NEWS

Malicious spam campaigns continues with Rustock botnet
Security flaws in online banking sites
New book: "Google Apps: The Missing Manual"
New high-end home chip and PIN security solution
Top internal network threats in 2008 so far

Video: The Vulnerability Economy

REVIEWS

Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses
Big Book of Windows Hacks

WINDOWS

LANguard Network Security Scanner 8 ***
Data Guardian 1.4.4
Crypt4Free 4.7.8
VisualRoute 2008 12.0g
Outpost Security Suite Pro 2008 6.5.2356.316.0603
CryptoExpert 2008 Professional 7.6.3
Cute Password Manager 2008.1.3.7
Spyware Terminator 2.2.3.444

ADVISORIES

Debian Security Advisory - refpolicy (DSA-1617-1)
Ubuntu Security Notice - mozilla-thunderbird, thunderbird vulnerabilities (USN-629-1)
Turbolinux Security Announcement - Multiple vulnerabilities in thunderbird (24/Jul/2008)
Articles

Audio (20)
Authentication (28)
Compliance (14)
Cryptography (9)
Database (14)
Editorials (314)
General Security (111)
Hacking History (30)
Interviews (117)
Intrusion Detection (20)
Linux (16)
Mac OS X (19)
Malware (40)
Opinions (140)
Podcasts (13)
Security Products (49)
Storage (20)
Various (71)
Video (22)
Web Security (71)
Wireless (21)


Last 10 added articles

Security Policy Considerations for Virtual Worlds (Opinions)
Virtual worlds offer significant outreach and business development opportunities to companies, governments, and the world at large. As these worlds evolve and grow in popularity and acceptance, and become more integrated into many aspects of business and society, they offer new and uncharted terrain for security practitioners to embrace, explore and apply corporate governance and information security policy.
Q&A: Web 2.0 Security (Interviews)
Sam Masiello oversees the MX Logic Threat Operations Center. Masiello has more than 18 years of email systems and IT management experience, including nearly 10 years network and security systems management. In this interview he discusses various aspects of Web 2.0 security.
The Vulnerability Economy (Video)
Jeff Moss, the founder of DEFCON and Black Hat, discusses the unfolding of the vulnerability economy. Nowadays, instead of exposing high profile zero-day vulnerabilities at conferences, many researchers opt for selling their discoveries on a growing market.
DNS Vulnerability Overview and Suggested Mitigations (Web Security)
On July 9th, 2008 a massive effort was made among software and hardware vendors to release a simultaneous patch to their products. This patch was created to mitigate or minimize the effects of a vulnerability discovered in the basic operation of the Internet Domain Name System or DNS. This subsystem is critical to the operation of the Internet and provides for the translation of human readable names into computer usable IP addresses.
Q&A: Insider Threat (Interviews)
Bob Farber is the CEO of Symark. Prior to joining Symark, Mr. Farber was the Manager of Technical Support Operations for Candle Corporation. In this interview he discusses the growing problem of insider threat.
The Extended HTML Form Attack Revisited (Web Security)
HTML forms are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not. Apart from that, many web browsers will simply render any data that is returned from the server. One thing to keep in mind is that HTML forms can be hosted on one website (attacker’s website) and send data to an open port on a victim server.
Q&A: Software-as-a-Service and Threat Management (Interviews)
Misha Govshteyn is the CTO and responsible for security strategy, security research and operations at Alert Logic. In this interview he discusses Software-as-a-Service (SaaS), log management, compliance, threat management and more.
Reverse Engineering: Anti-Cracking Techniques (General Security)
This paper is a guide into better understanding most of the approaches a reverse engineer can follow in order to achieve his goal. Additionally, it includes a number of advices on how to better protect your software against tracing its sensitive information, like serial key checks and authentication procedures.
Q&A: The Threat of Malware to Mobile Phones (Interviews)
Richard R. Roscitt is the CEO of SMobile Systems. He keynoted at world-class forums and is regularly featured in leading business and industry trade print and electronic media, having appeared often on CNBC, Bloomberg TV, and CNN/FN. In this interview he discusses the threat of malware to mobile phones.
Q&A: The DNSChanger Trojan (Interviews)
Christoph Alme is the Principal Engineer and Team Lead of anti-malware research at Secure Computing Corporation. He is the inventor of several patent-pending key technologies in the field of proactive malware detection. In this interview he discusses a new variant of the DNSChanger Trojan.




Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.










Vulnerability Scanning

Network Vulnerabilities

Event Log Security