Identity Management: Low On Excitement, High On Payback
Nov 20,2008 |
Effective identity and access management schemes could help enterprises save bucks in tough times, analysts say
Orphaned Bots Not Necessarily Free Or Clean
Nov 20,2008 |
Half a million former bot machines are at risk of reinfection or are still under cybercriminal control
IT Security's Next Big Threat: Young People
Nov 19,2008 |
Generation Y user behavior could endanger security of enteprise systems, studies say
Broadband Explosion in China And India To Fuel Bots, Spam
Nov 19,2008 |
Botnets to cast wider geographic net, more widely adopt stealthy fast-flux technology, researcher says
New 'Stealth' Technology Secures Data On Shared Networks
Nov 18,2008 |
Unisys combines encryption and bit-splitting to keep data all in the workgroup
Secure OS Gets Highest NSA Rating, Goes Commercial
Nov 18,2008 |
Unlike existing commercial OSes, Integrity OS is designed and certified to defend against sophisticated attacks
Absolute Software's Tips For Securing Your Laptop While Traveling
EV SSL Certificate Adoption Gains Momentum
OpenLiberty.org Releases Open-Source Identity Governance Framework Software
Gordon Eubanks Joins Perimeter eSecurity's Board of Directors
Unified Vulnerability Management Provider Rapid7 Fills Out Executive Team
Marshal8e6 Releases Comprehensive Content Filtering for Internal Email
University of Texas at San Antonio Institute for Cyber Security Launches Internet Security Incubator
Finjan Raises $22 Million in Investment Round
Secerno Teams With F5 Networks on Database Security
LegitScript Shuts Down 500 No-Prescription-Required Online Pharmacies
WIRED
Under Worm Assault, Military Bans Disks, USB Drives
NOVEMBER 20, 2008
| The Defense Department's geeks are spooked by a rapidly spreading worm
eWEEK
Experts: Cybercrime As Destructive As Credit Crisis
NOVEMBER 20, 2008
| Damage caused by cybercrime estimated at $100 billion annually
MARKET WATCH
Congress Warned Of Google Privacy And Security Risks
NOVEMBER 20, 2008
| New video exposes vulnerabilities in Gmail and other Google apps
GCN
NSA Posts Secret To Writing Secure Code
NOVEMBER 20, 2008
| Case study shows how to cost-effectively develop code with zero defects
SECURITY FOCUS
Metasploit Framework 3.2 Released
NOVEMBER 20, 2008
| Free exploit development and attack framework offers modules for latest Microsoft flaws
INTERNET STORM CENTER
Two Cheat Sheets For Incident Handling
NOVEMBER 19, 2008
| Save these checklists -- you'll need them
SCIENCE DAILY
RFID Chips: A Privacy And Security Pandora's Box?
NOVEMBER 20, 2008
| Threats to personal privacy should be taken into account, scientists say
FCW.COM
Security Specialists In Demand
NOVEMBER 20, 2008
| Increasing network threats drive need for professional experience and certifications
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Five Coolest Hacks of 2007
- Social Engineering, the USB Way
- The World's Biggest Botnets
- New DOS Attack Is a Killer
- The Seven Deadliest Social Networking Hacks
- Antivirus Tools Underperform When Tested in Linux "Fight Club"
- Antivirus Inventor: Security Pros Are Wasting Their Time
- Researchers Find Method to Quickly Erase Hard Drives
- Ten Hot Security Startups
- Eight Vulnerabilities You May Have Misse
- How to Turn Your Browser Into a Weapon
- The Ten Biggest Myths of IT Security
- What to Do When Your Security's Breached
- The Ten Most Dangerous Things Users Do Online
- Social Engineering, the Shopper's Way
- Vint Cerf: Father Knows Best
- Hackers Reveal Vulnerable Websites
- Black Hat Woman
- DailyDave: Full Disclosure
- Teen Hacker Grows Up
- China Makes "Most Successful Cyber Attack Ever" On Pentagon
- TJX Breach Skewers Banks, Customers
- VA Reports Massive Data Theft
- Schneier On Schneier
- Medical IT Contractor Folds After Breaches
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Evil Bytes
BY John H. Sawyer
Internal vs. External Penetration Testing
November 19, 2008
04:33 PM -- In the past, I've talked about the merits of penetration testing (a.k.a. pen-testing) and several related tools. One thing I've not covered much is the difference between internal and external pen-testing. Today's Webcast, "Zen and the Art of Maintaining an Internal Penetration Testing Progr ...
Hacked Off
BY Rob Enderle
Death of the AV Vendor: Microsoft Offers Free AV
November 18, 2008
08:55 PM -- The fundamental problem with the AV market is that it makes antivirus vendors as much a part of the problem as they are a part of the solution. They are motivated to promote exposures to create a market for their offerings, and the end result has been a massive increase in malware and an inability by the ecosystem to effectively combat it. This ...
Dark Dominion
BY Kelly Jackson Higgins
My Spammers Didn't Get the Memo That They Were Toast
November 13, 2008
03:54 PM -- It has been a week that seemed like the good guys might finally be winning -- something -- in the cybercrime war. First, there were reports of a 65-plus percent drop in spam volume after a Web hosting firm known for hosting botnets, spamme ...
CS Island
BY Kristen Romonovich
Sandboxes and Surfing With Google Chrome
October 27, 2008
09:00 AM -- Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today’s web application users. As more businesses venture into the cloud, it’s becoming increasingly important that your browser doesn’t cra ...
13th Annual CSI SurveyTargeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
MORE
Life Insurer Takes New Approach to Two-Factor Authentication
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
MORE
Stanford Medical School's Rx: Anomaly Detection
Appliance helps minimize bot, malware infections
MORE
Company: Cal Poly Pomona
Location: Pomona, CA
Posting Date: Posted 11/13/2008
MORE INFO
Company: Lowes
Location: Lebanon, OR
Posting Date: Posted 11/13/2008
MORE INFO
Company: Protingent Staffing
Location: Palo Alto, CA
Posting Date: Posted 10/30/2008
MORE INFO
Company: Beyond.com
Location: King Of Prussia, PA
Posting Date: Posted 11/13/2008
MORE INFO
Company: D. E. Shaw Research
Location: New York, NY
Posting Date: Posted 10/23/2008
MORE INFO
|
Published:2008-11-12
Severity:High
Description:SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Published:2008-11-12
Severity:High
Description:Use after free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
Published:2008-11-12
Severity:Medium
Description:Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
Published:2008-11-12
Severity:High
Description:Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
Published:2008-11-12
Severity:High
Description:Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
