|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Gmail zero-day flaw allows attackers to steal messages Accounts on Google's Gmail can be easily hacked, allowing any past -- and future -- e-mail messages to be forwarded to the attacker's own in-box, a vulnerability researcher said Tuesday. September 27, 4:14 a.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way.  September 20, 2:30 p.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Security SaaS maturing fast Security technologies delivered via the SaaS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure. August 22, 11:06 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Sourcefire acquires ClamAV open-source anti-malware project Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors. August 17, 8:58 a.m. PDT Mozilla shares scanning tool, Firefox 3 features Open source browser maker Mozilla has developed a wide array of secure coding analysis tools as part of its internal development process, and now it's beginning to share those programs with the outside world. August 3, 2:28 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Users urged to patch serious hole in BIND 9 DNS server A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system. July 25, 4:31 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT 'Huge' hole found in Fox News server Security analysts spotted a gaping security hole in Fox News Network's Web site on Monday, revealing file directories and sensitive content, although it appears the problem has been fixed. July 23, 7:25 a.m. PDT Mozilla: Security remains on front burner With the release of its latest Firefox 2.0.0.5 browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product. July 18, 3:26 p.m. PDT Applications security: Cenzic stands alone With a new product fresh out the door and its two largest rivals recently acquired by massive IT bellwethers, applications security testing specialist Cenzic contends that it's ready to reap the rewards of remaining independent. July 18, 4:34 a.m. PDT Microsoft patches 11 bugs Microsoft on Tuesday issued six security updates for Windows, Office, and .Net Framework, patching a total of 11 vulnerabilities -- five of them rated critical. July 11, 4:39 a.m. PDT Security company launches eBay for bugs Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi has some for sale, but to qualified buyers only. July 6, 4:43 a.m. PDT Veracode debuts system to test binary code Veracode launched its Software Security Ratings Service on June 25, introducing its new system for use in testing the safety of applications development among enterprise customers and third-party software makers. June 25, 1:25 p.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT 2007 InfoWorld CTO 25: Aristotle Balogh Here in San Francisco, where the San Andreas fault shifts the ground beneath our feet, most of us try to ignore the fact that the Big One is coming. At VeriSign offices down the road in Mountain View, they worry about a different kind of Big One -- namely, a cataclysm that wipes out the Internet. Not only that, they pin all the responsibility for survival on a single guy: CTO Ari Balogh. June 8, 3:00 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Attackers get chatty on VoIP The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular. May 30, 12:18 p.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Should vendors close all security holes? In last week’s column, I argued that vendors should close all known security holes. A reader wrote me with a somewhat interesting argument that I’m still slightly debating, although my overall conclusion stands: Vendors should close all known security holes, whether publicly discussed or not. The idea behind this is that any existing security vulnerability should be closed to strengthen the product and protect consumers. Sounds great, right? May 11, 3:00 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Rootkits: The next big enterprise threat? Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about $4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyze them. April 30, 3:00 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT New class of attack targets embedded devices A security researcher at Juniper Networks says he plans to demonstrate a new class of attack that can be used to compromise electronic devices like routers or mobile phones. April 5, 5:10 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Crisis management 101 I recently participated in some war-game-style what-if exercises with a small group of IT execs. The goal was to stimulate thinking about how corporations can best prepare for, and respond to, significant business disruptions, whether from terrorism, weather, biological threats, or other unexpected shocks. March 8, 3:00 a.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST Tolerating online fraud Whenever I see someone turning the other cheek to a problem, I smile and think of the greatest golden retriever I’ve ever known, a family dog named Kayo who was a very strong swimmer. March 1, 3:00 a.m. PST NAC smorgasbord: Four ways to police the network In this age of worms, zombies, and botnets, mobile computers themselves are a kind of Trojan horse. Do you know where that computer’s been? No, you really don’t. February 5, 3:00 a.m. PST NAC: How we tested Our test infrastructure for the NAC reviews included an edge switch for the client systems, a core switch with server VLANs for the common and secured servers, and a RADIUS server for authentication. Client systems connected into the edge switch, authenticated as defined for the specific scenarios, then accessed (or attempted to access) the various areas of the network: Internet, enterprise, and limited access. We created additional policy networks for remediation and scanning as well. February 5, 3:00 a.m. PST Women in technology: A call to action A quick scan of almost any IT department -- from the trenches to the corner office -- confirms it: Women who embrace technology as a lifelong career remain a rare breed. To be sure, opportunity for women in technology has advanced in the past few decades, as have education initiatives aimed at leveling the playing field, but for every woman rising to prominence or embarking on a profession in IT, there seems to be another opting out of her career in technology. January 29, 3:03 a.m. PST Back to school: Getting girls into IT Despite the success of various education initiatives in the past several years, there’s little doubt that the shortage of women in technology begins on the playground. As such, many industry leaders and experts believe the long-term solution to the gender imbalance in IT lies in women technologists going back to school -- way back, to high schools and even elementary schools to mentor young girls, who too often give up on math and science at an early age. January 29, 3:02 a.m. PST Activism provides competitive advantage for IT Encountering another woman working in technology was a rare event for me when I started out in IT many years ago. In the years since, women have made significant strides, sometimes against great odds, proving their mettle as both tech execs and engineers. January 29, 3:01 a.m. PST Gender crisis in IT You don’t need a degree in statistics to recognize that IT is a men’s club. Just walk the floor of any tech conference or, in all likelihood, your own office — XY chromosomes everywhere you look. January 29, 3:00 a.m. PST Customers lose when vendors refuse to patch I can’t believe my eyes. Eudora WorldMail Mail Management Server has an open exploit hole and Qualcomm says they have no plans to patch. January 12, 3:00 a.m. PST Technology of the Gods January is named after Janus, the two-faced Roman deity of beginnings and endings, who reportedly was able to look both forward and back. So for our Jan. 1 issue, we pay homage to the mythological immortal with our seventh annual Technology of the Year Awards, an analysis of where IT has been and where it’s going in 2007. January 1, 3:00 a.m. PST Review of reviews It’s coming up on closing time for 2006. All around us, everyone is going into holiday mode. Not to be curmudgeonly contrarians, InfoWorld will be following suit, taking a one-week break before returning on Jan. 1 with our first print issue of the year. (It’s really only a semi-hiatus; InfoWorld.com will continue to perk over the holidays with a slightly reduced slate of stories.) December 18, 3:00 a.m. PST Microsoft vulnerability rooted in ActiveX control Microsoft is investigating reports of a vulnerability in a Windows ActiveX control that could allow an attacker to remotely take control of a computer, according to an advisory issued Friday. One security company rated the vulnerability critical, while Microsoft said it allowed only limited attacks. November 6, 5:11 a.m. PST In case of emergency, activate business continuity plan Gemstar-TV Guide International hired Ed Sullivan to direct Business Continuity Services in 2003, soon after an audit found that TV Guide’s infrastructure was essentially unrecoverable in the event of a sustained crisis. There was a time when Sullivan’s first stop for addressing the issue would have been IT and the datacenter. But times have changed -- Sullivan first conducted several weeks of meetings with senior executives and various business unit executives to talk about the company’s business processes. “The fact that I work for the CIO is almost irrelevant,” Sullivan says. “I’m there to provide recovery for the business units.” August 4, 3:00 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT Exploiting everyday end-user behavior It’s summer, the nights are hot and humid, and you’re probably not sleeping all that well anyway. What better time to run a story entitled “What Keeps IT Up at Night?” July 17, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Tech startups to watch Startups are back! or at least, startup fever is back. Scan the latest numbers from PricewaterhouseCoopers and you won’t find any hockey sticks -- the level of investment in enterprise-related technology startups has actually remained fairly flat, hovering between $1.5 and $2.3 billion per quarter from 2003 through 2005. May 15, 3:00 a.m. PDT Sidestepping the analog hole On an episode of “The West Wing,” deputy national security adviser Kate Harper (Mary McCormack) reprimands presidential assistant Debbie Fiderer (Lily Tomlin) for displaying the president’s schedule on her computer screen. As Harper correctly points out, anybody could walk into the office and find out something they shouldn’t know. March 1, 3:00 a.m. PST It takes an extraprise to secure your business Back in May, I wrote a column about our country's lack of an overall plan to protect critical infrastructure in case of attack -- telecommunications and fiber in particular. Consider this Part 2. February 21, 3:00 a.m. PST RSA - FBI director: Cyber threats 'fluid and far-reaching' Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That's what U.S. Federal Bureau of Investigation Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose, California, Wednesday. February 15, 3:45 p.m. PST RSA survey shows security confidence low, but people buy anyway U.S. and Western European businesses are seeing their online sales grow, but many of