09/12/2007 - The book covers these 19 programming flaws, which include the most devastating types of coding and architectural errors, such as buffer overflows, format string problems, cross-site scripting, and insufficient encryption.
09/11/2007 - The next time you see Microsoft Windows’ “blue screen of death” or a “fatal error” message flash across your monitor, don’t get angry; reboot and then point your browser toward the DistroWatch Web site
09/11/2007 - A Chronology of Data Breaches Reported Since the ChoicePoint Incident outlines many of 2005’s breaches and their causes, from 250 individuals who were put at risk when computers at East Carolina University were hacked to the millions at risk from breaches at CardSystems.
09/11/2007 - Trojan horse programs—those pieces of malware designed to infiltrate a computer and then steal information to be sent back to an attacker—accounted for more of the malicious code in 2005 than worms. This indicates, according to researchers at antivirus firm Sophos, that criminals may be moving away from large-scale bombardments in favor of targeted attacks that could yield passwords, credit card information, and bank login credentials. @ The Sophos Security Threat Management Report is at SM Online
09/11/2007 - New computer worms are carrying software agents called bots that can use your network to send spam, launch attacks, and infect other computers. Find out how these bots work and how to keep them out of your network.
09/11/2007 - There are seven steps in a phishing attack, from preparation through successful infection of a victim to the fraud committed using stolen information. Fortunately, there are countermeasures available for each stage. For example, organizations should monitor call volumes and the type of questions customers are asking; a large number of calls regarding password problems can signal a phishing attack. To interfere with the use of compromised information, organizations can use two-factor authentication devices such as biometrics. Instituting delays in some types of money transfers can provide time to detect and void phishing-based transactions. @ Online identity theft: phishing technology, checkpoints and countermeasures, from the identity theft technology council is at SM Online.