NEWS

Companies have a false sense of confidence in their backup solutions
Spam stats for July: origins, categories and percentage
SPF/DKIM use on the decline among Fortune 500s
Application whitelisting solution for Point-of-Sale
Secure video and audio for enhanced protection

Video: The Vulnerability Economy

REVIEWS

Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses
Big Book of Windows Hacks

WINDOWS

LANguard Network Security Scanner 8 ***
Phrase Password Generator 1.4
Data Guardian 1.4.6
Drive Encryption 3.510
Tor, Privoxy and Vidalia bundle 0.2.0.30
VisualRoute 2008 12.0h
CryptoExpert 2008 Professional 7.6.4
BestCrypt 8.05.4

ADVISORIES

Mandriva Linux Security Update Advisory - rxvt (MDVSA-2008:161)
Gentoo Linux Security Advisory - libxslt: Execution of arbitrary code (GLSA 200808-06)
Gentoo Linux Security Advisory - ISC DHCP: Denial of Service (GLSA 200808-05)
Articles

Audio (20)
Authentication (28)
Compliance (14)
Cryptography (9)
Database (15)
Editorials (314)
General Security (111)
Hacking History (30)
Interviews (119)
Intrusion Detection (20)
Linux (16)
Mac OS X (19)
Malware (40)
Opinions (141)
Podcasts (13)
Security Products (49)
Storage (20)
Various (71)
Video (22)
Web Security (71)
Wireless (21)


Last 10 added articles

Q&A: E-mail spam and Software as a Service (SaaS) solutions (Interviews)
David Vella is the Director of Product Management at GFI with experience in quality assurance, network administration and software development. In this Q&A he provides insight into e-mail spam and Software as a Service (SaaS) solutions.
Cybercrime and Politics (Opinions)
As citizens of the United States prepare to cast their votes in the upcoming presidential election, the time is right to consider what implications, if any, Internet-borne threats may have on this process. With political candidates increasingly relying on the web to communicate their positions, assemble supporters and respond to critics – Internet-based risks are a serious concern as they can be used to disseminate misinformation, defraud candidates and the public and invade privacy.
Traditional vs. Non-Traditional Database Auditing (Database)
Traditional native audit tools and methods are useful for diagnosing problems at a given point in time, but they typically do not scale across the enterprise. The auditing holes that are left in their wake leave us blind to critical activities being performed within the systems that contain our most coveted trade secrets, customer lists, intellectual property, and more.
Q&A: SSL VPN Security (Interviews)
Max Huang is the founder and Executive Vice President of O2Micro and President for O2Security, a subsidiary company of O2Micro. In this interview he discusses the importance of SSL VPNs in the overall security architecture, the difference between IPSec and SSL VPNs as well as the future of SSL VPNs.
Security Policy Considerations for Virtual Worlds (Opinions)
Virtual worlds offer significant outreach and business development opportunities to companies, governments, and the world at large. As these worlds evolve and grow in popularity and acceptance, and become more integrated into many aspects of business and society, they offer new and uncharted terrain for security practitioners to embrace, explore and apply corporate governance and information security policy.
Q&A: Web 2.0 Security (Interviews)
Sam Masiello oversees the MX Logic Threat Operations Center. Masiello has more than 18 years of email systems and IT management experience, including nearly 10 years network and security systems management. In this interview he discusses various aspects of Web 2.0 security.
The Vulnerability Economy (Video)
Jeff Moss, the founder of DEFCON and Black Hat, discusses the unfolding of the vulnerability economy. Nowadays, instead of exposing high profile zero-day vulnerabilities at conferences, many researchers opt for selling their discoveries on a growing market.
DNS Vulnerability Overview and Suggested Mitigations (Web Security)
On July 9th, 2008 a massive effort was made among software and hardware vendors to release a simultaneous patch to their products. This patch was created to mitigate or minimize the effects of a vulnerability discovered in the basic operation of the Internet Domain Name System or DNS. This subsystem is critical to the operation of the Internet and provides for the translation of human readable names into computer usable IP addresses.
Q&A: Insider Threat (Interviews)
Bob Farber is the CEO of Symark. Prior to joining Symark, Mr. Farber was the Manager of Technical Support Operations for Candle Corporation. In this interview he discusses the growing problem of insider threat.
The Extended HTML Form Attack Revisited (Web Security)
HTML forms are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not. Apart from that, many web browsers will simply render any data that is returned from the server. One thing to keep in mind is that HTML forms can be hosted on one website (attacker’s website) and send data to an open port on a victim server.




Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.










Vulnerability Scanning

Network Vulnerabilities

Event Log Security