NEWS

Enterprise security solution for Linux on IBM System z
First miniature security computer for Mac desktops and laptops
Man indicted for alleged hack of Sarah Palin’s e-mail account
Consumers concerned about financial data protection
Video surveillance dollars not just for security

ENISA

REVIEWS

Voice over IP Security
Security Power Tools
Network Warrior
Google Apps Hacks
Crimeware: Understanding New Attacks and Defenses

WINDOWS

LANguard Network Security Scanner 8 ***
ServerMask 3.04
ShyFile 6.362
PE Explorer 1.99 R4
Netstat Agent 2.0
Softros LAN Messenger 4.3

ADVISORIES

Debian Security Advisory - ruby1.9 (DSA-1652-1)
Debian Security Advisory - ruby1.8 vulnerabilities (DSA-1651-1)
Debian Security Advisory - openldap2.3 (DSA-1650-1 )
Articles

Audio (20)
Authentication (29)
Compliance (16)
Cryptography (9)
Database (15)
Editorials (314)
General Security (115)
Hacking History (30)
Interviews (122)
Intrusion Detection (20)
Linux (16)
Mac OS X (19)
Malware (41)
Opinions (143)
Podcasts (13)
Security Products (49)
Storage (20)
Various (71)
Video (24)
Web Security (73)
Wireless (22)


Last 10 added articles

European Network and Information Security Agency (ENISA) (Video)
In this video, Andrea Pirotti, the Executive Director of ENISA, introduces the agency and its work.
Biometric Security for Financial Meltdown Solutions (General Security)
In today’s world, banks are required to comply with regulations and standards to protect the banks and financial institutions from fraud. To mitigate fraud, these banks and financial institutions need to supplement their internal controls compliance with biometric authentication. Biometrics will prevent data breaches of security. Fraudsters will not limit their fraudulent activities trying to perpetrate frauds using only an ERP system. Users of ERP systems must also secure email systems and any trading systems interfacing with an ERP system. This would tighten security and improve accountability.
Network and information security in Europe today (Opinions)
Greece was recently the host of 1st NIS Summer School. The purpose of this gathering was to discuss multi-dimensional issues related to network and information security (NIS), the advances made in the recent past, along with emerging threats, critical compliance and legal issues. The attendees enjoyed the presentations of numerous outstanding speakers from all over the world.
Q&A: Security Visualization (Interviews)
As chief security strategist and director of application product management, Raffael Marty is customer advocate and guardian - expert on all things security and log analysis at Splunk. Currently he uses his skills in data visualization, log management, intrusion detection, and compliance. In this interview he discusses security visualization.
Q&A: Virtualization Security (Interviews)
Jim Chou is the Executive VP of Technology for Apani where he is responsible for the strategic technical development of Apani technology and product portfolio development. In this interview he discusses virtualization security.
Types of Web-Based Client-Side Attacks (Web Security)
This article summarizes web-based client-side attacks, many of which are being researched, neglected and would provide for some cutting edge research opportunities. The attacks are categorized based on their impact on confidentiality, availability, and integrity.
SOX, Lies and Security Matters (Compliance)
When it comes to compliance, it’s fairly easy to find out what companies need to do to achieve it. But it’s much harder for companies to find out how they should go about it.
Discovery and Fuzzing for SQL injections with Web 2.0 Applications (Web Security)
This paper describes some techniques and approaches to perform effective assessment on Web 2.0 applications on the basis of our recent experience and cases which were analyzed on the field.
Rootkit Evolution (Malware)
Rootkit evolution is following the same path as spyware. First, rootkits were identified as a separate class of malware. Then there was a lot of media hype which led to a large number of anti-rootkit tools and products together with a noticeable reaction from the antivirus industry. Today both rootkits and spyware have merged into the general malware stream and no longer cause any particular excitement. However, the concept of evading system features to hide something is obviously still valid and we are very likely to see new threats implementing stealth.
Application Security Matters: Deploying Enterprise Software Securely (Compliance)
This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organization’s security posture. The requirements can be put into a standardized template, and at the end of the process each requirement should have a mark for pass, fail, or perhaps not applicable. Anything marked as a failure should be noted and can be escalated or accepted as a risk.




Qualys: This free security guide describes the scanning requirements for PCI-DSS and provides a quick-reference requirements matrix for both Merchants and Service Providers of all levels.










Vulnerability Scanning

Network Vulnerabilities

Event Log Security