Welcome!


Given the mountains of data now floating around, it is perhaps inevitable that the very function of data analytics is seen as somehow intrusive. There’s a constant glut of reports, columns and other stories bemoaning the lack of data privacy – and at times, they’re entirely justified. ...
Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit." Moving your company's sensitive da...
Last year’s revelations of government surveillance programs by the NSA and others, along with possible lack of enforcement of the Safe Harbor program by the FTC, caused the European Civil Liberties Committee to recommend suspending the entire EU-U.S. Safe Harbor approach. If the recomm...
These predictions have been made by Graeme Newman of CFC Underwriting in the Advisen’s third Cyber Liability Journal (CLj). These predictions are from the view point of an insurer … but I find the … Sep. 4, 2012 02:00 AM EDT  Reads: 5,403
One of the great revelations of the Internet has been how many gone-wrong sociopaths, thieves and spies there are in the world. Symantec, Kaspersky and Intego are reporting a hard-to-detect and hard- to-eradicate Trojan that sneaks onto VMware implementations, “making it possibly...
Just because your password meets complexity requirements does not necessarily make it a strong password. It is a given that many sites require you to have a password of a minimum length of at least six or eight characters, and some go so far as to require the addition of a number and a...
The Open Group's Jim Hietala recaps presentations at the recent Open Group Conference on cybersecurity and protecting global supply chains. Cybersecurity is at a critical juncture, and conference speakers highlighted the threat and attack reality and described industry efforts to move...
Keylogging has taking center stage, and it now deserves our proper attention. After all, keyloggers have been identified as the #1 Global Threat to consumers, corporations and government agencies in the recent 2012 Verizon Data Breach Investigations Report. Symantec Corporation coined ...
The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J. Hudson and licensed under an Apache-style license. OpenSSL has lots of features but I will cover encoding, checksums, encryption, passwords and pass phrases. Many Linux distributions have OpenSSL as part of ...
If you watch the news regularly, it is easy to notice that in almost any given week some company seems to have experienced an electronic break-in or in some other way experienced a form of computer or network compromise. While computer security professionals can help to mitigate such r...
Ever wondered how to use the autopwn feature in Metasploit on Unbuntu? Want to run nessus from within metasploit? What database should I use: sqlite3 or postgres? I will explain the benefits of both. Nessus is a vulnerability scanner program, it is free for personal use using the ness...
There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web...
Right before Christmas, the White House tapped Microsoft’s long-ago chief security officer, the CEO of the non-profit Information Security Forum Howard Schmidt as head of US cyber security. Despite the national priority, between pressure from US companies and reported infighting am...
Depending on how IT executives handle the situation, reactions to data loss reports can range from indignation to outrage, with personal consequences for the decision-makers. IT executives at ChoicePoint, Inc., looked like heroes when they reacted swiftly to a potential data breach in ...
For many years now, we’ve been warned that it is risky to click on embedded links in a suspicious email or dangerous to click through the certificate warnings from your browser and hopefully many people have changed their behavior. That’s within our control. But when a researcher fin...
Lately there has been a barrage of articles with regards to cloud security, and some very public demonstrations of outages with Facebook and Twitter. Its been a field day for many who oppose the cloud computing model. Let me get this out of the way so that there is no misunderstandin...
The data leak at the EU/US summit which has just taken place in the Czech Republic - and which has reportedly resulted in Finland's Prime Minister changing his passport - should not have happened, says Credant Technologies, the military grade encryption specialist.
I ran across this today, and thought it was just too valuable to not make mention of. The EFF has a “Coder’s Rights Project” that includes FAQs and guides related to the legalities of security disclosure, reverse engineering, and ethical hacking/testing for security vulnerabilities. ...
CohesiveFT ( http://www.cohesiveft.com ), the leader in onboarding solutions for virtual and cloud computing infrastructures, today announced the... Read more at ...
