January 2007 | Archive by Month | SearchSecurity.com

January 2007

  • Using role management in provisioning and compliance

    Role management provides the necessary framework for enterprises to efficiently govern access to sensitive data based on workers' jobs. However, many organizations fail to rescind unnecessary acces...

  • Quiz: Using IAM tools to improve compliance

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Identity and Access Management Security School.

  • Group gives government low marks on data protection

    The Cyber Security Industry Alliance, a lobbying group of security vendors, gives the federal government and congress a D-grade for securing sensitive information.

  • Microsoft disputes Word zero-day report

    Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new.

  • Windows Vista voice command tricked

    An attacker found a way to play audio commands at a user's machine, tricking the voice command capability in Vista into running arbitrary code.

  • More from SearchSecurity.com -- January 2007

    Highlights from Information Security magazine's January 2007 issue

  • Using IAM, password and provisioning management tools for compliance

    Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes.

  • Symantec unveils 'universal ID system'

    Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers.

  • Symantec exploitation video hits YouTube

    Symantec posted a clip on the popular video-sharing site showing researchers using a newly discovered flaw in Microsoft Word to drop an executable on a vulnerable machine.

  • PING with Josh Seeger

    Josh Seeger, CIO of Tribune Broadcasting, a unit of the Tribune Company, talks exclusively about lessons learned when faced with the complex task of meeting the Payment Card Industry Data Security...

  • TJX faces lawsuit over data breach

    A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month.

  • Entrust to sell cheaper hardware tokens

    Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry.

  • Member Benefits

    Activate your FREE membership today and receive customized white papers, webcasts, technical tips, expert advice and more - to be delivered right to your inbox. Join today!

  • Do XPath injection attacks require the same response as SQL injections?

    XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can prot...

  • Is Sender ID an effective email authentication tool?

    Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the e...

  • Symantec acquiring Altiris for $830 million

    Symantec says it will bolster its endpoint security position with the acquisition of IT management software firm Altiris.

  • Apple fixes Mac Wi-Fi flaw

    The Mac OS X Wi-Fi flaw Apple fixed Thursday was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system.

  • IBM tool makes online purchases anonymous

    A new tool makes online purchases anonymous by using artificial identity information. Experts say enterprises need to adopt the technology before it can become a viable option.

  • Network-based attacks

    The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Gui...

  • Balancing the cost and benefits of countermeasures

    The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guid...