January 2006

  • registration authority (RA)

    A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.31 Jan 2006

  • Security Bytes: Firefox flaw could expose sensitive data

    Meanwhile: MIT researchers warn of attacks exploiting Skype; man gets two years in prison for selling Microsoft source code; Fortinet and Trend Micro settle a patent dispute.31 Jan 2006

  • FTC promotes ID theft awareness

    The government's new quiz aims to highlight the growing problem, but the latest data suggests many consumers still fail to protect their identity.31 Jan 2006

  • Vendors to stave off spyware scanning surprises

    Trend Micro, McAfee, Symantec and others agree to find a common approach to antispyware product testing, ideally making it easier for users to spot more spyware with fewer scanners.30 Jan 2006

  • PING with Yan Noblot

    In an interview with Information Security magazine, Yan Noblot, IT security manager of the Winter Olympics, offers some insight on what it takes to keep a global event secure.30 Jan 2006

  • How to use fuzzing to deter VoIP protocol attacks

    29 Jan 2006

  • VoIP protocols: A technical guide

    This guide reviews the two main protocols that power VoIP -- Session Initiation Protocol (SIP) and H.323 -- and their known vulnerabilities, as well as how functional protocol testing ("fuzzing") c...29 Jan 2006

  • VoIP protocol insecurity

    29 Jan 2006

  • Understanding VoIP protocols

    29 Jan 2006

  • ethical worm

    An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities.27 Jan 2006

  • Security Blog Log: Is Nyxem really that dangerous?

    The worm has certainly spooked the blogosphere this week. Senior News Writer Bill Brenner recaps the reasons why, and wonders if there's hyperbole in the warnings.27 Jan 2006

  • Researcher: Oracle failed to patch critical flaw

    Attackers could exploit a critical flaw in the Oracle PLSQL Gateway, a researcher warns, saying users have been vulnerable for months, but Oracle sees it differently.27 Jan 2006

  • Automate SQL injection testing

    Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. Instead, run automated SQL injection tests. In this tip, security guru Kevin Beaver...27 Jan 2006

  • Open source security in a Windows enterprise

    While Open source security products can provide low-cost security, enterprises are reluctant to depend on them. In this tip contributor Tony Bradley examines why this is so and how this relunctanc...26 Jan 2006

  • Cisco patches latest IOS security hole

    Attackers could exploit the flaw to bypass command authorization checks and gain escalated user privileges. It affects IOS version 12.0T or later.26 Jan 2006

  • Report: Security pros must learn exec lingo

    Want the top brass to support your security initiatives? Learn to speak their language, suggests the Information Systems Audit and Control Association (ISACA).26 Jan 2006

  • Passwords still the weakest link

    But more software is beginning to keep insiders from using shared or administrative passwords to access restricted data files, helping to ensure SOX compliance.26 Jan 2006

  • ChoicePoint settles FTC charges, pays $15 million

    The personal records firm will pay $10 million in civil penalties and $5 million for consumer redress to settle charges after a widely publicized incident last year when thieves stole records of mo...26 Jan 2006

  • Checklist: 11 things to do after a hack

    Your network's been cracked, what do you do next? Contributor Jonathan Hassell recommends following these eleven steps to limit damage and preserve evidence.26 Jan 2006

  • Security Bytes: Coalition establishing spyware blacklist

    Meanwhile: A botnet mastermind pleads guilty; flaws affect CA products; Gartner pans Oracle security; and the University of Notre Dame probes a network breach.25 Jan 2006