(IN)SECURE Magazine Notifications RSS

(IN)SECURE Magazine Issue 37

Articles in this issue include:

- Becoming a malware analyst
- Review: Nipper Studio
- Five questions for Microsoft's Chief Privacy Officer
- Application security testing for AJAX and JSON
- Penetrating and achieving persistence in highly secured networks
- Report: RSA Conference 2013
- Social engineering: An underestimated danger
- Review: Hacking Web Apps
- Improving information security with one simple question
- Security needs to be handled at the top
- 8 key data privacy considerations when moving servers to the public cloud

(IN)SECURE Magazine Issue 36

Articles in this issue include:

- What makes security awareness training successful?
- Review - Incapsula: Enterprise-grade website security
- Five questions for Microsoft's Worldwide Chief Security Advisor
- Computer forensic examiners are from Mars, attorneys are from Venus
- In the field: RSA Conference 2012 Europe
- A mobile environment security assessment
- Hack In The Box CEO on the information security landscape
- In the field: IRISSCERT Cybercrime Conference 2012
- Comply or die: The importance of a business-centric approach to compliance
- Hackers can get in when systems are off: The risks of lights out management
- It's just the guest wireless network…right?

(IN)SECURE Magazine Issue 35

Articles in this issue include:

- Administrative scripting with Nmap
- Information security in Europe with ENISA Executive Director Prof. Udo Helmbrecht
- Unintended, malicious and evil applications of augmented reality
- The enemy at the gate
- Top five hurdles to security and compliance in industrial control systems
- How to monitor the blind spots in your IT system: Logging versus auditing
- DBI aid reverse engineering: Pinpointing interesting code
- The importance of data normalization in IPS

(IN)SECURE Magazine Issue 34

Articles in this issue include:

- Fitness as a model for security
- Security and migrating to the cloud: Is it all doom and gloom?
- Solid state drives: Forensic preservation issues
- Introduction to Android malware analysis
- Hack in The Box Conference 2012 Amsterdam
- ISO 27001 standard: Breaking the documentation myth
- Preparing a breach response plan
- Security beyond the operating system: Into the cloud and beyond
- Amphion Forum 2012 Munich
- The challenges of data recovery from modern storage systems
- Two-factor authentication for the cloud: Does it have to be hard?

(IN)SECURE Magazine special issue: RSA Conference 2012

Articles in this issue include:

- News from RSA Conference 2012
- Information security within emerging markets
- Evolving security trends in smartphone and mobile computing
- The biggest problem in application security today
- RSA Conference 2012 award winners
- Innovation Sandbox

(IN)SECURE Magazine Issue 33

Articles in this issue include:

- Securing Android: Think outside the box
- Interview with Joe Sullivan, CSO at Facebook
- White hat shellcode: Not for exploits
- Using mobile device management for risk mitigation in a heterogeneous environment
- Metasploit: The future of penetration testing with HD Moore
- Using and extending the Vega open source web security platform
- Next-generation policies: Managing the human factor in security

(IN)SECURE Magazine Issue 32

Articles in this issue include:

- 7 questions you always wanted to ask a professional vulnerability researcher
- Insights on drive-by browser history stealing
- Review: Kingston DataTraveler 6000
- RSA Conference Europe 2011
- PacketFence: Because NAC doesn't have to be hard!
- Information security and the threat landscape with Raj Samani
- Security is a dirty word
- Smartphone apps are not that smart: Insecure development practices
- Virus Bulletin 2011
- Infosec professionals: Accomplishing your day job without breaking the law
- WPScan: WordPress Security Scanner
- Securing the enterprise: Is your IT department under siege?

