Security » Intrusion Detection & Prevention

How to avoid 5 common storage mishaps

Think you can guess the No. 1 threat to the security of your stored data? If you said hackers, or even trouble-making insiders, you'd be wrong. While malicious threats are an ongoing concern, it's your well-meaning employees who are more likely to unknowingly expose your company's stored data through, say, a file-sharing network or a misplaced laptop.

By Mary Brandel | 10 February, 2009 09:12

Tags: data breach

Three years undercover with the identity thieves

Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket.

By Robert McMillan | 21 January, 2009 08:22

Tags: cybercrime, identity theft

Slideshow: How DNS cache poisoning works

Tips to thwart DNS cache-poisoning attacks

By Bob Halley | 21 October, 2008 09:34

Tags: DNS

Up next: Cellular botnets, cyber militias

The ability of malware writers to consistently stay ahead of those seeking to stop them has been a constant factor in the security industry over the past several years.

By Jaikumar Vijayan | 20 October, 2008 08:30

Tags: botnets, cybercrime

Eight ways technology has shaped the US elections

Technology has played a particularly prominent role in the 2008 US elections -- and it isn't just the typical silliness over whether a candidate really claimed to have invented a key piece of technology. Throughout the year we've seen technological advances used both for good, such as using Short Message Service to announce a vice presidential pick, and for bad, such as hacking into another vice presidential pick's private e-mail account. In this story, we'll take a look at the eight techiest moments of the 2008 presidential race, including YouTube debates, viral videos and e-voting controversies.

By Brad Reed | 16 October, 2008 08:16

Tags: Blackberry, cybercrime, e-voting, government

When the watchdog is the underdog

Think your security staffers are trustworthy? Competent? Knowledgeable? Listen to a security professional's horror stories, and you might think again.

By Lisa Vaas | 14 October, 2008 09:53

Tags: it management, staff management

Top 10 ways collaboration, mobility amplify data leakage dangers: Cisco study

Numerous behavioral risks taken by employees in increasingly distributed and remote locations can lead to the loss of corporate information, according to a study commissioned by Cisco.

By Jim Duffy | 01 October, 2008 10:04

Tags: Cisco

20 crazy things people do to get Wi-Fi connections

In their quest to get Wi-Fi Internet connectivity, people have done some pretty desperate things over the years.

By Thomas Wailgum | 21 August, 2008 12:19

Tags: wi-fi

The dirty half-dozen

Type of rootkit: User mode

How to root out rootkits

If you want to know about the latest malicious rootkit, ask security researcher Dino Dai Zovi. He'll tell you all about his proof of concept rootkit called Vitriol that uses virtual machine instructions in Intel processors to hide a rootkit at the virtualization layer.

Snooping into a co-worker's e-mail? You could be arrested

Ever pass by a co-worker's unattended computer and consider taking a peek at her e-mails? Or have you ever thought it would be a funny prank to figure out your cube mate's e-mail password and break into his work account to mess with him?

12 ways to visualize network security

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

How CAPTCHA got trashed

CAPTCHA used to be an easy and useful way for Web administrators to authenticate users. Now it's an easy and useful way for malware authors and spammers to do their dirty work.

Four signs your security program's gone too far

When risk is present it calls for treatment, and security is a never-ending process... right? Yes, but as a security professional, it's easy to become focused on the hard problems (download PDF) of security -- falling into the arms race for more, more, more security controls -- and lose sight of the impact of the controls themselves.

Does sandbox security really protect your desktop?

Two years ago, GreenBorder, one of the early "sandbox" browsers, received mighty applause from Wall Street Journal tech guru Walt Mossberg. The sandbox browser -- basically, a browser running in a virtual container -- promised to keep nasty code from spilling into a computer's operating system and wreaking havoc.

Better than locks: A security approach to 'free'

In January, Kevin Kelly wrote an essay entitled "Better Than Free" that explained which concepts held value on the Internet. This generated a lot of interest, mostly around the question of how best to make money out of these concepts. As a career security guy, I found myself wondering how on earth my field will respond -- how does security need to adapt to support business models based on these values? When we're used to locking everything down, how do we respond when people start calling for openness?

10 essential (and free!) security downloads for Windows

To use an Internet-connected computer is to be insecure and place your privacy in danger. Spyware, viruses, Trojans and assorted malware are everywhere on the Net, trying to hop onto your PC and cause damage. Snoopers want to get at your personal information for nefarious purposes, such as identity theft.

Five free pen-testing tools

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.

Five steps to successful and cost-effective penetration testing

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

Six hours to hack the FBI (and other pen-testing adventures)

It takes a lot to shock Chris Goggans; he's been a pen (penetration) tester since 1991, getting paid to break into a wide variety of networks. But he says nothing was as egregious as security lapses in both infrastructure design and patch management at a civilian government agency -- holes that let him hack his way through to a major FBI crime database within a mere six hours.