them have questions about the security of their networks, according to a survey released Tuesday by RSA Security Inc. February 14, 1:19 p.m. PST For banks, security compliance goes only MSSP-deep In the financial industry, third parties often guard the vault. For example, MSSPs (managed security services providers), such as the company I work for, deliver vital resources and expertise to many small to midsize banks. These services include firewalls and intrusion management, secure electronic document delivery, and oversight by trained security professionals. Many banks also rely on MSSPs to comply with regulatory mandates. February 14, 3:00 a.m. PST U.S. DHS completes large-scale cyber exercise The U.S. Department of Homeland Security (DHS) has completed the first full-scale government-led cyber attack simulation, and officials there called the exercise a "significant milestone." February 10, 1:05 p.m. PST Microsoft reports two bugs, third identified Microsoft is warning of two bugs in its software that could potentially give unauthorized control or access over a person's computer, while a third problem has been highlighted by a security research company. February 8, 4:51 a.m. PST AOL patches serious Winamp bug Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. January 30, 3:07 p.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST LiveJournal makes changes to counteract security threat The LiveJournal Web log service has been forced to change the way it hosts user accounts because of a browser side security vulnerability, the company confirmed Friday. This vulnerability reportedly had been exploited by a hacking group in order to steal user information and allow the hackers to gain access to more than 900,000 LiveJournal accounts. January 20, 12:35 p.m. PST Cisco patches a number of products Cisco Systems Inc. has patched a number of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a DOS (denial of service) attack against the products. January 19, 11:52 a.m. PST Microsoft tries to slip Windows XP SP3 delay under our noses It’s been a bang-up year already for Microsoft. Hot on the heels of its WMF disaster, Redmond announced that other vulnerabilities existed in Outlook and Exchange. (The company is working on those.) Then another spat erupted about a supposed wireless flaw in Microsoft’s Windows 2000 and Windows XP OSes. This one’s been going on for a week now, and I’m a mite ticked, not only because it’s not actually a flaw, but also because the flap about it seems to be masking a real flaw: the one in Microsoft’s software release schedule. The company just announced its delay of the Service Pack 3 release until 2007, as much as a year later than expected. January 19, 3:00 a.m. PST Microsoft defends its WMF response A Microsoft official on Friday defended the company's response to the discovery of a security vulnerability involving Windows Metafile (WMF). This flaw put systems running Windows XP and Windows Server 2003 at risk from malicious hackers. January 6, 2:26 p.m. PST Attempts to exploit WMF vulnerability by IM multiply Security researchers have logged over 70 variations on instant messages attempting to exploit the WMF vulnerability since the first were reported on Saturday. January 4, 9:31 a.m. PST RIM warns BlackBerry users of vulnerabilities Two recently announced vulnerabilities in BlackBerry Enterprise Server permit a malicious attack that can prevent users from being able to open e-mail attachments, or disrupt the flow of information between BlackBerry Enterprise Server and BlackBerry Router, the system's developer, Research In Motion (RIM), said Tuesday. January 4, 4:12 a.m. PST Tech reviews for the holidays Even IT takes a holiday now and then. Same goes for the InfoWorld staff, which chills out by taking a one-week break following the publication of this, our 51st and final issue of the year. December 19, 3:00 a.m. PST Google Base launched with security hole Google Inc. has patched a security problem with its Google Base that allowed attackers to steal sensitive information from users of the new content-hosting service. November 18, 3:24 p.m. PST Sony stops shipping controversial DRM code One day after hackers released malicious software that used controversial Sony BMG Music Entertainment copy-protection software to attack computers, Sony has decided to stop shipping the product, the company said Friday. November 11, 1:15 p.m. PST Data breach bills unlikely to pass before 2006 After a series of data breaches earlier this year, members of the U.S. Congress raged about the irresponsibility of breached companies and introduced a flurry of bills requiring companies to notify affected customers when data is lost. November 11, 11:45 a.m. PST The full disclosure debate As the new InfoWorld security columnist, I’ve not backed away from controversy. I have intentionally picked hot topics in order to generate reader interest and feedback. And nothing generates more debate than the topic of full disclosure. September 30, 4:00 a.m. PDT Symantec patches Veritas bug Symantec has released software that fixes critical vulnerabilities in the company's Veritas Backup Exec and Veritas NetBackup software. August 15, 1:39 p.m. PDT AppDetective sleuths out vulnerabilities There's no such thing as a set-and-forget security configuration. You have to stay on top of your applications and databases to ensure that your policies are being enforced and that they're still valid in the face of new vulnerabilities. August 15, 5:00 a.m. PDT Security vendors enter bidding war for vulnerabilities As security personnel met at this week's Black Hat Conference in Las Vegas, there