|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. How to think like an online con artist Con job, pretexting, social engineering – the art and science of manipulating human beings for nefarious ends – goes back as far as the origin of the species. The techniques have been practiced and perfected by a rogue's gallery of flimflam artists, from legendary carnival operator P. T. Barnum to infamous FBI mole Robert Hanssen.  October 1, 3:00 a.m. PDT Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain. September 25, 2:53 p.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT AT&T: Network perimeter security should be virtual Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way. September 20, 4:05 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT 10 reasons to be paranoid The truth is out there ... and so is your data. And just because there are no virtual black helicopters following you doesn't mean somebody somewhere doesn't have a bead on who you are and what you are doing. August 27, 3:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Project WOMBAT looks to manage online threats Researchers are looking for formal European Union sponsorship of a new project that would keep an eye on malicious software and computer attacks around the world. August 2, 6:21 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Black Hat security presenter turned away at border A German security expert has been turned away at the U.S. border by immigration officials while on his way to present at the Black Hat conference in Las Vegas. July 30, 4:15 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT 'Huge' hole found in Fox News server Security analysts spotted a gaping security hole in Fox News Network's Web site on Monday, revealing file directories and sensitive content, although it appears the problem has been fixed. July 23, 7:25 a.m. PDT Security team claims successful iPhone hack A team of security experts in Baltimore said it has found a flaw in Apple's iPhone handset that can be used by attackers to access private data stored on it. July 23, 4:27 a.m. PDT Mozilla: Security remains on front burner With the release of its latest Firefox 2.0.0.5 browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product. July 18, 3:26 p.m. PDT Applications security: Cenzic stands alone With a new product fresh out the door and its two largest rivals recently acquired by massive IT bellwethers, applications security testing specialist Cenzic contends that it's ready to reap the rewards of remaining independent. July 18, 4:34 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. July 6, 4:43 a.m. PDT IIS vs. Apache: Re-examining the statistics As a Microsoft employee, I try to avoid writing on areas that blatantly promote Microsoft. However, I think this question is generic enough to involve Microsoft in the discussion: Can IP addresses ever be used for statistical analysis of malicious Web sites? June 29, 3:00 a.m. PDT Veracode debuts system to test binary code Veracode launched its Software Security Ratings Service on June 25, introducing its new system for use in testing the safety of applications development among enterprise customers and third-party software makers. June 25, 1:25 p.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT Helping retailers wipe ID data issue When data breach investigator Bryan Sartin gets a call to check into an incident involving customer records loss at a retailer, he knows that the situation most likely involves information that has been lifted from a company's point-of-sale systems. June 13, 8:44 a.m. PDT 2007 InfoWorld CTO 25: Aristotle Balogh Here in San Francisco, where the San Andreas fault shifts the ground beneath our feet, most of us try to ignore the fact that the Big One is coming. At VeriSign offices down the road in Mountain View, they worry about a different kind of Big One -- namely, a cataclysm that wipes out the Internet. Not only that, they pin all the responsibility for survival on a single guy: CTO Ari Balogh. June 8, 3:00 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Attackers get chatty on VoIP The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. May 30, 12:18 p.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Deepwater churns around unencrypted data The most sensitive and highly classified data communicated over the nation's internal computer networks remains at risk for exposure, according to key witnesses in the government's investigation into the United States Coast Guard's Deepwater procurement program. May 17, 11:33 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Building trust in downloads no simple feat The Truste group's goal of creating an online ecosystem through which software makers are held accountable for the functions of their programs and end users are given the power to keep unwanted applications off their devices won't be achieved easily, according to security researchers and participants in the nonprofit's Trusted Downloads project. May 10, 5:04 p.m. PDT Microsoft invites hackers back for Blue Hat Microsoft is once again inviting members of the hacking community into its Redmond, Washington, campus to show the software giant where it's gone wrong. May 10, 4:19 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Gartner: Hacking contests bad for business A pair of Gartner analysts Tuesday denounced a recent hack challenge that uncovered a still-unpatched QuickTime bug, calling it "a risky endeavor" and urging sponsors to reconsider such public contests. May 1, 2:10 p.