(IN)SECURE Magazine Issue 31

Articles in this issue include:

- The changing face of hacking
- Review: [hiddn] Crypto Adapter
- A tech theory coming of age
- SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
- The need for foundational controls in cloud computing
- A new approach to data centric security
- The future of identity verification through keystroke dynamics
- Visiting Bitdefender's headquarters
- Rebuilding walls in the clouds
- Testing Domino applications
- Report: Black Hat 2011 USA
- Safeguarding user access in the cloud with identity governance

(IN)SECURE Magazine Issue 30

Articles in this issue include:

- Microsoft's Exploit Mitigation Experience Toolkit
- Transaction monitoring as an issuer fraud risk management technique in the banking card payment system
- IPv6: Saviour and threat
- The hard truth about mobile application security: Separating hype from reality
- Don't fear the auditor
- Book review: Kingpin
- Secure mobile platforms: CISOs faced with new strategies
- Security needs to be unified, simplified and proactive
- Whose computer is it anyway?
- 10 golden rules of information security
- The token is dead
- Book review: IPv6 for Enterprise Networks
- Cyber security revisited: Change from the ground up?

(IN)SECURE Magazine Issue 29

Articles in this issue include:

- Virtual machines: Added planning to the forensic acquisition process
- Review: iStorage diskGenie
- Managers are from Mars, information security professionals are from Venus
- PacketWars: A cyber security sport for a cyber age
- Q&A: Graham Cluley on Facebook security and privacy
- Financial Trojans: Following the money
- Mobile encryption: The new frontier
- Report: RSA Conference 2011
- Combating public sector fraud with better information analysis
- Q&A: Stefan Frei on security research and vulnerability management
- The expanding role of digital certificates… in more places than you think
- 5 questions to ask when reevaluating your data security solution
- How to achieve strong authentication on the Web while balancing security, usability and cost

(IN)SECURE Magazine Issue 28

Articles in this issue include:

- Database protocol exploits explained
- Review: MXI M700 Bio
- Measuring web application security coverage
- Inside backup and storage: The expert's view
- Combating the changing nature of online fraud
- Book review: CISSP Study Guide
- Successful data security programs encompass processes, people, technology
- Sangria, tapas and hackers: SOURCE Barcelona 2010
- What CSOs can learn from college basketball
- Network troubleshooting 101
- America’s cyber cold war
- RSA Conference Europe 2010
- Book review: Dissecting the Hack: The F0rb1dd3n Network (Revised Edition)
- Bootkits – a new stage of development

(IN)SECURE Magazine Issue 27

Articles in this issue include:

- Review: BlockMaster SafeStick secure USB flash drive
- The devil is in the details: Securing the enterprise against the cloud
- Cybercrime may be on the rise, but authentication evolves to defeat it
- Learning from bruteforcers
- PCI DSS v1.3: Vital to the emerging demand for virtualization and cloud security
- Security testing - the key to software quality
- A brief history of security and the mobile enterprise
- Payment card security: Risk and control assessments
- Security as a process: Does your security team fuzz?
- Book review: Designing Network Security, 2nd Edition
- Intelligent security: Countering sophisticated fraud

(IN)SECURE Magazine Issue 26

Articles in this issue include:

- PCI: Security's lowest common denominator
- Analyzing Flash-based RIA components and discovering vulnerabilities
- Logs: Can we finally tame the beast?
- Launch arbitrary code from Excel in a restricted environment
- Placing the burden on the bot
- Data breach risks and privacy compliance: The expanding role of the IT security professional
- Authenticating Linux users against Microsoft Active Directory
- Hacking under the radar
- Photos: Infosecurity Europe 2010
- Securing the office in your pocket
- iPhone backup, encryption and forensics
- The growing problem of cyber bullying
- Secure collaboration: Managing the inside threat posed by trusted outsiders
- SMS spamming
- A new scalable approach to data tokenization

(IN)SECURE Magazine Issue 25

Articles in this issue include:

- The changing face of penetration testing: Evolve or die!
- Review: SmartSwipe
- Unusual SQL injection vulnerabilities and how to exploit them
- Take note of new data notification rules
- RSA Conference 2010 coverage
- Corporate monitoring: Addressing security, privacy, and temptation in the workplace
- Cloud computing and recovery, not just backup
- EJBCA: Make your own certificate authority
- Advanced attack detection using OSSIM
- The world of claims-based security
- Enterprise Authentication: Increasing security without breaking the bank

(IN)SECURE Magazine Issue 24

Articles in this issue include:

- Writing a secure SOAP client with PHP: Field report from a real-world project
- How virtualized browsing shields against web-based attacks
- Review: 1Password 3
- Preparing a strategy for application vulnerability detection
- Threats 2.0: A glimpse into the near future
- Preventing malicious documents from compromising Windows machines
- Balancing productivity and security in a mixed environment
- AES and 3DES comparison analysis
- OSSEC: An introduction to open source log and event management
- Book review - Hacking: The Next Generation
- Q&A: Sandra Toms LaPedis on RSA Conference 2010
- Secure and differentiated access in enterprise wireless networks
- Achieving continuous PCI compliance with IT GRC

(IN)SECURE Magazine Issue 23

Articles in this issue include:

- Microsoft's security patches year in review: A malware researcher's perspective
- A closer look at Red Condor Hosted Service
- Report: RSA Conference Europe 2009, London
- The U.S. Department of Homeland Security has a vision for stronger information security
- Q&A: Didier Stevens on malicious PDFs
- Protecting browsers, endpoints and enterprises against new Web-based attacks
- Mobile spam: An old challenge in a new guise
- Report: BruCON security conference, Brussels
- Are you putting your business at risk?
- Why out-of-band transactions verification is critical to protecting online banking
- Study uncovers alarming password usage behavior
- Q&A: Noise vs. Subversive Computing with Pascal Cretain
- Elevating email to an enterprise-class database application solution
- Ask the social engineer: Practice
- Report: Storage Expo 2009, London
- Jumping fences - the ever decreasing perimeter

(IN)SECURE Magazine Issue 22

Articles in this issue include:

- Using real-time events to drive your network scans
- Review: Data Locker
- The Nmap project: Open source with style
- Enterprise effectiveness of digital certificates: Are they ready for prime-time?
- A look at geolocation, URL shortening and top Twitter threats
- How "fake stuff" can make you more secure
- Making clouds secure
- Q&A: Dr. Herbert Thompson on security ROI and RSA Conference
- Book review - Cyber Crime Fighters: Tales from the Trenches
- Top 5 myths about wireless protection
- Securing the foundation of IT systems
- A layered approach to making your Web application a safer environment
- In mashups we trust?
- Adopting the security best practice of least privilege
- Is your data recovery provider a data security problem?
- New strategies for establishing a comprehensive lifetime data protection program
- Security for multi-enterprise applications
- EU data breach notification proposals: How will your business be affected?
- Book review - 97 Things Every Software Architect Should Know
- Safety in the cloud: How CIOs can ensure the safety of their data as they migrate to cloud applications
- Vulnerability management

(IN)SECURE Magazine Issue 21

Articles in this issue include:

- Malicious PDF: Get owned without opening
- Review: IronKey Personal
- Windows 7 security features: Building on Vista
- Web 2.0 emerging threats
- Using Wireshark to capture and analyze wireless traffic
- Q&A: Paul Cooke on Windows 7
- RSA Conference 2009
- Your applications are trying to tell you something - are you listening?
- Q&A: Hord Tipton on certification and (ISC)2
- "Unclonable" RFID - a technical overview
- The application security maturity (ASM) model
- Secure development principles
- Enterprise risk and compliance reporting
- Q&A: Ron Gula on Nessus and Tenable Network Security
- Infosecurity Europe 2009
- Establish your social media presence with security in mind
- HTTPS is bad?
- A historical perspective on the cybersecurity dilemma
- Q&A: Brent Huston on security in general, CEO challenges and Microsolved
- Black Hat Europe 2009
- Germany: The current debate on the Internet filter
- A risk-based, cost effective approach to holistic security

(IN)SECURE Magazine Issue 20

Articles in this issue include:

- Improving network discovery mechanisms
- Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
- Review: SanDisk Cruzer Enterprise
- Forgotten document of American history offers a model for President Obama's vision of government information technology
- Security standpoint by Sandro Gauci: The year that Internet security failed
- What you need to know about tokenization
- Q&A: Vincenzo Iozzo on Mac OS X security
- Book review - Hacking VoIP: Protocols, Attacks and Countermeasures
- A framework for quantitative privacy measurement
- Why fail? Secure your virtual assets
- Q&A: Scott Henderson on the Chinese underground
- iPhone security software review: Data Guardian
- Phased deployment of Network Access Control
- Playing with authenticode and MD5 collisions
- Web 2.0 case studies: challenges, approaches and vulnerabilities
- Q&A: Jason King, CEO of Lavasoft
- Book review - Making Things Happen: Mastering Project Management
- ISP level malware filtering
- The impact of the consumerization of IT on IT security management

