March 2008

• March 31, 2008 31 Mar'08

  Worst Practices: Three big identity and access management mistakes

  Simple IAM mistakes such as writing down passwords and unaudited user accounts can allow malicious access into corporate networks. In this tip, contributor Joel Dubin exposes the most common identity management and access control blunders, and ...  Continue Reading

• March 28, 2008 28 Mar'08

  New Apple Air notebook vaporized in PWN2OWN contest

  Apple is claiming that it's new Air is the world's thinnest notebook PC. Luckily, it didn't make any claims about the new machine's security, because it only took Charlie Miller of Independent ...  Continue Reading

• March 28, 2008 28 Mar'08

  Researcher: IFrame redirect attacks escalate

  It's been a couple of weeks since security researcher Dancho Danchev raised the red flag about IFrame redirects attackers have been using to corrupt hundreds of thousands of websites, and how the ...  Continue Reading

• March 28, 2008 28 Mar'08

  What ports should be opened and closed when IPsec filters are used?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to set up separate branch IPsec filters that connect with a head office.  Continue Reading

• March 28, 2008 28 Mar'08

  Hannaford breach details indicate inside job

  The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say.  Continue Reading

• March 28, 2008 28 Mar'08

  Does FTPS encrypt data packets at the hardware or software level?

  If you need to implement FTPS, which delivers a lot of data securely to a server, it might be worth investigating partial or complete hardware acceleration of the crypto-processing. Platform security expert Michael Cobb explains why.  Continue Reading

• March 28, 2008 28 Mar'08

  TJX faces data audits for 20 years under FTC settlement

  TJX Cos Inc. agreed to implement tighter security and obtain independent audits every other year for 20 years, according to a settlement reached with the Federal Trade Commission.  Continue Reading

• March 27, 2008 27 Mar'08

  Vista SP1 experiences: The good and the bad

  Yesterday I wrote a story about the reaction from Windows administrators to Microsoft's release of Vista SP1, and the response was mostly one of caution and frustration. The challenges people are ...  Continue Reading

• March 27, 2008 27 Mar'08

  Free support doesn't lead to new love for Vista SP1

  Microsoft is working hard to nudge customers onto the Windows Vista bandwagon, offering free support for Vista SP1. But users continue to resist full deployments.  Continue Reading

• March 27, 2008 27 Mar'08

  Should disks be encrypted at the hardware level?

  Disks that automatically encrypt data as they write -- and decrypt when they read -- are appealing for a number of reasons. Platform security expert Michael Cobb explains why.  Continue Reading

• March 27, 2008 27 Mar'08

  Is Triple DES a more secure encryption scheme than DUKPT?

  Both DES and TDES use a symmetric key, but Michael Cobb explains their separate and distinct roles in protecting financial transactions.  Continue Reading

• March 26, 2008 26 Mar'08

  New virtual switch integrates with multiple security vendors

  Montego Networks says its HyperSwitch will integrate virtual network policy enforcement and access control into security products from Blue Lane, Catbird, and StillSecure.  Continue Reading

• March 26, 2008 26 Mar'08

  IBM's Watchfire halts network research, focuses on Web apps

  Watchfire is halting its network and host-based research to focus solely on Web application security as part of its integration into IBM. The Waltham, Mass-based penetration vendor was acquired last year and become part of IBM's Rational development...  Continue Reading

• March 26, 2008 26 Mar'08

  Windows Server 2008 security not as advertised, says researcher

  Argeniss founder and CEO Cesar Cerrudo will show off flaws in Windows Server 2008 next month at the HITBSecConf2008 in Dubai. Microsoft says it's reviewing his findings.  Continue Reading

• March 26, 2008 26 Mar'08

  Failure mode and effects analysis: Process and system risk assessment

  Information security pros are always trying to assess which systems and processes pose the greatest risk to an organization. In this tip, Gideon T. Rasmussen explains how the failure mode and effects analysis (FMEA) methodology can help quantify the...  Continue Reading

• March 25, 2008 25 Mar'08

  DHS takes a chance with new cybersecurity chief Beckstrom

  The cybersecurity group at the Department of Homeland Security has had a hard time hanging onto its leaders, for various reasons, since the department started five years ago. DHS officials have ...  Continue Reading

• March 25, 2008 25 Mar'08

  IBM Internet Security Systems IBM Internet Scanner, Proventia Network Enterprise Scanner, and/or IBM

  Taking home an award for the second year in a row, IBM's set of vulnerability management products is at the core of Big Blue's managed security portfolio.  Continue Reading

• March 25, 2008 25 Mar'08

  Foundstone Enterprise

  McAfee's vulnerability management product finished a close second, as readers noted its ample scalability, strong workflow and return on investment.  Continue Reading

• March 25, 2008 25 Mar'08

  QualysGuard Enterprise (2008)

  Taking the top prize for the second consecutive year, QualysGuard Enterprise specializes in automated vulnerability identification and remediation for large organizations. Readers once again gave the product high marks across the board.  Continue Reading

• March 25, 2008 25 Mar'08

  Momentus 5400 FDE.2 Hard Drives

  First out of the gate last spring and now available on select Dell computers, Seagate's groundbreaking Momentus 5400 FDE.2 hard drives take the gold for solid performance and ease of implementation.  Continue Reading