January 2007

  • Using IAM, password and provisioning management tools for compliance

    Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes.31 Jan 2007

  • Quiz: Using IAM tools to improve compliance

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School.31 Jan 2007

  • Using role management in provisioning and compliance

    Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary acces...31 Jan 2007

  • Microsoft disputes Word zero-day report

    Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new.31 Jan 2007

  • Group gives government low marks on data protection

    The Cyber Security Industry Alliance, a lobbying group of security vendors, gives the federal government and congress a D-grade for securing sensitive information.31 Jan 2007

  • Symantec unveils 'universal ID system'

    Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers.31 Jan 2007

  • Symantec exploitation video hits YouTube

    Symantec posted a clip on the popular video-sharing site showing researchers using a newly discovered flaw in Microsoft Word to drop an executable on a vulnerable machine.31 Jan 2007

  • More from SearchSecurity.com -- January 2007

    Highlights from Information Security magazine's January 2007 issue31 Jan 2007

  • PING with Josh Seeger

    Josh Seeger, CIO of Tribune Broadcasting, a unit of the Tribune Company, talks exclusively about lessons learned when faced with the complex task of meeting the Payment Card Industry Data Security...31 Jan 2007

  • Windows Vista voice command tricked

    An attacker found a way to play audio commands at a user's machine, tricking the voice command capability in Vista into running arbitrary code.31 Jan 2007

  • TJX faces lawsuit over data breach

    A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month.30 Jan 2007

  • Member Benefits

    Activate your FREE membership today and receive customized white papers, webcasts, technical tips, expert advice and more - to be delivered right to your inbox. Join today!30 Jan 2007

  • Entrust to sell cheaper hardware tokens

    Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry.30 Jan 2007

  • Symantec acquiring Altiris for $830 million

    Symantec says it will bolster its endpoint security position with the acquisition of IT management software firm Altiris.29 Jan 2007

  • Is Sender ID an effective email authentication tool?

    Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the e...29 Jan 2007

  • Do XPath injection attacks require the same response as SQL injections?

    XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can prot...29 Jan 2007

  • Network-based attacks

    The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Gui...26 Jan 2007

  • Apple fixes Mac Wi-Fi flaw

    The Mac OS X Wi-Fi flaw Apple fixed Thursday was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system.26 Jan 2007

  • Threats to physical security

    This is tip No. 6 in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut ...26 Jan 2007

  • Storm Trojan was worse than it should have been

    The "Storm" attack made a big splash because people keep falling for social engineering and there was simply little else in the news, experts say.26 Jan 2007