April 2007

  • Symantec fixes 'high-risk' flaw in Enterprise Security Manager

    Attackers could hijack machines from remote locations by exploiting a flaw in Symantec Enterprise Security Manager (ESM). Kaspersky Lab users also have a flaw to deal with.

  • How can hackers bypass proxy servers?

    Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools.

  • Why can't antimalware tools scan inside virtual machines?

    You'd think that it would be easy for an antimalware tool to see what's going on inside a virtual workstation. Unfortunately, it's not. In this expert Q&A, Ed Skoudis explains the difficulty of sca...

  • WEP crack demonstrates need for WPA2

    A new paper highlighting the weakness of Wired Equivalent Privacy (WEP) is a call to all users to switch to the more secure Wi-Fi Protected Access 2 (WPA2).

  • How can attackers exploit RSS software flaws?

    RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how...

  • Can service providers prevent DDoS attacks?

    The results of a DDoS attack can be crippling, but what are service providers doing about the threat? In this SearchSecurity.com Q&A, Ed Skoudis explains how innovative ISPs are raising the bar -- ...

  • Will the botnet threat continue?

    Is the botnet threat here to stay? In this SearchSecurity.com Q&A, information security threat expert Ed Skoudis explains how these money-making machines will become a greater threat in 2007.

  • Spam campaign uses Storm-like attack technique

    Spammers used an attack technique much like last January's "Storm" assault to dupe people into downloading malware over the weekend. This time, they used fake WWIII headlines.

  • Vista SP1: To be or not to be?

    This week in Security Blog Log: The owner of The Hotfix.net blog sparks controversy by posting what he claims are 100 fixes slated for Windows Vista Service Pack 1 (SP1).

  • Firm takes steps to address email management security risks

    Frank Chambers, director of security management at Constellation Energy explains how his firm manages email risk.

  • Polymorphic viruses call for new antimalware defenses

    Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who a...

  • More Windows patches coming next week

    In a preview of next week's monthly patch release, Microsoft said it plans to issue four more Windows updates on top of the ANI fix it rushed out this week.

  • Data security breach at UCSF may have exposed thousands

    The University of California at San Francisco (UCSF) acknowledged Wednesday that a security hole in a computer server may have exposed 46,000 people to potential identity fraud.

  • AT&T offers new malware security service

    AT&T is now offering business customers a network-based security service that provides Web content and instant messaging filtering. Analysts say it's a step in the right direction.

  • MIT fixes critical Kerberos 5 flaws

    MIT fixed several critical flaws in Kerberos 5, a suite of applications and libraries for the Kerberos network-authentication protocol used on numerous platforms.

  • Windows ANI patch problems reported

    Some IT administrators are having trouble installing the Windows ANI patch. Meanwhile, the researcher who discovered the flaw said Firefox is also vulnerable.

  • RadioShack sued for mishandling customer data

    A civil suit accuses RadioShack of violating Texas' 2005 Identity Theft Enforcement and Protection Act, which mandates that businesses protect consumer records.

  • Yahoo fixes Messenger flaw

    Attackers could exploit a flaw in Yahoo Messenger to hijack targeted machines, but a fix is available.

  • Network isolation as a PCI Data Security Standard compliance strategy

    One way to minimize your exposure to the 12 PCI Data Security Standard requirements is to use a stand-alone network to isolate payment card data. As Mike Chapple explains, while the approach is not...

  • Report warns of critical flaw in Web 2.0, AJAX

    Fortify Software warns in a new report that digital outlaws could use JavaScript to snatch data from Web 2.0 and AJAX-based applications if they're not properly secured.