August 2006

  • Security event management, no strings attached

    Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options.

  • Ajax threats worry researchers

    Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers.

  • Countering attackers with NAC, IPS

    Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment.

  • What's a Hot Pick?

  • Possible Cisco zero-day exploit revealed at Black Hat

    Details of an alleged flaw related to SIP and PIX appliances, briefly mentioned in a Wednesday Black Hat presentation, are being kept under wraps as Cisco and US-CERT investigate.

  • Twelve Microsoft fixes coming on Patch Tuesday

    Microsoft Tuesday will release a dozen new security bulletins for its Windows and Office products, likely including fixes for several outstanding PowerPoint flaws.

  • Old attack vectors are back in style

    Black Hat: Like hip-huggers and tweed, once-popular attack methods like ciphertext manipulation are finding new life as hackers look to cut through well-worn Web applications.

  • Security Bytes: Cisco coping with more Black Hat revelations

    Speakers at Black Hat USA 2006 have revealed a Cisco CallManager Express flaw and a proof-of-concept exploit. Also: Patches for GroupWise and yet another Firefox update.

  • RFID security issues are cause for corporate concern

    Although small in nature, RFID tags could be used to attack databases and corrupt critical information. It's a growing concern as corporate RFID use skyrockets, yet experts say there are reasonable...

  • PING with Heidi Kujawa

    In an exclusive interview with Information Security magazine, Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more t...

  • Avoiding the scourge of DNS amplification attacks

    DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization.

  • Endpoint security quiz answers

  • Litchfield: Database security is IT's biggest problem

    Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data.

  • Brief: Moore releases flaw-finding tool

    On the eve of Black Hat, Metasploit Project founder H.D. Moore has released a new tool for finding vulnerabilities in Internet Explorer ActiveX controls, and an updated version of the Metasploit Fr...

  • Feds court infosec pros in fight against cybercrime

    Black Hat: Federal law enforcement officials hope a more cooperative and less territorial approach will help convince private sector organizations to join the fight against cybercrime.

  • Wireless cards make notebooks easy targets for hackers

    Update: Researchers who demonstrated how to hack a MacBook at Black Hat admit that they used a third-party device driver. But the threat to wireless devices is still serious.

  • Intel's Centrino gear vulnerable to attack

    Chip giant Intel says a trio of flaws may lead to remote code execution, privilege escalation and disclosure of security information. AV firms say the flaws could spawn a new wireless worm.

  • Web services represent security's next battlefront

    The evolution and mainstream use of Web services has placed the nascent technology in the crosshairs of attackers, and one firm in particular says it can mitigate the threats.

  • Security Bytes: Exploits targeting freshly patched Apple flaw

    The crew in Cupertino patches nearly two dozen holes in OS X, but not before exploits are unleashed. Plus McAfee fixes a critical flaw and EMC gets the OK to buy RSA.

  • Total Information Awareness (TIA)

    Total Information Awareness (TIA) is the name of a massive U.S. data mining project focused on scanning travel, financial and other data from public and private sources with the goal of detecting ...