|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain.  September 25, 2:53 p.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Users urged to patch serious hole in BIND 9 DNS server A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. July 25, 4:31 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT 'Huge' hole found in Fox News server Security analysts spotted a gaping security hole in Fox News Network's Web site on Monday, revealing file directories and sensitive content, although it appears the problem has been fixed. July 23, 7:25 a.m. PDT Mozilla: Security remains on front burner With the release of its latest Firefox 2.0.0.5 browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product. July 18, 3:26 p.m. PDT Applications security: Cenzic stands alone With a new product fresh out the door and its two largest rivals recently acquired by massive IT bellwethers, applications security testing specialist Cenzic contends that it's ready to reap the rewards of remaining independent. July 18, 4:34 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Microsoft patches 11 bugs Microsoft on Tuesday issued six security updates for Windows, Office, and .Net Framework, patching a total of 11 vulnerabilities -- five of them rated critical. July 11, 4:39 a.m. PDT Average zero-day bug has 348-day lifespan, exec says The average zero-day bug has a lifespan of 348 days before it is discovered or patched, but some vulnerabilities live on for much longer, according to security vendor Immunity's chief executive officer. July 9, 5:10 a.m. PDT Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. July 6, 4:43 a.m. PDT IIS vs. Apache: Re-examining the statistics As a Microsoft employee, I try to avoid writing on areas that blatantly promote Microsoft. However, I think this question is generic enough to involve Microsoft in the discussion: Can IP addresses ever be used for statistical analysis of malicious Web sites? June 29, 3:00 a.m. PDT Veracode debuts system to test binary code Veracode launched its Software Security Ratings Service on June 25, introducing its new system for use in testing the safety of applications development among enterprise customers and third-party software makers. June 25, 1:25 p.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT Helping retailers wipe ID data issue When data breach investigator Bryan Sartin gets a call to check into an incident involving customer records loss at a retailer, he knows that the situation most likely involves information that has been lifted from a company's point-of-sale systems. June 13, 8:44 a.m. PDT 2007 InfoWorld CTO 25: Aristotle Balogh Here in San Francisco, where the San Andreas fault shifts the ground beneath our feet, most of us try to ignore the fact that the Big One is coming. At VeriSign offices down the road in Mountain View, they worry about a different kind of Big One -- namely, a cataclysm that wipes out the Internet. Not only that, they pin all the responsibility for survival on a single guy: CTO Ari Balogh. June 8, 3:00 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Attackers get chatty on VoIP The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. May 30, 12:18 p.m. PDT Oakley SureView puts insider threats in context Many content monitoring and filtering and information leak prevention solutions attempt to stop insider threats by reversing the old firewall strategy: They completely block a particular outbound communications channel, such as instant messaging. May 24, 3:00 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Deepwater churns around unencrypted data The most sensitive and highly classified data communicated over the nation's internal computer networks remains at risk for exposure, according to key witnesses in the government's investigation into the United States Coast Guard's Deepwater procurement program. May 17, 11:33 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Should vendors close all security holes? In last week’s column, I argued that vendors should close all known security holes. A reader wrote me with a somewhat interesting argument that I’m still slightly debating, although my overall conclusion stands: Vendors should close all known security holes, whether publicly discussed or not. The idea behind this is that any existing security vulnerability should be closed to strengthen the product and protect consumers. Sounds great, right? May 11, 3:00 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT More security OEM deals to come With enterprises demanding more tightly integrated security products than ever before and pressure increasing on vendors in the space to offer as many tools as possible to win deals, experts say that an increasing number of technology providers will turn to licensing agreements to help increase their marketability. April 12, 3:57 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT New class of attack targets embedded devices A security researcher at Juniper Networks says he plans to demonstrate a new class of attack that can be used to compromise electronic devices like routers or mobile phones. April 5, 5:10 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Crisis management 101 I recently participated in some war-game-style what-if exercises with a small group of IT execs. The goal was to stimulate thinking about how corporations can best prepare for, and respond to, significant business disruptions, whether from terrorism, weather, biological threats, or other unexpected shocks. March 8, 3:00 a.