November 2005

  • Educate users about security awareness

    User education is one of the hardest security layers for administrators to implement. This article by contributor Tony Bradley provides the top ten things users should know about information security.

  • Multiple new Sober variants spy on passwords

    AV firms say the latest Sober worms drop malicious files onto the computers to fetch access codes.

  • SUS, WSUS, SMS and beyond

    This tip outlines the differences between SUS, WSUS and SMS, and offers advice on when to invest in a third-party patching tool.

  • Developing an incident response plan

    In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.

  • Integrated security solutions

    Our security management expert examines how the continual insider threat warrants the need for integrated security solutions and explains how creating a self-defending network helps meet this need.

  • Patching gets faster, but threats shifting focus

    New research shows organizations are applying security fixes faster than ever, thanks in large part to patch prioritization. But it may be time to prepare for a new wave of threats.

  • Delivering daily security tips to users

    Educating users on security is a big part of overall security. This little-known Quote of the Day protocol can help dispense advice using a login script without overwhelming the user. Networking ex...

  • Websense Enterprise 5.5

    Learn why Information Security magazine believes this product is ideal for organizations who need an robust Internet filtering solution.

  • Sony rootkit uninstaller causes bigger threat

    Princeton researchers say a security hole that appears when users try to remove Sony's copy protection software presents an even greater risk than the original rootkit.

  • IDS: Still head of the class in security education

    Despite its "old school" image, a technologist at the CSI Computer Security Conference says intrusion detection offers quite an education in network security.

  • What is required to deploy Web server application in MS Application Center

    In this Ask the Expert Q&A, our application security expert examines whether or not it's possible to exclude X.509 certificates and private keys if you use MS Application Center to deploy a Web ser...

  • Hackers installing keyloggers at a record rate

    iDefense researchers have found that keylogger infections are up 65% over the year before, putting the private data of tens of millions of users at risk.

  • SOX Compliance for the Security Practitioner

    This collection of resources offers security managers in-depth information to help keep their organization compliant with the Sarbanes-Oxley (SOX) Act. Learn how security practitioners are handling...

  • The CISO's newest duty: bailiff

    At the CSI 32nd annual Computer Security Conference, CISOs say compliance is becoming more burdensome as they must often ensure executives stay out of trouble.

  • IPsec-related flaw could yield new round of attacks

    Attackers could exploit a vulnerability in a security protocol widely used in VPNs to cause a denial of service or buffer overflows, or to launch malicious code.

  • Security School

    SearchSecurity.com, the Web's top informational resource for today's enterprise IT professional, delivers free online training for the CISSP® certification. Benefit from a series of 10 training...

  • Security Bytes: FTC cracks down on alleged spyware distributors

    Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in quest...

  • Trojans target Sony DRM and Windows

    Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week.

  • Loss, theft still No. 1 threat to mobile data

    While hackers, worms and viruses can attack a wireless network, experts say valuable data more often becomes the victim when a device is lost or stolen.

  • Commentary: Why companies still struggle with compliance

    A security analyst with a major rental car company has some theories on why companies aren't meeting government mandates for data security.