Security News


Online Treasure Chest for Security Pros

Developers tracking the latest product vulnerabilities now have a central location to check—the National Vulnerability Database.

Sammons Balances Compliance, Security and Privacy

The Sammons Financial Group wanted a handle on the information on its network to satisfy compliance, security and privacy requirements.

Recommendation: Encrypt Backup Tapes

Iron Mountain, which provides records management and data protection services, is advising its off-site data protection customers to encrypt their backup tapes.

Internet Attacks Shift Focus to the Desktop

Symantec released yesterday its Internet Security Threat Report, for the first 6 months of the year, in which the company says Internet attackers are more frequently targeting desktops rather than enterprise perimeters.

Microsoft Releases Advisory about a Potential Firewall Loophole

Although it claims it is not a security vulnerability, Microsoft has released another of its frequent security advisories, this time to alert users to a flaw in Windows Firewall that would prevent IT administrators from seeing open ports on XP and Server 2003 servers.

SHARE: Businesses Still Not Taking Spyware Seriously

Most businesses have tackled viruses, hammering best practices into their users and implementing anti-virus software. However, these same enterprises and their users still don’t realize spyware’s potential damage, according to a session at a recent SHARE user conference in Boston.

Software to Cloak Code from View of Bad Guys

Cloakware has expanded language support for its Cloakware Security Suite to include C, C++ and Java, extending the range of code that can be protected from reverse engineering when the software is stored on a disk, and against tampering when the software is stored on disk or running in memory.

Retailer Busts Lines with New Inventory System

Sales associates at Gordmans, an apparel and home fashions retailer, found they were spending more time waiting for inventory data than they were spending on customers.

SOA Software’s “Service Virtualization”

A service-oriented architecture (SOA) takes the discrete business functions in enterprise applications and organizes them into interoperable services—which is one of the most effective ways to share and consume information with partners. But managing and exposing these services creates some big security risks; keeping the bad guys from connecting to those services is tricky.

Arbor Networks Tracks User Activity

Arbor Networks is introducing an anomaly detection and internal intrusion prevention system that traces inappropriate behavior back to users—down to their names.

CodeAssure 2.0 Automates Security in the App Layer

“Viruses are bad and worms are worse, but these broad types of attacks just aren't having the same negative financial impact on the enterprise as the growing number of targeted attacks against the application layer," says John Pescatore, an analyst at Gartner.

Developers, Biz Must Focus Security on Entire App Lifecycle

Application security must be the top priority for developers and business throughout the product development lifecycle. That was the gist of Symantec’s recent Webcast, “Securing the Development Phase of the Application Development Lifecycle.”

Oracle Integrates Fusion Components for Web Services Security

Much discussion about IT security centers around the idea that developers should build secure applications. It makes sense; more than ever, attackers are targeting vulnerabilities in the application layer. But in an increasingly service-oriented world, in which monolithic applications are being broken down into smaller pieces for reuse, is it practical to expect developers to code security into individual Web services?

Interest in ITIL Framework Skyrocketing

With internal auditors breathing down their necks over compliance and security issues, many large companies are eager for help organizing IT operations infrastructure. That helps explain the mushrooming popularity of the Information Technology Infrastructure Library.

Another Take on Token-Based Security

Hardware-based two-factor authentication has been around for about two decades, but interest in sign-on solutions that require something you know (your password) and something you have (a hardware token) has recently gotten some serious gotten mass-market attention.

Don’t Let Your Applications Get You Down

Exploited software flaws cost the U.S. financial services industry more than $3 billion per year, according to the National Institute of Standards & Technology.

Does XML give away the keys to the warehouse?

Data security is a matter of good architecture, and XML doesn’t do anything to aggravate security problems.

Public Key Crypto in an XML Framework

The World Wide Web Consortium recently approved XML Key Management System 2.0, adding public key management to the W3C XML Security Framework.

Trend Micro Offers Enterprises Another Weapon Against Malware

Trend Micro is delivering an upgraded version of its InterScan Web Security Suite that the company says will stave off viruses and other Internet threats that continually target enterprises.

Kenai Systems Automates Web Services Vulnerability Testing

The good thing about Web services is that they expose interfaces, streamline connections and accelerate business processes. The bad thing about Web services is that they expose interfaces, streamline connections and accelerate business processes.