Archive

ISSUE 24 (February 2010)

DOWNLOAD ISSUE 24 HERE

The covered topics are:

  • Writing a secure SOAP client with PHP: Field report from a real-world project
  • How virtualized browsing shields against web-based attacks
  • Review: 1Password 3
  • Preparing a strategy for application vulnerability detection
  • Threats 2.0: A glimpse into the near future
  • Preventing malicious documents from compromising Windows machines
  • Balancing productivity and security in a mixed environment
  • AES and 3DES comparison analysis
  • OSSEC: An introduction to open source log and event management
  • Secure and differentiated access in enterprise wireless networks
  • AND MORE!

ISSUE 23 (November 2009)

DOWNLOAD ISSUE 23 HERE

The covered topics are:

  • Microsoft's security patches year in review: A malware researcher's perspective
  • A closer look at Red Condor Hosted Service
  • Report: RSA Conference Europe 2009, London
  • The U.S. Department of Homeland Security has a vision for stronger information security
  • Q&A: Didier Stevens on malicious PDFs
  • Protecting browsers, endpoints and enterprises against new Web-based attacks
  • Mobile spam: An old challenge in a new guise
  • Report: BruCON security conference, Brussels
  • Study uncovers alarming password usage behavior
  • Elevating email to an enterprise-class database application solution
  • AND MORE!

ISSUE 22 (September 2009)

DOWNLOAD ISSUE 22 HERE

The covered topics are:

  • Using real-time events to drive your network scans
  • The Nmap project: Open source with style
  • A look at geolocation, URL shortening and top Twitter threats
  • Review: Data Locker
  • Making clouds secure
  • Top 5 myths about wireless protection
  • Securing the foundation of IT systems
  • Is your data recovery provider a data security problem?
  • Security for multi-enterprise applications
  • In mashups we trust?
  • AND MORE!

ISSUE 21 (June 2009)

DOWNLOAD ISSUE 21 HERE

The covered topics are:

  • Malicious PDF: Get owned without opening
  • Review: IronKey Personal
  • Windows 7 security features: Building on Vista
  • Using Wireshark to capture and analyze wireless traffic
  • "Unclonable" RFID - a technical overview
  • Secure development principles
  • Q&A: Ron Gula on Nessus and Tenable Network Security
  • Establish your social media presence with security in mind
  • A historical perspective on the cybersecurity dilemma
  • A risk-based, cost effective approach to holistic security
  • AND MORE!

ISSUE 20 (March 2009)

DOWNLOAD ISSUE 20 HERE

The covered topics are:

  • Improving network discovery mechanisms
  • Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
  • What you need to know about tokenization
  • Q&A: Vincenzo Iozzo on Mac OS X security
  • A framework for quantitative privacy measurement
  • Why fail? Secure your virtual assets
  • Phased deployment of Network Access Control
  • Web 2.0 case studies: challenges, approaches and vulnerabilities
  • ISP level malware filtering
  • Q&A: Scott Henderson on the Chinese underground
  • AND MORE!

ISSUE 19 (December 2008)

DOWNLOAD ISSUE 19 HERE

The covered topics are:

  • The future of AV: looking for the good while stopping the bad
  • Eight holes in Windows login controls
  • Extended validation and online security: EV SSL gets the green light
  • Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
  • Web filtering in a Web 2.0 world
  • RSA Conference Europe 2008
  • The role of password management in compliance with the data protection act
  • Securing data beyond PCI in a SOA environment: best practices for advanced data protection
  • Three undocumented layers of the OSI model and their impact on security
  • Interview with Rich Mogull, founder of Securosis
  • AND MORE!

ISSUE 18 (October 2008)

DOWNLOAD ISSUE 18 HERE

The covered topics are:

  • Network and information security in Europe today
  • Browser security: bolt it on, then build it in
  • Passive network security analysis with NetworkMiner
  • Lynis - an introduction to UNIX system auditing
  • Windows driver vulnerabilities: the METHOD_NEITHER odyssey
  • Removing software armoring from executables
  • Insecurities in privacy protection software
  • Compliance does not equal security but it's a good start
  • Secure web application development
  • The insider threat
  • Web application security: risky business?
  • AND MORE!

ISSUE 17 (July 2008)

DOWNLOAD ISSUE 17 HERE

The covered topics are:

  • Open redirect vulnerabilities: definition and prevention
  • The future of security is information-centric
  • Securing the enterprise data flow against advanced attacks
  • Bypassing and enhancing live behavioral protection
  • Security flaws identification and technical risk analysis through threat modeling
  • Migration from e-mail to web borne threats
  • Security training and awareness: strengthening your weakest link
  • Assessing risk in VoIP/UC networks
  • Building a secure wireless network for under $300
  • Reverse engineering software armoring
  • Point security solutions are not a 4 letter word
  • Hacking Second Life
  • AND MORE!