(IN)SECURE Magazine Issue 19

Articles in this issue include:

- The future of AV: looking for the good while stopping the bad
- Security standpoint by Sandro Gauci: How security can hurt us -Review: Eikon To Go
- Eight holes in Windows login controls
- Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
- Extended validation and online security: EV SSL gets the green light
- Web filtering in a Web 2.0 world
- RSA Conference Europe 2008
- The role of password management in compliance with the data protection act
- Interview with Rich Mogull, founder of Securosis
- 5 strategies for proactively embracing failure
- The present and future of Web application security discussed in Portugal
- Securing data beyond PCI in a SOA environment: best practices for advanced data protection
- Navigating a sea of fake codecs
- Role Based Access Control
- How to build a security strategy to grow your career, success and results
- Three undocumented layers of the OSI model and their impact on security

(IN)SECURE Magazine Issue 18

Articles in this issue include: Security standpoint by Sandro Gauci: Closing a can of worms, Network and information security in Europe today, Browser security: bolt it on, then build it in, Passive network security analysis with NetworkMiner, Lynis - an introduction to UNIX system auditing, Windows driver vulnerabilities: the METHOD_NEITHER odyssey, Removing software armoring from executables, Insecurities in privacy protection software, A proactive approach to data breaches, Compliance does not equal security but it's a good start, Secure web application development, Avoiding a "keys to the kingdom" attack without compromising security, The insider threat, Web application security: risky business?, Enterprise application security: how to balance the use of code reviews and web application firewalls for PCI compliance.

(IN)SECURE Magazine Issue 17

Security standpoint by Sandro Gauci: when best intentions go wrong, Review: Red Condor Hosted Service, Reverse engineering software armoring (part 1), Security training and awareness: strengthening your weakest link, Hacking Second Life, Building a secure wireless network for under $300, Assessing risk in VoIP/UC networks, Open redirect vulnerabilities: definition and prevention, Migration from e-mail to web borne threats, Bypassing and enhancing live behavioral protection, Point security solutions are not a 4 letter word, The future of security is information-centric, Corporate due diligence in India: an ICT perspective, E-mail encryption service: a smart choice for SMBs, Securing the enterprise data flow against advanced attacks, How to prevent identity theft and Security flaws identification and technical risk analysis through threat modeling.

(IN)SECURE Magazine Issue 16

Articles in this issue include: Security policy considerations for virtual worlds, US political elections and cybercrime, Using packet analysis for network troubleshooting, The effectiveness of industry certifications, Building a secure future: lessons learned from 2007's highest-profile security events, Advanced social engineering and human exploitation, part 2, Interview with Nitesh Dhanjani, Senior Manager at Ernst and Young, Is your data safe? Secure your web apps, RSA Conference 2008, Producing secure software with security enhanced software development processes, Network event analysis with Net/FSE, Security risks for mobile computing on public WLANs: hotspot registration, Black Hat Europe 2008 Briefings and Training, A Japanese perspective on Software Configuration Management, Windows log forensics: did you cover your tracks?, Traditional vs. non-tranditional database auditing, Payment card data: know your defense options.

(IN)SECURE Magazine Issue 15

Articles in this issue include: Proactive analysis of malware genes holds the key to network security, Advanced social engineering and human exploitation, part 1, Free visualization tools for security analysis and network monitoring, Hiding inside a rainbow, Internet terrorist: does such a thing really exist?, Weaknesses and protection of your wireless network, Fraud mitigation and biometrics following Sarbanes-Oxley, QualysGuard visual walkthrough, Application security matters: deploying enterprise software securely, Web application vulnerabilities and insecure software root causes: solving the software security problem from an information security perspective, A dozen demons profiting at your (jn)convenience, The insider threat: hype vs. reality, Interview with Andre Muscat, Director of Engineering at GFI Software, How B2B gateways affect corporate information security, Reputation attacks, a little known Internet threat, Italian bank's XSS opportunity seized by fraudsters, The good, the bad and the ugly of protecting data in a retail environment, Interview with Mikko Hypponen is the Chief Research Officer for F-Secure, Interview with Richard Jacobs, Technical Director of Sophos and Interview with Raimund Genes, CTO Anti-Malware at Trend Micro.