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST Tolerating online fraud Whenever I see someone turning the other cheek to a problem, I smile and think of the greatest golden retriever I’ve ever known, a family dog named Kayo who was a very strong swimmer. March 1, 3:00 a.m. PST NAC smorgasbord: Four ways to police the network In this age of worms, zombies, and botnets, mobile computers themselves are a kind of Trojan horse. Do you know where that computer’s been? No, you really don’t. February 5, 3:00 a.m. PST Vulnerability counts do matter It happened again! I got into yet another argument…er…heated discussion over the security of Microsoft Windows versus some other operating system. Usually it starts with some reader's knee-jerk emotional reaction -- saying "Windows sucks!" or something like that. February 2, 3:00 a.m. PST Women in technology: A call to action A quick scan of almost any IT department -- from the trenches to the corner office -- confirms it: Women who embrace technology as a lifelong career remain a rare breed. To be sure, opportunity for women in technology has advanced in the past few decades, as have education initiatives aimed at leveling the playing field, but for every woman rising to prominence or embarking on a profession in IT, there seems to be another opting out of her career in technology. January 29, 3:03 a.m. PST Back to school: Getting girls into IT Despite the success of various education initiatives in the past several years, there’s little doubt that the shortage of women in technology begins on the playground. As such, many industry leaders and experts believe the long-term solution to the gender imbalance in IT lies in women technologists going back to school -- way back, to high schools and even elementary schools to mentor young girls, who too often give up on math and science at an early age. January 29, 3:02 a.m. PST Activism provides competitive advantage for IT Encountering another woman working in technology was a rare event for me when I started out in IT many years ago. In the years since, women have made significant strides, sometimes against great odds, proving their mettle as both tech execs and engineers. January 29, 3:01 a.m. PST Gender crisis in IT You don’t need a degree in statistics to recognize that IT is a men’s club. Just walk the floor of any tech conference or, in all likelihood, your own office — XY chromosomes everywhere you look. January 29, 3:00 a.m. PST Customers lose when vendors refuse to patch I can’t believe my eyes. Eudora WorldMail Mail Management Server has an open exploit hole and Qualcomm says they have no plans to patch. January 12, 3:00 a.m. PST Technology of the Gods January is named after Janus, the two-faced Roman deity of beginnings and endings, who reportedly was able to look both forward and back. So for our Jan. 1 issue, we pay homage to the mythological immortal with our seventh annual Technology of the Year Awards, an analysis of where IT has been and where it’s going in 2007. January 1, 3:00 a.m. PST Review of reviews It’s coming up on closing time for 2006. All around us, everyone is going into holiday mode. Not to be curmudgeonly contrarians, InfoWorld will be following suit, taking a one-week break before returning on Jan. 1 with our first print issue of the year. (It’s really only a semi-hiatus; InfoWorld.com will continue to perk over the holidays with a slightly reduced slate of stories.) December 18, 3:00 a.m. PST PortAuthority tightens its data security net I appreciate when a vendor succeeds at developing a very good application. But what I find more admirable is when a vendor recognizes the deficits in its solutions, makes no excuses, and quickly goes back to the drawing board to make that app excellent. December 1, 3:00 a.m. PST Microsoft vulnerability rooted in ActiveX control Microsoft is investigating reports of a vulnerability in a Windows ActiveX control that could allow an attacker to remotely take control of a computer, according to an advisory issued Friday. One security company rated the vulnerability critical, while Microsoft said it allowed only limited attacks. November 6, 5:11 a.m. PST Microsoft battles Internet Explorer exploits It’s been another furious couple of weeks for Microsoft’s security response center, which last week took the unusual step of releasing an emergency security update to patch a hole that appeared to get bigger with each passing day. October 2, 3:00 a.m. PDT Security not keeping pace with technology advances Trying to lock down your company's applications and protect your systems from attack? If so, security scanners and source-code analysis tools are not up to the job -- despite vendor claims to the contrary. September 19, 4:20 a.m. PDT Testing client-side risks Normally, I don’t get excited about updates, but the main improvement to Version 6.0 of Core Security's CORE IMPACT penetration-testing tool got my attention: It focuses on client-side attack improvements. Essentially, you can drag and drop client-side attacks on top of one or more e-mail addresses. CORE IMPACT will then send e-mails containing those attacks to the selected e-mail addresses. August 11, 3:00 a.m. PDT In