March 2007

  • DST switchover causing some problems

    The earlier start to daylight-saving time (DST) went smoothly for some IT administrators, while others spent Sunday troubleshooting problems.

  • What are polymorphic viruses?

    Polymorphic viruses are built to dodge signature-based detection technologies. In this expert Q&A, Ed Skoudis examines the morphing malware and reveals which defenses are keeping up with the threat.

  • Windows Vista vulnerable to long-time attack method

    A researcher explains that a well-known attack carried out through StickyKeys, can be exploited in Windows Vista.

  • US-CERT warns of Windows-Office flaw

    Also: GnuPG flaw could compromise signed messages, Mozilla warns of a new Firefox glitch; Apple fixes multiple QuickTime flaws; and WordPress upgrade fixes 'dangerous' flaw.

  • Schedule: 2007 Security Events

    Schedule: 2007 Security Events

  • DST security concerns pervade bloggers

    This week in Security Blog Log: IT professionals are spending a lot of time on security issues related to this Sunday's start to daylight-saving time (DST).

  • Review: Sun Java System Identity Manager 7.0 'impressive'

    Hot Pick: Sun Java System Identity Manager 7.0 excels with agentless connectors, scalability and amazing auditing.

  • Review: Elemental Security Platform gets a B+

    Elemental Security Platform is a powerful tool for monitoring and enforcing system compliance, and provides effective asset management and asset-centric access controls.

  • Review: DigitalPersona offers solid biometric authentication

    Enterprises looking for a biometric single sign-on solution will like what DigitalPersona Pro offers. It's easy to use and can function with single- and two-factor authentication.

  • Review: eGuardPost a B+ overall

    eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities.

  • Dynamic code obfuscation: New threat requires innovative defenses

    Dynamic code obfuscation used to be a taxing effort, but now even the most junior-level malicious hackers have learned how to effectively hide their code. In this tip, Michael Cobb examines how dyn...

  • Wireshark: Taking a bite out of packet analysis

    If you need to sniff out problem packets, you don't have to spend thousands of dollars on network data analysis. Scott sidel recommends a free tool that's right under your nose: Wireshark.

  • Symantec acquires automated risk assessment firm

    Symantec has acquired Reston, Va.-based 4FrontSecurity, a maker of automated risk analysis and security management tools. An expert says it's the latest sign that the security risk assessment marke...

  • Schmidt: Cybersecurity a private affair

    Howard Schmidt's career in defense, law enforcement and corporate security spans nearly 40 years and includes a stint as vice president, CISO and chief security strategist for online auction giant ...

  • Microsoft cancels Patch Tuesday as DST looms

    IT administrators who are struggling to apply all their daylight-saving time (DST) patches will get a break from Microsoft next week, as no new security fixes will be released.

  • GnuPG flaw could compromise signed messages

    A flaw in the GNU Privacy Guard cryptographic system allows an attacker to insert text into a GnuPG-signed message or completely replace the original text.

  • Savvy hackers take the hardware approach

    Sophisticated hackers are finding ways to break into systems by exploiting security flaws in a computer's device drivers, physical memory and PCI cards. As SearchSecurity.com Executive Editor Denni...

  • Secure Sockets Layer (SSL)

    SSL (Secure Sockets Layer) is a commonly-used protocol for managing the security of a message transmission on the Internet; it uses a program layer located between the Internet's HTTP and TCP prog...

  • Database security undermined by protocol loopholes, lax defenses

    A database security vendor says database client-server protocols are being targeted by attackers. An analyst says enterprises are adding defenses.

  • McAfee names new CEO

    Dave DeWalt has been named the new president and CEO of McAfee Inc., which has been licking its wounds in the wake of a stock option scandal and other problems.