(IN)SECURE Magazine Issue 14

One lucky (IN)SECURE reader can get a Linksys WRTG54G Wireless-G Router accompanied with the "Linksys WRTG54G Ultimate Hacking" book. Articles in this issue include: - Attacking consumer embedded devices - Review: QualysGuard - CCTV: technology in transition - analog or IP? - Interview with Robert "RSnake" Hansen, CEO of SecTheory - The future of encryption - Endpoint threats - Review: Kaspersky Internet Security 7.0 - Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc. - Network access control: bridging the network security gap - Change and configuration solutions aid PCI auditors - Data protection and identity management while browsing and transacting over the Internet - Information security governance: the nuts and bolts - Securing moving targets - The need for a new security approach - Data insecurity: lessons learned? - Wi-Fi safety and security. We also have a special wireless security topic: "6 CTOs, 10 Burning Questions". The CTOs we talked with include: - Dr. Amit Sinha, VP and CTO of AirDefense - Chia Chee Kuan, CTO and VP of Engineering of AirMagnet - Merwyn Andrade, CTO of Aruba Networks - Pravin Bhagwat, co-founder and CTO of AirTight Networks - Magued Barsoum, CTO of Fortress Technologies - Dan Simone, VP and CTO of Trapeze Networks

(IN)SECURE Magazine Issue 13

Articles in this issue include: - Interview with Janne Uusilehto, Head of Nokia Product Security - Social engineering social networking services: a LinkedIn example - The case for automated log management in meeting HIPAA compliance - Risk decision making: whose call is it? - Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced - Threat Research team at Symantec - Securing VoIP networks: fraud - PCI DSS compliance: a difficult but necessary journey - A security focus on China outsourcing - A multi layered approach to prevent data leakage - Safeguard your organization with proper password management - Interview with Ulf Mattsson, Protegrity CTO - DEFCON 15 - File format fuzzing - IS2ME: Information Security to Medium Enterprise + We are having another book giveaway!

(IN)SECURE Magazine Issue 12

Articles in this issue include: - Enterprise grade remote access - Review: Centennial Software DeviceWall 4.6 - Solving the keylogger conundrum - Interview with Jeremiah Grossman, CTO of WhiteHat Security - The role of log management in operationalizing PCI compliance - Windows security: how to act against common attack vectors - Taking ownership of the Trusted Platform Module chip on Intel Macs - Compliance, IT security and a clear conscience - Key management for enterprise data encryption - The menace within - A closer look at the Cisco CCNP Video Mentor - Network Access Control + We are having a book giveaway!

(IN)SECURE Magazine Issue 11

Articles in this issue include: On the security of e-passports, Review: GFI LANguard Network Security Scanner 8, Critical steps to secure your virtualized environment, Interview with Howard Schmidt, President and CEO R and H Security Consulting, Quantitative look at penetration testing, Integrating ISO 17799 into your Software Development Lifecycle, Public Key Infrastructure (PKI): dead or alive?, Interview with Christen Krogh, Opera Software's Vice President of Engineering, Super ninja privacy techniques for web application developers, Security economics, iptables - an introduction to a robust firewall, Black Hat Briefings and Training Europe 2007 and Enforcing the network security policy with digital certificates.

(IN)SECURE Magazine Issue 10

Articles in this issue include: Microsoft Windows Vista: significant security improvement?, Review: GFI Endpoint Security 3, Interview with Edward Gibson, Chief Security Advisor at Microsoft UK, Top 10 spyware of 2006, The spam problem and open source filtering solutions, Office 2007: new format and new protection/security policy, Wardriving in Paris, Interview with Joanna Rutkowska, security researcher, Climbing the security career mountain: how to get more than just a job, RSA Conference 2007 report, ROT13 is used in Windows? You're joking! and Data security beyond PCI compliance - protecting sensitive data in a distributed environment.

