|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers.  October 4, 3:41 p.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Best of open source in networking If we had to pick the most significant trend in networking today, the VoIP phenomenon might well top the list. And open source is playing no small part. While enterprises remain reluctant to rip out their tried-and-true PBXes, open source VoIP -- usually in the form of Asterisk -- is capturing business communications one small business or branch office at a time. Sooner or later, enterprises too will catch the open source VoIP bug. The cost savings and flexibility are too compelling to resist. September 10, 3:00 a.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Piecing together IBM's security puzzle IBM owns some of the world's leading IT security talent, products, and services, but executives with the massive company say it will likely never aim to become what people might label as a true "security vendor." July 23, 3:00 a.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT 2007 InfoWorld CTO 25: Aristotle Balogh Here in San Francisco, where the San Andreas fault shifts the ground beneath our feet, most of us try to ignore the fact that the Big One is coming. At VeriSign offices down the road in Mountain View, they worry about a different kind of Big One -- namely, a cataclysm that wipes out the Internet. Not only that, they pin all the responsibility for survival on a single guy: CTO Ari Balogh. June 8, 3:00 a.m. PDT 2007 InfoWorld CTO 25: Chris Uriarte When Chris Uriarte needs a forensics fix, he doesn't turn on "CSI." As CTO of Retail Decisions (ReD), he has a slew of online fraud and threat studies at his fingertips. June 8, 3:00 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Cryptome afloat despite Deepwater's ripple The Deepwater defense contractor scandal has echoed from the halls of Congress across the World Wide Web, and despite being shut down by its ISP after posting documents considered central to the controversy, online resource Cryptome.org remains alive. May 8, 4:46 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Hackers beware: You are what you type As anyone who’s ever held forth in a barroom debate can attest, strange topics attract strange people. And no one knows that better than Dr. Neal Krawetz, computer science Ph.D. and renowned expert in “nonclassical” computer forensics, who focuses on ways to identify otherwise anonymous people online. Krawetz, who is the head of Hacker Factor Solutions, is a pioneer in offbeat methods of identification — finger tapping, syntax slips, errant blog posts — they’re all fodder for Krawetz’s analysis, which pieces together bits of incriminating evidence to pin down online bad guys. August 14, 3:00 a.m. PDT Tackle malicious Web code without infecting yourself How do you investigate potentially malicious Web page code without infecting yourself? June 9, 3:00 a.m. PDT Hack Tales: Keeping track of tools the wireless way “Who has that damn cart now?” During a network build-out for a large New York commercial real estate manager a few years back, that phrase got shouted often enough to become a stress mantra. May 29, 3:00 a.m. PDT Hack Tales: Network auditing on a shoestring What do you do when the auditors are breathing down your neck, wanting to see an exhaustive report on the Windows network security of a 2,000-user network across eight sites? That’s easy. Break out a text editor and start writing some Perl. May 29, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Stupid user tricks: Eleven IT horror stories No matter how hard we pray, how many chickens we sacrifice, how often we chant naked by moonlight, every network is at one time or other exposed to the ultimate technology risk: users. April 13, 3:00 a.m. PDT NTT service plugs information leaks in China NTT Communications has extended to China a service that's designed to prevent sensitive corporate information from being accidentally leaked to outsiders, the company said in a statement. March 17, 4:23 a.m. PST Plug-and-play appliances reshape IT landscape Looking for a can’t-miss enterprise trend? I have just one word for you: appliances. During the past year, our Test Center has been inundated with the things. And not just the old standbys like firewalls, switches, and routers. I’m talking appliances that can handle virtually every IT operation: intrusion prevention, intrusion detection, CRM, anti-spam, e-mail security, Web services integration. We’ve even seen a smattering of appliances for Microsoft Exchange that come bundled with managed services (look for our Test Center review in April). March 6, 3:00 a.m. PST Entuity improves Eye of the Storm's network