(IN)SECURE Magazine Notifications RSS

(IN)SECURE Magazine Issue 23

Articles in this issue include:

- Microsoft's security patches year in review: A malware researcher's perspective
- A closer look at Red Condor Hosted Service
- Report: RSA Conference Europe 2009, London
- The U.S. Department of Homeland Security has a vision for stronger information security
- Q&A: Didier Stevens on malicious PDFs
- Protecting browsers, endpoints and enterprises against new Web-based attacks
- Mobile spam: An old challenge in a new guise
- Report: BruCON security conference, Brussels
- Are you putting your business at risk?
- Why out-of-band transactions verification is critical to protecting online banking
- Study uncovers alarming password usage behavior
- Q&A: Noise vs. Subversive Computing with Pascal Cretain
- Elevating email to an enterprise-class database application solution
- Ask the social engineer: Practice
- Report: Storage Expo 2009, London
- Jumping fences - the ever decreasing perimeter

(IN)SECURE Magazine Issue 22

Articles in this issue include:

- Using real-time events to drive your network scans
- Review: Data Locker
- The Nmap project: Open source with style
- Enterprise effectiveness of digital certificates: Are they ready for prime-time?
- A look at geolocation, URL shortening and top Twitter threats
- How "fake stuff" can make you more secure
- Making clouds secure
- Q&A: Dr. Herbert Thompson on security ROI and RSA Conference
- Book review - Cyber Crime Fighters: Tales from the Trenches
- Top 5 myths about wireless protection
- Securing the foundation of IT systems
- A layered approach to making your Web application a safer environment
- In mashups we trust?
- Adopting the security best practice of least privilege
- Is your data recovery provider a data security problem?
- New strategies for establishing a comprehensive lifetime data protection program
- Security for multi-enterprise applications
- EU data breach notification proposals: How will your business be affected?
- Book review - 97 Things Every Software Architect Should Know
- Safety in the cloud: How CIOs can ensure the safety of their data as they migrate to cloud applications
- Vulnerability management

(IN)SECURE Magazine Issue 21

Articles in this issue include:

- Malicious PDF: Get owned without opening
- Review: IronKey Personal
- Windows 7 security features: Building on Vista
- Web 2.0 emerging threats
- Using Wireshark to capture and analyze wireless traffic
- Q&A: Paul Cooke on Windows 7
- RSA Conference 2009
- Your applications are trying to tell you something - are you listening?
- Q&A: Hord Tipton on certification and (ISC)2
- "Unclonable" RFID - a technical overview
- The application security maturity (ASM) model
- Secure development principles
- Enterprise risk and compliance reporting
- Q&A: Ron Gula on Nessus and Tenable Network Security
- Infosecurity Europe 2009
- Establish your social media presence with security in mind
- HTTPS is bad?
- A historical perspective on the cybersecurity dilemma
- Q&A: Brent Huston on security in general, CEO challenges and Microsolved
- Black Hat Europe 2009
- Germany: The current debate on the Internet filter
- A risk-based, cost effective approach to holistic security

(IN)SECURE Magazine Issue 20

Articles in this issue include:

- Improving network discovery mechanisms
- Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
- Review: SanDisk Cruzer Enterprise
- Forgotten document of American history offers a model for President Obama's vision of government information technology
- Security standpoint by Sandro Gauci: The year that Internet security failed
- What you need to know about tokenization
- Q&A: Vincenzo Iozzo on Mac OS X security
- Book review - Hacking VoIP: Protocols, Attacks and Countermeasures
- A framework for quantitative privacy measurement
- Why fail? Secure your virtual assets
- Q&A: Scott Henderson on the Chinese underground
- iPhone security software review: Data Guardian
- Phased deployment of Network Access Control
- Playing with authenticode and MD5 collisions
- Web 2.0 case studies: challenges, approaches and vulnerabilities
- Q&A: Jason King, CEO of Lavasoft
- Book review - Making Things Happen: Mastering Project Management
- ISP level malware filtering
- The impact of the consumerization of IT on IT security management