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Myth crushed as hacker shows Mac break-in A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver. April 20, 2:48 p.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT Symantec takes initial step into SaaS Symantec took its initial step into the software-as-a-service market on April 17, introducing its maiden set of hosted applications for small and medium-sized businesses. April 17, 4:00 a.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT More security OEM deals to come With enterprises demanding more tightly integrated security products than ever before and pressure increasing on vendors in the space to offer as many tools as possible to win deals, experts say that an increasing number of technology providers will turn to licensing agreements to help increase their marketability. April 12, 3:57 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT New class of attack targets embedded devices A security researcher at Juniper Networks says he plans to demonstrate a new class of attack that can be used to compromise electronic devices like routers or mobile phones. April 5, 5:10 a.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST TJX stolen data used in Florida crime spree Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies. March 21, 9:25 a.m. PST Hackers promise month of MySpace bugs They won't divulge their real names, they call their project a "whiny, attention-seeking ploy," and they appear to take their fashion cues from Beastie Boys music videos. March 19, 7:12 a.m. PST Crisis management 101 I recently participated in some war-game-style what-if exercises with a small group of IT execs. The goal was to stimulate thinking about how corporations can best prepare for, and respond to, significant business disruptions, whether from terrorism, weather, biological threats, or other unexpected shocks. March 8, 3:00 a.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST Software Vulnerability Index making progress Security experts working on the CWE (Common Weakness Enumeration) project claim that the initiative to create a central resource of software vulnerabilities for developers is gaining momentum. March 1, 11:16 a.m. PST Tolerating online fraud Whenever I see someone turning the other cheek to a problem, I smile and think of the greatest golden retriever I’ve ever known, a family dog named Kayo who was a very strong swimmer. March 1, 3:00 a.m. PST NAC smorgasbord: Four ways to police the network In this age of worms, zombies, and botnets, mobile computers themselves are a kind of Trojan horse. Do you know where that computer’s been? No, you really don’t. February 5, 3:00 a.m. PST Women in technology: A call to action A quick scan of almost any IT department -- from the trenches to the corner office -- confirms it: Women who embrace technology as a lifelong career remain a rare breed. To be sure, opportunity for women in technology has advanced in the past few decades, as have education initiatives aimed at leveling the playing field, but for every woman rising to prominence or embarking on a profession in IT, there seems to be another opting out of her career in technology. January 29, 3:03 a.m. PST Back to school: Getting girls into IT Despite the success of various education initiatives in the past several years, there’s little doubt that the shortage of women in technology begins on the playground. As such, many industry leaders and experts believe the long-term solution to the gender imbalance in IT lies in women technologists going back to school -- way back, to high schools and even elementary schools to mentor young girls, who too often give up on math and science at an early age. January 29, 3:02 a.m. PST Activism provides competitive advantage for IT Encountering another woman working in technology was a rare event for me when I started out in IT many years ago. In the years since, women have made significant strides, sometimes against great odds, proving their mettle as both tech execs and engineers. January 29, 3:01 a.m. PST Gender crisis in IT You don’t need a degree in statistics to recognize that IT is a men’s club. Just walk the floor of any tech conference or, in all likelihood, your own office — XY chromosomes everywhere you look. January 29, 3:00 a.m. PST Pay to protect your data or pay the consequences 2006 may have been a wash in terms of overall computer security, but if you’re banking on status quo in 2007, chances are your budget won’t have the right mix. And if there’s one area you’re