|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. The top 10 reasons Web sites get hacked Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say. October 5, 10:19 a.m. PDT Cool tools for hacker trackers If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page. Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots.  September 28, 3:00 a.m. PDT Gmail zero-day flaw allows attackers to steal messages Accounts on Google's Gmail can be easily hacked, allowing any past -- and future -- e-mail messages to be forwarded to the attacker's own in-box, a vulnerability researcher said Tuesday. September 27, 4:14 a.m. PDT Tech giants chart research goals Power consumption, parallelism, and the rapidly-expanding world of mobile communications are among the leading areas of research and development currently being investigated within some of the IT world's largest companies. September 26, 2:53 p.m. PDT Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain. September 25, 2:53 p.m. PDT Critical vulnerability found in Ask.com toolbar for IE A vulnerability in Ask.com's toolbar for Internet Explorer could allow an attacker to take control of a person's computer, according to security advisories. September 25, 8:36 a.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Barracuda buys Web security vendor NetContinuum Barracuda Networks is getting into the Web application security business. The security vendor has acquired NetContinuum, a vendor of Web firewall appliances. Barracuda already sells Web filtering devices that prevent Web surfers from visiting malicious sites, but the NetContinuum products can be used to protect Web sites themselves. September 17, 4:33 a.m. PDT Badware hunters tame wild Webmasters, hosts If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org. September 14, 3:45 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Security researcher intercepts embassy passwords from Tor A security researcher who collected thousands of sensitive e-mails and passwords from the embassies of countries such as Russia and India blamed systems administrators on Monday for not using encryption to shield their traffic from snooping. September 10, 6:20 a.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Mobile workers still struggling with security A fair amount of business users remain oblivious or unconcerned about many of the security issues involved with mobile devices, according to a new study published by Cisco and the National Cyber Security Alliance. August 21, 3:08 p.m. PDT Mobile malware to pose significant threat Although concerns regarding handheld data security still trump fears of mobile viruses, security software vendors and researchers contend that greater numbers of attacks are on the horizon. August 21, 3:00 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT New URI browser flaws worse than first thought A little-known feature in the Windows operating system can lead to big problems for Web surfers. August 15, 12:41 p.m. PDT Vulnerability uncovered within Yahoo Messenger A new vulnerability in Yahoo's instant messenger program can potentially cause unwanted code to run on a PC, according to security researchers. August 15, 7:59 a.m. PDT Government-industry security group expands The Transglobal Secure Collaboration Program (TSCP), an IT security standards consortium that includes heavyweights such as the U.S. Department of Defense (DoD) and many of the largest government contractors in the world, is looking to broaden its ranks. August 14, 1:15 p.m. PDT Novell buys endpoint security firm Senforce Novell announced on Monday that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. August 13, 9:40 a.m. PDT Make mashups secure With the advent of mashups, innovative developers all over the enterprise are seeking new ways to leverage the value of corporate information through the use of external Web applications, APIs, or services. Although the thought of this adventure has sent many corporate security specialists running behind their firewalls, mashups are here to stay. Indeed, they have strategic value for many enterprises, so you’d better figure out how to live with them. August 6, 3:00 a.m. PDT California tightens security rules on e-voting machines California Secretary of State Debra Bowen Friday recertified certain brands of electronic-voting machines for use in 2008 elections after requiring vendors to add security features to "protect the integrity of the vote." August 4, 4:24 p.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Taunting the CIO The Wall Street Journal on Monday ran a special section whose lead article was headlined "Ten Things Your IT Department Won't Tell You." The image on the section cover showed a white-shirted IT guy clutching a keyboard and a tangle of Ethernet cables, looking straight at the reader, with duct tape over his mouth. August 2, 3:00 a.m. PDT Mozilla rushes out second Firefox patch this month Mozilla has patched a pair of nasty flaws in its Firefox browser, two weeks after security researchers first started posting code that showed how the flaws could be exploited in attacks. July 31, 4:15 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Black Hat spurs Apple to patch iPhone With security researchers set to reveal details of a critical security flaw in the iPhone at the Black Hat 2007 conference next week, Apple Inc. now has fewer than seven days to patch a critical vulnerability in the product. July 27, 3:00 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Piecing together IBM's security puzzle IBM owns some of the world's leading IT security talent, products, and services, but executives with the massive company say it will likely never aim to become what people might label as a true "security vendor." July 23, 3:00 a.m. PDT Much ado over click-fraud statistics The battle between advertisers and online search networks over