Archive

ISSUE 43 (September 2014)

DOWNLOAD ISSUE 43 HERE

The covered topics are:

  • What is the value of professional certification?
  • How to tell if your security system has been fingerprinted by evasive malware
  • Mobile hackers look to the network
  • Why every security-conscious organization needs a honeypot
  • Securing the U.S. electrical grid
  • Using Hollywood to improve your security program
  • How a large ISP fights DDoS attacks with a custom solution
  • Black Hat USA 2014
  • The synergy of hackers and tools at the Black Hat Arsenal
  • Web application security today
  • Big Data analytics to the rescue
  • Why now is the time for enterprises to implement context-based authentication
  • HoneyMalt: Mapping honeypots using Maltego
  • Failure is an option
  • Cloud security: Do you know where your data is?

ISSUE 42 (June 2014)

DOWNLOAD ISSUE 42 HERE

The covered topics are:

  • Six infosec tips I learned from Game of Thrones
  • Dissecting the newly-discovered desire for control and privacy
  • Incident response and failure of the "Just Fix It" attitude
  • How to learn information security
  • Who are you? The impact of security breaches on authentication
  • Thecus N5550 NAS Server inside and out
  • Report: Hack In The Box Amsterdam 2014
  • Ensuring the integrity of Rostelecomís Wi-Fi network
  • What inspired you to start hacking?
  • Beyond Heartbleed: Closing SSL implementation gaps within our own networks
  • Ironclad incident response
  • Hands-on fun at HacKid 2014
  • Are you ready for the day that prevention fails?
  • Why privacy engineering is needed

SPECIAL ISSUE: Infosecurity Europe 2014 (May2014)

DOWNLOAD THE SPECIAL ISSUE HERE

This year's Infosecurity Europe conference and exhibition attracted more than 15,000 unique industry professionals from 73 countries across the three days, had a massive show floor featuring 345 exhibitors from 24 countries. Presented in this issue are some of the most interesting news and companies we've seen at the show.


SPECIAL ISSUE: RSA Conference 2014 (March 2014)

DOWNLOAD THE SPECIAL ISSUE HERE

Featured in this magazine are the most important news and companies from the conference, which allows you to get an in-depth look at the highlights of RSA Conference 2014.


ISSUE 41 (February 2014)

DOWNLOAD ISSUE 41 HERE

The covered topics are:

  • Cloud insecurity? Time to bust the myth
  • Executive hot seat: Cloud Security Alliance CEO
  • Security uncertainty in the cloud: Problems and potential solutions
  • Share with the world: Who reads my data in the cloud?
  • Executive hot seat: Intrinsic-ID CEO
  • Privacy in the cloud: The power of encryption
  • How to recover deleted or corrupted digital currency
  • Leveraging Big Data for security operations
  • The past, present, and future of Big Data security
  • Information stewardship: Avoiding data breaches and managing Big Data
  • Generating value from Big Data analytics
  • Too big to fail: The Big Data dilemma

ISSUE 40 (December 2013)

DOWNLOAD ISSUE 40 HERE

The covered topics are:

  • How malware became the cyber threat it is today
  • Testing anti-malware products
  • Shoulder surfing via audio frequencies for XBox Live passwords
  • How to write Yara rules to detect malware
  • Report: HITBSecConf2013 Malaysia
  • Using Tshark for malware detection
  • 5 questions for the head of a malware research team
  • Beyond apps, beyond Android: 2013 mobile threat trends
  • Malware analysis on a shoestring budget
  • Report: Virus Bulletin 2013
  • Digital ship pirates: Researchers crack vessel tracking system
  • Exploring the challenges of malware analysis
  • Evading file-based sandboxes
  • Report: RSA Conference Europe 2013
  • Data security to protect PCI data flow

ISSUE 39 (September 2013)

DOWNLOAD ISSUE 39 HERE

The covered topics are:

  • Dear CSO, do you know how to build security culture?
  • How to secure a companyís Chinese development center?
  • Stephen Pao, GM, Security Business at Barracuda Networks, on web application security
  • The state of web application security in numbers
  • Web application exploitation with broken authentication and path traversal
  • Joel Smith, AppRiver CTO, on web threats
  • With big data comes big responsibility: The (in)security of OLAP systems
  • There are no winners in the blame game
  • Digital graphology: It's all in the signature
  • Security from within: Proactive steps towards protecting corporate assets from attack
  • The five biggest reasons your IT staff is losing sleep
  • How to manage your passwords with KeePass

ISSUE 38 (June 2013)

DOWNLOAD ISSUE 38 HERE

The covered topics are:

  • Becoming a computer forensic examiner
  • UEFI secure boot: Next generation booting or a controversial debate
  • How to detect malicious network behavior
  • What startups can learn from enterprise level data security tactics
  • To hack back or not to hack back?
  • Report: Infosecurity 2013
  • DNS attacks on the rise: Rethink your security posture
  • IT security jobs: What's in demand and how to meet it
  • Remote support and security: What you donít know can hurt you
  • A closer look to HITBSecConf 2013 Amsterdam

ISSUE 37 (March 2013)

DOWNLOAD ISSUE 37 HERE

The covered topics are:

  • Becoming a malware analyst
  • Review: Nipper Studio
  • Five questions for Microsoft's Chief Privacy Officer
  • Application security testing for AJAX and JSON
  • Penetrating and achieving persistence in highly secured networks
  • Report: RSA Conference 2013
  • Social engineering: An underestimated danger
  • Review: Hacking Web Apps
  • Improving information security with one simple question
  • Security needs to be handled at the top
  • 8 key data privacy considerations when moving servers to the public cloud

ISSUE 36 (December 2012)

DOWNLOAD ISSUE 36 HERE

The covered topics are:

  • What makes security awareness training successful?
  • Review - Incapsula: Enterprise-grade website security
  • Five questions for Microsoft's Worldwide Chief Security Advisor
  • Computer forensic examiners are from Mars, attorneys are from Venus
  • In the field: RSA Conference 2012 Europe
  • A mobile environment security assessment
  • Hack In The Box CEO on the information security landscape
  • In the field: IRISSCERT Cybercrime Conference 2012
  • Comply or die: The importance of a business-centric approach to compliance
  • Hackers can get in when systems are off: The risks of lights out management
  • It's just the guest wireless network... right?

ISSUE 35 (September 2012)

DOWNLOAD ISSUE 35 HERE

The covered topics are:

  • Administrative scripting with Nmap
  • Information security in Europe with ENISA Executive Director Prof. Udo Helmbrecht
  • Unintended, malicious and evil applications of augmented reality
  • The enemy at the gate
  • Top five hurdles to security and compliance in industrial control systems
  • How to monitor the blind spots in your IT system: Logging versus auditing
  • DBI aid reverse engineering: Pinpointing interesting code
  • The importance of data normalization in IPS

ISSUE 34 (June 2012)

DOWNLOAD ISSUE 34 HERE

The covered topics are:

  • Fitness as a model for security
  • Security and migrating to the cloud: Is it all doom and gloom?
  • Solid state drives: Forensic preservation issues
  • Introduction to Android malware analysis
  • Hack in The Box Conference 2012 Amsterdam
  • ISO 27001 standard: Breaking the documentation myth with Dejan Kosutic
  • Preparing a breach response plan
  • Security beyond the operating system: Into the cloud and beyond
  • Amphion Forum 2012 Munich
  • The challenges of data recovery from modern storage systems
  • Two-factor authentication for the cloud: Does it have to be hard?

