July 2010

• July 30, 2010 30 Jul'10

  ICANN announces DNSSEC deployment to root Internet servers

  Announced at this week's Black Hat Briefings, root servers and Internet domains have now been signed with DNSSEC.  Continue Reading

• July 30, 2010 30 Jul'10

  Microsoft schedules patch for Windows Shell flaw

  Update planned for Monday to fix zero-day vulnerability in wake of increased attacks.  Continue Reading

• July 30, 2010 30 Jul'10

  Quiz: Database application security

  How much do you know about database application security? Take this short quiz to determine what you've learned.  Continue Reading

• July 30, 2010 30 Jul'10

  Database application security: Balancing encryption, access control

  Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andreas Antonopoulos discusses encryption strategies for ...  Continue Reading

• July 30, 2010 30 Jul'10

  Forrester offers new guide for information security program development

  The research firm's new 123-point maturity model is intended to go beyond COBIT as a more comprehensive way to help companies find and fix gaps in their infosec programs.  Continue Reading

• July 30, 2010 30 Jul'10

  Adobe vulnerability management: Arkin on the new threat landscape

  LAS VEGAS -- Brad Arkin and Adobe Systems Inc. have had to endure a lot of ribbing at Black Hat 2010. Arkin, senior director of product ...  Continue Reading

• July 29, 2010 29 Jul'10

  McAfee agrees to acquire tenCube for mobile security

  McAfee to offer location, locking and wipe technology via acquisition. In what's turning out to be a busy week for acquisitions in the security market, McAfee on Thursday said it signed a deal to ...  Continue Reading

• July 29, 2010 29 Jul'10

  Windows Server 2008 migration: Is it essential?

  While many experts say the Windows Server 2008 operating system is Microsoft's most secure OS yet, expert Michael Cobb explains why a migration may not be essential for all companies.  Continue Reading

• July 29, 2010 29 Jul'10

  How to use Wget commands and PHP cURL options for URL retrieval

  When TCP or HTTP connections aren't behaving as expected, free tools like Wget and cURL can help with URL retrieval. Learn more in this expert response from Anand Sastry.  Continue Reading

• July 29, 2010 29 Jul'10

  Application event log management: The final frontier?

  Diana Kelley and veteran CISO James McGovern discuss the need for a application event log management standard.  Continue Reading

• July 29, 2010 29 Jul'10

  Log management best practices: Five tips for success

  The right log management tool can quickly seem like the wrong one without advance planning on how to make the most of it. Diana Kelley offers six log management best practices to help do just that.  Continue Reading

• July 29, 2010 29 Jul'10

  Quiz: Application and network log management program planning

  Find out how much you've retained from the Application and log management program planning Security School lesson.  Continue Reading

• July 29, 2010 29 Jul'10

  Black Hat: Poor SCADA systems security 'like a ticking time bomb'

  An analysis of 120 security assessments at power plants, oil and chemical refineries and other critical systems revealed tens of thousands of security vulnerabilities, outdated operating systems and unauthorized applications.  Continue Reading

• July 29, 2010 29 Jul'10

  Black Hat: Researchers poke holes in HTTPS, SSL Web browser security

  Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack.  Continue Reading

• July 28, 2010 28 Jul'10

  Black Hat: DHS calls for attitude adjustment

  Jane Holl Lute, deputy secretary of the U.S. Department of Homeland Security (DHS), said a lot that we've already heard during security conference keynotes. Whether it's the RSA Conference, or ...  Continue Reading

• July 28, 2010 28 Jul'10

  Rite Aid to pay $1 million in HIPAA settlement

  Rite Aid, the third largest pharmacy chain in the country, agreed to settle government charges that it failed to protect sensitive medical and financial information belonging to its customers and ...  Continue Reading

• July 28, 2010 28 Jul'10

  Attackers are turning to mobile platforms, researcher says

  In this interview, Mikko Hypponen, chief research officer, F-Secure Corp. talks about what he sees as the coming mobile security threats.  Continue Reading

• July 28, 2010 28 Jul'10

  Smart grid security will require risk management

  To a large degree, smart grids, and the nascent IP networks that control them, represent a voyage into the technological unknown. Learning to secure them may be tricky.  Continue Reading

• July 28, 2010 28 Jul'10

  Verizon data breach report 2010: Insider breaches on the rise

  The company's highly anticipated report, which this year combines Secret Service data to analyze nearly 900 individual data breach cases, shows an increase in breaches by insiders, while overall breaches may be on the decline due to market ...  Continue Reading

• July 28, 2010 28 Jul'10

  Microsoft seeks true 'responsible' vulnerability disclosure

  In an interview at Black Hat 2010, the software giant said it doesn't see the need to join Mozilla and Google in paying security researchers who discover bugs in its products. It also announced a new mitigation toolkit and a partnership with Adobe.  Continue Reading