ISSUE 16 (April 2008)

DOWNLOAD ISSUE 16 HERE

The covered topics are:

  • Security policy considerations for virtual worlds
  • US political elections and cybercrime
  • Using packet analysis for network troubleshooting
  • The effectiveness of industry certifications
  • Is your data safe? Secure your web apps
  • RSA Conference 2008 / Black Hat 2008 Europe
  • Windows log forensics: did you cover your tracks?
  • Traditional vs. non-tranditional database auditing
  • Payment card data: know your defense options
  • Security risks for mobile computing on public WLANs: hotspot registration
  • Network event analysis with Net/FSE
  • Producing secure software with security enhanced software development processes
  • AND MORE!

ISSUE 15 (February 2008)

DOWNLOAD ISSUE 15 HERE

The covered topics are:

  • Proactive analysis of malware genes holds the key to network security
  • Advanced social engineering and human exploitation
  • Free visualization tools for security analysis and network monitoring
  • Internet terrorist: does such a thing really exist?
  • Weaknesses and protection of your wireless network
  • Fraud mitigation and biometrics following Sarbanes-Oxley
  • Application security matters: deploying enterprise software securely
  • The insider threat: hype vs. reality
  • How B2B gateways affect corporate information security
  • Reputation attacks, a little known Internet threat
  • Data protection and identity management
  • The good, the bad and the ugly of protecting data in a retail environment
  • Malware experts speak: F-Secure, Sophos, Trend Micro
  • AND MORE!

ISSUE 14 (November 2007)

DOWNLOAD ISSUE 14 HERE

The covered topics are:

  • Attacking consumer embedded devices
  • Review: QualysGuard
  • CCTV: technology in transition - analog or IP?
  • Interview with Robert "RSnake" Hansen, CEO of SecTheory
  • The future of encryption
  • Endpoint threats
  • Review: Kaspersky Internet Security 7.0
  • Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc.
  • Network access control: bridging the network security gap
  • Change and configuration solutions aid PCI auditors
  • Data protection and identity management
  • Information security governance: the nuts and bolts
  • 6 CTOs, 10 Burning Questions: AirDefense, AirMagnet, Aruba Networks, AirTight Networks, Fortress Technologies and Trapeze Networks
  • AND MORE!

ISSUE 13 (September 2007)

DOWNLOAD ISSUE 13 HERE

The covered topics are:

  • Interview with Janne Uusilehto, Head of Nokia Product Security
  • Social engineering social networking services: a LinkedIn example
  • The case for automated log management in meeting HIPAA compliance
  • Risk decision making: whose call is it?
  • Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced Threat Research team at Symantec
  • Securing VoIP networks: fraud
  • PCI DSS compliance: a difficult but necessary journey
  • A security focus on China outsourcing
  • A multi layered approach to prevent data leakage
  • Safeguard your organization with proper password management
  • Interview with Ulf Mattsson, Protegrity CTO
  • DEFCON 15
  • File format fuzzing
  • IS2ME: Information Security to Medium Enterprise

ISSUE 12 (July 2007)

DOWNLOAD ISSUE 12 HERE

The covered topics are:

  • Enterprise grade remote access
  • Review: Centennial Software DeviceWall 4.6
  • Solving the keylogger conundrum
  • Interview with Jeremiah Grossman, CTO of WhiteHat Security
  • The role of log management in operationalizing PCI compliance
  • Windows security: how to act against common attack vectors
  • Taking ownership of the Trusted Platform Module chip on Intel Macs
  • Compliance, IT security and a clear conscience
  • Key management for enterprise data encryption
  • The menace within
  • A closer look at the Cisco CCNP Video Mentor
  • Network Access Control.
ISSUE 11 (May 2007)

DOWNLOAD ISSUE 11 HERE

The covered topics are:

  • On the security of e-passports
  • Review: GFI LANguard Network Security Scanner 8
  • Critical steps to secure your virtualized environment
  • Interview with Howard Schmidt, President and CEO R & H Security Consulting
  • Quantitative look at penetration testing
  • Integrating ISO 17799 into your Software Development Lifecycle
  • Public Key Infrastructure (PKI): dead or alive?
  • Interview with Christen Krogh, Opera Software's Vice President of Engineering
  • Super ninja privacy techniques for web application developers
  • Security economics
  • iptables - an introduction to a robust firewall
  • Black Hat Briefings & Training Europe 2007
  • Enforcing the network security policy with digital certificates.
ISSUE 10 (February 2007)

DOWNLOAD ISSUE 10 HERE

The covered topics are:

  • Microsoft Windows Vista: significant security improvement?
  • Review: GFI Endpoint Security 3
  • Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
  • Top 10 spyware of 2006
  • The spam problem and open source filtering solutions
  • Office 2007: new format and new protection/security policy
  • Wardriving in Paris
  • Interview with Joanna Rutkowska, security researcher
  • Climbing the security career mountain: how to get more than just a job
  • RSA Conference 2007 report
  • ROT13 is used in Windows? You're joking!
  • Data security beyond PCI compliance - protecting sensitive data in a distributed environment.

