More from -- January 2007

Highlights from Information Security magazine's January 2007 issue

Information Security magazine's January issue takes a deep dive into the security issues you need to be proficient with today--like endpoint security and strong authentication-- and what you'll need to keep an eye on for tomorrow--RFID and securing virtual machines.


Messaging (In)security

Senior news writer Bill Brenner examines the top messaging security challenges facing today's businesses. Based on the results of exclusive reader research, we'll focus on hot-button issues like evolving threats, remote email and instant messaging, and what it takes to keep it all secure.

Free for all
Why spend money to buy security tools when you can get great tools for free? In his monthly column, Scott Sidel spotlights some of the Web's best information security freeware programs. It's a great way to keep up with the hottest tools and keep your organization's costs down.   

One click away

Can't get enough information security podcasts? Visit, where we have all of our latest podcasts available as streaming audio. With just one click, you can listen to the latest news, exclusive interviews and in-depth technical tips on your desktop without pesky downloads.

Wide world of endpoint security
Network perimeters have dissolved as your employees, contractors and partners access data from virtually anywhere. All of those endpoints introduce risk to your network. Expert David Strom hosts a webcast Jan. 17 at noon ET, that will explain what makes up a successful endpoint security strategy and how evolving vendor partnerships are affecting NAC product sets.
>> Register for this webcast.

FFIEC Crash Course
Financial institutions that offer online banking are required by the Federal Financial Institutions Examination Council (FFIEC) to implement strong authentication to secure transactions. Now that the first FFIEC deadline has passed, keep this crash course on FFIEC and strong authentication handy as a resource guide.
>> Review Two-factor authentication and the FFIEC: A crash course

RFID primer
Is RFID in your company's future? Expert Joel Dubin explains some of the security issues that exist and would need to be resolved before RFID becomes a mainstream tracking technology for your supply chain.
>> Review RFID tags: Do they have a secure future?

Snort and syslog
Snort is probably the most popular network intrusion detection system in deployment, but admittedly, it doesn't do a good job with syslog traffic, expert Mike Chapple says. In this tip, he points you to some of the best alternatives for monitoring Snort log data.
>> Read Can Snort read multi-platform syslogs?

Zero Hour
This list lays out zero-day flaws in Windows that were discovered in 2006 and when they were patched:

Month Flaw Appeared Patched Patch Payload
January WMF Dec. 28, 2005 Jan. 5 MS06-01 Spyware infections, spam relays
March IE createTextRange March 22 April 11 MS06-013 Remote code execution
May Word malformed object pointer May 10 June 13 MS06-027 Remote code execution
June Excel document processing June 16 July 11 MS06-037 Remote code execution
July PowerPoint malformed shape container or record July 12 Aug. 8 MS06-048 Remote code execution
September IE Vector Markup Language buffer overflow Sept. 18 Sept. 26 MS06-055 Botnet; remote code execution
  PowerPoint Sept. 27 Oct. 10 MS06-058 Remote code execution
  Word Sept. 2 Oct. 10 MS06-060 Remote code execution
November Visual Studio Object Broker ActiveX control Nov. 1 Dec. 12 MS06-073 Remote code execution
  XML Core Services XMLHTTP 4.0 ActiveX control Nov. 3 Nov. 15 MS06-071 Remote code execution
December Word Dec. 5 Unpatched   Remote code execution
  Windows Media Player Dec. 7 Dec. 12 MS06-078 DoS; remote code execution
  Word Dec. 10 Unpatched   Remote code execution

In this exclusive interview with Information Security magazine Nikk Gilbert, IT security and telecom director reviews the obstacles he encountered when placed at the helm of an enterprise that didn't have a dedicated security team and what enterprise security professionals can do secure their network.
>> Read the interview with Nikk Gilbert

December 2006 November 2006 October 2006 September 2006 August 2006 July 2006
June 2006 May 2006 April 2006 March 2006 February 2006 January 2006
December 2005 November 2005 October 2005 September 2005 August 2005 July 2005
This was last published in January 2007

Dig Deeper on Application firewall security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.