SPECIAL ISSUE: RSA CONFERENCE 2012 (March 2012)

DOWNLOAD THE ISSUE HERE

The covered topics are:

  • News from RSA Conference 2012
  • Information security within emerging markets
  • Evolving security trends in smartphone and mobile computing
  • The biggest problem in application security today
  • RSA Conference 2012 award winners
  • Innovation Sandbox

ISSUE 33 (February 2012)

DOWNLOAD ISSUE 33 HERE

The covered topics are:

  • Securing Android: Think outside the box
  • Interview with Joe Sullivan, CSO at Facebook
  • White hat shellcode: Not for exploits
  • Using mobile device management for risk mitigation in a heterogeneous environment
  • Metasploit: The future of penetration testing with HD Moore
  • Using and extending the Vega open source web security platform
  • Next-generation policies: Managing the human factor in security

ISSUE 32 (December 2011)

DOWNLOAD ISSUE 32 HERE

The covered topics are:

  • 7 questions you always wanted to ask a professional vulnerability researcher
  • Insights on drive-by browser history stealing
  • Review: Kingston DataTraveler 6000
  • RSA Conference Europe 2011
  • PacketFence: Because NAC doesn't have to be hard!
  • Information security and the threat landscape with Raj Samani
  • Security is a dirty word
  • Smartphone apps are not that smart: Insecure development practices
  • Virus Bulletin 2011
  • Infosec professionals: Accomplishing your day job without breaking the law
  • WPScan: WordPress Security Scanner
  • Securing the enterprise: Is your IT department under siege?

ISSUE 31 (September 2011)

DOWNLOAD ISSUE 31 HERE

The covered topics are:

  • The changing face of hacking
  • Review: [hiddn] Crypto Adapter
  • A tech theory coming of age
  • SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
  • The need for foundational controls in cloud computing
  • A new approach to data centric security
  • The future of identity verification through keystroke dynamics
  • Visiting Bitdefender's headquarters
  • Rebuilding walls in the clouds
  • Testing Domino applications
  • Report: Black Hat 2011 USA
  • Safeguarding user access in the cloud with identity governance

ISSUE 30 (June 2011)

DOWNLOAD ISSUE 30 HERE

The covered topics are:

  • Microsoft's Enhanced Mitigation Experience Toolkit
  • Transaction monitoring as an issuer fraud risk management technique in the banking card payment system
  • IPv6: Saviour and threat
  • The hard truth about mobile application security: Separating hype from reality
  • Don't fear the auditor
  • Book review: Kingpin
  • Secure mobile platforms: CISOs faced with new strategies
  • Security needs to be unified, simplified and proactive
  • Whose computer is it anyway?
  • 10 golden rules of information security
  • The token is dead
  • Book review: IPv6 for Enterprise Networks
  • Cyber security revisited: Change from the ground up?

ISSUE 29 (March 2011)

DOWNLOAD ISSUE 29 HERE

The covered topics are:

  • Virtual machines: Added planning to the forensic acquisition process
  • Review: iStorage diskGenie
  • Managers are from Mars, information security professionals are from Venus
  • PacketWars: A cyber security sport for a cyber age
  • Q&A: Graham Cluley on Facebook security and privacy
  • Financial Trojans: Following the money
  • Mobile encryption: The new frontier
  • Report: RSA Conference 2011
  • Q&A: Stefan Frei on security research and vulnerability management
  • The expanding role of digital certificates… in more places than you think
  • AND MORE!

ISSUE 28 (November 2010)

DOWNLOAD ISSUE 28 HERE

The covered topics are:

  • Database protocol exploits explained
  • Review: MXI M700 Bio
  • Measuring web application security coverage
  • Inside backup and storage: The expert's view
  • Combating the changing nature of online fraud
  • Successful data security programs encompass processes, people, technology
  • Sangria, tapas and hackers: SOURCE Barcelona 2010
  • What CSOs can learn from college basketball
  • Network troubleshooting 101
  • America's cyber cold war
  • RSA Conference Europe 2010
  • Bootkits - a new stage of development
  • AND MORE!

ISSUE 27 (September 2010)

DOWNLOAD ISSUE 27 HERE

The covered topics are:

  • Review: BlockMaster SafeStick secure USB flash drive
  • The devil is in the details: Securing the enterprise against the cloud
  • Cybercrime may be on the rise, but authentication evolves to defeat it
  • Learning from bruteforcers
  • PCI DSS v1.3: Vital to the emerging demand for virtualization and cloud security
  • Security testing - the key to software quality
  • Payment card security: Risk and control assessments
  • Security as a process: Does your security team fuzz?
  • Intelligent security: Countering sophisticated fraud
  • AND MORE!

