January 2007

  • Using role management in provisioning and compliance

    Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary acces...

  • PING with Josh Seeger

    Josh Seeger, CIO of Tribune Broadcasting, a unit of the Tribune Company, talks exclusively about lessons learned when faced with the complex task of meeting the Payment Card Industry Data Security...

  • Quiz: Using IAM tools to improve compliance

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School.

  • More from SearchSecurity.com -- January 2007

    Highlights from Information Security magazine's January 2007 issue

  • Windows Vista voice command tricked

    An attacker found a way to play audio commands at a user's machine, tricking the voice command capability in Vista into running arbitrary code.

  • Symantec exploitation video hits YouTube

    Symantec posted a clip on the popular video-sharing site showing researchers using a newly discovered flaw in Microsoft Word to drop an executable on a vulnerable machine.

  • Symantec unveils 'universal ID system'

    Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers.

  • Using IAM, password and provisioning management tools for compliance

    Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes.

  • Microsoft disputes Word zero-day report

    Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new.

  • Group gives government low marks on data protection

    The Cyber Security Industry Alliance, a lobbying group of security vendors, gives the federal government and congress a D-grade for securing sensitive information.

  • Member Benefits

    Activate your FREE membership today and receive customized white papers, webcasts, technical tips, expert advice and more - to be delivered right to your inbox. Join today!

  • TJX faces lawsuit over data breach

    A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month.

  • Entrust to sell cheaper hardware tokens

    Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry.

  • Do XPath injection attacks require the same response as SQL injections?

    XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can prot...

  • Symantec acquiring Altiris for $830 million

    Symantec says it will bolster its endpoint security position with the acquisition of IT management software firm Altiris.

  • Is Sender ID an effective email authentication tool?

    Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the e...

  • Threats to physical security

    This is tip No. 6 in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut ...

  • Storm Trojan was worse than it should have been

    The "Storm" attack made a big splash because people keep falling for social engineering and there was simply little else in the news, experts say.

  • Attacks targeted to specific applications

    This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shor...

  • Information theft and cryptographic attacks

    The third tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide...