INFORMATION

Site Map - IT Security

19 Deadly Sins of Software Security

- The book covers these 19 programming flaws, which include the most devastating types of coding and architectural errors, such as buffer overflows, format string problems, cross-site scripting, and insufficient encryption.

Behind the Numbers

-

Numbers

-

A Site to See

- The next time you see Microsoft Windows’ “blue screen of death” or a “fatal error” message flash across your monitor, don’t get angry; reboot and then point your browser toward the DistroWatch Web site

Laws to Aid Breach Victims

- A Chronology of Data Breaches Reported Since the ChoicePoint Incident outlines many of 2005’s breaches and their causes, from 250 individuals who were put at risk when computers at East Carolina University were hacked to the millions at risk from breaches at CardSystems.

Quick Bytes: Trojans bearing gifts

- Trojan horse programs—those pieces of malware designed to infiltrate a computer and then steal information to be sent back to an attacker—accounted for more of the malicious code in 2005 than worms. This indicates, according to researchers at antivirus firm Sophos, that criminals may be moving away from large-scale bombardments in favor of targeted attacks that could yield passwords, credit card information, and bank login credentials. @ The Sophos Security Threat Management Report is at SM Online

Web Sites Provide Rich Harvest for Spammers

-

Healthy Approach to Data Protection

-

I,Bot

- New computer worms are carrying software agents called bots that can use your network to send spam, launch attacks, and infect other computers. Find out how these bots work and how to keep them out of your network.

Go phish

- There are seven steps in a phishing attack, from preparation through successful infection of a victim to the fraud committed using stolen information. Fortunately, there are countermeasures available for each stage. For example, organizations should monitor call volumes and the type of questions customers are asking; a large number of calls regarding password problems can signal a phishing attack. To interfere with the use of compromised information, organizations can use two-factor authentication devices such as biometrics. Instituting delays in some types of money transfers can provide time to detect and void phishing-based transactions. @ Online identity theft: phishing technology, checkpoints and countermeasures, from the identity theft technology council is at SM Online.

Weak Passwords

- A new survey examines consumer password preferences.

DHS Infosec

- DHS has taken huge strides toward better protecting its networks, says the agency’s inspector general.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.