January 2009

• January 30, 2009 30 Jan'09

  Security Bytes

  This blog covers topics across the spectrum of security, privacy and compliance, as well as the people and issues driving enterprise infosec today.  Continue Reading

• January 29, 2009 29 Jan'09

  Employee information security awareness training for new IAM systems

  When an enterprise gets new IAM systems, training employees on how to interact with the technology is one of the most important aspects of deployment. Learn how to implement employee information security awareness training for new IAM systems and ...  Continue Reading

• January 28, 2009 28 Jan'09

  First lawsuit filed in Heartland data security breach

  A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems.  Continue Reading

• January 28, 2009 28 Jan'09

  How can 419 scam emails and backscatter spam be stopped?

  A 419 scam is just one example of backscatter spam. John Strand explains which long-term solutions can help combat these particular kinds of unwanted messages.  Continue Reading

• January 28, 2009 28 Jan'09

  Will Google Chrome enhance overall browser security?

  Expert John Strand reviews Google Chrome's browser security features and what the new tool will mean for enterprise IT teams.  Continue Reading

• January 28, 2009 28 Jan'09

  Security book chapter: Applied Security Visualization

  In this section of Chapter 5: Visual Security Analysis (.pdf), author Raffael Marty discovers the forensic analysis of log data for discovering attacks and reporting incidents.  Continue Reading

• January 28, 2009 28 Jan'09

  How to prevent SSH brute force attacks

  Brute force attacks on the Secure Shell (SSH) service have been used more frequently to compromise accounts and passwords. Expert John Strand explains how to defend against these brute-force threats.  Continue Reading

• January 27, 2009 27 Jan'09

  Archer Technologies buys IT GRC competitor Brabeion Software

  Archer's acquisition of Brabeion indicates convergence in the IT GRC market. Compliance and trend to risk management bode well for GRC companies' in wake of economic meltdown.  Continue Reading

• January 27, 2009 27 Jan'09

  Educators see secure coding training challenges, improvements

  University-level secure coding training is improving, but hurdles remain, professors say.  Continue Reading

• January 27, 2009 27 Jan'09

  How to secure a website containing badware (banner82)

  In an expert Q&A, John Strand reviews how SQL injection attacks can lead to banner82 attacks and a "badware" label for your website.  Continue Reading

• January 27, 2009 27 Jan'09

  How to use Nmap to scan a network

  Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap.  Continue Reading

• January 26, 2009 26 Jan'09

  When should a database application be placed in a DMZ?

  Mike Chapple explains the best network location for an important database application. Chapple also reveals the appropriate level of access to grant remote users.  Continue Reading

• January 26, 2009 26 Jan'09

  What are the security risks of opening port 110 and port 25?

  If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions.  Continue Reading

• January 26, 2009 26 Jan'09

  Do European laws prevent a U.S. company from blocking spam?

  Michael Cobb explores how the Internet -- and the ability to send messages quickly and easily to other countries --has complicated matters of jurisdiction.  Continue Reading

• January 26, 2009 26 Jan'09

  Can Google Earth and other mash-up applications threaten enterprise security?

  In an expert Q&A, Michael Cobb explores the security issues that occur when an emerging mash-up application like Google Earth is used in the enterprise.  Continue Reading

• January 26, 2009 26 Jan'09

  How can mobile device data be lost on a peer-to-peer (P2P) network?

  Peer-to-peer telephone services, such as Skype, Free World Dialup (FWD) and Ooma, offer users a way to save significant money on telephone services. But how well do they protect your data?  Continue Reading

• January 22, 2009 22 Jan'09

  How to defend against data-pilfering attacks

  In this video from Information Security Decisions 2008, Mandiant's Kevin Mandia details data-pilfering attacks and the four ways hackers can penetrate a network.  Continue Reading

• January 21, 2009 21 Jan'09

  The challenges of incident response plans and procedures

  Mandiant's Kevin Mandia reviews his top five incident response challenges.  Continue Reading

• January 21, 2009 21 Jan'09

  Payments processor discloses massive data breach

  Company says an intrusion of its processing system may be part of a broader fraud operation.  Continue Reading

• January 21, 2009 21 Jan'09

  Shavlik apologizes for hyped Microsoft patch analysis

  Shavlik CTO Eric Schultze said the Microsoft SMB bulletin could not be as easily exploited as he wrote in his initial analysis.  Continue Reading