May 2007 | Archive by Month |

May 2007

  • Check Point promises more VoIP security, fewer slowdowns

    Check Point's enhanced Open Performance Architecture is designed for deeper security of technologies like VoIP without the network performance problems that often come with it.

  • Springing leaks: Getting smart about data loss prevention

    Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined.

  • Two men plead guilty in supermarket data security breach

    Two Los Angeles area men plead guilty to using devices to bilk debit and credit card data from Stop & Shop supermarkets in Massachusetts and Rhode Island.

  • Mozilla fixes potential DoS flaws in firefox

    Firefox versions and fix flaws attackers could exploit to do a variety of damage. Mozilla says this is the final update for Firefox 1.5.

  • Sclavos's VeriSign departure leaves many questions unanswered

    Some industry observers say disagreements fueled his resignation, but others say Sclavos's abrupt departure revolved around his role in VeriSign's options accounting practices.

  • What should be done with a RAID-5 array's failed drives?

    Even one failed drive in a RAID-5 array can present an enterprise with serious data protection concerns. In this Q&A, expert Michael Cobb explains which policies can protect and ...

  • What are the drawbacks to application firewalls?

    Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this Q...

  • Top spammer indicted on email fraud, identity theft

    The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia.

  • Should fuzzing be part of the secure software development process?

    Fuzzing, a common software-testing method, should not be your only vulnerability assessment technique. In this Q&A, Michael Cobb reviews how passing a fuzz test does not always m...

  • Google dives into security market

    Search engine giant Google has acquired security startup GreenBorder Technologies, making it a bigger player in the wider information security market.

  • Apple tackles a new QuickTime flaw

    For the second time in a month, Apple has been forced to fix a QuickTime flaw attackers could exploit to access sensitive system data and run malicious code.

  • How secure are document scanners and other 'scan to email' appliances?

    Copiers and document scanners have always posed challenges for information security teams. In this Q&A, Michael Cobb reveals how the right policies can control the use (and abuse...

  • The man behind the Month of Search Engine Bugs speaks

    Ukrainian security researcher Eugene Dokukin, more widely known by his online name MustLive, is about to launch a new "Month-of" flaw disclosure project focusing on search engine bugs, at a time wh...

  • steganography

    Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it ...

  • Public-Key Cryptography Standards (PKCS)

    The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).

  • plaintext

    In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.

  • security policy

    In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.

  • snake oil

    In cryptographic and other computer products, snake oil is a negative term used to describe exaggerated claims made by vendors who are overly optimistic or purposely seeking to take advantage of co...

  • Sender Policy Framework (SPF)

    Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disgui...

  • network encryption (network layer or network level encryption)

    Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer - above the data link level...