vision Entuity on Tuesday unfurled Version 4.5 of its Eye of the Storm network management suite, equipping administrators with greater visibility and control over the network. February 28, 8:30 a.m. PST U.S. DHS completes large-scale cyber exercise The U.S. Department of Homeland Security (DHS) has completed the first full-scale government-led cyber attack simulation, and officials there called the exercise a "significant milestone." February 10, 1:05 p.m. PST AOL patches serious Winamp bug Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. January 30, 3:07 p.m. PST Network Physics NP-500 tills the LAN Here’s the scenario: The development guys have just deployed the new version of your CRM application, and the infrastructure group has finally upgraded the backbone to Gigabit Ethernet. So why are the users still complaining about poor performance? Where’s the bottleneck? January 26, 3:00 a.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Document management systems go to court Two proposed amendments to the federal Rules of Civil Procedure, if passed by Congress, will have a major impact on corporations and their IT departments. One expert I spoke with called the situation a legal Chernobyl. December 27, 3:00 a.m. PST Hardware isn't enough IT buyers live in a golden age of commodity hardware. Processors, servers, networks, storage, you name it: Every segment of the IT stack keeps getting faster, cheaper, and more commoditized. No surprise, then, that IT managers often resort to a checkbook-waving strategy, throwing hardware at every IT problem, from a balky WAN to an application speed bump. November 28, 3:00 a.m. PST The fragile wireless network The veil was lifted from my eyes when Katrina hit. I realized that our wireless infrastructure, critical for relief efforts, was sorely lacking. September 13, 4:00 a.m. PDT Cisco mulls acquiring Nokia, report says Internet equipment maker Cisco Systems Inc. is interested in acquiring Nokia Corp., the world largest manufacturer of mobile phones, according to several media reports citing the Sunday Business newspaper. August 8, 3:58 a.m. PDT Black Hat: ISS researcher quits job to detail Cisco flaws LAS VEGAS - Internet Security Systems (ISS) research analyst Michael Lynn quit his job to provide information on a serious Cisco Systems router vulnerability at this week's Black Hat USA conference after his company decided not to give a presentation on the flaw. July 27, 2:36 p.m. PDT Fujitsu to launch palm-vein security system Fujitsu will start selling globally in July a biometric security device that relies on vein patterns in the hand to verify a user's identity, it said Wednesday. June 29, 11:22 a.m. PDT Clamp down on security leaks Your organization’s Sarbanes-Oxley audit is scheduled for this summer. Will you be able to show who has access to financial records and what they’re doing with that data? Just as important, can you prove you’re equipped to take immediate action when policy violations occur? June 20, 5:00 a.m. PDT Securing data at the point of use Inspecting content on the wire, the approach taken by the products in this roundup, is nothing new. In fairness to these vendors, they’ve put a lot of hard work into optimizing their solutions to handle high data volumes and the fresh ways users try to bypass scrutiny. But this traditional strategy can grow in complexity as organizations struggle to keep up with the latest ways information might leave the enterprise. June 20, 5:00 a.m. PDT Microsoft patches critical bugs in IE, Windows Microsoft released 10 security patches, including three deemed "critical," for bugs in a variety of the company's products. Released Tuesday as part of the company's monthly updates, the critical patches repair flaws in Windows and Internet Explorer that could allow attackers to take complete control of a computer, Microsoft said. June 14, 2:51 p.m. PDT FTC plans international 'zombie'-awareness campaign The U.S. Federal Trade Commission (FTC), in conjunction with regulatory bodies in about 30 countries, is about to launch a new education campaign directed at ISPs. Its message? The zombies are out of control. May 23, 5:07 p.m. PDT MCI employee data stolen in laptop theft MCI is evaluating new corporate security technologies following the theft of a notebook computer containing personal information on about 16,500 current and former employees, the company said Monday. May 23, 2:55 p.m. PDT Study: Intel's hyperthreading could expose servers Intel's hyperthreading technology could allow a hacker to steal security keys from a compromised server using a sophisticated timing attack, a researcher said Friday in a paper presented at the BSDCan 2005 conference. May 13, 3:28 