's greatest threats.

 Continue Reading

By

• Bill Brenner

Exploit code targets critical CA flaws

Anyone who ever evaluated CA software is potentially at risk. The good news is patches are available and a free scanner is out now to identify systems vulnerable to attack. Continue Reading

By

• Bill Brenner

Small businesses targeted with RFID

 Continue Reading

By

• Robert Westervelt, TechTarget

Passwords still the weakest link

Businesses are still struggling to convince their staff of the importance of password security, according to a survey of 67,000... Continue Reading

By

• Antony Savvas

A sound architecture involves both strong technology and a professional approach

Although many large organisations need to respond rapidly to changes in the market as well as to competition and globalisation... Continue Reading

By

• Alan Brown

Windows vulnerable to LAND attack

Security researchers say this type of attack leaves enterprise customers of popular Windows products open to a denial of service. There is good news, though. Continue Reading

By

• Bill Brenner

SMBs' real risk of being online

Stuart King CISSP, is responsible for online security and risk assessment for the Reed Elsevier Group. Continue Reading

Security Bytes: Cisco patch available for ACNS flaws

Workaround outlined for new php exploit. IBM issues patch for DB2 flaw. Payroll service goes offline to investigate security claims , and BoA loses personal data on customers. Continue Reading

By

• SearchSecurity.com Staff

Federal agency security still poor, but improving

Report cards give federal security a D-plus average, but the Homeland Security Department is still failing. Continue Reading

By

• Keith Regan, Contributing Writer

Local mirror

 Continue Reading

By

• Maryann Tripp

Local backup

 Continue Reading

By

• Maryann Tripp

Strategic Storage: DR planning blueprint

Developing a good disaster recovery (DR) plan is similar to good dental hygiene -- and almost as exciting. Similar to going to the dentist twice a year, you should also test your DR plan with the same frequency. Wait too long to clean up your plan and you'll be stuck with the root canal of recovering your data. Continue Reading

By

• Garry Kranz

The Controversy of Hacking Books and Classes

Read this excerpt and download Chapter 1, Ethics of Ethical Hacking from Shon Harris' All-in-One Gray Hat Hacking. Continue Reading

CEOs and CIOs split on IT success

Business and IT directors are still at loggerheads on key technology issues, according to a new survey by the Economist... Continue Reading

By

• Nick Huber

Compressed files strike another blow to AV

The "alternative" .rar files are picking up where popular .zip files left off as attack vectors. Continue Reading

By

• Shawna McAlearney, News Editor

ID theft remains No. 1 worry

For the fifth straight year, the FTC said most complaints came from identity theft victims. And that's a problem for enterprises. Continue Reading

By

• Bill Brenner

Cyberstorm chasers: The folks who look out for the latest Internet threats

They keep a 'round-the-clock watch on conditions in cyberspace. CTO Johannes Ullrich discusses the volunteer effort behind the SANS Internet Storm Center. Continue Reading

By

• Bill Brenner

Sun develops Centera competitor

 Continue Reading

By

• Jo Maitland, TechTarget

Financing the future

Don't get a headache working out the best ways to pay for hardware and software. Danny Bradbury offers a user-friendly guide to... Continue Reading

By

• Danny Bradbury

A 'critical' Patch Tuesday

Microsoft issues three security bulletins for January, two of them critical. Attackers have already exploited some of the vulnerabilities. Continue Reading

By

• Bill Brenner

Security Bytes: George Mason U. hacked; new Trojans on the loose

Hackers steal personal data of more than 30,000 members of George Mason University. Two new Trojans emerge. BMC Software buys a Parisian company. Continue Reading

By

• SearchSecurity.com Staff

Security on a Shoestring: Creating Internet policies on the cheap

No matter how small the organization, it's impractical to stand over employees and make sure they properly use the Internet. So here's how to write a decent acceptable use policy, and make sure everyone abides by it. Continue Reading

By

• Mathew Schwartz, Contributor

New solutions for the zero hour

IT vendors are looking to fill the gap between when a virus first hits and when its remedy is released. Continue Reading

By

• Jennifer Lawinski, News Writer

Fixes, workaround for Kerberos 5 vulnerability

A security hole could be exploited to launch malicious code. But there are fixes and a workaround. Continue Reading

By

• Bill Brenner

Transforming the cybersecurity culture

Eleven New Year's resolutions can help employees at all levels empower the security function at their organization. Continue Reading

By

• Shawna McAlearney, News Editor

The security lingo of 2004

This was the year of botnets, zombie PC armies and phishying online schemes. Continue Reading

By

• Bill Brenner

Think Sarbanes Oxley extension changes things? Think again

 Continue Reading

By

• David Foote, Foote Partners LLC

Botnets target the enterprise warn experts

Versatile and increasingly vicious bots will cause enterprises a lot of grief in 2005, security experts say. Continue Reading

By

• Bill Brenner

Crash Course: Recovery

What good is backing up your data if you can't get it back? The goal of this Crash Course on recovery is to make sure you can effectively and efficiently recover data no matter what iteration of the lifecycle it's in. Included here are also hints on how to construct a rock solid disaster recovery plan. Continue Reading

NTFS permissions

This excerpt from Chapter 5 of "The definitive guide to Windows 2000 security" discusses the advantages of using NTFS for access control. Continue Reading

By

• Paul Cooke

MoD may write off £200m Chinook helicopters

The Ministry of Defence could write off more than £200m spent on eight Chinook Mk3 helicopters. Continue Reading

By

• Tony Collins

Spamming the universe

 Continue Reading

By

• Douglas Schweitzer, Contributing Writer

IP everything, essentially

What are the fundamental deliverables of IP networks? How can you use IP networks to gain financial benefits in addition to... Continue Reading

The basis of profitability

Not so long ago, you didn't have much choice - your IT and communications requirements were acquired, implemented and maintained... Continue Reading

Symantec offers bare metal restore software

 Continue Reading

By

• Shane O'Neill

Training for CISSP Certification: SearchSecurity.com's Security School

Study guides for each of the ten domains of the CBK for those preparing to take the CISSP exam or expanding their knowledge of security concepts and practices. Continue Reading

Authorize.Net says it has 'learned' from attack

The credit card processing service was unprepared for the kind of attack it suffered last week, but it will use the experience to improve security. Continue Reading

By

• Bill Brenner

Survey shows SOX bringing IT, business together

 Continue Reading

By

• Ed Parry, News Editor