(IN)SECURE Magazine Issue 19

Articles in this issue include:

- The future of AV: looking for the good while stopping the bad
- Security standpoint by Sandro Gauci: How security can hurt us -Review: Eikon To Go
- Eight holes in Windows login controls
- Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
- Extended validation and online security: EV SSL gets the green light
- Web filtering in a Web 2.0 world
- RSA Conference Europe 2008
- The role of password management in compliance with the data protection act
- Interview with Rich Mogull, founder of Securosis
- 5 strategies for proactively embracing failure
- The present and future of Web application security discussed in Portugal
- Securing data beyond PCI in a SOA environment: best practices for advanced data protection
- Navigating a sea of fake codecs
- Role Based Access Control
- How to build a security strategy to grow your career, success and results
- Three undocumented layers of the OSI model and their impact on security

(IN)SECURE Magazine Issue 18

Articles in this issue include: Security standpoint by Sandro Gauci: Closing a can of worms, Network and information security in Europe today, Browser security: bolt it on, then build it in, Passive network security analysis with NetworkMiner, Lynis - an introduction to UNIX system auditing, Windows driver vulnerabilities: the METHOD_NEITHER odyssey, Removing software armoring from executables, Insecurities in privacy protection software, A proactive approach to data breaches, Compliance does not equal security but it's a good start, Secure web application development, Avoiding a "keys to the kingdom" attack without compromising security, The insider threat, Web application security: risky business?, Enterprise application security: how to balance the use of code reviews and web application firewalls for PCI compliance.

(IN)SECURE Magazine Issue 17

Security standpoint by Sandro Gauci: when best intentions go wrong, Review: Red Condor Hosted Service, Reverse engineering software armoring (part 1), Security training and awareness: strengthening your weakest link, Hacking Second Life, Building a secure wireless network for under $300, Assessing risk in VoIP/UC networks, Open redirect vulnerabilities: definition and prevention, Migration from e-mail to web borne threats, Bypassing and enhancing live behavioral protection, Point security solutions are not a 4 letter word, The future of security is information-centric, Corporate due diligence in India: an ICT perspective, E-mail encryption service: a smart choice for SMBs, Securing the enterprise data flow against advanced attacks, How to prevent identity theft and Security flaws identification and technical risk analysis through threat modeling.

(IN)SECURE Magazine Issue 16

Articles in this issue include: Security policy considerations for virtual worlds, US political elections and cybercrime, Using packet analysis for network troubleshooting, The effectiveness of industry certifications, Building a secure future: lessons learned from 2007's highest-profile security events, Advanced social engineering and human exploitation, part 2, Interview with Nitesh Dhanjani, Senior Manager at Ernst and Young, Is your data safe? Secure your web apps, RSA Conference 2008, Producing secure software with security enhanced software development processes, Network event analysis with Net/FSE, Security risks for mobile computing on public WLANs: hotspot registration, Black Hat Europe 2008 Briefings and Training, A Japanese perspective on Software Configuration Management, Windows log forensics: did you cover your tracks?, Traditional vs. non-tranditional database auditing, Payment card data: know your defense options.

(IN)SECURE Magazine Issue 15

Articles in this issue include: Proactive analysis of malware genes holds the key to network security, Advanced social engineering and human exploitation, part 1, Free visualization tools for security analysis and network monitoring, Hiding inside a rainbow, Internet terrorist: does such a thing really exist?, Weaknesses and protection of your wireless network, Fraud mitigation and biometrics following Sarbanes-Oxley, QualysGuard visual walkthrough, Application security matters: deploying enterprise software securely, Web application vulnerabilities and insecure software root causes: solving the software security problem from an information security perspective, A dozen demons profiting at your (jn)convenience, The insider threat: hype vs. reality, Interview with Andre Muscat, Director of Engineering at GFI Software, How B2B gateways affect corporate information security, Reputation attacks, a little known Internet threat, Italian bank's XSS opportunity seized by fraudsters, The good, the bad and the ugly of protecting data in a retail environment, Interview with Mikko Hypponen is the Chief Research Officer for F-Secure, Interview with Richard Jacobs, Technical Director of Sophos and Interview with Raimund Genes, CTO Anti-Malware at Trend Micro.