Throughout the last decade, society has witnessed an explosion of network connectivity among PCs and mobile devices as well as a vast proliferation of networked applications, ranging from Web-based email to online banking. The end result of this is that network connectivity has become ...
Data corruption is an insidious problem in storage. While there are many forms of corruption, there are also many ways to prevent them. For example, enterprise class servers use error checking and correcting caches and memory to protect against single and double bit errors. System buse...
Trend Micro, a provider of network antivirus and Internet content security software and services, has announced a solution, the Trend Micro ServerProtect for Linux, that provides highly scalable and real-time protection for internal and external endpoints.
BitDefender has announced the public availability of its new Enterprise Security Suite for Mail and File Servers running on Samba or FreeBSD. The powerful, new Linux-based security suite - including BitDefender Mail Protection for Enterprises, BitDefender Mail Protection for SMB, and B...
Novell announced that Finland's Ministry of Defence has selected Novell SUSE Linux Enterprise Server as its platform for critical process management and documentation applications, messaging services, and Intranet portal. The Ministry tapped Novell's Linux platform for its proven relia...
The Linux community - nearly 29 million platform users - has been plagued for years by spam which, according to industry statistics, is dramatically on the rise. Despite relentless efforts to stop it (including billions of dollars spent to develop anti-spam solutions), spam continues t...
It emerged this week that KDE developer Maksim Orlovich had discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. Acc...
C/C++ language variadic functions are functions that accept a variable number of arguments. Variadic functions are implemented using either the ANSI C stdarg approach or, historically, the UNIX System V vararg approach. Both approaches require that the contract between the developer an...
Information security is a top priority for many companies. Protecting information from external threats such as hackers, viruses, and spam, as well as governmental regulation requirements (SOX, HIPAA, NISPOM, etc.), are driving IT purchases beyond ROI as C-level executives seek to assu...
The brouhaha over a presentation given last week by Michael Lynn has taken on a life of its own on the worldwide web. No surprise here. Lynn's presentation can be found easily, as can many other interesting related items. SYS-CON Media herewith presents a few things we've found.
The purpose of this article is to show how basic security principles can help you develop programs that are harder for the bad guys to break. We'll examine a simple function that executes a command as though it were typed at the keyboard, exactly what the library function system does. ...
Security giant Symantec, The New York Times is reporting this morning, is 'close to acquiring' Veritas for more than $13 billion, trumping yesterday's $10.3 billion acquisition of PeopleSoft by Oracle, and dwarfing Honeywell's $1.5 billion bid this week for Novar. Only the possible $35...
In an era where everybody is connected to a potentially harmful Internet with an increasing number of complex and distributed applications, controlling what the computers do has become significantly harder. At the core, simple actions (executing software, e-commerce, etc.) rely on trus...
Speedy disk backups are gaining in popularity as networking demands increase, but the traditional tape data protection won't disappear overnight. Maybe it's time to think about the best of both worlds.
Users of the popular Mplayer media device are being urged to upgrade to the latest version, due to a bug.
It's no secret to technical developers that security issues need to be taken into consideration when developing policies. However, the extent of those security issues can easily be overlooked by many organizations.
Does the open source community provide world-class security technology? Can organizations stop dealing with commercial vendors for security software? To avoid any undue suspense, the answers are: 'Emphatically yes' and 'Maybe, but you probably need to make an investment of some kind.'
Seemingly everyone has insight into the open source versus closed source security debate. Each side provides plausible arguments for the benefits of their own model and points out drawbacks of the other. The proponents of open source argue that the source code is open and available for...
As the state of the art in operating systems (OS) continues to advance, an unnerving trend has emerged: vulnerabilities in tightly integrated operating systems. How do you address this? With an effective combination of educated staff, proper procedures, and technology.
As a decision maker in your IT organization, you're aware that your Linux systems share is growing (if your enterprise follows today's business trend). Linux installations are now available on every major hardware platform. New projects in development include Linux systems in an increa...
Symantec's CTO talks about comprehensive security and how today's IT organizations must address it.