p.m. PDT Investigators link Cisco hack to other activities A theft of computer source code from Cisco Systems, reported a year ago, has led to a wide-ranging investigation of potential criminal activity involving multiple server break-ins in several countries, according to the U.S. Federal Bureau of Investigation (FBI). May 10, 9:44 a.m. PDT Business continuity in the face of terrorism Before Richard Clarke published his book, Against All Enemies: Inside America’s War on Terror, and became associated with election year politics, he was a senior security advisor to the White House with expertise in counterterrorism and homeland security. Following Sept. 11, 2001, Clarke met twice with a CIO organization that called itself the Chicago Research Planning Group (CRPG) but has since renamed itself the Security Board. May 10, 5:00 a.m. PDT Fear and loathing at Interop “What happens in Vegas, stays in Vegas” may be the rule for gamblers and dance club denizens, but I hope you’ll forgive my passing along a few newsworthy items from the Interop show in that dusty desert outpost. May 9, 5:00 a.m. PDT Feed the monitoring multitudes The GigaVue-MP is a modular system that provides line-speed port aggregation, switching, filtering, and duplication of streams via an out-of-band switch fabric for network analysis. It filters traffic on just about anything in the Ethernet header, extracts or combines it with other inputs, sends it to a collection of output ports, and filters it yet again. This combination of pre- and post-filtering allows you to match any link to any tool, as well as perform many-to-one and one-to-many switching. You can send port 80/443 data to your application monitoring tool, VoIP traffic data to your telecom group, and all traffic data to your IDS/IPS tool. Additional monitoring tools can be added to the mix simply by modifying GigaVue’s filter table. May 2, 5:00 a.m. PDT Venezuelan arrested for '01 Airforce hacks A popular Venezuelan hacker known as "RaFa" was arrested April 2 and charged with hacking into U.S. Department of Defense (DOD) servers almost four years ago. April 11, 4:08 p.m. PDT The consultant's view Steve Manzuik is an independent IT security consultant. March 28, 6:00 a.m. PST The CTO's perspective Kevin Bernstein is CTO of platinum capital group. March 28, 6:00 a.m. PST Secure architectures Thanks to complex perimeters, sophisticated application-level threats, and regulations that hold CEOs and CIOs accountable for company data, security must now be regarded as more than a bunch of technologies tacked onto the network. “Companies are realizing they must approach security at the enterprise level,” says Rich Caralli, senior member of the technical staff at the CERT Coordination Center’s survivable enterprise management group. “Rather than chasing the latest threat, they’re working on identifying and securing directly the core business processes and information assets essential to the company mission.” March 11, 3:00 p.m. PST Secret Service cracks down on cybercrime Last week, I spoke with Brian Nagel, assistant director of the Secret Service’s Office of Investigations. The Secret Service is famous as the agency that provides bodyguards to the president -- at one time Nagel served in the Presidential Protective Division -- but both he and the agency do far more than that nowadays. March 4, 3:00 p.m. PST Microsoft researchers target worms, buffer overruns REDMOND, WASH. - Researchers at Microsoft showed off some forward-looking technologies on Wednesday, including new ways to protect systems against Internet worms, prevent hacker attacks and measure available bandwidth on home networks. March 3, 4:50 p.m. PST Security moving closer to OS, networks Last week's RSA Conference 2005 demonstrated that security components are moving rapidly to the OS and the network as enterprises reinforce their IT systems against a growing security threat. February 21, 6:00 a.m. PST Microsoft releases 12 patches for 16 vulnerabilities On the same day it announced the purchase of antivirus software vendor Sybari Software, Microsoft seeded the Internet with raw material for a possible future harvest of new worms and viruses. February 8, 1:42 p.m. PST Reeling in the phishers Phishers beware. IT is watching you watching them. The FBI is out to get you jailed, too. January 21, 3:00 p.m. PST DOD cyber sleuths swap secrets in Florida The U.S. Department of Defense (DOD) is making changes to streamline its response to online threats across the various branches of the military, and deal with a steady stream of new online woes, from hacking attempts to child pornography and threats posed by powerful portable storage devices such as iPods, according to senior DOD