(IN)SECURE Magazine Issue 14

One lucky (IN)SECURE reader can get a Linksys WRTG54G Wireless-G Router accompanied with the "Linksys WRTG54G Ultimate Hacking" book. Articles in this issue include: - Attacking consumer embedded devices - Review: QualysGuard - CCTV: technology in transition - analog or IP? - Interview with Robert "RSnake" Hansen, CEO of SecTheory - The future of encryption - Endpoint threats - Review: Kaspersky Internet Security 7.0 - Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc. - Network access control: bridging the network security gap - Change and configuration solutions aid PCI auditors - Data protection and identity management while browsing and transacting over the Internet - Information security governance: the nuts and bolts - Securing moving targets - The need for a new security approach - Data insecurity: lessons learned? - Wi-Fi safety and security. We also have a special wireless security topic: "6 CTOs, 10 Burning Questions". The CTOs we talked with include: - Dr. Amit Sinha, VP and CTO of AirDefense - Chia Chee Kuan, CTO and VP of Engineering of AirMagnet - Merwyn Andrade, CTO of Aruba Networks - Pravin Bhagwat, co-founder and CTO of AirTight Networks - Magued Barsoum, CTO of Fortress Technologies - Dan Simone, VP and CTO of Trapeze Networks

(IN)SECURE Magazine Issue 13

Articles in this issue include: - Interview with Janne Uusilehto, Head of Nokia Product Security - Social engineering social networking services: a LinkedIn example - The case for automated log management in meeting HIPAA compliance - Risk decision making: whose call is it? - Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced - Threat Research team at Symantec - Securing VoIP networks: fraud - PCI DSS compliance: a difficult but necessary journey - A security focus on China outsourcing - A multi layered approach to prevent data leakage - Safeguard your organization with proper password management - Interview with Ulf Mattsson, Protegrity CTO - DEFCON 15 - File format fuzzing - IS2ME: Information Security to Medium Enterprise + We are having another book giveaway!

(IN)SECURE Magazine Issue 12

Articles in this issue include: - Enterprise grade remote access - Review: Centennial Software DeviceWall 4.6 - Solving the keylogger conundrum - Interview with Jeremiah Grossman, CTO of WhiteHat Security - The role of log management in operationalizing PCI compliance - Windows security: how to act against common attack vectors - Taking ownership of the Trusted Platform Module chip on Intel Macs - Compliance, IT security and a clear conscience - Key management for enterprise data encryption - The menace within - A closer look at the Cisco CCNP Video Mentor - Network Access Control + We are having a book giveaway!

(IN)SECURE Magazine Issue 11

Articles in this issue include: On the security of e-passports, Review: GFI LANguard Network Security Scanner 8, Critical steps to secure your virtualized environment, Interview with Howard Schmidt, President and CEO R and H Security Consulting, Quantitative look at penetration testing, Integrating ISO 17799 into your Software Development Lifecycle, Public Key Infrastructure (PKI): dead or alive?, Interview with Christen Krogh, Opera Software's Vice President of Engineering, Super ninja privacy techniques for web application developers, Security economics, iptables - an introduction to a robust firewall, Black Hat Briefings and Training Europe 2007 and Enforcing the network security policy with digital certificates.

(IN)SECURE Magazine Issue 10

Articles in this issue include: Microsoft Windows Vista: significant security improvement?, Review: GFI Endpoint Security 3, Interview with Edward Gibson, Chief Security Advisor at Microsoft UK, Top 10 spyware of 2006, The spam problem and open source filtering solutions, Office 2007: new format and new protection/security policy, Wardriving in Paris, Interview with Joanna Rutkowska, security researcher, Climbing the security career mountain: how to get more than just a job, RSA Conference 2007 report, ROT13 is used in Windows? You're joking! and Data security beyond PCI compliance - protecting sensitive data in a distributed environment.