sure to come up short in this year, it’s information protection. January 8, 3:00 a.m. PST Technology of the Gods January is named after Janus, the two-faced Roman deity of beginnings and endings, who reportedly was able to look both forward and back. So for our Jan. 1 issue, we pay homage to the mythological immortal with our seventh annual Technology of the Year Awards, an analysis of where IT has been and where it’s going in 2007. January 1, 3:00 a.m. PST Review of reviews It’s coming up on closing time for 2006. All around us, everyone is going into holiday mode. Not to be curmudgeonly contrarians, InfoWorld will be following suit, taking a one-week break before returning on Jan. 1 with our first print issue of the year. (It’s really only a semi-hiatus; InfoWorld.com will continue to perk over the holidays with a slightly reduced slate of stories.) December 18, 3:00 a.m. PST Feds weather fictional attack, Oracle cuts workers some slack The Department of Homeland Security has released its report on Operation Cyber Storm, a simulated attack on the nation's digital infrastructure. The good news is we survived. The bad news? It seems the agencies responsible for responding to cyberattacks hadn't been properly introduced and didn't know how to contact one another. Had this been an actual emergency, you would have been instructed to bend over and kiss your assets goodbye. On a positive note, DHS officials earned high marks for quickly locating the "any" key. September 22, 3:00 a.m. PDT Security not keeping pace with technology advances Trying to lock down your company's applications and protect your systems from attack? If so, security scanners and source-code analysis tools are not up to the job -- despite vendor claims to the contrary. September 19, 4:20 a.m. PDT Testing client-side risks Normally, I don’t get excited about updates, but the main improvement to Version 6.0 of Core Security's CORE IMPACT penetration-testing tool got my attention: It focuses on client-side attack improvements. Essentially, you can drag and drop client-side attacks on top of one or more e-mail addresses. CORE IMPACT will then send e-mails containing those attacks to the selected e-mail addresses. August 11, 3:00 a.m. PDT In case of emergency, activate business continuity plan Gemstar-TV Guide International hired Ed Sullivan to direct Business Continuity Services in 2003, soon after an audit found that TV Guide’s infrastructure was essentially unrecoverable in the event of a sustained crisis. There was a time when Sullivan’s first stop for addressing the issue would have been IT and the datacenter. But times have changed -- Sullivan first conducted several weeks of meetings with senior executives and various business unit executives to talk about the company’s business processes. “The fact that I work for the CIO is almost irrelevant,” Sullivan says. “I’m there to provide recovery for the business units.” August 4, 3:00 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT Exploiting everyday end-user behavior It’s summer, the nights are hot and humid, and you’re probably not sleeping all that well anyway. What better time to run a story entitled “What Keeps IT Up at Night?” July 17, 3:00 a.m. PDT Hack Tales: Network auditing on a shoestring What do you do when the auditors are breathing down your neck, wanting to see an exhaustive report on the Windows network security of a 2,000-user network across eight sites? That’s easy. Break out a text editor and start writing some Perl. May 29, 3:00 a.m. PDT Tech startups to watch Startups are back! or at least, startup fever is back. Scan the latest numbers from PricewaterhouseCoopers and you won’t find any hockey sticks -- the level of investment in enterprise-related technology startups has actually remained fairly flat, hovering between $1.5 and $2.3 billion per quarter from 2003 through 2005. May 15, 3:00 a.m. PDT Core Impact puts a vise grip on vulnerabilities Last week’s column talked about the Metasploit Framework vulnerability scanner. Although the interface is a bit cumbersome, it’s an excellent free tool for testing single exploits and can do more with additional automation. I’ve also previously discussed the dual-sourced vulnerability scanner Nessus. April 28, 3:00 a.m. PDT Microsoft goes public with Blue Hat hacker conference Microsoft is going public with some of the hacking information discussed at its Blue Hat Security Briefings event. On Thursday, just days after the end of its third Blue Hat conference, the software vendor posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event. March 16, 9:36 a.m. PST Plug-and-play appliances reshape IT landscape Looking for a can’t-miss enterprise trend? I have just one word for you: appliances. During the past year, our Test Center has been inundated with the things. And not just the old standbys like firewalls, switches, and routers. I’m talking appliances that can handle virtually every IT operation: intrusion prevention, intrusion detection, CRM, anti-spam, e-mail security, Web services