News

News

• March 08, 2005 08 Mar'05

  Windows vulnerable to LAND attack

  Security researchers say this type of attack leaves enterprise customers of popular Windows products open to a denial of service. There is good news, though.

• January 31, 2005 31 Jan'05

  You can prevent buffer-overflow attacks

  Home-grown apps are susceptible to buffer overflows as are Windows and Linux apps; the conclusion of this two-part series will detail how to protect applications from attack.

• January 27, 2005 27 Jan'05

  DoD security clearance: What defense employers are looking for

  Who has the best shot at high-paying jobs requiring security clearances?

• December 20, 2004 20 Dec'04

  "Ten Commandments" of computer ethics

  Guidelines for good online behavior.

• December 16, 2004 16 Dec'04

  Nessus no longer free

  Developers of the popular open-source tool are starting to charge commercial customers who bring nothing to the project's development.

• Sponsored News

  • Keep out vulnerable third-party scripts that help steal data from your website

    Sponsored by Akamai - Visiting a website today, users gain access to a rich, interactive experience that is often customized to their preferences and enhanced for their convenience. See More

  • Part I: Keep the Cloud Your Safe Place

    Sponsored by Forcepoint - Organizations of all sizes have been called upon to swiftly support remote work in order to safeguard the health of their workforce and local communities. As businesses are called upon to scale up remote work procedures for the physical safety of employees, IT teams must accelerate the adoption of technology that ensures their people and data are secure—without hurting productivity or morale. See More

  • DDoS attacks are growing in frequency and scale during the pandemic. What can businesses do?

    Sponsored by Akamai - At a time when many businesses have their resources stretched to the limit, the scourge of distributed denial-of-service (DDoS) attacks has continued unabated and added to the difficulties faced by many during this ongoing pandemic. See More

  • Part II: Safeguard Data Everywhere

    Sponsored by Forcepoint - As security teams are tasked with the duty of rapidly scaling up protections for remote workers, one of the key considerations they must keep in mind is how to safeguard data no matter where it resides or travels. This is hardly a new problem. However, the vastly broadened scope of remote work today requires security teams to revisit policies and technologies. Some solutions that may have been sufficient for isolated use cases don't adequately protect a completely distributed workforce. See More

  View All Sponsored News
• December 14, 2004 14 Dec'04

  Outdated software is risky business

  The nation's IT landscape is loaded with antiquated software ripe for attack. But a new study suggests most companies don't plan to address the problem.

• November 15, 2004 15 Nov'04

  Open-source IPS testing tool released

  Free tool can gauge effectiveness, performance of IPS devices.

• October 06, 2004 06 Oct'04

  302 and 404: Key SOX requirements for security managers.

  SOX is mandatory for most public corporations and focuses on regulating corporate behavior to protect financial audit records. Read about the three main areas of SOX that affect IT: Sections 302, 404 and 802.

• October 06, 2004 06 Oct'04

  'Typical' SOX violations

  Sarbanes-Oxley contains many features, but there are two that stand out from an IT security perspective.

• October 06, 2004 06 Oct'04

  Spyware vs. spyware: Employer and employee monitoring

  What rights and responsibilities do employers and employees have when monitoring others' use of company systems?

• August 18, 2004 18 Aug'04

  Graphical passwords still far from picture perfect

  The proliferation of data and devices is making more enterprises consider graphics-based authentication, from which arises a greater pool of possibilities -- and problems.

• June 17, 2004 17 Jun'04

  Application security: How much does software really cost?

  When purchasing software, asking tough questions and other steps can help you to determine application security -- a major component of the total cost of ownership.

• June 01, 2004 01 Jun'04

  Firewall and system logs: Using log file analysis for defense

  Log analysis is the most under-appreciated, unsexy aspect of infosecurity, yet Marcus Ranum says it's one of the most important.

• May 27, 2004 27 May'04

  Case study: L.A. health alerts don't miss a beat

  Los Angeles County Department of Health Services bioterrorism IT coordinator David Cardenas fields and distributes about a dozen serious health alerts to physicians, hospitals and response agencies and must ensure the flow of such sensitive ...

