May 2006

  • Security Bytes: Skype dodges attackers

    Meanwhile: A worm hijacks IE and spreads via Yahoo IM, Ohio University reorganizes IT department after data theft; and Symantec accuses Microsoft of misusing technology.

  • IIS security: Configure Web server permissions for better access control

    Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuri...

  • Zero-day threat targets Microsoft Word

    Update: Symantec says a targeted exploit uses Microsoft Word to open a backdoor in users' systems. It recommends blocking .doc files at the network perimeter. Microsoft is working on a fix.

  • Blue Security's demise evokes mixed emotions

    In this week's Security Blog Log, there's no shortage of opinions on Blue Security's decision to fold after its antispam crusade put its customers at risk.

  • How to install and configure Nmap for Windows

    In this second installment of our Nmap Technical Manual, SearchSecurity expert Michael Cobb offers pointers on how to install and configure Nmap for Windows.

  • Security Bytes: AV giants team up against eBay pirates

    In other news, a new poll shows Cisco and Microsoft reaping the benefits of security spending and Sun addresses a Java flaw.

  • Opinion: Readers respond to 'student' CISSPs

    Here are a select few of the many reader responses we received quite last week following Sean Walberg's column on colleges offering CISSP and SSCP certification classes as part of their undergradua...

  • (ISC)2: 'Nothing has changed' on CISSP requirements has received plenty of reader response to a column from Winnipeg, Manitoba-based author and infosec professional Sean Walberg, in which he argued that the highly-valued Certified Information...

  • For students with 'learnability,' a future in IT via India

    Add the Indian IT powerhouse Infosys to the list of companies recruiting at American colleges this year. The fast-growing company sees a diverse workforce as its future. Some American students see ...

  • Novell patches eDirectory buffer overflow vulnerability

    Novell has addressed a flaw in the iMonitor component of its eDirectory LDAP directory service that could be exploited to cause a denial of service.

  • Treating email as potential evidence

    There is a growing need to archive email data, and today there are several ways to do it. Experts suggest it's time to consider what methods work best for the enterprise.

  • Opinion: What is a security professional, anyway?

    The problem with information security certifications isn't that they're being offered to those without experience, writes Pete Herzog. The real issue is that security pros are often measured by the...

  • Merger madness: What to do when your infosec vendor gets acquired

    When your favorite security vendor merges or is acquired, the only thing you can expect for certain is change. This article outlines the pros and cons of vendor mergers and acquisitions, and how cu...

  • How to manage user permissions

    Managing multiple user permissions can be a daunting task. Learn best practices for managing these permissions including servicing account passwords, granting local admin access, permissions for fi...

  • The pros and cons of PKI and two-factor authentication methods

    There are myriad authentication methods to choose from today; learn the pros and cons of two such methods, Public Key Infrastructures and two-factor authentication systems, and how each system help...

  • Skype: Its dangers and how to protect against them

    Skype may be free for end users but it could be costing your enterprise its security. This tip outlines the free VoIP solution's security risks and offers tips for keeping Skype off of the network.

  • Antispam crusade backfires; Blue Security shuts down

    The move comes on the heels of a massive counterattack spammers launched against the company, knocking millions of Web sites offline in the process.

  • Should employees have local admin rights?

    While it may save you time, granting users local administrator rights also puts your organization at risk. Discover why this practice is considered a risk and learn alternate access control methods...

  • Are smart cards tamper-proof?

    While choosing to use smart cards to authenticate users may seem like the smart move, know that they are not tamper-proof. Discover what industry standards are available to protect your organizatio...

  • Security Bytes: Fix available for RealVNC flaw

    In other news, changes may be coming for the Payment Card Industry (PCI) data security standard and Diebold will address security risks in its voting machines.