Register today and you could win a Sirius Satellite Radio
  
 CELEBRATE THE INDUSTRY'S MOST COMPREHENSIVE SECURITY SITE FOR IT PROS
 Become a registered user today (it's free!) and you'll get security alerts, news, information, and tools from the brightest minds in the business. And, just for signing up, you'll be automatically registered to win one of 10 Sirius Satellite Radios we're giving away in the next few days!
 Register Today!
VIRTUAL EVENT: MASTERING TODAY'S SECURITY THREATS
 Thursday, Oct. 23
10am - 7pm Eastern
BLOG
 Waiting on
a Worm
COLUMN
 How EMC/RSA
Scared Me
Half to ...
REPORT
 Seven
Deadly
Hacks
USER PROFILE
 Insurer's
New
Approach
CSI REPORT
 13th Annual CSI Survey
WiFi Availability Explodes, But Many Networks Remain Insecure
 OCTOBER 27, 2008 | Majority of wireless access points in New York and London still use WEP or no encryption at all
 CLICK HERE FOR MORE
Security Product Directory
Including 205 products and 70 companies
ACCESS DATA
LIST YOUR COMPANY
LICENSE THE DIRECTORY
Anti-spam  |  Antivirus  |  Application Security  |  Attacks / Exploits / Threats  |  Authentication  |  Black Hat  |  Botnets  |  Browser security  |  Computer crime  |  Consultants  |  Content filtering  |  Cross-site scripting  |  Host anti-spam  |  Host anti-spyware  |  Host antivirus  |  Host intrusion prevention  |  Host Protection  |  Industry Trends   |  Law enforcement  |  Legal & Regulatory Topics  |  Legislation  |  Malware  |  Market Research  |  McAfee  |  Patch management  |  Penetration testing  |  Penetration testing  |  Perimeter Security  |  Phishing  |  Policy management  |  Rootkits  |  Security Administration / Management  |  Security Industry  |  Security Organizations  |  Spam  |  Spyware  |  SQL injection  |  Standards Bodies  |  Stored data losses  |  Symantec  |  Trend Micro  |  Trojans  |  User privacy  |  Viruses  |  Vulnerabilities  |  Vulnerability assessment  |  Vulnerability management  |  Vulnerability Management  |  Web services security  |  Worms
I like the tactic that some
of the most progressive
companies are using to up
their game from awareness
to accountability. One v...
Internet Apps & Social Networking Office Boom Linked to Breaches
JOIN THE TALK
MOST POPULAR
SEND US A TIP
OCTOBER 27, 2008 | A new study finds that nearly all organizations have employees using Internet apps at work, and 60% use social networking at the office
Tech Insight: Digital Forensics & Incident Response Go Live
 OCTOBER 24, 2008 | New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Startup Promises to Monitor, Block Text Messaging
 OCTOBER 23, 2008 | TextGuard says it can reduce the likelihood of data leaks from a wide variety of mobile devices
'Block the Vote' Tactics Go Online This Election
 OCTOBER 22, 2008 | Electronic Privacy Information Center report predicts potential for spoofed Websites, fake VOIP call blasts, phishing, and denial of service – all to suppress blocks of voters
Microsoft Blue Hat: Researcher Demos No-Hack Attack
OCTOBER 21, 2008 | Wealth of available online data on individuals, businesses can be used in targeted attacks
Making ID & Access Management More Accessible
 OCTOBER 20, 2008 | New tools automate, simplify the access certification process
MORE SECURITY NEWS
ORLANDO, FL | Courion Adds BlackBerry Connector
MILPITAS, CA | Survey: Unencrypted Backups Leave Holes
