Security

Let's face it. Software has holes. And hackers love to exploit them. New vulnerabilities appear almost daily. If you have software - we all do - you need to keep tabs on the latest vulnerabilities.

Featured videos

Articles about Security

Anatomy of an animated cursor attack

Anatomy of an animated cursor attack

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

April 6, 2007 by in Enterprise Software

Metasploit Reloaded

Metasploit Reloaded

HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel.In addition to hundreds of exploits and payloads, Moore said Metasploit 3.0 also ships with 30 auxiliary modules to perform tasks like host discovery, protocol fuzzing, and denial-of-service testing. See Ryan Naraine's report on the new version here.

March 27, 2007 by in Security

Installing Web plug-ins as a Vista non-administrative user

Installing Web plug-ins as a Vista non-administrative user

On a fresh installation of Windows Vista, we took screen shots when it came time to install Adobe's Flash plug-in into Internet Explorer for the first time. The sequence is especially interesting given Microsoft's emphasis on using Windows Vista as a non-administrative or "Lesser Privileged User" (LPU). Why? Because our first couple of attempt's failed. As it turns out, though, as best as we could tell, the failure had nothing to do with Vista, being an LPU, or Adobe's Flash. It has more to do the Web site that's calling for the Flash plug and how it responds when the Flash plug-in isn't there. In other words, depending on what site you go to, mileage may vary.

March 6, 2007 by in Windows

Windows Vista's Firewall offers false sense of security

Windows Vista's Firewall offers false sense of security

Now, with Microsoft Windows Vista in the market, it is a good time to start looking at its resilience to people and code that would just assume do your system harm. In Windows Vista, Microsoft's built in firewall took a step forward from the one offered in Windows XP by offering outbound blocking. But does it get the job done? Not quite.For David Berlind's write-up on Vista's inadequate personal firewall, see his blog post post in ZDNet's TestBed blog.

February 5, 2007 by in Windows

Billion Electric BiGuard S10

Billion Electric BiGuard S10

By doing away with the need for additional client software, SSL VPN gateways have revolutionised the remote LAN access market of late, making life simpler for end users and network managers alike. However, they’re mostly implemented as standalone appliances, which means yet another box to setup and manage. But not if you opt for the new <a href="http://www.billion.uk.com/product/biguard/biguards10.htm">BiGuard S10</a> from Billion Electric, which comes with an integrated router and firewall as well as an SSL VPN gateway.

November 22, 2006 by in Security

ROI figures are meaningless: Bruce Schneier

On his Web site, Bruce Schneier describes himself as "an internationally renowned security technologist and author". If Schneier is indeed the "guru" certain parts of the media portrays him to be, when why when interviewed by ZDNet.com.au's sister site Builder AU, did he reveal himself to be so clueless?

April 10, 2008 in Security

The chief security officer's evolving role

At RSA 2008 in San Francisco, Dave Hansen, senior vice president at Computer Associates, talks about the chief security officer's changing role within the enterprise. He discusses how the position has evolved over the last few years from an enforcement position to a more complex role working with the entire executive suite.

April 10, 2008 in Security

RSA 2008: Sizing up security

At RSA 2008 in San Francisco, VeriSign Chairman and founder Jim Bidzos talks about new security innovations such as user device certificates, smart tokens, and biometric readers. He also discusses ongoing challenges the industry is facing such as "OS bloat," patch fixes, and identity theft.

April 10, 2008 in Security

RSA 2008: Microsoft outlines Internet security strategy

At the RSA 2008 conference in San Francisco, Microsoft Research and Strategy Officer Craig Mundie describes a new plan for Internet security that includes the creation of a trusted stack. Each element can be authenticated, from the operating system to applications, people, and data.

April 9, 2008 in Security

Secure file transfers

John Thielens, vice president of technology at Tumbleweed, talks about the need for managed file transfers that are not only secure, but auditable and easy to use.

April 1, 2008 in Security

Most Popular