ISSUE 26 (June 2010)

DOWNLOAD ISSUE 26 HERE

The covered topics are:

  • PCI: Security's lowest common denominator
  • Analyzing Flash-based RIA components and discovering vulnerabilities
  • Logs: Can we finally tame the beast?
  • Launch arbitrary code from Excel in a restricted environment
  • Placing the burden on the bot
  • Data breach risks and privacy compliance
  • Authenticating Linux users against Microsoft Active Directory
  • Hacking under the radar
  • iPhone backup, encryption and forensics
  • AND MORE!

ISSUE 25 (April 2010)

DOWNLOAD ISSUE 25 HERE

The covered topics are:

  • The changing face of penetration testing: Evolve or die!
  • Review: SmartSwipe
  • Unusual SQL injection vulnerabilities and how to exploit them
  • Take note of new data notification rules
  • RSA Conference 2010 coverage
  • Corporate monitoring: Addressing security, privacy, and temptation in the workplace
  • Cloud computing and recovery, not just backup
  • EJBCA: Make your own certificate authority
  • Advanced attack detection using OSSIM
  • AND MORE!

ISSUE 24 (February 2010)

DOWNLOAD ISSUE 24 HERE

The covered topics are:

  • Writing a secure SOAP client with PHP: Field report from a real-world project
  • How virtualized browsing shields against web-based attacks
  • Review: 1Password 3
  • Preparing a strategy for application vulnerability detection
  • Threats 2.0: A glimpse into the near future
  • Preventing malicious documents from compromising Windows machines
  • Balancing productivity and security in a mixed environment
  • AES and 3DES comparison analysis
  • OSSEC: An introduction to open source log and event management
  • Secure and differentiated access in enterprise wireless networks
  • AND MORE!

ISSUE 23 (November 2009)

DOWNLOAD ISSUE 23 HERE

The covered topics are:

  • Microsoft's security patches year in review: A malware researcher's perspective
  • A closer look at Red Condor Hosted Service
  • Report: RSA Conference Europe 2009, London
  • The U.S. Department of Homeland Security has a vision for stronger information security
  • Q&A: Didier Stevens on malicious PDFs
  • Protecting browsers, endpoints and enterprises against new Web-based attacks
  • Mobile spam: An old challenge in a new guise
  • Report: BruCON security conference, Brussels
  • Study uncovers alarming password usage behavior
  • Elevating email to an enterprise-class database application solution
  • AND MORE!

ISSUE 22 (September 2009)

DOWNLOAD ISSUE 22 HERE

The covered topics are:

  • Using real-time events to drive your network scans
  • The Nmap project: Open source with style
  • A look at geolocation, URL shortening and top Twitter threats
  • Review: Data Locker
  • Making clouds secure
  • Top 5 myths about wireless protection
  • Securing the foundation of IT systems
  • Is your data recovery provider a data security problem?
  • Security for multi-enterprise applications
  • In mashups we trust?
  • AND MORE!

ISSUE 21 (June 2009)

DOWNLOAD ISSUE 21 HERE

The covered topics are:

  • Malicious PDF: Get owned without opening
  • Review: IronKey Personal
  • Windows 7 security features: Building on Vista
  • Using Wireshark to capture and analyze wireless traffic
  • "Unclonable" RFID - a technical overview
  • Secure development principles
  • Q&A: Ron Gula on Nessus and Tenable Network Security
  • Establish your social media presence with security in mind
  • A historical perspective on the cybersecurity dilemma
  • A risk-based, cost effective approach to holistic security
  • AND MORE!

