January 2007

  • Did TJX take the right steps after data breach?

    Security experts are mixed on whether TJX acted properly following a massive data breach last month. One expert says potential victims should have been notified sooner.

  • TJX gets little sympathy from blogosphere

    TJX is taken to task by security bloggers for waiting until after a massive data breach to take steps to bolster its security.

  • TJX breach: There's no excuse to skip data encryption

    Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses.

  • Data breach at TJX could affect millions

    Retailer TJX Companies said a hacker gained access to its systems exposing the credit card data of millions of customers.

  • What are application logic attacks?

    In 2005, application logic flaws allowed alert, Web-savvy gamblers the chance to win a lot of money. In this SearchSecurity.com tip, application security expert Michael Cobb examines these types of...

  • Companies take IM threats seriously

    IT managers are finding security tools to shield internal systems from IM attack by keeping malware and phishers out, while letting trusted clients and friends in.

  • Mapping the path toward information security program maturity

    Amid tight information security budgets, it can be hard to recommend the best ways to invest new dollars or focus new resources. In this tip, Ed Moyle explains why creating a security program matur...

  • Oracle releases 51 security fixes

    The flaws are across Oracle's product line and attackers could exploit them remotely to compromise vulnerable systems.

  • Fortify Software to acquire Secure Software

    The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said.

  • Will two different operating systems cause administrative problems?

    Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate pla...

  • SonicWALL's SSL VPN appliance is a winner

    Product review: SonicWALL SSL-VPN 4000 is an affordable and capable appliance for mid-sized enterprises.

  • How can rootkit hypervisors affect operating system security?

    What can rookit hypervisors do to your operating system? "Whatever their creators want!" says application security expert Michael Cobb. In this SearchSecurity.com Q&A, Cobb explains how rootkit hyp...

  • Apere's IMAG 500 a tough sell

    Product review: Apere says many of the issues we encountered are addressed in its next release, but mid-enterprise businesses may not have the tolerance for this product.

  • PatchLink offers solid flaw management

    Product review: PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment.

  • WatchGuard offers 'excellent' UTM product

    Product review: Despite minor flaws, the Firebox X series is an excellent UTM deal, with its low entry price, terrific firewall and routing capabilities.

  • Core Security offers powerful testing tool

    Product review: Core Impact 6.0 is an amazing tool to validate your security posture. We highly recommend it to security engineers to verify the vulnerability of their networks.

  • Who patches better: Microsoft or Mozilla?

    Window Snyder was a senior security strategist at Microsoft before leaving in 2005 to become a founder and CTO of Matasano Security LLC. Last September she became Mozilla Corp.'s security chief and...

  • CA fixes multiple flaws in back-up product

    Also in Bug Briefs: Cisco patches an IOS flaw, HP fixes OpenView glitches; Adobe fixes critical vulnerabilities; and more Mac OS X flaws are disclosed.

  • trusted computing

    Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications... (Continued)

  • View Point