was easy money to be made at the security vulnerability table. July 28, 8:45 a.m. PDT Another week, another few million confidential records lost It's beginning to get a little too routine. Nearly every week, some well-known, highly respected financial institution a) loses, b) misplaces, or c) has in its possession stolen confidential consumer financial data. June 10, 5:00 a.m. PDT Security’s weakest links Not a month has gone by in 2005 without a far-reaching computer security breach making the nightly news hour. Headliners compelled to walk the plank of shame include Bank of America — the nation’s second-largest bank — Ameritrade, Polo Ralph Lauren, and LexisNexis. May 16, 5:00 a.m. PDT InfoWorld CTO 25: Carl Banzhof While other security vendors were devoting resources to vulnerability assessment and management, Carl Banzhof risked three years developing the first comprehensive, automated vulnerability remediation solution, with a library of hundreds of remediation signatures. “We knew that with such overwhelming numbers of attacks, people were going to need a way to automate this process,” Banzhof says. The result was Citadel Security’s Hercules, which integrates with leading vulnerability scanners to remediate vulnerabilities throughout the network -- not simply software defects but misconfigurations, back doors, unnecessary services, insecure user accounts, and even spyware. A 17-year security veteran, Banzhof has joined industry leaders from players such as Network Associates, Sans Institute, Symantec, and others as an appointee to the Open Vulnerability Assessment Language Board. April 11, 5:00 a.m. PDT Safety in numbers A basic tenet of computer security should be, "Be proactive." It's the computer equivalent of putting your wallet in a safe place before going out on the town. April 1, 6:00 a.m. PST The consultant's view Steve Manzuik is an independent IT security consultant. March 28, 6:00 a.m. PST The CTO's perspective Kevin Bernstein is CTO of platinum capital group. March 28, 6:00 a.m. PST How to hire an IT security consultant Outsourcing IT security is all the rage these days. It’s cheaper and more efficient, the prevailing theory goes, to farm out functions not directly related to your organization’s core competencies. If you make nickel-plated widgets, for example, your staff must be expert in manufacturing, nickel-plating, and selling widgets, not in keeping 14-year-olds out of your network. March 28, 6:00 a.m. PST Managing security in a compliance-crazy world The laws seem to be shooting out of Congress like arrows aimed at the hearts and budgets of IT administrators across corporate America. Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, Basel II, and a host of other regulations are pushing IT security management into extremely difficult and potentially expensive territory. March 18, 3:00 p.m. PST Secure architectures Thanks to complex perimeters, sophisticated application-level threats, and regulations that hold CEOs and CIOs accountable for company data, security must now be regarded as more than a bunch of technologies tacked onto the network. “Companies are realizing they must approach security at the enterprise level,” says Rich Caralli, senior member of the technical staff at the CERT Coordination Center’s survivable enterprise management group. “Rather than chasing the latest threat, they’re working on identifying and securing directly the core business processes and information assets essential to the company mission.” March 11, 3:00 p.m. PST DOD cyber sleuths swap secrets in Florida The U.S. Department of Defense (DOD) is making changes to streamline its response to online threats across the various branches of the military, and deal with a steady stream of new online woes, from hacking attempts to child pornography and threats posed by powerful portable storage devices such as iPods, according to senior DOD officials. January 12, 2:10 p.m. PST McAfee tool identifies exposed data Recognizing that Google’s search engine can become a repository for far too much information, McAfee this week released an updated version of its Foundstone SiteDigger security tool that helps enterprises identify damaging information that may be exposed on the Web. January 10, 5:00 a.m. PST Microsoft issues five bulletins on Windows flaws Microsoft on Tuesday released five Security Bulletins warning of several vulnerabilities that put computers running Windows at risk of attack. December 14, 4:16 p.m. PST Update: Sun vulnerable with Java security hole Sun Microsystems has disclosed a serious vulnerability in the Java Plug-in technology within the Software Developers’ Kit (SDK) and the Java Run-time Environment (JRE) that allows attackers to bypass the Java sandbox and Java applet security. November 24, 1:05 p.m. PST The top 20 IT mistakes to avoid We all like to think we learn from mistakes, whether our own or others’. So in theory, the more serious bloopers you know about, the less likely you are to be under the bright light of interrogation, explaining how you managed to screw up big-time. That’s why we put out an all-points bulletin to IT managers and vendors everywhere: For the good of humanity, tell us about the gotchas that have gotten you, so others can avoid them. November 19, 3:00 p.m. PST McAfee, CA integrate anti-spyware As pests, adware, and other malicious applications infiltrate corporate computers with greater frequency, some vendors, including McAfee and Computer Associates, are bundling anti-spyware into security management suites, giving IT more tools to control the hazard. November 12, 3:00 p.m. PST > Security |
|
|
||||||||||||||||||