(IN)SECURE Magazine Issue 9

Articles in this issue include: Effectiveness of security by admonition: a case study of security warnings in a web browser setting, Interview with Kurt Sauer, CSO at Skype, Web 2.0 defense with AJAX fingerprinting and filtering, Hack In The Box Security Conference 2006, Where iSCSI fits in enterprise storage networking, Recovering user passwords from cached domain records, Do portable storage solutions compromise business security?, Enterprise data security - a case study and Creating business through virtual trust: how to gain and sustain a competitive advantage using information security.

(IN)SECURE Magazine Issue 8

Articles in this issue include: Payment Card Industry demystified, Skype: how safe is it?, Computer forensics vs. electronic evidence, Review: Acunetix Web Vulnerability Scanner, SSH port forwarding - security from two perspectives, part two, Log management in PCI compliance, Airscanner vulnerability summary: Windows Mobile security software fails the test, Proactive protection: a panacea for viruses?, Introducing the MySQL Sandbox and Continuous protection of enterprise data: a comprehensive approach

(IN)SECURE Magazine Issue 7

Articles in this issue include: SSH port forwarding: security from two perspectives, part one, An inside job, CEO spotlight: Q and A with Patricia Sueltz at SurfControl, Server monitoring with munin and monit, Compliance vs. awareness in 2006, 2005 *nix malware evolution, Overview of quality security podcasts and coverage of Infosecurity 2006 and InfoSec World 2006.

(IN)SECURE Magazine Issue 6

Articles in this issue include: Best practices in enterprise database protection, Quantifying the cost of spyware to the enterprise, Security for websites - breaking sessions to hack into a machine, How to win friends and influence people with IT security certifications, The size of security: the evolution and history of OSSTMM operational security metrics, Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London, PHP and SQL security today, Apache security: Denial of Service attacks, War-driving in Germany - CeBIT 2006

(IN)SECURE Magazine Issue 5

Articles in this issue include: Web application firewalls primer, Review: Trustware BufferZone 1.6, Threat analysis using log data, Looking back at computer security in 2005, Writing an enterprise handheld security policy, Digital Rights Management, Revenge of the Web mob, Hardening Windows Server 2003 platforms made easy and Filtering spam server-side

(IN)SECURE Magazine Issue 4

Articles in this issue include: Structured traffic analysis, Access Control Lists in Tiger and Tiger Server - true permission management, Automating I.T. security audits, Biometric security, PDA attacks, part 2: airborne viruses - evolution of the latest threats, Build a custom firewall computer, Lock down your kernel with grsecurity, Interview with Sergey Ryzhikov, director of Bitrix, Best practices for database encryption solutions

(IN)SECURE Magazine Issue 3

Articles in this issue include: Security vulnerabilities, exploits and patches, PDA attacks: palm sized devices - PC sized threats, Adding service signatures to Nmap, CSO and CISO - perception vs. reality in the security kingdom, Unified threat management: IT security's silver bullet?, The reality of SQL injection, 12 months of progress for the Microsoft Security Response Centre, Interview with Michal Zalewski, security researcher, OpenSSH for Macintosh and Method for forensic validation of backup tape.

(IN)SECURE Magazine Issue 2

Articles in this issue include: Information security in campus and open environments, Web applications worms - the next Internet infestation, Integrating automated patch and vulnerability management into an enterprise-wide environment, Advanced PHP security - vulnerability containment, Protecting an organization's public information, Application security: the noveau blame game, What you need to know before migrating your applications to the Web, Clear cut cryptography and How to lock down enterprise data with infrastructure services.

(IN)SECURE Magazine Issue 1

Articles in this issue include: Does Firefox really provide more security than Internet Explorer?, Security risks associated with portable storage devices, 10 tips on protecting customer information from identity theft, Linux security - is it ready for the average user?, How to secure your wireless network, Considerations for preventing information leakage, An introduction to securing Linux with Apache, ProFTPd and Samba and Security vulnerabilities in PHP Web applications