Powered By InformationWeek Business Technology Network
 


Database Security Tech Center

National Retail Federation Poll: Small Retailers Struggling To Understand PCI
Nearly 86 percent are familiar with PCI, but nearly half can't demonstrate their compliance with the payment card standard

Database Administrators Playing Increasingly Crucial Role In Security
Long left out of the security picture, DBAs now find themselves performing key tasks in the enterprise

Nine U.K. Workers Fired For Tapping Into National Identity Database
Thirty-four U.K. government employees accessed Customer Information System for personal reasons, report says

MORE DATABASE SECURITY TECH CENTER STORIES



Security Services Tech Center

Financial Services Firms Opt For Outsourced Security Help
Under siege from cybercriminals and squeezed with budget cuts, financial services institutions turn to security services providers

McAfee Buys Cloud Security Provider MX Logic For $140 Million
Acquisition expands McAfee's security software-as-a-service offerings

Spammers Exploiting Free File Storage On Websites
Automated account creation exploit lets spammers hide behind legitimate file storage services, researchers say

MORE SECURITY SERVICES TECH CENTER STORIES



Insider Threat Tech Center

Lab: IE8 Beats Firefox, Chrome, Safari, Opera In Catching Socially Engineered Malware
Internet Explorer 8 leads by a 54 percent margin in catching these cagey links, while IE8 and Firefox 3 each detect around 80 percent of all phishing sites

Nearly 80% Of Users Vulnerable To Adobe Flash Attack
Most users haven't fixed their Acrobat Reader apps two weeks after Adobe issued critical patch, Trusteer says

Mac OS X Trojan Attack Changes DNS Settings
Researchers spot new variant of malware that prepares machines for botnet recruitment and other cybercrime uses

MORE INSIDER THREAT TECH CENTER STORIES





Best Of The Web

KNUJ0N
Microsoft Rogue Internet Pharmacy Problem Fixed? Not So Fast, Say Researchers
AUGUST 14, 2009  | Days after Microsoft says it manually removed rogue pharmacies from ads, researchers were able to again purchase drugs without a prescription via an ad on the search engine

CR0 BLOG
Major Linux Kernel Flaw Discovered
AUGUST 14, 2009  | Vulnerability affects all 2.4 and 2.6 kernels since 2001 on all architectures

NETWORK WORLD
China Will Not Enforce Green Dam Porn Filter Plan
AUGUST 14, 2009  | PC makers don't have to bundle an Internet filtering program with computers sold in the country after all

HEISE ONLINE
CA Anti-Virus Software Disables Itself And Other Applications
AUGUST 14, 2009  | The Engine Update 33.3.7051 for CA's eTrust Threat Manager anti-virus software caused massive false positives, quarantining and renaming files, including some in eTrust itself

NETWORK SECURITY BLOG
Cannot Achieve PCI Compliance With Amazon EC2/S3
AUGUST 14, 2009  | Amazon is telling customers that EC2 and S3 aren't PCI-compliant solutions

PANDALABS BLOG
Koobface: The Saga Continues
AUGUST 14, 2009  | More than 60 active domains are spreading new Koobface content via messages linking to a "CooooL Video" on Facebook

INFORMATION SECURITY RESOURCES
Sound Advice For Evaluating SIEM Systems
AUGUST 14, 2009  | A checklist of things to look for in an security information event management solution, including whether the server can support an agent

MSNBC
Is Your Palm Pre Spying On You?
AUGUST 14, 2009  | Reports abound of Palm Pre's sending users' GPS coordinates and more back to Palm daily

More Best Of Web




Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.

Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.



Video
Blogs

Evil Bytes
BY John H. Sawyer
Physical Penetration Testing Tells All
August 14, 2009
03:51 PM -- Rob Enderle had a great post here on Dark Reading on the discrepancies between physical and system security and what happens when they don't match up. The problem is most companies just donít understand physical sec ...

SophosLabs Insights
BY Graham Cluley
Russian President Urged To Find Twitter Attackers
August 10, 2009
05:57 PM -- The pro-Georgian blogger at the eye of the denial-of-service storm that brought down Twitter on August 6 has called on Russian President Dmitry Medvedev to find those responsible for the attacks.

Hacked Off
BY Gadi Evron
Reclaiming The Email Channel
August 14, 2009
08:05 AM -- Financial institutions and ecommerce sites use email as a marketing platform, training users to trust email -- essentially blazing a trail for the phishers.

Dark Dominion
BY Kelly Jackson Higgins
Big Names, Big Blogs
August 10, 2009
08:18 AM -- The Dark Reading blog section continues to add new voices from some of the top security researchers and experts in the industry.

CS Island
BY Sara Peters
BlackHat, Day One: Rationalizing And Reinforcing My Pessimistic World View
July 30, 2009
12:26 PM -- When I arrived in Las Vegas, I already smoldered and grumbled about the facts that online trust mechanisms are untrustworthy, and that browsers' fundamental weaknesses persist despite the fact that better browsers would make an incalculable impact on overall Web security. Yesterday's sessions simply added more kindling to the fire.

MORE BLOGS



CSI Report
13th Annual CSI Survey
Targeted attacks, DNS exploits are on the rise, according to the 2008 CSI Computer Crime and Security Survey
MORE


Jobs
Position: Software Developer
Company: Beyond.com
Location: King of Prussia, PA
Posting Date: Posted 07/17/09
MORE INFO
Position: Assistant Director of IT
Company: Univ of Maryland
Location: Adelphi, MD
Posting Date: Posted 07/17/09
MORE INFO
Position: Asst Manager for Recruiting
Company: US Census Bureau
Location: Freehold, NJ
Posting Date: Posted 07/17/09
MORE INFO
Position: Network Administrator
Company: BAE Systems
Location: Washington, DC
Posting Date: Posted 07/17/09
MORE INFO
Position: Senior Java Developer
Company: BAE Systems
Location: Mclean, VA
Posting Date: Posted 07/17/09
MORE INFO


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)


Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:almond classifieds
Published:2009-07-22
Severity:High
Description:SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Vulnerability:streaming audio player
Published:2009-07-22
Severity:High
Description:Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
Vulnerability:verlihub control panel
Published:2009-07-22
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html.
Vulnerability:winfax pro
Published:2009-07-22
Severity:High
Description:Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
Vulnerability:verliadmin
Published:2009-07-22
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action.