December 2005 | Archive by Month |

December 2005

  • The pros and cons of FTP over SSL

    Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&A

  • Sony settles DRM rootkit lawsuit for cash, 'clean' music

    The entertainment giant agrees to give away millions of free music and stop using the prying software that got it into legal trouble. Texas, however, is still pursuing its own legal action.

  • Web application variable manipulation

    Learn what happens to a Web application that uses two certificates: a client-side SSL certificate and a server-side certificate, and whether this certificate combination prevents Web application ma...

  • Security Bytes: New threats target IM chatters, Web browsers

    A new Trojan hopes MSN Messenger users take the bait; a zero-day vulnerability could make life miserable for Web browsers; and Marriott is the latest to confess to lost backup tapes.

  • Tips for securing iPods in the enterprise

    Despite the dangers iPods pose to the corporate network, your users may have a legitimate business reason for using them. If you can't ban them outright, here's how you can minimize their risk.

  • Synching passwords between an iSeries and Windows network

    Learn whether it is possible to synch passwords between an iSeries and a Windows network, and, if there a way to synch password between multiple iSeries, in this Ask the Expert Q&A.

  • Geek giggles: The top 10 Missing Links of 2005

    So we're only half-telling the truth. We like to think these wacky tech-related stories kept our readers smiling longer than it takes to hit the delete button.

  • CSOs seek regulatory sanity in 2006

    IT security officers long for a common system to comply with laws that are similar, but often have conflicting demands. Some say a single set of federal guidelines could help, but others fear the i...

  • Spyware, application attacks to be biggest 2006 threats

    Security experts say virus writers will turn their attention to spyware in the year ahead, victimizing many still-unsuspecting users. Application-specific attacks, phishing and data exposures will ...

  • Gaining access using application and operating system attacks

    In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security prof...

  • Best practices for risk management programs

    In this Ask the Expert Q&A our security management guru reviews a variety of standards and methodologies to determine what and how to use them throughout an organization's information security prog...

  • Hacker holiday greetings: Social engineering tactics

    While hackers may have a myriad of programs and exploits to choose from, they all pale in comparision to their numbe one weapon: social engineering. In this tip, contributor Tony Bradley provides s...

  • PING with Marcus Sachs

    In an interview with Information Security magazine, Marcus Sachs, a director in SRI International's Computer Science Laboratory, explains what it means to direct the Department of Homeland Security...

  • Sony struggles to regain trust

    The company is trying to mend a reputation bruised over its antipiracy practices. One advocate for online civil liberties explains why redemption is a long way off.

  • Why form fields aren't a good place to hide sensitive information

    Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secur...

  • Security Bytes: Flaws plague Symantec, McAfee

    Meanwhile: An IM worm exploits the holidays, Cisco offers workarounds for vulnerabilities in IOS and Oracle is using Forify's technology to boost security.

  • Guidance turns investigative tools on itself

    The forensics software firm says it was compromised by hackers in November. It's just one in a growing list of companies admitting to recent attacks or lax security.

  • Lost and found: DHL returns missing data tape

    Two million ABN AMRO Mortgage customers breathe a sigh of relief after a backup tape had been reported missing. Still, customers are urged to check their credit activity.

  • Proxy server functions

    In this Ask the Expert Q&A, our platform security expert details how proxy servers work and determines whether they protect personal and sensitive information safe from hacker exploits.

  • Introduction to COBIT for SOX compliance

    The Sarbanes-Oxley Act does not detail compliance requirements for IT, so many enterprises and auditors have adopted the standard COBIT, introduced here.