integration. We’ve even seen a smattering of appliances for Microsoft Exchange that come bundled with managed services (look for our Test Center review in April). March 6, 3:00 a.m. PST It takes an extraprise to secure your business Back in May, I wrote a column about our country's lack of an overall plan to protect critical infrastructure in case of attack -- telecommunications and fiber in particular. Consider this Part 2. February 21, 3:00 a.m. PST RSA - FBI director: Cyber threats 'fluid and far-reaching' Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That's what U.S. Federal Bureau of Investigation Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose, California, Wednesday. February 15, 3:45 p.m. PST RSA survey shows security confidence low, but people buy anyway U.S. and Western European businesses are seeing their online sales grow, but many of them have questions about the security of their networks, according to a survey released Tuesday by RSA Security Inc. February 14, 1:19 p.m. PST For banks, security compliance goes only MSSP-deep In the financial industry, third parties often guard the vault. For example, MSSPs (managed security services providers), such as the company I work for, deliver vital resources and expertise to many small to midsize banks. These services include firewalls and intrusion management, secure electronic document delivery, and oversight by trained security professionals. Many banks also rely on MSSPs to comply with regulatory mandates. February 14, 3:00 a.m. PST U.S. DHS completes large-scale cyber exercise The U.S. Department of Homeland Security (DHS) has completed the first full-scale government-led cyber attack simulation, and officials there called the exercise a "significant milestone." February 10, 1:05 p.m. PST Researchers find that popular apps have mismanaged security Big-name companies like America Online Inc. (AOL) and Adobe Systems Inc. could do a better job of writing secure software, according to a recent report by two Princeton University researchers. February 6, 1:10 p.m. PST Russian hackers sold exploit, analyst says Security vendor Kaspersky Lab says that it appears two or three Russian hacker squads sold an exploit for the WMF (Windows Metafile) vulnerability that raised alarms in December. February 3, 8:14 a.m. PST AOL patches serious Winamp bug Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. January 30, 3:07 p.m. PST Startup Mu Security looks to lock down code A Sunnyvale, California, startup backed by US$4 million in venture funding and a team of former Juniper Networks Inc. executives says that it has developed a way to make networking products and applications more secure. Mu Security Inc. says it will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use. January 27, 11:03 a.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Attempts to exploit WMF vulnerability by IM multiply Security researchers have logged over 70 variations on instant messages attempting to exploit the WMF vulnerability since the first were reported on Saturday. January 4, 9:31 a.m. PST Tech reviews for the holidays Even IT takes a holiday now and then. Same goes for the InfoWorld staff, which chills out by taking a one-week break following the publication of this, our 51st and final issue of the year. December 19, 3:00 a.m. PST Product Previews Alcatel flips the switch on 10Gb Ethernet Alcatel next month will throw its hat into the 10-Gigabit Ethernet ring with the debut of its OmniSwitch 9000 line. The enterprise datacenter-targeted 10Gb Ethernet switches address the need for better QoS, scalability, security, and VoIP support. The OmniSwitch 9700 has a 10-slot chassis, and the 9800 has an 18-slot chassis; components on both are hot swappable and fully redundant. The switches have built-in support for IPv4, IPv6, multicasting, and server clustering and high-availability features. OmniSwitch 9000 chassis prices range from $3,995 to $23,995; a 24-port 10/100/1000Gb Ethernet blade is $7,995; a two-port 10Gb Ethernet blade (without optics) is $10,495. OmniSwitch 9000 Alcatel November 21, 3:00 a.m. PST New dimensions in intrusion defense Sourcefire’s open source IDS engine, Snort, has long been the gold standard of signature-based intrusion detection systems. Snort’s commercial sibling, Sourcefire 3D, takes Snort a step further by adding passive vulnerability assessment and service-anomaly detection to the mix. 3D stands for Discover, Determine, and Defend, referring to Sourcefire 3D’s capability to use knowledge of the services and vulnerabilities that are present in the network in order to defend against attacks intelligently. November 21, 3:00 a.m. PST Sony stops shipping controversial DRM code One day after hackers released malicious software that used controversial Sony BMG Music Entertainment copy-protection software to attack computers, Sony has decided to stop shipping the product, the company said Friday. November 11, 1:15 p.m. PST > Security |
|
|
||||||||||||||||||
[an error occurred while processing this directive]
 |
|
|