SAN JOSE, CA | Start-up to Secure Apps, Reduce Piracy
MOUNTAIN VIEW, CA | Survey Finds Computer User Concerns
OMAHA, NE | BART Security Upgraded
NEW YORK | Application Security Integrates With McAfee
FREMONT, CA | ActivIdentity Delivers Smartcard Licenses
WOBURN, MA | Sentrigo Delivers Virtual Patching for Databases
SAN JOSE, CA | SkyRecon IDs 2 Kernel-Level Windows Vulns
WASHINGTON | VeriSign, TrustBearer Team on PKI, Smart Cards
MORE NEWSFEED
UPI
Army Defense Task Force Targeting Hackers
 OCTOBER 28, 2008 | New US Army task force will counter the theft of sensitive data by hackers breaking into the computer networks of military contractors
THE GUARDIAN
Hacker 'Too Sick' to Survive US Extradition
 OCTOBER 28, 2008 | Lawyers for Gary McKinnon said his recent diagnosis with Asperger's Syndrome means his mental health would suffer in prison
JEFF JONES SECURITY BLOG
Microsoft's OS H1 2008 Desktop OS Vendor Report
 OCTOBER 28, 2008 | Microsoft report studies all vulnerabilities fixed by Apple, Microsoft, Red Hat, and Ubuntu during the first half of 2008
ALLPAYNEWS
Fraudulent Grand Jury Summons Containing Malware
 OCTOBER 28, 2008 | Spam email contains a fraudulent subpoena with a court case number, federal code, name, and address of a CA federal court, court room number
COMPUTERWEEKLY
Microsoft Releases Windows Vista Service Pack 2 Beta This Week
 OCTOBER 28, 2008 | Windows Vista Service Pack 2 beta goes to a select group of testers on Wednesday
BBC NEWS
Alarm Raised on Teenage Hackers
 OCTOBER 28, 2008 | Online forums are populated by teenagers swapping credit card numbers, phishing kits, and hacking tips
THE REGISTER
Opera Scrambles to Quash Zero-Day Bug in Freshly Patched Browser
 OCTOBER 28, 2008 | Just a few days after Opera Software patched critical vulnerabilities in its browser, another bug has been discovered in the new version
BANKINFOSECURITY
ID Theft Red Flags: 2/3 Institutions Unprepared to Comply - Are You?
 OCTOBER 28, 2008 | Nov. 1 is the deadline, but only one third of financial institutions will meet it
MORE BEST OF THE WEB
1 |  Employee Awareness - Market Watcher
2 |  IAM - youonlylivethrice007
3 |  Block text messaging - onlyjazz
4 |  Calculative methods of risk - onlyjazz
5 |  HW uhoh - bewoofy
6 |  Re: Horses for courses - JohnB
7 |  Re: Where does the spam come from then? - amplify_more
8 |  Storm CnC is still alive - amplify_more
9 |  Ineffective anti-virus - esarjeant
10 |  Horses for courses - dbolger
11 |  Still Made a Good Point, despite... - eiverson
12 |  Bulls Eye! - eiverson
13 |  Re: Let's embrace our failure. - Digital Willie
14 |  Where does the spam come from then? - areejb
15 |  I was a victim of fraud in July - Connected to Mellon's lost tapes...I think so!!!! - bwarren53
16 |  Re: panda doesnt get the greatest reviews - qing
17 |  Port 10241 Traffic - j357
18 |  Re: Gag me - ejhonda
19 |  Good Acquisition for Symantec - kenski
20 |  Gag me - Stiennon
SEARCH MESSAGE BOARDS   |   START YOUR OWN BOARD
MESSAGE BOARDS EXPLAINED
FROM THE EDITORS AT NETWORK COMPUTING
Review: Blue Lane VirtualShield
 JUNE 1, 2007 | When put to the test, Blue Lane’s unique patching approach is an effective way to protect against remotely exploitable vulnerabilities targeting VMware
Review: Enzo's Database Extrusion Monitor
 MAY 21, 2007 | Enzo 2006 may work well for small orgs with few databases, but it could become an implementation nightmare for enterprises