ISSUE 20 (March 2009)

DOWNLOAD ISSUE 20 HERE

The covered topics are:

  • Improving network discovery mechanisms
  • Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
  • What you need to know about tokenization
  • Q&A: Vincenzo Iozzo on Mac OS X security
  • A framework for quantitative privacy measurement
  • Why fail? Secure your virtual assets
  • Phased deployment of Network Access Control
  • Web 2.0 case studies: challenges, approaches and vulnerabilities
  • ISP level malware filtering
  • Q&A: Scott Henderson on the Chinese underground
  • AND MORE!

ISSUE 19 (December 2008)

DOWNLOAD ISSUE 19 HERE

The covered topics are:

  • The future of AV: looking for the good while stopping the bad
  • Eight holes in Windows login controls
  • Extended validation and online security: EV SSL gets the green light
  • Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
  • Web filtering in a Web 2.0 world
  • RSA Conference Europe 2008
  • The role of password management in compliance with the data protection act
  • Securing data beyond PCI in a SOA environment: best practices for advanced data protection
  • Three undocumented layers of the OSI model and their impact on security
  • Interview with Rich Mogull, founder of Securosis
  • AND MORE!

ISSUE 18 (October 2008)

DOWNLOAD ISSUE 18 HERE

The covered topics are:

  • Network and information security in Europe today
  • Browser security: bolt it on, then build it in
  • Passive network security analysis with NetworkMiner
  • Lynis - an introduction to UNIX system auditing
  • Windows driver vulnerabilities: the METHOD_NEITHER odyssey
  • Removing software armoring from executables
  • Insecurities in privacy protection software
  • Compliance does not equal security but it's a good start
  • Secure web application development
  • The insider threat
  • Web application security: risky business?
  • AND MORE!

ISSUE 17 (July 2008)

DOWNLOAD ISSUE 17 HERE

The covered topics are:

  • Open redirect vulnerabilities: definition and prevention
  • The future of security is information-centric
  • Securing the enterprise data flow against advanced attacks
  • Bypassing and enhancing live behavioral protection
  • Security flaws identification and technical risk analysis through threat modeling
  • Migration from e-mail to web borne threats
  • Security training and awareness: strengthening your weakest link
  • Assessing risk in VoIP/UC networks
  • Building a secure wireless network for under $300
  • Reverse engineering software armoring
  • Point security solutions are not a 4 letter word
  • Hacking Second Life
  • AND MORE!

ISSUE 16 (April 2008)

DOWNLOAD ISSUE 16 HERE

The covered topics are:

  • Security policy considerations for virtual worlds
  • US political elections and cybercrime
  • Using packet analysis for network troubleshooting
  • The effectiveness of industry certifications
  • Is your data safe? Secure your web apps
  • RSA Conference 2008 / Black Hat 2008 Europe
  • Windows log forensics: did you cover your tracks?
  • Traditional vs. non-tranditional database auditing
  • Payment card data: know your defense options
  • Security risks for mobile computing on public WLANs: hotspot registration
  • Network event analysis with Net/FSE
  • Producing secure software with security enhanced software development processes
  • AND MORE!

ISSUE 15 (February 2008)

DOWNLOAD ISSUE 15 HERE

The covered topics are:

  • Proactive analysis of malware genes holds the key to network security
  • Advanced social engineering and human exploitation
  • Free visualization tools for security analysis and network monitoring
  • Internet terrorist: does such a thing really exist?
  • Weaknesses and protection of your wireless network
  • Fraud mitigation and biometrics following Sarbanes-Oxley
  • Application security matters: deploying enterprise software securely
  • The insider threat: hype vs. reality
  • How B2B gateways affect corporate information security
  • Reputation attacks, a little known Internet threat
  • Data protection and identity management
  • The good, the bad and the ugly of protecting data in a retail environment
  • Malware experts speak: F-Secure, Sophos, Trend Micro
  • AND MORE!

