November 2005

  • Developing an incident response plan

    In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan.

  • Multiple new Sober variants spy on passwords

    AV firms say the latest Sober worms drop malicious files onto the computers to fetch access codes.

  • Integrated security solutions

    Our security management expert examines how the continual insider threat warrants the need for integrated security solutions and explains how creating a self-defending network helps meet this need.

  • SUS, WSUS, SMS and beyond

    This tip outlines the differences between SUS, WSUS and SMS, and offers advice on when to invest in a third-party patching tool.

  • Patching gets faster, but threats shifting focus

    New research shows organizations are applying security fixes faster than ever, thanks in large part to patch prioritization. But it may be time to prepare for a new wave of threats.

  • MD5 vs. RC4

    In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each.

  • Delivering daily security tips to users

    Educating users on security is a big part of overall security. This little-known Quote of the Day protocol can help dispense advice using a login script without overwhelming the user. Networking ex...

  • What is required to deploy Web server application in MS Application Center

    In this Ask the Expert Q&A, our application security expert examines whether or not it's possible to exclude X.509 certificates and private keys if you use MS Application Center to deploy a Web ser...

  • IDS: Still head of the class in security education

    Despite its "old school" image, a technologist at the CSI Computer Security Conference says intrusion detection offers quite an education in network security.

  • Hackers installing keyloggers at a record rate

    iDefense researchers have found that keylogger infections are up 65% over the year before, putting the private data of tens of millions of users at risk.

  • Sony rootkit uninstaller causes bigger threat

    Princeton researchers say a security hole that appears when users try to remove Sony's copy protection software presents an even greater risk than the original rootkit.

  • Websense Enterprise 5.5

    Learn why Information Security magazine believes this product is ideal for organizations who need an robust Internet filtering solution.

  • SOX Compliance for the Security Practitioner

    This collection of resources offers security managers in-depth information to help keep their organization compliant with the Sarbanes-Oxley (SOX) Act. Learn how security practitioners are handling...

  • The CISO's newest duty: bailiff

    At the CSI 32nd annual Computer Security Conference, CISOs say compliance is becoming more burdensome as they must often ensure executives stay out of trouble.

  • IPsec-related flaw could yield new round of attacks

    Attackers could exploit a vulnerability in a security protocol widely used in VPNs to cause a denial of service or buffer overflows, or to launch malicious code.

  • Security School

    SearchSecurity.com, the Web's top informational resource for today's enterprise IT professional, delivers free online training for the CISSP® certification. Benefit from a series of 10 training...

  • Security Bytes: FTC cracks down on alleged spyware distributors

    Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in quest...

  • Data shows spyware becoming 'global pandemic'

    The worldwide spyware threat is only growing, according to a new study, and the most serious hazards -- Trojans and keystroke loggers -- represent a grave threat to unsuspecting corporations.

  • Commentary: Why companies still struggle with compliance

    A security analyst with a major rental car company has some theories on why companies aren't meeting government mandates for data security.

  • Loss, theft still No. 1 threat to mobile data

    While hackers, worms and viruses can attack a wireless network, experts say valuable data more often becomes the victim when a device is lost or stolen.