NEWS

Application Aware Firewalling from SonicWALL
Security issues in group management
McAfee completes acquisition of Secure Computing
Winners of (ISC)2 Annual Cyber Security Awareness Contest
New firewall matrix analysis technology

Lavasoft & the antispyware industry

REVIEWS

Voice over IP Security
Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses
Big Book of Windows Hacks
Backup & Recovery

WINDOWS

LANguard Network Security Scanner 8 ***
Password Manager XP 2.3.447
Data Guardian 1.5.7
File Encryption XP 1.5.124
CryptoExpert 2008 Professional 7.8.4
Ad-Aware Free 2008
Spytech SpyAgent 6.31
Sandcat 3.7
Generic Security Service 0.0.24

ADVISORIES

Mandriva Linux Security Update Advisory - libxml2 (MDVSA-2008:231)
Ubuntu Security Notice - libxml2 vulnerabilities (USN-673-1)
Mandriva Linux Security Update Advisory - firefox (MDVSA-2008:230)
Articles

Audio (20)
Authentication (29)
Compliance (17)
Cryptography (9)
Database (15)
Editorials (314)
General Security (116)
Hacking History (30)
Interviews (125)
Intrusion Detection (20)
Linux (16)
Mac OS X (19)
Malware (41)
Opinions (145)
Podcasts (13)
Security Products (49)
Storage (20)
Various (71)
Video (25)
Web Security (73)
Wireless (22)


Last 10 added articles

Attacks On Banks (General Security)
This article provides an overview of the methods currently used by cyber criminals to attack financial institutions and banks in particular. It reviews general trends and takes how malicious programs targeting financial institutions are designed to evade detection by antivirus solutions. The article also covers phishing, money mules, the technical steps which cyber criminals may take when launching an attack (such as redirecting traffic, man-in-the-middle and man-in-the-endpoint attacks).
Trust No One (Opinions)
It’s easy to say what we’re all securing our systems and data against. But isn’t easy to say exactly who we need to secure against, nor who presents the biggest threat to our business. Certainly, the largest ever data breach – 45 million credit card records stolen from retailer TJX – was committed by criminals. But the second largest, last year’s loss of over 25 million child benefit records from Her Majesty’s Revenue & Customs in the UK, was caused by an ordinary public-sector employee putting two unencrypted CDs in the post.
Lavasoft and the antispyware industry (Video)
In this video, Lavasoft CEO Jason King offers a brief history of Lavasoft and its role in the antispyware industry, the growth of the company, the shift in the marketplace as well as details on the next generation of the Ad-aware product.
Q&A: Software Piracy (Interviews)
Jan Samzelius is the CEO and one of the founders of ByteShield, a company whose mission is protecting PC software applications and games against illegal copying. In this interview he discusses software piracy.
PCI Sample Encryption Key Management Documentation (Compliance)
Here is a sample set of encryption key management procedures for a fictitious application. These can be used as a guide to create encryption key management documentation for other applications that would be compliant with PCI DSS requirement 3.6.
Q&A: Mobile Forensics (Interviews)
Aviad Ofrat is the CEO of Cellebrite and in this interview discusses mobile forensics as well as the Universal Forensic Extraction Device.
Building C-Level Confidence with a Security Blueprint (Opinions)
IT professionals wear many hats these days. Not only are they charged with keeping the lights on, they must establish and maintain a defined security posture, ensure compliance with a long list of regulations, while also aligning IT operations with the organization’s broader strategic goals.
Q&A: Threats to the US critical communications infrastructure (Interviews)
Paul Parisi is the CTO of DNSstuff.com and has an extremely broad and deep technical background offering reality based solutions to everyday issues. In this interview he discusses the biggest threats to the communications infrastructure, the full disclosure of vulnerabilities as well as cyberterrorism.
European Network and Information Security Agency (ENISA) (Video)
In this video, Andrea Pirotti, the Executive Director of ENISA, introduces the agency and its work.
Biometric Security for Financial Meltdown Solutions (General Security)
In today’s world, banks are required to comply with regulations and standards to protect the banks and financial institutions from fraud. To mitigate fraud, these banks and financial institutions need to supplement their internal controls compliance with biometric authentication. Biometrics will prevent data breaches of security. Fraudsters will not limit their fraudulent activities trying to perpetrate frauds using only an ERP system. Users of ERP systems must also secure email systems and any trading systems interfacing with an ERP system. This would tighten security and improve accountability.




Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.










Vulnerability Scanning

Network Vulnerabilities

Event Log Security