Show Daily, Online Edition
Feb. 5 -- Feb. 9, 2007
Where's Larry? Ellison calls out sick at RSA Conference
Despite the Oracle CEO's no-show, the database software giant talked up its framework for secure data sharing; meanwhile, CA's CEO called for simplified security products.
Middle ground hard to find in vulnerability disclosure debate
Security experts at RSA Conference 2007 passionately debated the cases for and against vulnerability disclosure, while some believe the arrival of Web 2.0 software will hinder white hats and embolden malicious hackers.
The Daily Dose: Chris Wysopal blogs from RSA Conference 2007
Blog: In his exclusive daily column from RSA Conference 2007, security pro Chris Wysopal comments on vulnerability disclosure, and says emerging Web application technologies present many new attack vectors that have yet to be discovered.
Officials: DNS servers stood up well to attack
Government security officials at RSA Conference 2007 said the Internet's backbone appears to have stood tall against Tuesday's massive DNS server attack.
Panel: Privacy legislation too premature for RFID
A group of public policy and technology experts at the RSA Conference 2007 said legislation could make radio frequency identification technology too costly for enterprises and hamper its innovation.
Experts: Companies need data theft response plans
Enterprises that have solid response plans in place before a data breach are more likely to survive after being hacked, said experts at RSA Conference 2007.
Gates touts secure access anywhere
Microsoft's chairman tells RSA Conference 2007 attendees that a combination of authentication and access management strategies is what it takes to protect corporate data, but information security pros are willing to wait for the proof.
Rootkit dangers at an 'all-time high'
Industry experts at RSA Conference 2007 say not only have rootkits become the weapon of choice for malicious hackers, but they've also emerged as useful tools for legitimate businesses trying to exert control over users.
Cryptographer's Panel: Founding fathers still eager for new advances
On the eve of cryptography's 30th anniversary, the men who invented the field say they're proud of what's been accomplished, but new cryptosystems are needed to keep on top of emerging threats.
Symantec chief: Consumer confidence in data protection is key to online growth
In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers.
CA backup bug exploitable on Vista
A previously patched buffer overflow vulnerability in CA BrightStor ARCserve Backup has been exploited, the first such flaw for a third-party app running on Vista. One security firm says ISVs aren't taking advantage of Vista's new security features.
Coviello: In 3 years, no more stand-alone security
RSA President Art Coviello said today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure.
Gates to outline Microsoft's new strategy for secure computing
Bill Gates is back at RSA. At this year's conference, Gates plans to speak today about the evolution of authentication, network policies and data protection, signaling a change in his vision of a "Digital Decade."
Vista exploitable, researcher says
A well-known security researcher later this week will reveal a new way to elevate system privileges by exploiting a flaw in Windows Vista.
Keynoters speak volumes
Times have changed, and RSA Conference keynote speakers no longer need cryptography and security backgrounds. This year's headliners include several rock stars of the IT industry, along with some newcomers and a few old veterans.
NAC gains traction
Until recently, the network access control market had been all style and little substance, but at last vendors large and small are proving that NAC may be worth the investment.
Vendor alliance wants PCI certification program
Debuting this week at RSA, the Payment Card Industry Security Vendor Alliance will provide guidance to the industry and hopes to ultimately get a PCI certification program off the ground.
Intrusion detection systems are alive and kicking
IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products.
Pitfalls aplenty going SOA
A service-oriented architecture's efficiency has often been more of a priority than SOA security. Vendors, however, are compensating with new Web services security features.
Web apps remain a trouble spot
Contributor George Hulme examines how cross-site scripting and code injection have become even bigger development issues than buffer overflows.
Spam, phishing, IM attacks rise
Malicious attacks using social engineering techniques are on the rise. While botnets may finally be forcing ISPs into the battle, enterprise security pros are working overtime on strategies to keep the threats at bay.
Going Wi-Fi? Go safely
Today's security professionals are forced to balance the convenience that wireless technology offers with the need to enforce a solid security policy.
When physical and logical security converge
For an enterprise to protect itself from today's internal and external threats, more companies are considering security programs that integrate both physical and logical security.
Flurry of state disclosure laws creates confusion for CISOs
Now that nearly three dozen states have enacted breach disclosure laws, national companies face the challenge of reconciling a vast array of guidelines and their implications.
CISOs mastering 'softer' skills
Learn why a mix of interpersonal skills have to be blended with knowledge of business administration to create a well-rounded leader.
A new awareness for SIMs
Experts say the use of security information and event management systems can not only give organizations overall visibility into their network security and improve their incident response, but also meet compliance demands.
Developing a mind-set for application security
Baking security into applications can be a difficult process, but experts believe developing an application security mind-set can help create more secure software systems.
FFIEC, HSPD-12 fuel growth in authentication market
Enterprises aren't the only ones who have had to deal with regulations like FFIEC and HSPD-12. The vendor community has adjusted by offering cost-effective and unobtrusive authentication products, primarily focused on financial institutions.
Check out news, features and podcasts from SearchSecurity.com's special coverage of RSA Conference 2006.
Aladdin Knowledge Systems
Application Security, Inc.
Check Point Software Technologies
eEye Digital Security
Norman Data Defense Systems
Tenable Network Security
TriGeo Network Security
Yoggie Security Systems
Senior News Writer Bill Brenner asks Dr. Burt Kaliski, vice president of research at RSA Security, about how Symmetric Key Infrastructures (SKI) will affect encryption's future.
Microsoft's Fathi: 'Still lots of room for innovation'
Ben Fathi, VP of the Security Technology Unit at Microsoft, speaks to SearchSecurity.com about the security features of Windows Vista and how they may affect third-party vendors.
Coviello: RSA's token business is far from dead
Executive Editor Dennis Fisher talks with RSA Security President Art Coviello about life within EMC and the organization's future, including new competition in the token business.
In this RSA Conference Q&A, Editorial Director Kelley Damore speaks with CA President John Swainson about how he protects CA from security breaches.
VeriSign touts benefits of Extended Validation SSL Certificates
Chris Babel, VP at VeriSign, offers his take on the benefits of Extended Validation SSL Certificates and the long-term outlook for the authentication market.
WebSense: PortAuthority deal, Web 2.0 apps reflect changing threat landscape
Websense CEO Gene Hodges details the strategy behind his firm's acquisition of PortAuthority and discusses the threat posed by Web 2.0 applications.
Antivirus veteran Kaspersky says cybercriminal ranks are surging
Eugene Kaspersky, co-developer of Kaspersky Anti-Virus and co-founder of Russia's Kaspersky Lab, talks with Information Security magazine's Michael S. Mimoso about the state of the antivirus market, the need for a new Interpol-like worldwide organization to fight cybercrime and why he's confident Microsoft won't be a significant force in the AV realm for a long time to come. Download this special edition of Security Wire Weekly.
Podcast: FTC urges cooperation to curb data breaches
In this special edition of Security Wire Weekly from RSA Conference 2007, Federal Trade Commission Chairwoman Deborah Platt Majoras tells Information Security magazine Editor Michael S. Mimoso that the agency is not only working to crack down on companies that leave consumer data vulnerable to attack, but is also developing ways to help companies avoid data breaches.
Podcast: Security pros sound off on the week's hottest issues
RSA Conference 2007 attendees talk about issues with Microsoft NAP and Cisco NAC, the viability of investing in Windows Vista, identity management, authentication, Web services security, and Web 2.0 attacks. Take the pulse of this week's event in this special edition of Security Wire Weekly.
Podcast: Microsoft begins leadership, strategy transition
Is 2007 the last time Bill Gates will headline the RSA Conference? Information Security magazine's Michael S. Mimoso explains why this may be the Microsoft chairman's RSA swan song, and conference attendees share their reactions to the software giant's refined security strategy. Listen to this special edition of Security Wire Weekly.
Podcast: Coviello preaches need for security integration
In this special edition of Security Wire Weekly from RSA Conference 2007, information security pros explain why it's hard to imagine a day when all of an organization's security needs can be served by one infrastructure provider, even though RSA Security's Art Coviello believes industry consolidation and simplification are inevitable.
Podcast: Inside the global fight against cybercrime
Executive Editor Dennis Fisher talks with David Drab, principal of Xerox Global services, about steps his company is taking to address customers' security concerns. The former FBI employee also talks about computer terrorism and what he sees as the current threats. Listen to this special edition of Security Wire Weekly.
Podcast: Cracks found in Windows Vista
In this special edition of Security Wire Weekly from RSA Conference 2007, eEye CTO Marc Maiffret talks about how he's already discovered cracks in Windows Vista.
Dig Deeper on Security Industry Market Trends, Predictions and Forecasts