Welcome Guest. | Log In| Register | Membership Benefits


Authentication Tech Center

String Of Deals Shows Demand for Cloud-Based Authentication
Acquisitions highlight how authentication-as-a-service is now part of identity and access management strategies

'BadB' Now Charged In RBS WorldPay ATM Case
Alleged ID theft ringleader arrested earlier this month also implicated in massive payroll debit card account theft

DNSSEC Will Drive Certificate Market
While DNNSEC will improve domain authentication, certificates still needed to verify the brand

MORE AUTHENTICATION TECH CENTER STORIES



SMB Security Tech Center

Forensics Out Of Reach For Most Small To Midsize Organizations
As breach, malware infection cycle continues for SMBs, affordable managed forensics services needed, experts say

U.S. Businesses Could Lose Up To $1 Billion In Online Banking Fraud This Year
Small to midsize businesses taking the biggest hit, experts say, but consumer banking customers could be next in the bull's eye

Careful With That Third-Party Web Widget
Smaller businesses are more likely to use third-party Web applications on their websites -- and they are less likely to scan such code

MORE SMB SECURITY TECH CENTER STORIES



Vulnerability Management Tech Center

September Month Of Bugs Under Way
Researchers say goal is to provide more details on some key known flaws, as well as expose some new zero-day vulnerabilities

Tech Insight: Retooling Vulnerability Scanning, Penetration Testing For IPv6
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are available

IPv6 Transition Poses New Security Threats
Next-generation IP protocol comes with more security as well as some potential flaws of its own

MORE VULNERABILTY MANAGEMENT TECH CENTER STORIES



Database Security Tech Center

Five Ways To Stop Mass SQL Injection Attacks
The best practices for mitigating this popular form of attack often are not being deployed

Delaware Contractor Mistakenly Posts Personal Data Of 22,000 Employees
Data sent along with RFP was not randomized to hide sensitive information, officials say

Four Best Practices For Tokenization
Going beyond Visa's best practices guide

MORE DATABASE SECURITY TECH CENTER STORIES



Security Services Tech Center

Firewalls Top Purchase Priority In 2010, Survey Says
Mobile computing, social networks, cloud computing named as the top three threats

Product Watch: Verizon, VMware Team Up With Hybrid Cloud Service
New Verizon service offers private public-cloud option

Building Botnets For Fun And Profit
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says

MORE SECURITY SERVICES TECH CENTER STORIES



Insider Threat Tech Center

Fraud At Sprint Offers Lessons For Enterprises, Experts Say
Insider attacks could have been prevented with a few simple practices

Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Emerging Web-based features make it possible to capture document contents remotely, Zscaler's Sutton warns

Enterprise Data Continues To Leak, Study Says
More than one third of companies have experienced the loss of sensitive data in the last year

MORE INSIDER THREAT TECH CENTER STORIES





Best Of The Web

HACK IN THE BOX
NSA Director Says U.S. Has A Duty To Secure The Internet
SEPTEMBER 8, 2010  | Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, said the U.S. must take a leadership role in protecting the Net against internal and external attacks

FIERCE GOVERNMENT.COM
FAA Air Traffic Control Systems Open To Possible Cyber Attack, Says IG
SEPTEMBER 8, 2010  | The Federal Aviation Administration has not yet fully deployed intrusion detection systems at all air traffic control facilities and therefore can't effectively detect or stop cyberattacks, according to the inspector general

DATABREACHES.NET
Nine Former Cell Phone Company Employees with Stealing Customer Information In $15 Million Cell Phone Cloning Scheme (updated)
SEPTEMBER 8, 2010  | Former employees of a national cell phone service provider were charged with conspiracy to commit wire fraud, access device fraud, and aggravated identity theft for their alleged roles in a $15 million cell phone cloning scheme

SECURE COMPUTING
Symantec Plugs Rap Comp's Security Holes
SEPTEMBER 8, 2010  | Symantec denies that the website of its Snoop Dog- affiliated Norton marketing campaign Hack is Wack was penetrated, but hackers reportedly used a flaw to "rickroll" the website

US-CERT
Mozilla Releases Firefox 3.6.9
SEPTEMBER 8, 2010  | Firefox 3.6.9 addresses multiple vulnerabilities that can allow an attacker to execute arbitrary code, steal information, wage cross-site scripting and a denial-of-service attacks

THE REGISTER
UK Hacker Fined For Personnel Database Mischief
SEPTEMBER 8, 2010  | Colin Parker, 31, must pay compensation for using a stolen laptop to hack into his ex-employer's personnel database

H ONLINE
Flash Player As A Spy System
SEPTEMBER 8, 2010  | Adobe's online Flash settings vulnerable to attack using man-in-the-middle to intercept Flash's communication with Adobe's Settings Manager app, researcher says

DEFENSE.GOV
Cyber Task Force Passes Mission To Cyber Command
SEPTEMBER 8, 2010  | The Joint Task Force Global Network Operations command is now under the U.S. Cyber Command at Fort Meade, Md.

More Best Of Web




Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.

Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.

Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.





                                      

Video


Interop Las Vegas 2010 - McAfee Next ...

PGP CEO on Malware Costs, Google-China ...

PGP CEO on New Client Encryption
View All Security Videos
Previous Page First Page Second Page Third Page Next Page
                         
Blogs

Evil Bytes
BY John H. Sawyer
Finding Exposed Devices On Your Network
 September 1, 2010
08:30 AM -- When browsing through SHODAN, it never ceases to amaze me what I can find. How is it that people think it's okay to leave their printers, routers, fiber channel switches, and industrial control systems completely open to the Internet?

SophosLabs Insights
BY Graham Cluley
Fake Facebook Dislike Button Latest In A Long Line Of Survey Scams
 August 17, 2010
06:45 AM -- Facebook users are proving to be easy prey for the current wave of survey scammers.

Hacked Off
BY Gadi Evron
Ownage By USB Keyboard
 September 8, 2010
07:29 AM -- When was the last time Windows asked you for permission before adding your new hardware -- say, a mouse?

Security Views
BY Taher Elgamal
Authentication A Problem That Needs a Solution -- Yesterday
 September 8, 2010
04:35 PM -- A number of distinct developments brought about the current authentication schemes we see in networks today.

Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Authentication
 August 8, 2010
02:27 PM -- Today Dark Reading launches a new feature: the Authentication Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of authentication and certification of end user access.

CS Island
BY Robert Richardson
There's A Recipe For That
 June 15, 2010
11:09 AM -- Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.

MORE BLOGS



Salary

CSI Report
14th Annual CSI Survey
 Security pros generally happy with products; not so much with awareness programs
MORE




Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)


Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:cxf
Published:2010-08-19
Severity:High
Description:Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
Vulnerability:libvirt
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Vulnerability:libvirt
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Vulnerability:libvirt
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Vulnerability:libvirt
Published:2010-08-19
Severity:Low
Description:Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.