January 2006

  • registration authority (RA)

    A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.

  • FTC promotes ID theft awareness

    The government's new quiz aims to highlight the growing problem, but the latest data suggests many consumers still fail to protect their identity.

  • Security Bytes: Firefox flaw could expose sensitive data

    Meanwhile: MIT researchers warn of attacks exploiting Skype; man gets two years in prison for selling Microsoft source code; Fortinet and Trend Micro settle a patent dispute.

  • PING with Yan Noblot

    In an interview with Information Security magazine, Yan Noblot, IT security manager of the Winter Olympics, offers some insight on what it takes to keep a global event secure.

  • Vendors to stave off spyware scanning surprises

    Trend Micro, McAfee, Symantec and others agree to find a common approach to antispyware product testing, ideally making it easier for users to spot more spyware with fewer scanners.

  • How to use fuzzing to deter VoIP protocol attacks

  • Understanding VoIP protocols

  • VoIP protocols: A technical guide

    This guide reviews the two main protocols that power VoIP -- Session Initiation Protocol (SIP) and H.323 -- and their known vulnerabilities, as well as how functional protocol testing ("fuzzing") c...

  • VoIP protocol insecurity

  • ethical worm

    An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities.

  • Automate SQL injection testing

    Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. Instead, run automated SQL injection tests. In this tip, security guru Kevin Beaver...

  • Researcher: Oracle failed to patch critical flaw

    Attackers could exploit a critical flaw in the Oracle PLSQL Gateway, a researcher warns, saying users have been vulnerable for months, but Oracle sees it differently.

  • Security Blog Log: Is Nyxem really that dangerous?

    The worm has certainly spooked the blogosphere this week. Senior News Writer Bill Brenner recaps the reasons why, and wonders if there's hyperbole in the warnings.

  • Open source security in a Windows enterprise

    While Open source security products can provide low-cost security, enterprises are reluctant to depend on them. In this tip contributor Tony Bradley examines why this is so and how this relunctanc...

  • Report: Security pros must learn exec lingo

    Want the top brass to support your security initiatives? Learn to speak their language, suggests the Information Systems Audit and Control Association (ISACA).

  • ChoicePoint settles FTC charges, pays $15 million

    The personal records firm will pay $10 million in civil penalties and $5 million for consumer redress to settle charges after a widely publicized incident last year when thieves stole records of mo...

  • Cisco patches latest IOS security hole

    Attackers could exploit the flaw to bypass command authorization checks and gain escalated user privileges. It affects IOS version 12.0T or later.

  • Checklist: 11 things to do after a hack

    Your network's been cracked, what do you do next? Contributor Jonathan Hassell recommends following these eleven steps to limit damage and preserve evidence.

  • Passwords still the weakest link

    But more software is beginning to keep insiders from using shared or administrative passwords to access restricted data files, helping to ensure SOX compliance.

  • Security Bytes: Coalition establishing spyware blacklist

    Meanwhile: A botnet mastermind pleads guilty; flaws affect CA products; Gartner pans Oracle security; and the University of Notre Dame probes a network breach.