Go beyond virus protection and patch management. Deb Radcliff reports
Stories by Deborah Radcliff
First, the good news: e-businesses have moved quickly to combat phishers, consumers are learning to be more discerning, and vendors are stepping up with anti-phish tools and services.
Drowning in signature libraries and reactive event information that is of little value in locating attacks in progress, network security managers are fed up with signature-based intrusion-detection systems that have been the backbone of network security. Amid an ever-shrinking time gap between vulnerabilities and exploits, signature-matching IDS already has become obsolete, analysts and users say.
Dear Citibank member, As part of our continuing commitment to protect your account and to reduce the instance of fraud on our Web site, we are undertaking a period review of our member accounts.
For the most part, hackers break into corporations for one reason: Status. "The hacking community is a strong meritocracy where status is determined by level of competence," says Dr. Max Kilger, a social psychologist for the Honeynet Project.
On Dec. 22, an Internet investigator got a tip that child pornography was being housed on an adult Web site. When he visited the site to verify the information, he didn't find any illegal images. But what he did find was a Trojan horse that disabled the ActiveX security controls on his browser and took control of it.
Not only can the right identity management system save you money, it can make users happy and improve your secutiry. Deborah Radcliff collects some tips from the experts
Denial of service is a form of attack in which a network server is overloaded by thousands of false communications and/or requests for services originating from programs in one or more outside computers. Ultimately, the network receives so many queries that it can't keep up with them and is thus unavailable to answer or service legitimate requests.
Like a lot of other security professionals these days, Mike Hager, security chief at OppenheimerFunds Distributor Inc. in New York, is under excruciating pressure to provide top-notch protection of data, ensure privacy and manage user access -- all on a drum-tight budget. He also needs to justify all project costs and results to top management.
The exodus began in December. Bruce Moulton, vice president of infrastructure risk management at Fidelity Investments in Boston, was let go. That same month, Steve Katz, chief security and privacy officer at Merrill Lynch & Co. in New York, accepted a buyout. And in April, shortly after his face appeared on the cover of CIO magazine, Michael Young, chief information security officer and principal privacy officer at State Street Global Advisors in Boston, lost his job in a company reshuffle.
After Bruce Lobree, an information security engineer and a 20-year IT veteran, lost his job in October, he decided to work for contracting firms such as RHI Consulting in Menlo Park, Calif., while waiting out the recession. Since then, Lobree has met client after client who wants a jack-of-all-trades-someone who can administer any brand and version of firewall and intrusion detection, is network-savvy, can code and is versed in new technologies like XML, .Net and wireless.
A teacher's style is his trademark. So when John DeAngelo, associate dean of IT at Temple University's Fox School of Business in Philadelphia, introduced the idea of electronic teaching in late 1998, he had to bring teachers along slowly to this new way of communicating with students.
Aiming to make Internet transactions over Palm's handheld devices more secure, RSA Security last week introduced the company's first security product for Palm.
There's no sign of recession inside the halls of the San Jose Convention Center for what is the largest attendance ever at Bedford, Massachusetts-based RSA Security Inc.'s RSA Conference 2002.
"When Windows XP is released, soon all hell will follow. New zombies and nanobots are waiting to exploit vulnerabilities. Be warned . . . " When an Australian hacker identified only as "Z" sent this e-mail message to Computerworld on Aug. 7, he was referring to a controversial paper claiming that hackers will exploit weaknesses in Microsoft's new Windows XP operating system to turn PCs into an unwitting army of denial-of-service (DOS) attack zombies.