December 2005

  • Lost and found: DHL returns missing data tape

    Two million ABN AMRO Mortgage customers breathe a sigh of relief after a backup tape had been reported missing. Still, customers are urged to check their credit activity.

  • Security Bytes: Flaws plague Symantec, McAfee

    Meanwhile: An IM worm exploits the holidays, Cisco offers workarounds for vulnerabilities in IOS and Oracle is using Forify's technology to boost security.

  • Guidance turns investigative tools on itself

    The forensics software firm says it was compromised by hackers in November. It's just one in a growing list of companies admitting to recent attacks or lax security.

  • Symantec shuts down discussion groups

    One user has started a new, independent forum in response, saying IT professionals need a place to find support for problems related to the AV giant's products.

  • Proxy server functions

    In this Ask the Expert Q&A, our platform security expert details how proxy servers work and determines whether they protect personal and sensitive information safe from hacker exploits.

  • Why form fields aren't a good place to hide sensitive information

    Web security guru Michael Cobb, takes an in-depth look at the dangers of HIDDEN form fields, how attackers use them to gain unauthorized entry or hijack sessions, and most importantly, how to secur...

  • Security Bytes: McAfee sees growing mobile threat in 2006

    In other news, IBM addresses Java flaws; patches don't get along with IE 7; and hackers force game maker to shut down.

  • E-greetings, screensavers bring more tears than cheers

    Vendors that track spyware are noticing more of it stuffed into holiday greeting cards, screensavers and customized gift tags for virtual Christmas trees. Learn how to avoid these and other downloa...

  • Introduction to COBIT for SOX compliance

    The Sarbanes-Oxley Act does not detail compliance requirements for IT, so many enterprises and auditors have adopted the standard COBIT, introduced here.

  • Freeware detects insecure wireless networks

    Learn how NetStumbler, a free utility, helps network admins determine if a wireless network is insecure or just lacking in signal strength.

  • Changing user IDs and passwords

    Learn why organizations should limit the number of username changes in this identity and access management ATE Q&A.

  • Java programming resources

    Find Java-specific resources here.

  • Security updates fix Macromedia flaws

    Attackers could exploit vulnerabilities to bypass security controls, gain administrative privileges and cause a denial-of-service. But fixes are available.

  • Trio of trouble: Malcode targets Windows, IM users

    AV firms warn IT shops to guard against Dasher, Bagle and Banbra. Dasher targets a Windows flaw patched in October, while Banbra spreads through IM.

  • Step-by-step guide: Cracking network passwords

    Mitigate the risks posed by weak passwords by attempting to find your weaknesses before a malicious hacker does. Contributor Kevin Beaver provides a step-by-step guide on how to crack your own netw...

  • Patch testing on a budget

    While it is best to test patches prior to production, testing environments can be costly. This tip explains how to reduce these costs.

  • physical security

    Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, o...

  • Flaws reported in Trend Micro ServerProtect

    Storage and security managers should be wary of vulnerabilities in the AV product that could enable a denial-of-service and malicious code execution. Workarounds are available.

  • For Microsoft, security and trust prove elusive

    Following the recent beta release of its OneCare Live security offering, Microsoft seems poised to dip its toe into the lucrative enterprise security and software services market. Despite its long ...

  • The 5 A's of functional SAN security

    This tip examines why admins should follow the 5 A's of SAN security: Authentication, access, audits, alarms and availability, to keep their SAN secure.