Encryption patent battle could hit database security industry
Data security vendor Protegrity has added new names to a lengthening list of companies it wants to sue over alleged violation of its encryption patents.
Data security vendor Protegrity has added new names to a lengthening list of companies it wants to sue over alleged violation of its encryption patents.
A final step towards removing Cygwin dependencies, new Win32 port of OpenSSH includes both client and server, implementing a majority of the functionalities found in the original code
Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication. Sadly, Twitter's extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong.
There is a new breed of animal appearing in the infosec community, according to Dr. Jimmy Blake, chief security officer for Mimecast, a cloud-services company based in London, and host of the blog Cloud Computing and Bad Behavior. The new breed is what he calls the "attention monger" (he actually used a more colorful word, but we toned it down for this article.) The attention monger is courting headlines with the media that add no real value to information security.
Significant weaknesses in the common configuration of Kerberos-based authentication servers could allow attackers to more easily circumvent security measures in networks that rely on the open authentication standard, according to recent research presented by consultants at the recent Black Hat USA 2010 conference.
Network security architecture expert Robert Bird saw the difficulties universities have protecting their systems while maintaining an open and collaborative environment. As director of network services at the University of Florida's 10,000 user residence hall network, Bird began designing a system that could identify users and track their activity on the university network while protecting their privacy.
Network stress testing tools are not for the underfunded, the underskilled or the faint of heart. Consider them carefully before deciding whether to purchase them or how to use them. See the companion article "Stress-testing your network" for details on software from BreakingPoint, Mu Dynamix, Spirent and Ixia. Here are dos and don'ts to help you get the most from these tools.
If you don't like command mode to interact with metasploit, I have good news for you: there is a new Java GUI. Don't forget to install Java to execute it.
Comodo, a leading Certificate Authority and Internet security organization, today announced it will be exhibiting at the sixth annual HostingCon,in Austin on July 19-21 at the Austin Convention Center located in the heart of the Texas capital.
The Internet is set to get a whole lot safer, the security standard DNSSEC is set to be assigned to the Internet's 13 root servers from later today.
Some IT execs dismiss public cloud services as being too insecure to trust with critical or sensitive application workloads and data. But not Doug Menefee, CIO of Schumacher Group, an emergency management firm in Lafayette, La.
The dream of bolting security onto the Internet's Domain Name System takes one step closer to reality Wednesday as Internet policymakers host a ceremony in northern Virginia to generate and store the first cryptographic key that will be used to secure the Internet's root zone.
We laid out the essential concepts of cloud security in Cloud security: The basics. Perhaps the best way to further understand cloud security is through specific examples. Here's a peek into a few of the biggest concerns that users have and how four companies have chosen to handle them.
Network adapters come preconfigured from the factory with their own globally unique physical or Media Access Control (MAC) address, which helps them identify themselves when communicating with other networking components. Though you can't change the permanent MAC address actually stored by the network adapter, you can make it provide a different address using your operating system (OS). We'll see how to do this with Windows, Mac OS X, and Linux.
Chris wrote in and mentioned a talk at Auscert which highlighted that (Sender Policy Framework) SPF would have helped in the instance of an intrusion and suggested a diary outlining some of the things that can and can't be achieved using SPF.
Results from a survey just released makes the interesting assertion that cloud computing - far from causing IT security problems in businesses - will actually improve security for most organisations.
Cyber-attack is an ever-present threat that can result in major damage to government and business web sites, as the following examples show. U.S. and South Korea, 2009: Officials in both countries reported attacks in the summer, aimed mainly at government web sites, as well as financial services sites.
Google has released a programming tool to help move its Native Client project--and more broadly, its cloud-computing ambitions--from abstract idea to practical reality.
A new type of DDoS attack has currently infected hundreds of web servers. Unlike traditional DDoS methods that capitalize on bot-infected PCs, the attackers have turned the web servers themselves into payload-throwing bots.