August 2006

  • SSO: What verticals are further ahead in deploying this authentication mechanism?

    In this Identity Management and Access Control Q&A our resident expert reviews why the SSO marketplace tends to be vertically integrated and discusses what may occur as SSO shifts to smaller organi...

  • AOL apologizes for exposing search data

    A spokesman for the ISP-turned-portal says the release of keyword search information from about 658,000 anonymous AOL users was a "screw up" that was based on good intentions.

  • How to create an optional login for the same application

    In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to create optional logins for your applications.

  • Inside MSRC: Time to rethink security workarounds

    Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows up...

  • Telecommuting security: Protecting sensitive data inside and out

    The rash of laptop thefts in recent months has brought telecommuting and remote access security to the forefront of many information security professionals' minds. In this tip, Joel Dubin examines ...

  • The pros and cons of data wiping

    Weigh the pros and cons of software disk-wiping and determine if it can protect against data compromise in this Platform Security Ask the Expert Q&A

  • Update: Microsoft's fixes 23 flaws, DHS urges action

    Updated: Microsoft releases a dozen August security updates, nine critical. The Department of Homeland Security says one fix in particular should be implemented immediately.

  • Extending SSO outside the company: Is it worth the risk?

    Thinking of extending SSO outside your company? Read this Identity Management and Access Control Ask the Expert Q&A. Resident expert Joel Dubin examines it's potential risks and what organizations ...

  • RFID tags: Do they have a secure future?

    RFID tags, an automatic identification method can be useful, but do they have a future? In this Identity Management and Access Control Ask the Expert Q&A, resident expert Joel Dubin explains how RF...

  • How to prevent VoIP phishing

    Don't fall prey to a VoIP phishing scam. In this Information Security Threats Ask the Expert Q&A, Ed Skoudis explains why end-to-end encrypted VoIP phones cannot prevent VoIP scams and how to prote...

  • VA desktop PC stolen, 36,000 could be at risk

    Update: The incident marks the second time in less than three months that a VA device with sensitive information has been compromised. One expert blames the systematic problem of too much internal ...

  • Creating a security awareness program

    In this Information Security Threats Ask the Expert Q&A, Ed Skoudis explains how creating a security awareness program can help thwart the insider threat.

  • RSS, Atom feeds ripe for attack

    Black Hat: A researcher demonstrates how RSS and Atom feeds can spread the payload of a zero-day attack. His advice? Subscribe to feeds with care.

  • Combating phishing scams

    In this Information Security Threats Ask the Expert Q&A, Ed Skoudis reviews what to do if you've been phished and identifies the phishing coalitions that can help combat this email threat

  • Security Bytes: CA fixes eTrust Antivirus flaws

    Meanwhile: Online thieves steal $700,000 from personal accounts, researchers expose e-passport vulnerability; and arrests are made in the VA security breach case.

  • Spyware war may be a losing battle, experts say

    Black Hat: Spyware is a top concern among security professionals, but experts say there may be no technology that can stop its spread. Instead, the spyware battle may need to be waged on a differen...

  • XP SP2 pushed back

    A network management expert and Windows MVP outlines highlights from the coming release of Microsoft's much-anticipated Windows XP Service Pack 2.

  • Countering attackers with NAC, IPS

    Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment.

  • Security event management, no strings attached

    Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options.

  • Ajax threats worry researchers

    Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers.