Research from security vendor Finjan Inc. suggests enterprise IT shops are losing the war against those who would hijack company computers for botnets. Almost half the victims appear to be in the U.S. -- most using Microsoft's Internet Explorer (IE) browser.
Bill Brenner | 05 May | Read more
From a security perspective, service oriented architecture (SOA) is a tricky thing. It's not hard for bad guys to compromise it with SQL injection, capture-replay and XML denial-of-service attacks, which they can ultimately use to bust through walls around a company database.
Bill Brenner | 07 May | Read more
Kevin Coleman of the Technolytics Institute explains why Agile development projects need to ensure proper security is built in, not bolted on.
Kevin Coleman | 27 Feb | Read more
Your identity is like George Costanza's wallet. Really. Think about it. Do you remember the classic Seinfeld episode? The one where George wouldn't give up his ever-expanding wallet filled with store credit cards, Irish money, a coupon for an Orlando Exxon gas station and several Sweet and Low packets. This, in spite of the obvious physical pain it caused and the security threat all of that imposed.
David Miller | 11 Feb | Read more
As President-Elect Obama focuses on two wars and a hemorrhaging economy, security experts are urging him to address five weak security links in America's cyber infrastructure that threaten the nation's defenses and financial institutions.
Bill Brenner | 04 Dec | Read more
The generation gap. It's a term that has been used for decades to describe the differences between people in various age groups. Corporations are constantly considering what makes different generations tick when it comes to recruiting and retaining employees. But security experts say companies also need to examine age-based perspectives and habits when it comes to risk assessment and policies.
Joan Goodchild | 11 Aug | Read more
If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"
Jaikumar Vijayan | 29 Jul | Read more
Think your security staffers are trustworthy? Competent? Knowledgeable? Ask a security professional for horror stories and you might think again.
CAPTCHA used to be an easy and useful way for Web administrators to authenticate users. Now it's an easy and useful way for malware authors and spammers to do their dirty work.
Steven J. Vaughan-Nichols | 15 Jul | Read more
For those of us who make our living behind a keyboard in IT, it's hard to imagine a more time-tested vulnerability than the end-user. Armed with network access, these IT viruses wreak havoc nearly everywhere you look -- havoc borne of tech idiocy.
Andrew Brandt | 17 Jun | Read more
Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.
Jon Espenschied | 28 May | Read more
Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.
Sandra Gittlen | 28 May | Read more
To use an Internet-connected computer is to be insecure and place your privacy in danger. Spyware, viruses, Trojans and assorted malware are everywhere on the Net, trying to hop onto your PC and cause damage. Snoopers want to get at your personal information for nefarious purposes, such as identity theft.
Preston Gralla | 29 May | Read more
Web-based e-mail is booming. Services such as Gmail, Yahoo Mail and Hotmail are convenient, accessible and, best of all, free. Many of us have come to rely on them without giving it a second thought.
Tam Harbert | 29 Apr | Read more
There are lots of ways business networks can be compromised, and more are developing all the time. They range from technology exploits to social engineering attacks, and all can compromise corporate data, reputation and the ability to conduct business effectively.
Tim Greene | 14 Apr | Read more
Bookmarking these sites will help you protect your network, comply with government regulations and stay ahead of all the latest threats.
Jon Brodkin | 08 Apr | Read more
Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.
Matt Hines | 18 Mar | Read more
A recent string of high-profile ActiveX vulnerabilities caused the US Computer Emergency Readiness Team (US-CERT) to advise users to disable the ubiquitous Microsoft browser plug-in technology altogether. The vectors for these recent exploits include a third-party image uploading tool used on both the Facebook and MySpace social networking sites, and flaws found in Yahoo's Music Jukebox, Real Networks' RealPlayer, and Apple's QuickTime.
InfoWorld staff | 20 Feb | Read more
Companies that specialize in helping businesses speed delivery of their applications and Web content are increasingly involving themselves in IT security as the continued proliferation of systems-defense technologies has become a potential roadblock to the performance and quality of the services they already provide.
Matt Hines | 30 Nov | Read more
I'm a CISO who has worked in the US financial services industry both as a regulator and for a large services company. In this column I'm going to let you in on one of the biggest, dirtiest secrets in the industry: The companies that get the least amount of scrutiny from financial regulators actually present some of the greatest risks for systemic financial market manipulation and fraud. I'm talking about financial news and brokerage service companies.