Ubuntu Linux vs Windows Vista: The Battle for Your Desktop
 MAY 4, 2007 | Testers tried out both Vista and Ubuntu on individual PCs to see which works better. Here's who won
Analysis: Enterprise Key Management
 MAY 1, 2007 | How to keep keys manageable and safe, as well as what to look for in an enterprise key management system
Review: Lockdown Networks Enforcer 4.2.7
 MAY 1, 2007 | Lockdown integrates syslog events but stumbles on several key features, such as event suppression and management
MORE PRODUCT REVIEWS
The Seven Deadliest Social Networking Hacks
 AUGUST 26, 2008 | Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks
Hacker's Choice: Top Six Database Attacks
 MAY 8, 2008 | It doesn't take a database expert to break into one
MORE REPORTS
Software Assurance Protection: Bridging the Gap in Application Security for Open Source - by Palamida 9/23/2008
Ten Ways Hackers Breach Security - by Global Knowledge 9/23/2008
Does Size Matter? The security challenge of the SMB - by McAfee 9/15/2008
Protecting Against the New Wave of Malware - by Sunbelt Software 9/9/2008
Download AppScan 6.5 today! 7 day free trial from Watchfire
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
MORE SECURITY SITES WE LIKE
Unlicensed Software at Your Last Company
Anonymously Report Unlicensed Software with Our Form Now. Get Up to $1 Million.
Get "Data Leakage For Dummies" FREE!
A Data Breach Can Be Costly. Order Your Copy Today.
Why a CMDB?
IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.
Are You Six Sigma Certified?
Earn 100% Online-Six Sigma Certificate From Villanova. LEARN More Now!
Anti Spam/Virus for Exchange Server 2000/2003/2007
SPAMfighter for Exchange Servers and SBS. Protects 23.000+ Exchange Servers. Try free for 30 days.
BUY A LINK NOW
Evil Bits
 BY JOHN SAWYER
Waiting on a Worm
 OCTOBER 27, 2008
 4:35 PM -- On the lookout for this latest Windows attack that lets an attacker gain system-level privileges
Firewalled
 BY TIM THE ENCHANTER
A New Look for Dark Reading
 OCTOBER 24, 2008
 New logo, new tagline, new page design - but the same hard-hitting security coverage
Snake Bytes
 BY RSNAKE
The Root of Online Evils
 OCTOBER 21, 2008
 5:35 PM -- What mail-order catalogs and old AOL dial-up subscriptions did for spam and phishing
CS Island
 BY CSI STAFF
Secure Web Browser Wish List
 OCTOBER 16, 2008
 1:15 PM -- Most of today's browser security impacts performance
I Shadow
 BY KELLY JACKSON HIGGINS
Turtleneck Girl Demos Security
 OCTOBER 7, 2008
 3:05 PM -- Security pros offer free materials for National Cyber Security Awareness Month
MORE BLOGS
Rob Enderle
 PRESIDENT, ENDERLE GROUP
How EMC/RSA Scared Me Half to Death
 OCTOBER 8, 2008
 Enterprise-quality botnets are a growing threat to businesses
Steve Stasiukonis
 VP & FOUNDER, SECURE NETWORK TECHNOLOGIES INC.
Flying Phish Hooks Schools of Employees
 SEPTEMBER 11, 2008
 Penetration test proves many workers can still be easily fooled
Nathan Spande
 INDEPENDENT CONSULTANT
Is Wireless Really Worth It?
 AUGUST 14, 2008
 Wireless technology may be convenient, but it also introduces significant hassles - and risks
Rich Mogull
 FOUNDER, SECUROSIS LLC
Bringing Science to the Debate
 AUGUST 1, 2008
 It's time to get an account of whether proof-of-concept/exploit code actually helps or hurts users
MORE COLUMNS

