Security Management Strategies for the CIO-
How does SSL 'sit' between the network layer and application layer?
SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.31 Jul 2007
-
Should a network be regularly checked for rogue access points?
Some enterprises may have to scan their network more frequently for rogue access points. In this expert Q&A, Michael Cobb explains what tools are necessary for period AP checks.31 Jul 2007
-
Attackers ultimately drive security market, analyst says
The security market is being driven by spam gangs, cyberthieves and other criminals bent on hacking into company and government databases to steal sensitive information.31 Jul 2007
-
Black Hat 2007: Researchers highlight new database attack method
At this week's hacker confab, expert penetration testers will demonstrate how cyberthieves can reach into corporate databases -- without exploiting a specific software flaw -- to steal credit card ...31 Jul 2007
-
Mozilla fixes two critical Firefox flaws
Firefox version 2.0.0.6 addresses critical flaws involving unescaped URLs passing to external programs and privilege escalation.31 Jul 2007
-
Black Hat 2007 preview: Blue Pill under scrutiny
Among the highlights at the year's most anticipated hacker event, vulnerability researchers will challenge Joanna Rutkowska's Blue Pill concept. They'll also pick apart flaws in VoIP, NAC and Web a...31 Jul 2007
-
COSO and COBIT: The value of compliance frameworks for SOX
In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman exami...31 Jul 2007
-
Security update fixes Yahoo Widgets flaw
Attackers could exploit a Yahoo Widgets flaw to run malicious code on compromised Windows computers, but a security update is available.30 Jul 2007
-
Can companies control their affiliate-based adware?
Companies often advertise unintentionally with adware. In this SearchSecurity.com Q&A, Ed Skoudis explains some best practices that can keep a company's Internet-marketing strategy spyware-free.27 Jul 2007
-
Investigating phone phishing calls
Will phishing calls ever be stopped? Maybe not, but it is possible to do a little detective work. In this expert Q&A, Ed Skoudis explains how to get some information on phishers and their "importan...27 Jul 2007
-
Black Hat 2007: Lessons of the Estonian attacks
Cooperation between Private groups and public agencies is essential in defending against cyberattacks, according to one security researcher. Gadi Evron, a security evangelist with Beyond Security, ...26 Jul 2007
-
How secure is the Windows registry?
In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives.26 Jul 2007
-
Can an antivirus program's behavior-based functions be judged?
Most antivirus tools do not give users the configuration option to turn specfic detection functions on or off, making it difficult to judge the accuracy of a program's behavior-based technology. In...26 Jul 2007
-
Does SMS spoofing require as much effort as email spoofing?
SMS text message spoofing demands a little more technical knowledge than email spoofing. But not much, says information security threat expert Ed Skoudis. In this Q&A, Skoudis explains how that tec...26 Jul 2007
-
Most antispam technologies get failing grade
An independent study finds that many enterprises are not satisfied with traditional antispam technologies.26 Jul 2007
-
Can dynamic and static verification secure a platform?
The best software testing approach is to use a combination of static and dynamic verification tools that continually check for technical and logical vulnerabilities during the development cycle. Ex...26 Jul 2007
-
Is it possible to detect today's peer-to-peer (P2P) botnets?
Historically, botnets used centralized architectures for command and control. In this SearchSecurity.com Q&A, Ed Skoudis explains how attackers have upgraded the botnet structure using peer-to-peer...26 Jul 2007
-
Warning issued over unpatched Firefox flaw
Danish vulnerability clearinghouse Secunia and the United States Computer Emergency Readiness Team (US-CERT) issued advisories about the input validation flaw.26 Jul 2007
-
Quiz: Securing the converged infrastructure
A five-question multiple-choice quiz to test your understanding of the content presented by expert John Burke in this lesson of SearchSecurity.com's Integration of Networking and Security School.26 Jul 2007
-
Will log-in form data posted to an SSL page always be encrypted?
If a Web page login form is not SSL-protected, but the login data is posted to an SSL page, is the information encrypted and safe? Not at all, says Michael Cobb in this SearchSecurity.com Q&A.25 Jul 2007
-
News
-
Latest Headlines
-
Featured
-
Information Security Magazine
The information security pro’s resource for keeping corporate data, applications and devices secure
Download Now!
-
-
-
Premium
Editorial-
E-Books
-
E-Zines
-
E-Handbooks
-
- Multimedia
-
Security
Topics-
Topics
- Enterprise Data Protection
- Application and Platform Security
- Enterprise Identity and Access Management
- Government IT Security Management
- Information Security Threats
- Information Security Careers, Training and Certifications
- Security Audit, Compliance and Standards
- Security for the Channel
- Enterprise Network Security
- Information Security Management
-
Hot Topics
-
-
Tutorials
-
Advice & Tutorials
-
Technology Dictionary
-
-
Expert
Advice-
Tips
-
Answers
-
Ask a Question
-
-
White
Papers-
Research Library
-
Product Demos
-
Resource Centers
-
- Blogs
-
Certification
Central