ISSUE 14 (November 2007)

DOWNLOAD ISSUE 14 HERE

The covered topics are:

  • Attacking consumer embedded devices
  • Review: QualysGuard
  • CCTV: technology in transition - analog or IP?
  • Interview with Robert "RSnake" Hansen, CEO of SecTheory
  • The future of encryption
  • Endpoint threats
  • Review: Kaspersky Internet Security 7.0
  • Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc.
  • Network access control: bridging the network security gap
  • Change and configuration solutions aid PCI auditors
  • Data protection and identity management
  • Information security governance: the nuts and bolts
  • 6 CTOs, 10 Burning Questions: AirDefense, AirMagnet, Aruba Networks, AirTight Networks, Fortress Technologies and Trapeze Networks
  • AND MORE!

ISSUE 13 (September 2007)

DOWNLOAD ISSUE 13 HERE

The covered topics are:

  • Interview with Janne Uusilehto, Head of Nokia Product Security
  • Social engineering social networking services: a LinkedIn example
  • The case for automated log management in meeting HIPAA compliance
  • Risk decision making: whose call is it?
  • Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced Threat Research team at Symantec
  • Securing VoIP networks: fraud
  • PCI DSS compliance: a difficult but necessary journey
  • A security focus on China outsourcing
  • A multi layered approach to prevent data leakage
  • Safeguard your organization with proper password management
  • Interview with Ulf Mattsson, Protegrity CTO
  • DEFCON 15
  • File format fuzzing
  • IS2ME: Information Security to Medium Enterprise

ISSUE 12 (July 2007)

DOWNLOAD ISSUE 12 HERE

The covered topics are:

  • Enterprise grade remote access
  • Review: Centennial Software DeviceWall 4.6
  • Solving the keylogger conundrum
  • Interview with Jeremiah Grossman, CTO of WhiteHat Security
  • The role of log management in operationalizing PCI compliance
  • Windows security: how to act against common attack vectors
  • Taking ownership of the Trusted Platform Module chip on Intel Macs
  • Compliance, IT security and a clear conscience
  • Key management for enterprise data encryption
  • The menace within
  • A closer look at the Cisco CCNP Video Mentor
  • Network Access Control.

ISSUE 11 (May 2007)

DOWNLOAD ISSUE 11 HERE

The covered topics are:

  • On the security of e-passports
  • Review: GFI LANguard Network Security Scanner 8
  • Critical steps to secure your virtualized environment
  • Interview with Howard Schmidt, President and CEO R & H Security Consulting
  • Quantitative look at penetration testing
  • Integrating ISO 17799 into your Software Development Lifecycle
  • Public Key Infrastructure (PKI): dead or alive?
  • Interview with Christen Krogh, Opera Software's Vice President of Engineering
  • Super ninja privacy techniques for web application developers
  • Security economics
  • iptables - an introduction to a robust firewall
  • Black Hat Briefings & Training Europe 2007
  • Enforcing the network security policy with digital certificates.

ISSUE 10 (February 2007)

DOWNLOAD ISSUE 10 HERE

The covered topics are:

  • Microsoft Windows Vista: significant security improvement?
  • Review: GFI Endpoint Security 3
  • Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
  • Top 10 spyware of 2006
  • The spam problem and open source filtering solutions
  • Office 2007: new format and new protection/security policy
  • Wardriving in Paris
  • Interview with Joanna Rutkowska, security researcher
  • Climbing the security career mountain: how to get more than just a job
  • RSA Conference 2007 report
  • ROT13 is used in Windows? You're joking!
  • Data security beyond PCI compliance - protecting sensitive data in a distributed environment.

ISSUE 9 (December 2006)

DOWNLOAD ISSUE 9 HERE

The covered topics are:

  • Effectiveness of security by admonition: a case study of security warnings in a web browser setting
  • Interview with Kurt Sauer, CSO at Skype
  • Web 2.0 defense with AJAX fingerprinting and filtering
  • Hack In The Box Security Conference 2006
  • Where iSCSI fits in enterprise storage networking
  • Recovering user passwords from cached domain records
  • Do portable storage solutions compromise business security?
  • Enterprise data security - a case study
  • Creating business through virtual trust: how to gain and sustain a competitive advantage using information security.