CALENDAR
PARTNER-UP
Hacking Social ...
Typo Squatting ...
Typo squatting and other ways
to mess with presidential ...
Browser Exploits
Body Hacks
Virtualization ...
Virtual Security Shortcomings
Meet the Fed
Meet the Fed: Jim Christy/DOD
Storm & CoreFlood
Black Hat speaker Joe Stewart
provides an update on Storm...
Custom Programming
Dark Reading Editorial
Dark Reading's repository of intel on IT security. More of a 'megabase' than a database, Dark Entries lets you dig for information, or share your expertise. The choice is yours, grasshopper.
13th Annual CSI Survey
 Targeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
 MORE
8.22.2008
 Life Insurer Takes New Approach to Two-Factor Authentication
 Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
 MORE
5.30.2008
 Stanford Medical School's Rx: Anomaly Detection
 Appliance helps minimize bot, malware infections
MORE
Position: Software Engineer 1
 Company: Boeing
 Location: Anaheim, CA
 Posting Date: 07/02/09
 MORE INFO
Position: Mechanical Design Engineer
 Company: Osram Sylvania
 Location: Danvers, MA
 Posting Date: 07/02/09
 MORE INFO
Position: Research on Algorithms
 Company: D. E. Shaw
 Location: New York, NY
 Posting Date: 07/02/09
 MORE INFO
Position: Health Information Management Directors
 Company: KForce
 Location: Saint Louis, MO
 Posting Date: 07/02/09
 MORE INFO
Position: Software Engineer 5
 Company: Boeing
 Location: Anaheim, CA
 Posting Date: 07/02/09
 MORE INFO
ENTERPRISE VULNERABILITIES
Vulnerability: jinzora jinzora
Published: 2009-07-02
Severity: HIGH
Description: directory
traversal vulnerability in
index.php in jinzora media
jukebox 2.8 and earlier
allows remote attackers to
include and execute
arbitrary local files via a
.. (dot dot) in the name
parameter.
Vulnerability: mcafee smartfilter
Published: 2009-07-02
Severity: MEDIUM
Description: smartfilter
web gateway security
4.2.1.00 stores user
credentials in cleartext in
config.txt and uses insecure
permissions for this file,
which allows local users to
gain privileges.
Vulnerability: selbstzweck rgallery_plugin
Published: 2009-07-02
Severity: HIGH
Description: sql injection
vulnerability in the
rgallery plugin 1.2.3 for
woltlab burning board (wbb3)
allows remote attackers to
execute arbitrary sql
commands via the userid
parameter in the
rgalleryusergallery page to
index.php, a different
vector than cve-2008-4627.
Vulnerability: bow_der_kleine x-blc
Published: 2009-07-02
Severity: HIGH
Description: sql injection
vulnerability in
include/get_read.php in
extensible-biolawcom cms (x-
blc) 0.2.0 and earlier
allows remote attackers to
execute arbitrary sql
commands via the section
parameter.
Vulnerability: codice-cms codice_cms
Published: 2009-07-02
Severity: HIGH
Description: sql injection
vulnerability in index.php
in codice cms 2 allows
remote attackers to execute
arbitrary sql commands via
the tag parameter.
Copyright © 2009 United Business Media Limited - All rights reserved.
RSS FEED  |   ARCHIVE  |   FREE NEWSLETTER  |   ORDER REPRINTS  |   TECHNOLOGY MARKETING SOLUTIONS  |   TECHWEB  |   CONTACT US  |   USER PREFERENCES  |   HELP
Companies
3Com (17), Aventail (7), CA (19), Check Point (30), Cisco (156), Enterasys (5), F-Secure (11), F5 (5), HP (18), IBM (130), Intel (6), ISS (40), Juniper (37), Alcatel-Lucent (2), McAfee (177), Microsoft (1211), NetIQ (2), Nokia (3), Nortel (6), Oracle (47), Qualys (2), RSA (69), Secure Computing (20), Sun (13), Symantec (300), Trend Micro (30), VeriSign (36)