ISSUE 9 (December 2006)

DOWNLOAD ISSUE 9 HERE

The covered topics are:

  • Effectiveness of security by admonition: a case study of security warnings in a web browser setting
  • Interview with Kurt Sauer, CSO at Skype
  • Web 2.0 defense with AJAX fingerprinting and filtering
  • Hack In The Box Security Conference 2006
  • Where iSCSI fits in enterprise storage networking
  • Recovering user passwords from cached domain records
  • Do portable storage solutions compromise business security?
  • Enterprise data security - a case study
  • Creating business through virtual trust: how to gain and sustain a competitive advantage using information security.

ISSUE 8 (September 2006)

DOWNLOAD ISSUE 8 HERE

The covered topics are:

  • Payment Card Industry demystified
  • Skype: how safe is it?
  • Computer forensics vs. electronic evidence
  • Review: Acunetix Web Vulnerability Scanner 4.0
  • SSH port forwarding - security from two perspectives, part two
  • Log management in PCI compliance
  • Airscanner vulnerability summary: Windows Mobile security software fails the test
  • Proactive protection: a panacea for viruses?
  • Introducing the MySQL Sandbox
  • Continuous protection of enterprise data: a comprehensive approach.

ISSUE 7 (June 2006)

DOWNLOAD ISSUE 7 HERE

The covered topics are:

  • SSH port forwarding: security from two perspectives, part one
  • An inside job
  • CEO spotlight: Q&A with Patricia Sueltz, SurfControl
  • Server monitoring with munin and monit
  • Compliance vs. awareness in 2006
  • Infosecurity 2006
  • 2005 *nix malware evolution
  • InfoSec World 2006
  • Overview of quality security podcasts.

ISSUE 6 (March 2006)

DOWNLOAD ISSUE 6 HERE

The covered topics are:

  • Best practices in enterprise database protection
  • Quantifying the cost of spyware to the enterprise
  • Security for websites - breaking sessions to hack into a machine
  • How to win friends and influence people with IT security certifications
  • The size of security: the evolution and history of OSSTMM operational security metrics
  • Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London
  • PHP and SQL security today
  • Apache security: Denial of Service attacks
  • War-driving in Germany - CeBIT 2006.

ISSUE 5 (January 2006)

DOWNLOAD ISSUE 5 HERE

The covered topics are:

  • Web application firewalls primer
  • Review: Trustware BufferZone 1.6
  • Threat analysis using log data
  • Looking back at computer security in 2005
  • Writing an enterprise handheld security policy
  • Digital Rights Management
  • Revenge of the Web mob
  • Hardening Windows Server 2003 platforms made easy
  • Filtering spam server-side.

ISSUE 4 (October 2005)

DOWNLOAD ISSUE 4 HERE

The covered topics are:

  • Structured traffic analysis
  • Access Control Lists in Tiger and Tiger Server - true permission management
  • Automating I.T. security audits
  • Biometric security
  • PDA attacks, part 2: airborne viruses - evolution of the latest threats
  • Build a custom firewall computer
  • Lock down your kernel with grsecurity
  • Interview with Sergey Ryzhikov, director of Bitrix
  • Best practices for database encryption solutions.

ISSUE 3 (August 2005)

DOWNLOAD ISSUE 3 HERE

The covered topics are:

  • Security vulnerabilities, exploits and patches
  • PDA attacks: palm sized devices - PC sized threats
  • Adding service signatures to Nmap
  • CSO and CISO - perception vs. reality in the security kingdom
  • Unified threat management: IT security's silver bullet?
  • The reality of SQL injection
  • 12 months of progress for the Microsoft Security Response Centre
  • Interview with Michal Zalewski, security researcher
  • OpenSSH for Macintosh
  • Method for forensic validation of backup tape.

ISSUE 2 (June 2005)

DOWNLOAD ISSUE 2 HERE

The covered topics are:

  • Information security in campus and open environments
  • Web applications worms - the next Internet infestation
  • Integrating automated patch and vulnerability management into an enterprise-wide environment
  • Advanced PHP security - vulnerability containment
  • Protecting an organization’s public information
  • Application security: the noveau blame game
  • What you need to know before migrating your applications to the Web
  • Clear cut cryptography
  • How to lock down enterprise data with infrastructure services.

ISSUE 1 (April 2005)

DOWNLOAD ISSUE 1 HERE

The covered topics are:

  • Does Firefox really provide more security than Internet Explorer?
  • Security risks associated with portable storage devices
  • 10 tips on protecting customer information from identity theft
  • Linux security - is it ready for the average user?
  • How to secure your wireless network
  • Considerations for preventing information leakage
  • An introduction to securing Linux with Apache, ProFTPd & Samba
  • Security vulnerabilities in PHP Web applications.