January 2007 | Archive by Month | SearchSecurity.com

January 2007

  • Using role management in provisioning and compliance

    Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary acces...

  • Group gives government low marks on data protection

    The Cyber Security Industry Alliance, a lobbying group of security vendors, gives the federal government and congress a D-grade for securing sensitive information.

  • PING with Josh Seeger

    Josh Seeger, CIO of Tribune Broadcasting, a unit of the Tribune Company, talks exclusively about lessons learned when faced with the complex task of meeting the Payment Card Industry Data Security...

  • Microsoft disputes Word zero-day report

    Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new.

  • More from SearchSecurity.com -- January 2007

    Highlights from Information Security magazine's January 2007 issue

  • Symantec exploitation video hits YouTube

    Symantec posted a clip on the popular video-sharing site showing researchers using a newly discovered flaw in Microsoft Word to drop an executable on a vulnerable machine.

  • Symantec unveils 'universal ID system'

    Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers.

  • Windows Vista voice command tricked

    An attacker found a way to play audio commands at a user's machine, tricking the voice command capability in Vista into running arbitrary code.

  • Quiz: Using IAM tools to improve compliance

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School.

  • Using IAM, password and provisioning management tools for compliance

    Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes.

  • Entrust to sell cheaper hardware tokens

    Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry.

  • TJX faces lawsuit over data breach

    A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month.

  • Member Benefits

    Activate your FREE membership today and receive customized white papers, webcasts, technical tips, expert advice and more - to be delivered right to your inbox. Join today!

  • Do XPath injection attacks require the same response as SQL injections?

    XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can prot...

  • Is Sender ID an effective email authentication tool?

    Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the e...

  • Symantec acquiring Altiris for $830 million

    Symantec says it will bolster its endpoint security position with the acquisition of IT management software firm Altiris.

  • IBM tool makes online purchases anonymous

    A new tool makes online purchases anonymous by using artificial identity information. Experts say enterprises need to adopt the technology before it can become a viable option.

  • Apple fixes Mac Wi-Fi flaw

    The Mac OS X Wi-Fi flaw Apple fixed Thursday was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system.

  • Information theft and cryptographic attacks

    The third tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide...

  • Storm Trojan was worse than it should have been

    The "Storm" attack made a big splash because people keep falling for social engineering and there was simply little else in the news, experts say.