Application and Perimeter Security
802.11x (46), Anomaly detection (82), Anti-spam (153), Application quality assurance (32), Application scanning (169), Auditing (29), AVDL (1), Buffer overflows (108), CERT (11), Consultants (258), Cross-site scripting (189), CVE (7), Database encryption (57), Digital vaults (8), DOS (221), EAP/LEAP (1), Email gateways (284), Encryption (144), Filtering (56), Firewalls (342), FIRST (1), HIPAA (115), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), IDS (15), IDS (178), IM (85), IPS (284), ISO 17799 (8), Key management (72), Least-privilege user (54), License management (33), Malware (1499), NAC (298), Network IDS (36), NIST (18), OWASP (17), OWASP (18), Patch management (340), PCI (230), Penetration testing (269), Phishing (721), PKI (54), Rootkits (111), SAML (2), Software metering (4), Source-code auditing (88), SOX (96), SSL (199), Systems integrators (10), VPNs (273), Vulnerability assessment (913), Web App Security Consortium (8), Web App Security Consortium (18), Web application firewall (101), Web services security (729), WLANs (362), Worms (290), WPA (17), XML (27)

Desktop Security
Anti-spam (153), Antivirus (405), Application Security (1174), Attacks / Exploits / Threats (3235), Authentication (1062), Browser security (802), Digital certificates (87), Digital signatures (59), Disk encryption (64), DRM (59), Encryption (676), File/folder encryption (40), Identity management (426), IM (85), Malware (1499), Messaging Security (553), PGP (6), Phishing (721), Rootkits (111), S/MIME (2), Security Administration / Management (1906), Social engineering (405), Spam (796), Spyware (293), Tokens (74), Trojans (396), User privacy (1705), Viruses (425), VOIP security (136), Vulnerabilities (3576), Vulnerability Management (449), Worms (290)

Discovery and management
Anomaly detection (82), Application scanning (169), AVDL (1), Black Hat (144), COBIT (8), Consultants (258), Content filtering (193), CVE (7), End-user monitoring (311), Filtering (56), FISMA (21), HIPAA (115), Host intrusion prevention (106), Host-based IDS (45), IDS (178), IDS (15), IPS (284), ISACA (1), ISO 17799 (8), Log aggregation (61), Network IDS (36), OWASP (17), OWASP (18), PCI (230), Penetration testing (239), Penetration testing (269), SAML (2), SIM/SEM (228), Source-code auditing (88), SOX (96), Vulnerability assessment (913), Vulnerability management (934), Web App Security Consortium (8)

Host security
802.11x (46), Application quality assurance (32), Authentication (1062), Backup security (70), Biometrics (174), Buffer overflows (108), Digital certificates (87), Disk encryption (64), Encryption (676), End-user monitoring (311), HIPAA (115), Host anti-spam (81), Host anti-spyware (107), Host antivirus (126), Host intrusion prevention (106), Host Protection (567), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), Host/server patching (10), IDS (15), IEEE (4), ISO 17799 (8), Least-privilege user (54), License management (33), NAC (298), P2P management (36), Patch management (340), PGP (15), Port control (12), Single sign-on (75), Smart cards (93), Software metering (4), SOX (96), Systems integrators (10), TCG (21), Tokens (74), User privacy (1705), Vulnerability Management (449), WPA (17)

Security services
Agency application (2), Application quality assurance (32), Application scanning (169), AVDL (1), COBIT (8), Consultants (258), FISMA (21), HIPAA (115), ISO 17799 (8), Managed services (318), PCI (230), Penetration testing (239), PKI (54), Policy management (516), SIM/SEM (228), Source-code auditing (88), SOX (96), Systems integrators (10)

Storage Security
AES (12), Backup security (70), COBIT (8), Database encryption (57), DES (3), Digital vaults (8), Disk encryption (64), Encryption (144), File/folder encryption (40), FIPS-140-2 (1), FISMA (21), Hashing algorithms (17), HIPAA (115), Host/server encryption (9), Identity management (130), ISO 17799 (8), Key management (72), Law enforcement (1190), Legislation (370), Offsite backup (27), PCI (230), PKI (54), SOX (96), Stored data losses (364), Systems integrators (10), Triple DES (3), User privacy (1705)

Wireless Security
802.11x (46), AES (12), Auditing (29), COBIT (8), Credential service provider (13), DES (3), Digital certificates (87), Digital signatures (59), DOS (221), EAP/LEAP (1), FISMA (21), Hashing algorithms (17), HIPAA (115), Host/server encryption (9), IEEE (4), IETF (10), ISO 17799 (8), Key management (72), NAC (298), Network IDS (36), PCI (230), Penetration testing (239), PKI (54), Port control (12), Tokens (74), Triple DES (3), VPNs (273), Vulnerability assessment (913), WLANs (362), WPA (17)

Techweb
Informationweek Business Technology Network
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek MagazineGlobal CIOIWK Government ITbMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. DobbsContentinople
space
TechWeb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoNoJitter
Black HatGTECEnergy CampCloud ConnectGov 2.0 ExpoGov 2.0 Summit
space
Light Reading Communications Network
Light ReadingLight Reading AsiaUnstrungCable Digital NewsInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev ProNET Total Dev Pro CommunitySQL Total Dev Pro Community
space