May 2007

  • phishing

    Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.

  • digital signature (electronic signature)

    A digital signature (not to be confused with a digital certificate) is an electronic rather than a written signature that can be used by someone to authenticate the identity of the sender of a mess...

  • Check Point promises more VoIP security, fewer slowdowns

    Check Point's enhanced Open Performance Architecture is designed for deeper security of technologies like VoIP without the network performance problems that often come with it.

  • Two men plead guilty in supermarket data security breach

    Two Los Angeles area men plead guilty to using devices to bilk debit and credit card data from Stop & Shop supermarkets in Massachusetts and Rhode Island.

  • What are the drawbacks to application firewalls?

    Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q...

  • Sclavos's VeriSign departure leaves many questions unanswered

    Some industry observers say disagreements fueled his resignation, but others say Sclavos's abrupt departure revolved around his role in VeriSign's options accounting practices.

  • Mozilla fixes potential DoS flaws in firefox

    Firefox versions 2.0.0.4 and 1.5.0.12 fix flaws attackers could exploit to do a variety of damage. Mozilla says this is the final update for Firefox 1.5.

  • What should be done with a RAID-5 array's failed drives?

    Even one failed drive in a RAID-5 array can present an enterprise with serious data protection concerns. In this SearchSecurity.com Q&A, expert Michael Cobb explains which policies can protect and ...

  • Springing leaks: Getting smart about data loss prevention

    Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined.

  • Top spammer indicted on email fraud, identity theft

    The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia.

  • Should fuzzing be part of the secure software development process?

    Fuzzing, a common software-testing method, should not be your only vulnerability assessment technique. In this SearchSecurity.com Q&A, Michael Cobb reviews how passing a fuzz test does not always m...

  • The man behind the Month of Search Engine Bugs speaks

    Ukrainian security researcher Eugene Dokukin, more widely known by his online name MustLive, is about to launch a new "Month-of" flaw disclosure project focusing on search engine bugs, at a time wh...

  • Google dives into security market

    Search engine giant Google has acquired security startup GreenBorder Technologies, making it a bigger player in the wider information security market.

  • How secure are document scanners and other 'scan to email' appliances?

    Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse...

  • Apple tackles a new QuickTime flaw

    For the second time in a month, Apple has been forced to fix a QuickTime flaw attackers could exploit to access sensitive system data and run malicious code.

  • steganography

    Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or "covered," and graphie, or "writing") is the hiding of a secret message within an ordinary message and the extraction of it ...

  • Public-Key Cryptography Standards (PKCS)

    The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).

  • plaintext

    In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.

  • Sender Policy Framework (SPF)

    Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disgui...

  • snake oil

    In cryptographic and other computer products, snake oil is a negative term used to describe exaggerated claims made by vendors who are overly optimistic or purposely seeking to take advantage of co...