• April 01, 2004 01 Apr'04

  Using tax depreciation to increase security budgets

  The depreciation of capital assets, such as security hardware and software, is a tax benefit that every infosec manager should take into consideration.

• April 01, 2004 01 Apr'04

  Cyberwar myths: Are cyberwarfare and cyberterrorism overblown?

  Marcus Ranum explains why the whole notion of cyberwarfare is a scam.

• April 01, 2004 01 Apr'04

  Database security tools for preventing SQL injection attacks

  An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.

• March 04, 2004 04 Mar'04

  Dangers of .zip files

  Reader inquiries about security issues surrounding .zip files prompted a Q&A with Wild List moderator Bruce Hughes, who cites more than 40 worms since 1999 that have taken advantage of the compressed file format to spread.

• March 01, 2004 01 Mar'04

  Firewall comparison: Packet-filtering firewalls versus proxy firewalls

  Stateful packet-filtering firewalls account for more than 90% of the market, but the proxy firewall folks haven't rolled up their tents yet. In this firewall comparision you will discover which is better for your enterprise?

• January 05, 2004 05 Jan'04

  Face-off: Hiring a hacker

  SearchSecurity.com editors Crystal Ferraro and Mia Shopis take up the debate of whether enterprises should hire reformed hackers.

• October 14, 2003 14 Oct'03

  Logical integration: Physical and IT security

  In this interview, the security officer for Terminal 4 at JFK International Airport talks about the integration of logical and physical security, and the role biometrics can play.

• August 19, 2003 19 Aug'03

  Benevolent Nachi worm doing more harm than good

  The Nachi worm, which tries to delete the Lovsan worm and patch infected systems, is clogging internal networks with trash traffic.

• August 03, 2003 03 Aug'03

  Examining device-based authentication

  Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.

• June 02, 2003 02 Jun'03

  How to learn IT security in your spare time

  When considering how to learn IT security, never underestimate the power of a few minutes of downtime.

• April 01, 2003 01 Apr'03

  Network packet analyzers enable enterprise 'packet peeking'

  Marcus Ranum explains how network packet analyzers offer a worm's-eye view of what's traversing an enterprise network.

• January 22, 2003 22 Jan'03

  Remote Access Trojans warrant attention

  Smell a RAT? Some security experts predict you will at some point during 2003. Remote access Trojans often leave backdoors wide open for attackers to prowl through your company's networks or systems.

• December 20, 2002 20 Dec'02

  The virus name game

  If you're a virus writer, don't expect to have your nefarious work named after your favorite dog, diet drink or exotic dancer. Antivirus researchers have first dibs on virus names.

• November 27, 2002 27 Nov'02

  4- Virus Management

  Top issues

• October 24, 2002 24 Oct'02

  Debugging IPsec VPNs: Questions and answers

  SearchSecurity recently invited networking expert Lisa Phifer to speak about troubleshooting IPSec VPNs. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. Phifer is ...

• October 03, 2002 03 Oct'02

  SANS, FBI identify top 20 Windows, Unix vulnerabilities

  SANS, FBI identify top 20 Windows, Unix vulnerabilities

• September 13, 2002 13 Sep'02

  Tutorial test answers: Intrusion detection basics

  Here are the answers to the intrusion detection basics test based on the tutorial Webcast.

• July 23, 2002 23 Jul'02

  PHP flaw could crash, burn Web servers

  PHP flaw could crash, burn Web servers

• July 23, 2002 23 Jul'02

  Quick Takes: Major vendors throw support at SAML

  Quick Takes: Major vendors throw support at SAML

• March 29, 2002 29 Mar'02

  Crypto for VPNs: Questions and answers

  SearchSecurity recently invited networking expert Lisa Phifer to speak about understanding IPSec VPN crypto. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. If you ...

• March 18, 2002 18 Mar'02

  Authentication questions and answers

  SearchSecurity invited author and security expert Dr. Richard Smith to speak about authentication and his recently published book on the subject last month. We ran out of time during the Webcast for him to answer several questions from the audience,...

• December 13, 2000 13 Dec'00

  Political hacking: Crime or activism?