the pervasiveness of click-fraud continues to grow more heated with researchers claiming rapid growth of automated ad impressions and outside observers noting an overall lack of transparency in the space. July 19, 4:18 p.m. PDT Mozilla: Security remains on front burner With the release of its latest Firefox 2.0.0.5 browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product. July 18, 3:26 p.m. PDT Applications security: Cenzic stands alone With a new product fresh out the door and its two largest rivals recently acquired by massive IT bellwethers, applications security testing specialist Cenzic contends that it's ready to reap the rewards of remaining independent. July 18, 4:34 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Secure applications in a secure ecosystem: the next challenge This is the fourth in a series of columns exploring the possibility of building a next-generation secure Internet. July 6, 3:00 a.m. PDT Veracode debuts system to test binary code Veracode launched its Software Security Ratings Service on June 25, introducing its new system for use in testing the safety of applications development among enterprise customers and third-party software makers. June 25, 1:25 p.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT With Windows port, a bug-hunting Safari for Apple Security researchers have jumped on Apple's beta version of the Safari browser, digging up as many as 18 bugs in the software, just one day after its release. June 12, 5:23 p.m. PDT Safari for Windows: Released and hacked in a day Apple is becoming a favorite target of security researchers these days. In April, there was the $10,000 CanSecWest hack a Mac contest, and on Monday, there was the Safari Web browser. Or the public beta of Safari for Windows, anyway. June 11, 4:17 p.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT IBM to buy Web app security vendor Watchfire IBM liked Watchfire's Web application security software so much it plans to buy the company for an undisclosed sum, it said Wednesday. June 6, 6:04 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT 2007 InfoWorld CTO 25: Jeremiah Grossman Everyone knows there are hackers out there intent on compromising Web sites. But it’s often hard for the people operating those sites to identify and plug security holes on their own. June 6, 3:00 a.m. PDT Software more art than science, says Microsoft's Mundie Ever wondered why Microsoft software needs continually to be patched and updated? Microsoft's Chief Research and Strategy Officer Craig Mundie believes it's because software development is still more an art than a science. June 5, 5:58 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT 2007 InfoWorld CTO 25: Antonio Nucci Comparing Narus' Dr. Antonio Nucci to your average CTO is like comparing Tiger Woods to your average duffer. June 4, 3:00 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Attackers get chatty on VoIP The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. May 30, 12:18 p.m. PDT Symantec mobile security client delayed Symantec has delayed the release of its first security suite for Windows Mobile devices. May 30, 4:46 a.m. PDT Google buys into security, acquires GreenBorder Google has jumped into the anti-malware market, snatching up browser-based security software maker GreenBorder Technologies for an undisclosed amount of money. May 29, 9:32 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft tools keep bad Office files at bay Microsoft released a pair of tools on Monday that help protect computers from Office 2003 files containing malicious software code. May 22, 4:09 a.m. PDT Deepwater churns around unencrypted data The most sensitive and highly classified data communicated over the nation's internal computer networks remains at risk for exposure, according to key witnesses in the government's investigation into the United States Coast Guard's Deepwater procurement program. May 17, 11:33 a.m. PDT Secunia: Firefox users more likely to install patches Firefox users have something new to brag about. Security vendor Secunia reports that users of the open-source browser are more likely to have installed the latest security updates than Web surfers running Internet Explorer or Opera. May 17, 4:22 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Samba developers quash serious bug Users of the open-source Samba software are being urged to patch their code following the discovery of a critical bug in the file-and-print software. May 15, 4:28 a.m. PDT Building trust in downloads no simple feat The Truste group's goal of creating an online ecosystem through which software makers are held accountable for the functions of their programs and end users are given the power to keep unwanted applications off their devices won't be achieved easily, according to security researchers and participants in the nonprofit's Trusted Downloads project. May 10, 5:04 p.m. PDT Microsoft invites hackers back for Blue Hat Microsoft is once again inviting members of the hacking community into its Redmond, Washington, campus to show the software giant where it's gone wrong. May 10, 4:19 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT V.I. Labs adds snooping to antipiracy product Antipiracy tools vendor V.I. Laboratories has joined forces with ICG (Internet Crimes Group) to offer software developers and enterprise IT shops a way to keep track of criminals who are illegally publishing their software. April 16, 4:11 p.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT More security OEM deals to come With enterprises demanding more tightly integrated security products than ever before and pressure increasing on vendors in the space to offer as many tools as possible to win deals, experts say that an increasing number of technology providers will turn to licensing agreements to help increase their marketability. April 12, 3:57 p.m. PDT Microsoft investigates reports of new Office flaws Security experts have discovered more vulnerabilities in Microsoft Word and other software, although hackers do not appear to be exploiting them yet. The flaws have been reported just as Microsoft releases its latest round of security patches. April 11, 5:14 a.