Security » Vulnerabilities

13 security myths you'll hear - but should you believe?

They're "security myths", oft-repeated and generally accepted notions about IT security that arguably are simply not true - in order words, it's just a myth. We asked security experts, consultants, vendors and enterprise security managers to share their favorite "security myths" with us. Here are 13 of them.

By Ellen Messmer | 15 February, 2012 09:32

Tags: bruce schneier, ddos, network security, security, SSL encryption

Future world: Today, the Internet - tomorrow, the Internet of Things?

Embedded in the heel of his shoe was an early example of the Internet of Things -- but Andrew Duncan didn't know it at the time.

By Lamont Wood | 10 November, 2011 02:22

Tags: email, internet, Internet of Things

Why traditional security doesn't work for SOA

Many organizations are embracing SOA as a way to increase application flexibility, make integration more manageable, lower development costs, and better align technology systems to business processes. The appeal of SOA is that it divides an organization's IT infrastructure into services, each of which implements a business process consumable by users and services.

By Chris Clark | 19 January, 2010 07:38

Tags: exploits and vulnerabilities, security, soa

Windows attack code out, but not being used

It has been a week since hackers released software that could be used to attack a flaw in Windows Vista and Server 2008, but Microsoft and security companies say that criminals haven't done much with the attack.

By Robert McMillan | 07 October, 2009 07:21

Tags: metasploit, security, windows server 2008, Windows Vista

DNS remains vulnerable one year after Kaminsky bug

A year has passed since security researcher Dan Kaminsky disclosed a serious flaw in the DNS that makes it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing.

By Carolyn Duffy Marsan | 27 July, 2009 08:59

Tags: dns flaw, Kaminsky

Data recovery needn't be your dirty little secret

Enterprises don't like to discuss how often backups fail to take place, restorations prove unsuccessful and damaged media ships out for data recovery.

By Jennifer Kavur | 12 March, 2009 09:16

Tags: data recovery, data storage

Obama can't have a BlackBerry. Should your CEO?

The press has been all over President-Elect Barack Obama's addiction to his BlackBerry and the possibility that he might have to give it up for reasons of national security. But no one in the media seems to be asking the most logical follow-up question: Is the cybertechnology that can compromise the future chief executive's BlackBerry also a threat to mobile devices being used every day by thousands of senior executives in corporate America?

By Ephraim Schwartz | 10 December, 2008 09:27

Tags: Barack Obama, Blackberry

A sneaky security problem, ignored by the bad guys

Frank Boldewin had seen a lot of malicious software in his time, but never anything like Rustock.C.

By Robert McMillan | 17 November, 2008 08:51

Tags: malware, rootkits

Myth or truism? Security experts judge

They are etched into the conventional wisdom of IT security, but are these 12 articles of faith (to some) actually wise, or are they essentially myths? We've assembled a panel of experts to offer their judgments.

By Ellen Messmer | 11 November, 2008 09:11

Tags: cybercrime, security

Where is Robert Morris now?

Robert Tappan Morris, the 21-year-old Cornell University student who unleashed the first worm attack on the Internet in 1988, has fully rehabilitated his reputation in the computer science community. Today, he is a respected associate professor of computer science at MIT.

By Carolyn Duffy Marsan | 03 November, 2008 07:57

Tags: morris worm

Morris worm turns 20: Look what it's done

The Internet will mark an infamous anniversary on Sunday, when the Morris worm turns 20.

By Carolyn Duffy Marsan | 03 November, 2008 07:57

Tags: morris worm

Credit card skimming: How thieves can steal your card info without you knowing it

Taking just 5 seconds to inspect any credit/debit card reader before you swipe could end up saving you from identity and credit card theft.

By Jamey Heary | 02 October, 2008 10:23

Tags: credit card skimming

Top 10 ways collaboration, mobility amplify data leakage dangers: Cisco study

Numerous behavioral risks taken by employees in increasingly distributed and remote locations can lead to the loss of corporate information, according to a study commissioned by Cisco.

By Jim Duffy | 01 October, 2008 10:04

Tags: Cisco

Angry IT workers: A ticking time bomb?

It was 9:30 on the morning of March 4, 2002, and something was terribly wrong at the offices of PaineWebber UBS. Computers in branches all over the country began showing disc errors. A logic bomb buried deep within the machines had wiped their hard drives clean, preventing 17,000 brokers from making trades.

By Dan Tynan | 23 September, 2008 09:02

Tags: corporate issues, personnel

Ouch! Security pros' worst mistakes

It was a mistake so bad the person who made it asked that his name and company not be mentioned here. Let's call him Frank.

How to recruit and retain the best young security employees

The final installment in a series of articles about generational differences and security. Part one looked at managing workers in different age groups. Part two examined the types of security concerns that are most commonly associated with different generations in the general workforce. This article provides recruiting and retention advice for security employees.

Eight crazy e-mail hoaxes millions have fallen for

Congratulations, you won the lottery in a country whose name you can't even pronounce! A wealthy oil executive in a far-off land wants to give you millions of dollars, right now! Sexy girls want to meet you!

Torvalds: Fed up with the 'security circus'

Linus Torvalds, creator of the Linux kernel, says he's fed up with what he sees as a "security circus" surrounding software vulnerabilities and how they're hyped by security people.

Web 2.0 applications and sites (and security concerns)

A recent survey released by security software firm Symantec found 66 per cent of Millennial employees, those born after 1980, admit to using Web 2.0 technologies, such as Facebook and YouTube, while at work. The same poll found younger workers also regularly store corporate data on personal devices, such as PCs and USB drives.

Security and the generational divide

The generation gap. It's a term that has been used for decades to describe the differences between people in various age groups. Corporations are constantly considering what makes different generations tick when it comes to recruiting and retaining employees. But security experts say companies also need to examine age-based perspectives and habits when it comes to risk assessment and policies.