New free tools and services aimed at making honeynets more manageable are now becoming available: The Honeynet Project next month will roll out its new Global Distributed Honeynet as well as new honeynet tools, Dark Reading has learned, while the New Zealand Honeynet Alliance has begun offering client based honeynet services for organizations that can’t [...]
Sweetening the Honeypot
April 27th, 2007 · Comments Off
Five Mistakes of Data Encryption
April 27th, 2007 · Comments Off
If you follow the media today, you might get to a conclusion that data encryption is everywhere. However, is this “good” encryption? A classic saying “Encryption is easy; key management is hard” illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide. This paper covers some of the other mistakes that [...]
Microsoft business security ready for prime time
April 27th, 2007 · Comments Off
Microsoft is readying the final version of Forefront Client Security, its long-awaited product to protect business computers against malicious code attacks. Forefront Client Security is designed to shield PCs and servers from threats such as spyware, viruses and rootkits. Microsoft announced the software in October 2005 and an early trial version has been available for [...]
How to beat the rootkit
April 27th, 2007 · Comments Off
If you, or your clients, use a computer to browse the internet, open emails or instant messages, or to download files or programs, you are at risk of infection. And one of the most dangerous and prevalent types of infection today is the rootkit. A rootkit is a collection of tools that enable administrator-level access [...]
To Encrypt or Not to Encrypt
April 27th, 2007 · Comments Off
On those occasions when it is deemed appropriate for an authorized employee to transfer confidential data to a removable storage device, a best practice is to ensure that the data is encrypted while stored on the device to reduce the threat from prying eyes should the device be misplaced or lost.
Tool mines personal data from across Net
April 27th, 2007 · Comments Off
Who needs to dive through dumpsters or steal snail mail when so many details on people are available simply by searching the Web? South African security researcher Roelof Temmingh, known for his work on security tools such as Wikto, is taking the search for personal information a step farther.
What, When and How to Respond to a Data Breach
April 27th, 2007 · Comments Off
There’s been a data breach. It happened 268 times during 2006 (according to the Privacy Rights Clearinghouse). Now, it’s happened to your organization. What do you do? Well, you might want to obey the 33 or so state laws that govern when and how you should notify the people named in those exposed files, gently [...]
Bug hunters face online apps dilemma
April 27th, 2007 · Comments Off
Web applications pose a dilemma for bug hunters: how to test the security without going to jail? If hackers probe traditional software such as Windows or Word, they can do so on their own PCs. That isn’t true for Web applications, which run on servers operated by others. Testing the security there is likely illegal [...]
Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw
April 27th, 2007 · Comments Off
With a worm exploiting the unpatched zero-day vulnerability in Microsoft’s Domain Name System Service mere days after it was discovered, Microsoft on Monday urged customers to apply workarounds the company had provided in its earlier security advisory. The W32/Delbot-AI worm, aka Nirbot or Rinbot, is infecting PCs via a vulnerability in the way the Windows [...]
Botnets Battle Over Turf
April 27th, 2007 · Comments Off
More botnet-on-botnet turf wars have erupted — and intensified — over the past few months. Aside from the distributed denial-of-service (DDOS) attacks they launch against one another to disrupt their operations (like the recent DDOS battles between the Storm and Stration botnets), they also are constantly trying to hijack bots from one another. "Stealing is [...]