March 2008
-
March 31, 2008
31
Mar'08
Worst Practices: Three big identity and access management mistakes
Simple IAM mistakes such as writing down passwords and unaudited user accounts can allow malicious access into corporate networks. In this tip, contributor Joel Dubin exposes the most common identity management and access control blunders, and ... Continue Reading
-
March 28, 2008
28
Mar'08
New Apple Air notebook vaporized in PWN2OWN contest
Apple is claiming that it's new Air is the world's thinnest notebook PC. Luckily, it didn't make any claims about the new machine's security, because it only took Charlie Miller of Independent ... Continue Reading
-
March 28, 2008
28
Mar'08
Researcher: IFrame redirect attacks escalate
It's been a couple of weeks since security researcher Dancho Danchev raised the red flag about IFrame redirects attackers have been using to corrupt hundreds of thousands of websites, and how the ... Continue Reading
-
March 28, 2008
28
Mar'08
TJX faces data audits for 20 years under FTC settlement
TJX Cos Inc. agreed to implement tighter security and obtain independent audits every other year for 20 years, according to a settlement reached with the Federal Trade Commission. Continue Reading
-
March 28, 2008
28
Mar'08
Does FTPS encrypt data packets at the hardware or software level?
If you need to implement FTPS, which delivers a lot of data securely to a server, it might be worth investigating partial or complete hardware acceleration of the crypto-processing. Platform security expert Michael Cobb explains why. Continue Reading
-
March 28, 2008
28
Mar'08
What ports should be opened and closed when IPsec filters are used?
In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to set up separate branch IPsec filters that connect with a head office. Continue Reading
-
March 28, 2008
28
Mar'08
Hannaford breach details indicate inside job
The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say. Continue Reading
-
March 27, 2008
27
Mar'08
Vista SP1 experiences: The good and the bad
Yesterday I wrote a story about the reaction from Windows administrators to Microsoft's release of Vista SP1, and the response was mostly one of caution and frustration. The challenges people are ... Continue Reading
-
March 27, 2008
27
Mar'08
Should disks be encrypted at the hardware level?
Disks that automatically encrypt data as they write -- and decrypt when they read -- are appealing for a number of reasons. Platform security expert Michael Cobb explains why. Continue Reading
-
March 27, 2008
27
Mar'08
Is Triple DES a more secure encryption scheme than DUKPT?
Both DES and TDES use a symmetric key, but Michael Cobb explains their separate and distinct roles in protecting financial transactions. Continue Reading
-
March 27, 2008
27
Mar'08
Free support doesn't lead to new love for Vista SP1
Microsoft is working hard to nudge customers onto the Windows Vista bandwagon, offering free support for Vista SP1. But users continue to resist full deployments. Continue Reading
-
March 26, 2008
26
Mar'08
New virtual switch integrates with multiple security vendors
Montego Networks says its HyperSwitch will integrate virtual network policy enforcement and access control into security products from Blue Lane, Catbird, and StillSecure. Continue Reading
-
March 26, 2008
26
Mar'08
IBM's Watchfire halts network research, focuses on Web apps
Watchfire is halting its network and host-based research to focus solely on Web application security as part of its integration into IBM. The Waltham, Mass-based penetration vendor was acquired last year and become part of IBM's Rational development... Continue Reading
-
March 26, 2008
26
Mar'08
Failure mode and effects analysis: Process and system risk assessment
Information security pros are always trying to assess which systems and processes pose the greatest risk to an organization. In this tip, Gideon T. Rasmussen explains how the failure mode and effects analysis (FMEA) methodology can help quantify the... Continue Reading
-
March 26, 2008
26
Mar'08
Windows Server 2008 security not as advertised, says researcher
Argeniss founder and CEO Cesar Cerrudo will show off flaws in Windows Server 2008 next month at the HITBSecConf2008 in Dubai. Microsoft says it's reviewing his findings. Continue Reading
-
March 25, 2008
25
Mar'08
DHS takes a chance with new cybersecurity chief Beckstrom
The cybersecurity group at the Department of Homeland Security has had a hard time hanging onto its leaders, for various reasons, since the department started five years ago. DHS officials have ... Continue Reading
-
March 25, 2008
25
Mar'08
SecurityReview
Veracode SecurityReview SaaS combines strong technology and an attractive model, scouring compiled code and analyzing binaries for vulnerabilities that can be exploited. Continue Reading
-
March 25, 2008
25
Mar'08
OmniAccess 3500 Nonstop Laptop Guardian
OmniAccess 3500 Nonstop Laptop Guardian is remarkable in that it gives IT managers uninterrupted, secure access to employee laptops -- even when they're turned off. Continue Reading
-
March 25, 2008
25
Mar'08
Netgear ProSafe Wireless VPN Firewall
Readers gave the Netgear ProSafe Wireless VPN Firewall a bronze medal for its attacker detection, access control and wired security management system integration features. Continue Reading
-
March 25, 2008
25
Mar'08
Foundstone Enterprise
McAfee's vulnerability management product finished a close second, as readers noted its ample scalability, strong workflow and return on investment. Continue Reading