case of emergency, activate business continuity plan Gemstar-TV Guide International hired Ed Sullivan to direct Business Continuity Services in 2003, soon after an audit found that TV Guide’s infrastructure was essentially unrecoverable in the event of a sustained crisis. There was a time when Sullivan’s first stop for addressing the issue would have been IT and the datacenter. But times have changed -- Sullivan first conducted several weeks of meetings with senior executives and various business unit executives to talk about the company’s business processes. “The fact that I work for the CIO is almost irrelevant,” Sullivan says. “I’m there to provide recovery for the business units.” August 4, 3:00 a.m. PDT Continued debate on desktop lockdowns A few columns ago, I suggested the single best security defense any company could implement is to prevent users from installing any unauthorized software. July 28, 3:00 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT Network Composer puts network usage, threat data in SMB admins' hands There’s no shortage of solutions helping admins keep track of “who is doing what” on the Internet. It isn’t unusual to find Internet-traffic content, virus, and malware filtering in the current crop of UTM firewalls, and routers and other devices have been shaping traffic forever. Thanks to a growing convergence among these tools, however, admins overseeing smaller networks can now do all of this from one easy-to-use appliance and reduce their management overhead. July 20, 3:00 a.m. PDT Exploiting everyday end-user behavior It’s summer, the nights are hot and humid, and you’re probably not sleeping all that well anyway. What better time to run a story entitled “What Keeps IT Up at Night?” July 17, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Tech startups to watch Startups are back! or at least, startup fever is back. Scan the latest numbers from PricewaterhouseCoopers and you won’t find any hockey sticks -- the level of investment in enterprise-related technology startups has actually remained fairly flat, hovering between $1.5 and $2.3 billion per quarter from 2003 through 2005. May 15, 3:00 a.m. PDT Core Impact puts a vise grip on vulnerabilities Last week’s column talked about the Metasploit Framework vulnerability scanner. Although the interface is a bit cumbersome, it’s an excellent free tool for testing single exploits and can do more with additional automation. I’ve also previously discussed the dual-sourced vulnerability scanner Nessus. April 28, 3:00 a.m. PDT Microsoft to admins: Rootkit means rebuild So I was skimming Slashdot the other day and found this gem: Seems a program manager in Microsoft’s Security Solutions Center came out and said that recovering from the newest breed of malware may be impossible. You know, time and again, I’ve asked those Redmond folks to be upfront and honest, and now here’s one doing just that, and I’m still nauseated. April 6, 3:00 a.m. PDT Microsoft goes public with Blue Hat hacker conference Microsoft is going public with some of the hacking information discussed at its Blue Hat Security Briefings event. On Thursday, just days after the end of its third Blue Hat conference, the software vendor posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event. March 16, 9:36 a.m. PST Plug-and-play appliances reshape IT landscape Looking for a can’t-miss enterprise trend? I have just one word for you: appliances. During the past year, our Test Center has been inundated with the things. And not just the old standbys like firewalls, switches, and routers. I’m talking appliances that can handle virtually every IT operation: intrusion prevention, intrusion detection, CRM, anti-spam, e-mail security, Web services integration. We’ve even seen a smattering of appliances for Microsoft Exchange that come bundled with managed services (look for our Test Center review in April). March 6, 3:00 a.m. PST Sidestepping the analog hole On an episode of “The West Wing,” deputy national security adviser Kate Harper (Mary McCormack) reprimands presidential assistant Debbie Fiderer (Lily Tomlin) for displaying the president’s schedule on her computer screen. As Harper correctly points out, anybody could walk into the office and find out something they shouldn’t know. March 1, 3:00 a.m. PST RSA - FBI director: Cyber threats 'fluid and far-reaching' Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That's what U.S. Federal Bureau of Investigation Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose, California, Wednesday. February 15, 3:45 p.m. PST RSA survey shows security confidence low, but people buy anyway U.S. and Western European businesses are seeing their online sales grow, but many of them have questions about the security of their networks, according to a survey released Tuesday by RSA Security Inc. February 14, 1:19 p.m. PST For banks, security compliance goes only MSSP-deep In the financial industry, third parties often guard the vault. For example, MSSPs (managed security services providers), such as the company I work for, deliver vital resources and expertise to many small to midsize banks. These services include firewalls and intrusion management, secure electronic document delivery, and oversight by trained security professionals. Many banks also rely on MSSPs to comply with regulatory mandates. February 14, 