March 2006

  • Microsoft to patch flaws in Windows, Office

    The software giant said the Office update on tap for Tuesday will be "critical," while the Windows fix will be rated "important."

  • Best practices for pen testing Web applications

    Performing a Web application penetration test can gauge how well your Web application can withstand an attack. In this tip, platform security expert Michael Cobb provides best practices for perform...

  • Scientists band together for TRUST-worthy research

    A group of the nation's top computer scientists and colleges are teaming up to find better ways to protect computing systems from cyberattacks.

  • Attacks driven by love of money

    Symantec's latest threat report shows digital desperadoes are exploiting Web application flaws and using "modular" malcode to launch lucrative attacks.

  • Security pros aren't stained by BlackBerry tiff

    A BlackBerry blackout would have been tough for on-the-go e-mail addicts, but it was never a security concern, if a survey of IT professionals is any indication.

  • Security Bytes: Mac patch falls short of expectations

    In other news, one hacker gains root access to a Mac while another shows how to compromise Microsoft Fingerprint Reader.

  • Know your wireless encryption options

    Understanding wireless encryption is essential to deploying a secure wireless network. Contributor Tony Bradley breaks down the different encryption methods and explains why some are better than ot...

  • How SSOs differ from login and passwords

    Learn how SSO systems and login and passwords differ, and which systems are more likely to be exploited and why in this Ask the Expert Q&A.

  • State-based attacks: Session management

    In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session man...

  • Sourcefire acquisition under government scrutiny

    Government officials are considering whether to thwart Israel-based Check Point's $225 million acquisition of Sourcefire. Some say foreign ownership of Snort may threaten national security.

  • Review: Symantec's integrated security appliance a good fit

    It's the GUI that really gets the Gateway Security 5600 series a thumb's up from Information Security editors.

  • Review: Latest DeviceWall geared to SMBs

    Worried your intellectual property's walking out the door? Centennial Software's got a way to plug a widening security hole that Information Security editors like.

  • Security Blog Log: Hacking for grades causes a stir

    A college exercise in hacking doesn't sit well with some bloggers. Meanwhile, a bear shows us a thing or two about security and Webroot loses its public voice.

  • Hot Pick: NFR repeats top honors in intrusion prevention

    Sentivist 5.0 takes the company's IPS to a new level -- a true enterprise-level product. Find out why Information Security editors believe it's worth the investment.

  • Content Spoofing

    This excerpt from "Preventing Web Attacks with Apache" explains how content spoofing attacks exploit vulnerabilities and how to use Apache to protect against them.

  • Man-in-the-middle attacks

    This excerpt from Chapter 2 of "Securing Storage: A Practical Guide to SAN and NAS Security" examines how man-in-the-middle attacks affect Fibre Channel security and examines how to determine if y...

  • Protect your business from a Google hack

    Learn how to use advanced operators, special searching techniques offered by Google that enable advanced queries, to discover if your company's sensitive security information is exposed on the Inte...

  • Apple fixes more than a dozen OS X flaws

    The pile of security updates is Apple's response to not only a critical flaw uncovered last week, but also to the recent scrutiny regarding the security of its flagship OS.

  • Proof-of-concepts heighten mobile malware fears

    By themselves, Crossover and RedBrowser are fairly harmless, but they're a sign that the digital underground is likely working toward large-scale attacks against handheld devices.

  • Recent Releases: Security product briefs, March 2006

    Read about the security products that launched in March 2006.