November 2005

  • Developing an incident response plan

    In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.

  • Educate users about security awareness

    User education is one of the hardest security layers for administrators to implement. This article by contributor Tony Bradley provides the top ten things users should know about information security.

  • Multiple new Sober variants spy on passwords

    AV firms say the latest Sober worms drop malicious files onto the computers to fetch access codes.

  • Patching gets faster, but threats shifting focus

    New research shows organizations are applying security fixes faster than ever, thanks in large part to patch prioritization. But it may be time to prepare for a new wave of threats.

  • SUS, WSUS, SMS and beyond

    This tip outlines the differences between SUS, WSUS and SMS, and offers advice on when to invest in a third-party patching tool.

  • Delivering daily security tips to users

    Educating users on security is a big part of overall security. This little-known Quote of the Day protocol can help dispense advice using a login script without overwhelming the user. Networking ex...

  • MD5 vs. RC4

    In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.

  • What is required to deploy Web server application in MS Application Center

    In this Ask the Expert Q&A, our application security expert examines whether or not it's possible to exclude X.509 certificates and private keys if you use MS Application Center to deploy a Web ser...

  • Sony rootkit uninstaller causes bigger threat

    Princeton researchers say a security hole that appears when users try to remove Sony's copy protection software presents an even greater risk than the original rootkit.

  • IDS: Still head of the class in security education

    Despite its "old school" image, a technologist at the CSI Computer Security Conference says intrusion detection offers quite an education in network security.

  • SOX Compliance for the Security Practitioner

    This collection of resources offers security managers in-depth information to help keep their organization compliant with the Sarbanes-Oxley (SOX) Act. Learn how security practitioners are handling...

  • Websense Enterprise 5.5

    Learn why Information Security magazine believes this product is ideal for organizations who need an robust Internet filtering solution.

  • Hackers installing keyloggers at a record rate

    iDefense researchers have found that keylogger infections are up 65% over the year before, putting the private data of tens of millions of users at risk.

  • Security School, the Web's top informational resource for today's enterprise IT professional, delivers free online training for the CISSP® certification. Benefit from a series of 10 training...

  • IPsec-related flaw could yield new round of attacks

    Attackers could exploit a vulnerability in a security protocol widely used in VPNs to cause a denial of service or buffer overflows, or to launch malicious code.

  • The CISO's newest duty: bailiff

    At the CSI 32nd annual Computer Security Conference, CISOs say compliance is becoming more burdensome as they must often ensure executives stay out of trouble.

  • Security Bytes: FTC cracks down on alleged spyware distributors

    Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in quest...

  • Data shows spyware becoming 'global pandemic'

    The worldwide spyware threat is only growing, according to a new study, and the most serious hazards -- Trojans and keystroke loggers -- represent a grave threat to unsuspecting corporations.

  • Loss, theft still No. 1 threat to mobile data

    While hackers, worms and viruses can attack a wireless network, experts say valuable data more often becomes the victim when a device is lost or stolen.

  • Trojans target Sony DRM and Windows

    Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week.