3:00 a.m. PST Drag-and-drop flaw in Explorer reported Security analysts and vendors are reporting a flaw in Microsoft's Internet Explorer browser that could allow malicious code to run and result in a hacker taking over complete control of a computer. February 13, 9:43 a.m. PST U.S. DHS completes large-scale cyber exercise The U.S. Department of Homeland Security (DHS) has completed the first full-scale government-led cyber attack simulation, and officials there called the exercise a "significant milestone." February 10, 1:05 p.m. PST Innovative IPSes resist our attacks See correction at end of article February 10, 3:00 a.m. PST Cartoons prompt spike in Danish Web hacks The furor over a Danish newspaper's publication of cartoons depicting the prophet Mohammed is being felt on the Internet, where hackers have struck down and defaced hundreds of Danish Web sites over the past week, according to a Web site that tracks digital attacks. February 8, 4:35 a.m. PST Attack code published for Firefox flaw A hacker Tuesday published code that exploits a vulnerability found in the latest version of the Mozilla's Firefox browser. February 8, 4:00 a.m. PST Russian hackers sold exploit, analyst says Security vendor Kaspersky Lab says that it appears two or three Russian hacker squads sold an exploit for the WMF (Windows Metafile) vulnerability that raised alarms in December. February 3, 8:14 a.m. PST AOL patches serious Winamp bug Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. January 30, 3:07 p.m. PST Hackers lurk in AMD Web site Users of Advanced Micro Devices Inc.'s (AMD's) microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday. January 30, 12:39 p.m. PST Startup Mu Security looks to lock down code A Sunnyvale, California, startup backed by US$4 million in venture funding and a team of former Juniper Networks Inc. executives says that it has developed a way to make networking products and applications more secure. Mu Security Inc. says it will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use. January 27, 11:03 a.m. PST Vista's new security features I’ve been using several versions of Microsoft’s Windows Vista for the last few months. Although any beta’s feature set is not locked into stone until the release-to-manufacturing date, here’s a recap of some of the new security changes as I know them now. January 27, 3:00 a.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST LiveJournal makes changes to counteract security threat The LiveJournal Web log service has been forced to change the way it hosts user accounts because of a browser side security vulnerability, the company confirmed Friday. This vulnerability reportedly had been exploited by a hacking group in order to steal user information and allow the hackers to gain access to more than 900,000 LiveJournal accounts. January 20, 12:35 p.m. PST Cisco patches a number of products Cisco Systems Inc. has patched a number of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a DOS (denial of service) attack against the products. January 19, 11:52 a.m. PST Microsoft tries to slip Windows XP SP3 delay under our noses It’s been a bang-up year already for Microsoft. Hot on the heels of its WMF disaster, Redmond announced that other vulnerabilities existed in Outlook and Exchange. (The company is working on those.) Then another spat erupted about a supposed wireless flaw in Microsoft’s Windows 2000 and Windows XP OSes. This one’s been going on for a week now, and I’m a mite ticked, not only because it’s not actually a flaw, but also because the flap about it seems to be masking a real flaw: the one in Microsoft’s software release schedule. The company just announced its delay of the Service Pack 3 release until 2007, as much as a year later than expected. January 19, 3:00 a.m. PST Symantec updates DeepSight service Symantec has updated its DeepSight Threat Management System, making the online security service less expensive and easier to use. The new release, Version 7.0 of the product, was rolled out to Symantec customers on Friday. January 17, 4:16 a.m. PST Microsoft defends its WMF response A Microsoft official on Friday defended the company's response to the discovery of a security vulnerability involving Windows Metafile (WMF). This flaw put systems running Windows XP and Windows Server 2003 at risk from malicious hackers. January 6, 2:26 p.m. PST Windows flaw greets the new year Fully patched systems running Windows XP and Windows Server 2003 are open to attack from malicious hackers, various security firms warned last week. And what’s the Windows vulnerability this time? A newly discovered flaw in the way those two Windows versions handle .WMF (Windows Metafile) graphic files. January 2, 3:00 a.m. PST Tech reviews for the holidays Even IT takes a holiday now and then. Same goes for the InfoWorld staff, which chills out by taking a one-week break following the publication of this, our 51st and final issue of the year. December 19, 3:00 a.m. PST Sony stops shipping controversial DRM code One day after hackers released malicious software that used controversial Sony BMG Music Entertainment copy-protection software to attack computers, Sony has decided to stop shipping the product, the company said Friday. November 11, 1:15 p.m. PST > Security |
|
|
||||||||||||||||||
[an error occurred while processing this directive]
 |
|
|