(IN)SECURE Magazine Issue 9

Articles in this issue include: Effectiveness of security by admonition: a case study of security warnings in a web browser setting, Interview with Kurt Sauer, CSO at Skype, Web 2.0 defense with AJAX fingerprinting and filtering, Hack In The Box Security Conference 2006, Where iSCSI fits in enterprise storage networking, Recovering user passwords from cached domain records, Do portable storage solutions compromise business security?, Enterprise data security - a case study and Creating business through virtual trust: how to gain and sustain a competitive advantage using information security.

(IN)SECURE Magazine Issue 8

Articles in this issue include: Payment Card Industry demystified, Skype: how safe is it?, Computer forensics vs. electronic evidence, Review: Acunetix Web Vulnerability Scanner, SSH port forwarding - security from two perspectives, part two, Log management in PCI compliance, Airscanner vulnerability summary: Windows Mobile security software fails the test, Proactive protection: a panacea for viruses?, Introducing the MySQL Sandbox and Continuous protection of enterprise data: a comprehensive approach

(IN)SECURE Magazine Issue 7

Articles in this issue include: SSH port forwarding: security from two perspectives, part one, An inside job, CEO spotlight: Q and A with Patricia Sueltz at SurfControl, Server monitoring with munin and monit, Compliance vs. awareness in 2006, 2005 *nix malware evolution, Overview of quality security podcasts and coverage of Infosecurity 2006 and InfoSec World 2006.

(IN)SECURE Magazine Issue 6

Articles in this issue include: Best practices in enterprise database protection, Quantifying the cost of spyware to the enterprise, Security for websites - breaking sessions to hack into a machine, How to win friends and influence people with IT security certifications, The size of security: the evolution and history of OSSTMM operational security metrics, Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London, PHP and SQL security today, Apache security: Denial of Service attacks, War-driving in Germany - CeBIT 2006

(IN)SECURE Magazine Issue 5

Articles in this issue include: Web application firewalls primer, Review: Trustware BufferZone 1.6, Threat analysis using log data, Looking back at computer security in 2005, Writing an enterprise handheld security policy, Digital Rights Management, Revenge of the Web mob, Hardening Windows Server 2003 platforms made easy and Filtering spam server-side

(IN)SECURE Magazine Issue 4

Articles in this issue include: Structured traffic analysis, Access Control Lists in Tiger and Tiger Server - true permission management, Automating I.T. security audits, Biometric security, PDA attacks, part 2: airborne viruses - evolution of the latest threats, Build a custom firewall computer, Lock down your kernel with grsecurity, Interview with Sergey Ryzhikov, director of Bitrix, Best practices for database encryption solutions

(IN)SECURE Magazine Issue 3

Articles in this issue include: Security vulnerabilities, exploits and patches, PDA attacks: palm sized devices - PC sized threats, Adding service signatures to Nmap, CSO and CISO - perception vs. reality in the security kingdom, Unified threat management: IT security's silver bullet?, The reality of SQL injection, 12 months of progress for the Microsoft Security Response Centre, Interview with Michal Zalewski, security researcher, OpenSSH for Macintosh and Method for forensic validation of backup tape.

(IN)SECURE Magazine Issue 2

Articles in this issue include: Information security in campus and open environments, Web applications worms - the next Internet infestation, Integrating automated patch and vulnerability management into an enterprise-wide environment, Advanced PHP security - vulnerability containment, Protecting an organization's public information, Application security: the noveau blame game, What you need to know before migrating your applications to the Web, Clear cut cryptography and How to lock down enterprise data with infrastructure services.

(IN)SECURE Magazine Issue 1

Articles in this issue include: Does Firefox really provide more security than Internet Explorer?, Security risks associated with portable storage devices, 10 tips on protecting customer information from identity theft, Linux security - is it ready for the average user?, How to secure your wireless network, Considerations for preventing information leakage, An introduction to securing Linux with Apache, ProFTPd and Samba and Security vulnerabilities in PHP Web applications