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT What the enterprise can learn from consumer technologies Today’s corporate end-users are far more tech-savvy than their productivity with IT tools indicates. After all, screen-deep in IMs, widgets, and elaborate consumer Web apps, they’re proving themselves well-versed in the production and distribution of content as facilitated by the consumer Web 2.0 craze. April 9, 3:00 a.m. PDT Finding security in Windows Mobile monoculture Without a doubt, the most influential factor driving the current state of IT security is the ubiquitous presence of Microsoft's dominant Windows operating system on a vast majority of the world's PCs. April 6, 4:52 p.m. PDT Microsoft patching five flaws, two critical Microsoft announced in its monthly Patch Tuesday preview that it plans next week to release security updates for five individual product vulnerabilities, including two critical issues. April 6, 10:28 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT British UFO hacker loses extradition appeal A British hacker who broke into U.S. military computers looking for evidence of UFOs lost another extradition appeal on Tuesday in London's High Court. April 3, 5:02 a.m. PDT SANS to test programmers' security sense Amid growing Internet crime enabled in part by faulty programming, the SANS Institute will introduce a series of four exams for developers to test how well they can write secure code. March 26, 6:15 a.m. PST ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Global malady: Virus writers worldwide team up Security researchers have been touting the growing nature of professionalism among virus authors over the last several years, but new evidence points to increased cooperation between malware writers spread around the globe, according to some experts. March 20, 11:13 a.m. PST Timely coverage Usually daylight-saving time is no big deal. We “spring ahead,” grumble briefly about an hour of lost sleep, and get on with life. This year could be different. The Energy Policy Act of 2005 advanced DST by three weeks, forcing IT managers into a feverish patch-fest, as they scramble to make sure their systems can handle the March 11 transition. March 12, 3:00 a.m. PST Company offers boost for Vista security A security vendor is offering an add-on product for Windows Vista's User Account Control feature, which has been flagged as a threat to business users because it can be easily bypassed by hackers. March 5, 12:37 p.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST Attackers seize on new zero-day in Word Microsoft's Word and Office programs have been targeted again, with the company warning that hackers may already exploiting a new vulnerability found in the applications. February 15, 4:26 a.m. PST Enemy inside the firewall Corporate security lapses are once again sweeping the news hour, but these days the culprit is just as likely to be an inside source -- a paid employee at a reputable company -- as a hacker doing evil somewhere in a Moscow basement. February 2, 3:00 a.m. PST Back to school: Getting girls into IT Despite the success of various education initiatives in the past several years, there’s little doubt that the shortage of women in technology begins on the playground. As such, many industry leaders and experts believe the long-term solution to the gender imbalance in IT lies in women technologists going back to school -- way back, to high schools and even elementary schools to mentor young girls, who too often give up on math and science at an early age. January 29, 3:02 a.m. PST Activism provides competitive advantage for IT Encountering another woman working in technology was a rare event for me when I started out in IT many years ago. In the years since, women have made significant strides, sometimes against great odds, proving their mettle as both tech execs and engineers. January 29, 3:01 a.m. PST Gender crisis in IT You don’t need a degree in statistics to recognize that IT is a men’s club. Just walk the floor of any tech conference or, in all likelihood, your own office — XY chromosomes everywhere you look. January 29, 3:00 a.m. PST Researcher: PatchGuard hotfix stitches up benefit to Microsoft Microsoft has come under fire for quietly releasing a fix to its controversial PatchGuard kernel protection software in order to improve the performance of its Virtual Server 2005 product. January 19, 7:12 p.m. PST Wi-Fi body to simplify security The group that certifies Wi-Fi products aims to make more wireless LANs secure by taking some of the work out of locking them down. January 8, 4:43 a.m. PST Pay to protect your data or pay the consequences 2006 may have been a wash in terms of overall computer security, but if you’re banking on status quo in 2007, chances are your budget won’t have the right mix. And if there’s one area you’re sure to come up short in this year, it’s information protection. January 8, 3:00 a.m. PST Q&A: E-voting issues still there The debate over the security of electronic voting machines hasn't gone away after November's elections in the U.S. January 2, 12:54 p.m. PST Technology of the Gods January is named after Janus, the two-faced Roman deity of beginnings and endings, who reportedly was able to look both forward and back. So for our Jan. 1 issue, we pay homage to the mythological immortal with our seventh annual Technology of the Year Awards, an analysis of where IT has been and where it’s going in 2007. January 1, 3:00 a.m. PST > Application development > Applications > Security |
|
|
||||||||||||||||||
