Let's face it. Software has holes. And hackers love to exploit them. New vulnerabilities appear almost daily. If you have software - we all do - you need to keep tabs on the latest vulnerabilities.

Featured videos

Articles about Security

Safeguard your Office 2007 files with encryption, document protection, and digital signatures

Safeguard your Office 2007 files with encryption, document protection, and digital signatures

Microsoft Office 2007 has a number of data protection features that help to protect the confidentiality and integrity of files created with Microsoft Word, Excel, PowerPoint, and Outlook. This gallery will look at how to use document encryption to password-protect documents, how to restrict formatting and editing of documents, and how to use digital signatures to ensure that documents and messages aren’t changed in transit.

April 17, 2007 by in Collaboration

Anatomy of an animated cursor attack

Anatomy of an animated cursor attack

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

April 6, 2007 by in Enterprise Software

Metasploit Reloaded

Metasploit Reloaded

HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel.In addition to hundreds of exploits and payloads, Moore said Metasploit 3.0 also ships with 30 auxiliary modules to perform tasks like host discovery, protocol fuzzing, and denial-of-service testing. See Ryan Naraine's report on the new version here.

March 27, 2007 by in Security

Installing Web plug-ins as a Vista non-administrative user

Installing Web plug-ins as a Vista non-administrative user

On a fresh installation of Windows Vista, we took screen shots when it came time to install Adobe's Flash plug-in into Internet Explorer for the first time. The sequence is especially interesting given Microsoft's emphasis on using Windows Vista as a non-administrative or "Lesser Privileged User" (LPU). Why? Because our first couple of attempt's failed. As it turns out, though, as best as we could tell, the failure had nothing to do with Vista, being an LPU, or Adobe's Flash. It has more to do the Web site that's calling for the Flash plug and how it responds when the Flash plug-in isn't there. In other words, depending on what site you go to, mileage may vary.

March 6, 2007 by in Windows

Windows Vista's Firewall offers false sense of security

Windows Vista's Firewall offers false sense of security

Now, with Microsoft Windows Vista in the market, it is a good time to start looking at its resilience to people and code that would just assume do your system harm. In Windows Vista, Microsoft's built in firewall took a step forward from the one offered in Windows XP by offering outbound blocking. But does it get the job done? Not quite.For David Berlind's write-up on Vista's inadequate personal firewall, see his blog post post in ZDNet's TestBed blog.

February 5, 2007 by in Windows

Breaking the security death spiral

At the RSA 2009 conference in San Francisco, IBM's Internet Security Systems general manager, Brian Truskowski, explains that most security departments spend 80 percent of their time making sure the lights stay on, and only 20 percent of their time enabling the business. The way to turn this around, he says, is to build security into the fabric of a business at a much lower cost than what most companies use now.

April 24, 2009 in Security

Obama administration previews cybersecurity policy

At the RSA Conference in San Francisco, Melissa Hathaway, the National Security and Homeland Security Councils' senior director for cyberspace, previews the president's policy on cybersecurity. Leadership will start at the White House, but responsibility for implementing policy will be shared by government agencies, corporations, and the public at large.

April 23, 2009 in Security

Will there be a digital Pearl Harbor?

Will there be one major catastrophe, or just smaller disasters? Panelists discuss what security issues we should be watching out for, where the threat might come from, and the difficulties in predicting the unpredictable. Panelists include: Whitfield Diffie, vice president and chief security officer for Sun Microsystems; Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science at MIT; Adi Shamir, professor of computer science at the Weizmann Institute of Science in Israel; and Bruce Schneier, chief security technology officer for BT Counterpane. Moderating the panel is Ari Juels, chief scientist and director of RSA Laboratories.

April 22, 2009 in Security

Most Popular