officials. January 12, 2:10 p.m. PST McAfee tool identifies exposed data Recognizing that Google’s search engine can become a repository for far too much information, McAfee this week released an updated version of its Foundstone SiteDigger security tool that helps enterprises identify damaging information that may be exposed on the Web. January 10, 5:00 a.m. PST Congresswoman reintroduces spyware bill WASHINGTON - Spyware legislation that would allow fines of up to $3 million for makers of software that steals personal information from a user's computer or highjacks its browser will get a second look after the U.S. Congress failed to pass the legislation in 2004. January 5, 9:55 a.m. PST The top 20 IT mistakes to avoid We all like to think we learn from mistakes, whether our own or others’. So in theory, the more serious bloopers you know about, the less likely you are to be under the bright light of interrogation, explaining how you managed to screw up big-time. That’s why we put out an all-points bulletin to IT managers and vendors everywhere: For the good of humanity, tell us about the gotchas that have gotten you, so others can avoid them. November 19, 3:00 p.m. PST New Sober variant spreading A new version of the Sober e-mail worm started spreading in Europe on Friday, according to antivirus vendors, which have given the worm a midlevel threat rating. November 19, 1:06 p.m. PST Panel: Gov't can't mandate security WASHINGTON - Now is not the time for the U.S. government to mandate cybersecurity standards to private industry, despite significant threats and a lack of understanding by many company executives. So concluded a panel of government officials that met to discuss the issue in September. November 15, 12:38 p.m. PST Study: Information security field to grow steadily WASHINGTON - The number of cybersecurity professionals is projected to grow at an annual compound rate of nearly 14 percent from now until 2008, according to a study released this week during the Computer Security Institute (CSI) trade show in Washington, D.C. November 9, 1:26 p.m. PST Problems with e-voting? Blame the humans Voters worried that an electronic voting machine might accidentally eat their vote on Nov. 2 would be better off pointing the finger of blame at clueless poll workers than at shiny new touchscreen machines, according to information released by the Information Technology Association of America (ITAA). October 19, 4:35 p.m. PDT NJ residents file lawsuit to block e-voting WASHINGTON - A coalition of New Jersey residents filed a lawsuit Tuesday asking a judge to stop the state from using electronic voting machines in the Nov. 2 election. October 19, 4:33 p.m. PDT Update: U.S. cybersecurity chief resigns WASHINGTON - The head of cybersecurity efforts at the U.S. Department of Homeland Security (DHS) has resigned this week, leaving his job after reportedly giving a one-day notice. October 1, 3:10 p.m. PDT The shaky state of enterprise security Faced with a seemingly endless onslaught of virulent Internet worms, spam, and e-mail scams, less than half of IT professionals report strong confidence in the security of their enterprise networks, according to the results of the 2004 InfoWorld Security Survey. July 23, 3:00 p.m. PDT Patrolling an always-on network Butch Johnstone looks back at the past year with a mixture of pride and concern when it comes to the issue of enterprise security. July 23, 3:00 p.m. PDT Security: It's time for management to get a clue It’s easy for people to say that they’re extremely or very confident that their IT department’s security is up to par, and it’s even easier for executives to become convinced of a company’s invulnerability to computer-borne attacks. Even though our respondents were no more confident than they were last year, they still seem to be convincing management they know what they’re doing. July 23, 3:00 p.m. PDT RNA sniffs out network intrusions When Martin Roeschcreated Snort, his original intention was significantly more modest than the industry standard for intrusion detection that the work became. May 21, 3:00 p.m. PDT Sniffing for intruders Honeypots are quickly gaining acceptance in corporate environments as highly accurate early warning systems. Because they aren’t production assets, any activity on a honeypot can immediately be considered suspicious and the appropriate defensive response can be initiated. There are about a dozen serious vendors in the honeypot field, including KeyFocus’ KFSensor, Network Security Software’s Spector 7.0, and the open source favorite Honeyd, but Palisade Systems’ SmokeDetector is the only hardware offering. April 16, 3:00 p.m. PDT > Networking > Security |
|
|
||||||||||||||||||