ISSUE 8 (September 2006)

DOWNLOAD ISSUE 8 HERE

The covered topics are:

  • Payment Card Industry demystified
  • Skype: how safe is it?
  • Computer forensics vs. electronic evidence
  • Review: Acunetix Web Vulnerability Scanner 4.0
  • SSH port forwarding - security from two perspectives, part two
  • Log management in PCI compliance
  • Airscanner vulnerability summary: Windows Mobile security software fails the test
  • Proactive protection: a panacea for viruses?
  • Introducing the MySQL Sandbox
  • Continuous protection of enterprise data: a comprehensive approach.

ISSUE 7 (June 2006)

DOWNLOAD ISSUE 7 HERE

The covered topics are:

  • SSH port forwarding: security from two perspectives, part one
  • An inside job
  • CEO spotlight: Q&A with Patricia Sueltz, SurfControl
  • Server monitoring with munin and monit
  • Compliance vs. awareness in 2006
  • Infosecurity 2006
  • 2005 *nix malware evolution
  • InfoSec World 2006
  • Overview of quality security podcasts.

ISSUE 6 (March 2006)

DOWNLOAD ISSUE 6 HERE

The covered topics are:

  • Best practices in enterprise database protection
  • Quantifying the cost of spyware to the enterprise
  • Security for websites - breaking sessions to hack into a machine
  • How to win friends and influence people with IT security certifications
  • The size of security: the evolution and history of OSSTMM operational security metrics
  • Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London
  • PHP and SQL security today
  • Apache security: Denial of Service attacks
  • War-driving in Germany - CeBIT 2006.

ISSUE 5 (January 2006)

DOWNLOAD ISSUE 5 HERE

The covered topics are:

  • Web application firewalls primer
  • Review: Trustware BufferZone 1.6
  • Threat analysis using log data
  • Looking back at computer security in 2005
  • Writing an enterprise handheld security policy
  • Digital Rights Management
  • Revenge of the Web mob
  • Hardening Windows Server 2003 platforms made easy
  • Filtering spam server-side.

ISSUE 4 (October 2005)

DOWNLOAD ISSUE 4 HERE

The covered topics are:

  • Structured traffic analysis
  • Access Control Lists in Tiger and Tiger Server - true permission management
  • Automating I.T. security audits
  • Biometric security
  • PDA attacks, part 2: airborne viruses - evolution of the latest threats
  • Build a custom firewall computer
  • Lock down your kernel with grsecurity
  • Interview with Sergey Ryzhikov, director of Bitrix
  • Best practices for database encryption solutions.

ISSUE 3 (August 2005)

DOWNLOAD ISSUE 3 HERE

The covered topics are:

  • Security vulnerabilities, exploits and patches
  • PDA attacks: palm sized devices - PC sized threats
  • Adding service signatures to Nmap
  • CSO and CISO - perception vs. reality in the security kingdom
  • Unified threat management: IT security's silver bullet?
  • The reality of SQL injection
  • 12 months of progress for the Microsoft Security Response Centre
  • Interview with Michal Zalewski, security researcher
  • OpenSSH for Macintosh
  • Method for forensic validation of backup tape.

ISSUE 2 (June 2005)

DOWNLOAD ISSUE 2 HERE

The covered topics are:

  • Information security in campus and open environments
  • Web applications worms - the next Internet infestation
  • Integrating automated patch and vulnerability management into an enterprise-wide environment
  • Advanced PHP security - vulnerability containment
  • Protecting an organization’s public information
  • Application security: the noveau blame game
  • What you need to know before migrating your applications to the Web
  • Clear cut cryptography
  • How to lock down enterprise data with infrastructure services.

ISSUE 1 (April 2005)

DOWNLOAD ISSUE 1 HERE

The covered topics are:

  • Does Firefox really provide more security than Internet Explorer?
  • Security risks associated with portable storage devices
  • 10 tips on protecting customer information from identity theft
  • Linux security - is it ready for the average user?
  • How to secure your wireless network
  • Considerations for preventing information leakage
  • An introduction to securing Linux with Apache, ProFTPd & Samba
  • Security vulnerabilities in PHP Web applications.

Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //