For more information about the site, see the Site Index

• New attacks reveal fundamental problems with TCP
• Sun launches open source OpenSSO for identity management
• Data loss study points out employee missteps
• IT security not valued at many firms, study finds
• Oracle DBAs cite lack of security measures
• Kaminsky: DNS issue still major threat
• IBM announcements mark two years of ISS marriage
• New certification targets software security
• Browser attack technique poses serious threat
• Cisco releases router patches to plug critical flaws
• Mozilla issues update to repair critical Firefox flaws
• Hardware security guru, Defcon badge maker films TV show
• IronPort feature detects exploited websites
• Certification still pays for CISSPs, CISMs
• McAfee to acquire Secure Computing
• Microsoft opens up secure development program
• Anti-cybercrime legislation sent to president
• Forever 21 security breach compromises nearly 99,000 payment cards
• Data encryption becoming easier choice, says former CISO
• DHS should lose cybersecurity authority, experts say
• Mozilla's Snyder says security pros should press vendors on security
• Sourcefire adds VM protection to RNA, new appliance
• PCI is about eliminating data, not securing it, former QSA says
• IBM offers hardware-based encryption for x servers
• Web security threats gaining attention at many companies
• Microsoft plugs Media Player, graphics handling flaws
• Microsoft provides guidance on GDI flaws
• Google amends log retention rules, privacy advocates respond
• CIS takes the measure of information security
• Sound compliance policies, practices reduce legal costs
• Security of customer data, IP sustains security budgets
• Secure Computing agrees to buy Securify
• Microsoft to patch critical flaws in Office, SQL Server
• Security spending continues despite shaky economy, Forrester finds
• Google Chrome unlikely to attract security-minded users
• Study finds SaaS gaining traction at midsize firms
• Botnets mailing list revived by security researcher
• Security visualization helps make log files work
• Linux systems actively targeted using SSH key attacks
• Data breach discovery, disclosure outpaces 2007
• Plug-in opens door for self-signed SSL certs in Firefox 3
• PCI groups to focus on wireless, pre-authorization changes
• Researcher disinfects multimedia Trojans
• Adobe investigates clipboard hijackings
• PCI DSS 1.2 clarifies wireless, antivirus use
• MIT case shows folly of suing security researchers
• Researchers develop cloud-based antivirus
• Inside MSRC: Microsoft addresses critical Snapshot Viewer flaw
• Microsoft patches critical Access, Excel flaws
• MySpace, Facebook ignoring basic principles of security
• Researchers develop lightweight Cisco IOS rootkit
• Bluetooth 2.1 is easy to crack
• Hacking techniques compromise Windows Vista heap
• Researchers use browser to elude Vista memory protections
• E-discovery still confounds companies and their lawyers
• Positive changes coming to ModSecurity
• Kaminsky: DNS flaw capable of attacks on many fronts
• Mozilla to release Firefox threat-modeling data
• TJX hacking ring charged in federal indictment
• Microsoft to revamp patching, add exploitability index
• SaaS startups enter Web security gateway market
• EV SSL certificates won't stop phishers, researchers say
• Hoffman to demonstrate new hacking techniques
• Researchers reveal new blacklisting method
• IBM X-Force report critical of independent security researchers
• Motorola to acquire wireless security firm AirDefense
• Sophos to acquire mobile data protection company Utimaco
• DNS flaw handling leaves Kaminsky pleased
• Smartphones opening up enterprise risks
• DNS exploit code released by Metasploit founder
• Apple iPhone mail, Safari prone to spoofing
• Initial virtualization costs could outweigh benefits
• Analysis tool uses Intel virtualization to hide from malware
• Valuable lesson emerges from DNS flaw handling
• Organization develops health care security framework
• Open source projects fall short on security
• Unified communications trigger data leakage dangers, survey finds
• BlackBerry server faced with critical zero-day
• NitroSecurity covers its bases with RippleTech deal
• Outsourced security services to take off
• Oracle releases 45 database, application fixes
• Hacker toolkit targets Microsoft Access zero-day
• CIO role could shift toward data quality, says IBM group
• Vendors rally to repair dangerous DNS flaw
• Microsoft Word zero-day being actively exploited
• Inside MSRC: Microsoft issues guidance on DNS server update
• Growing Mac use prompts call for better security
• Microsoft issues DNS, SQL Server updates
• Microsoft to issue Windows, SQL Server updates
• Microsoft warns of attacks against Microsoft Access zero-day flaw
• Virtual machine security plagued with operational issues
• Tips for SQL injection protection
• Experts weigh in on industry security consortium
• Microsoft addresses XSS in Internet Explorer
• Security data lapses hamper researchers
• Internet Explorer open to spoofing, scripting attacks
• PCI Requirement 6.6 has merchants gearing up
• Software still plagued with security holes, researcher says
• Startup Symplified delivers SSO in the cloud
• Cisco warns of UCM flaws



• More