IT Security Jobs & Careers

Find your next job in IT Security. Search IT Security jobs from thousands of job and career search sites. A search engine for jobs with a different approach to job and career searches. In one simple search, job seekers get free access to millions of employment opportunities from thousands of websites. Find your next job in IT Security today.

Securing the Information Highway
Wesley K. Clark and Peter L. Levin

The Obama administration recognizes that the United States is utterly dependent on Internet-based systems and that its information assets are precariously exposed. Accordingly, it has made electronic network security a crucial defense priority. But that is only the tip of the iceberg.

Government Recruits Geeks to Blunt Cybersecurity Threats
Joshua Kucera

The potential threats against the United States from malicious foreign hackers are as poorly understood as they are scary. It's the kind of shadowy, nonstate threat that the U.S. defense and intelligence bureaucracies are traditionally ill equipped to fight, but a new initiative announced last week aims to try.

Cyberwar Is the New Atomic Age
Mike McConnell Interview

A level of vulnerability has been introduced into our way of life that is unprecedented. We now have a smaller connected globe where information can be moved in seconds, where information managed by computer networks -- which runs our utilities, our transportation, our banking and communications -- can be exploited or attacked in seconds from a remote location overseas

Secrets to Saving Your Laptop and Data
David LaGesse

Consumers now buy more laptops than desktop PCs, relishing the power they pack in a portable package. Thieves relish laptops for the same reason. The overwhelming majority of lost or stolen notebooks don't make it back to their owners, according to FBI and analyst reports. But a few laptop-luggers take steps to protect their investments, or the even-more precious data they contain.

Fortified rice, fuel cells among Tech Award winners
Al Gore receives humanitarian honor at Tech Museum event that provides prizes to projects in the areas of environment, health, biosciences economic development, equality, and education.

Cisco launches iPhone security app
Cisco Systems' new App Store entry, featuring customized alerts and threat information delivered to the handheld device, targets security professionals.

Town to photograph every car that enters and leaves
The California town of Tiburon votes to set up permanent cameras to record the license plate of every car on its roads. Is this one more step toward a surveillance state?

Unboxing the free PDC laptop (photos)
CNET has a look as one developer at the Microsoft PDC gathering in Los Angeles unboxes an Acer laptop, which were given to most attendees.

New Firefox 3.6 beta aims to cut crashes
The third beta imposes a new restriction on how third-party software can interact with it. And a feature called Resource Package could speed up Firefox 3.7.

Facebook adopts new privacy policy
The social-networking site hopes that policy revision will make the policy more accessible and easier to understand.

T-Mobile UK says workers sold customer data
British consumer privacy commissioner says he will prosecute over sale of customer data by T-Mobile UK employees.

FAQ: Recognizing phishing e-mails
Phishing attacks have spiked this year, recent reports show. Here's a primer on what phishing is and how to avoid it.

Report: Countries prepping for cyberwar
U.S., Israel, Russia, China, and France are gearing up for cyberoffensives, according to a new McAfee report.

Antitrust concerns linger in Google Books deal
Opponents of Google Books settlement say the search giant will still have exclusive rights to digitize orphaned out-of-print works.

VeriSign expects major security update by 2011
New protocol will guarantee the origin and integrity of Domain Name System data for .com and .net, company says.

CNET News.com - Security
Tech News First

 

Chrome Shines, Gore Opines, Staffs Decline
Google's Chrome OS captured a lot of headlines and hype this week after the company invited the media in to have a look-see, setting off a whole lot of opinions about whether it will be any good. Microsoft, predictably, doesn't think so. Otherwise, Al Gore offered his opinion on the role supercomputers can play to quell climate change, and for the first time we can recollect there were not one, but two, cat-related IT stories that caught our attention.

Two Approaches to NFC Battle for French Hearts and Mobiles
Two competing approaches to equipping mobile phones with contactless communications capabilities vied for supporters at the Cartes exhibition in Paris this week. Either approach could turn phones into self-service electronic tour guides, travel tickets or secure payment terminals.

FCC: Internet Program for Deaf Cheated Out of Millions
In court the Federal Communications Commission has charged 26 people with defrauding the agency of “tens of millions of dollars” from its program that lets people with hearing disabilities to communicate with hearing individuals through the use of interpreters and Web cameras.

Cyberattacks on U.S. Military Jump Sharply in 2009
Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Cisco's Free IPhone App Grabs Security Feeds
Cisco has made available a free iPhone app that can be used to receive over a dozen security-related information feeds in customizable form related both to Cisco products and to general security topics, such as newly detected threats.

EU Security Agency Highlights Cloud Computing Risks
Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the European Network and Information Security Agency (ENISA).

Cyberattacks on U.S. Military Jump Sharply in 2009
Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Three Indicted for Comcast Hack Last Year
Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.

A Tale of Two Insiders
When it comes to insider threats, you’ve probably heard over and over, "the clues were in the logs, if only they were picked up!" Often the clues aren't enough, though. Consolidation of logs is certainly the first step, but to use those clues and detect separation of duties violations or other insider threats, there are four other important technical challenges that must be addressed.

FAA Fixes Computer Glitch, Delays Remain
The Federal Aviation Administration says that it has fixed a computer glitch responsible for flight delays across the United States, although it says that possible flight delays may still be in the cards.

3 Basic Steps to Avoid Joining a Botnet
It's getting more difficult to keep employees stay safe and free from malicious activity online. But Team Cymru's Steve Santorelli presents a combination of techniques that can make their chances of infection much lower.

Health Net Says 1.5M Medical Records Lost in Data Breach
Connecticut-based insurance provider Health Net told state officials that an external hard drive containing personal health and financial data on about 1.5 million customers has been missing for six months.

Former DHS Cybersecurity Chief Points Finger At Congress
Part of the blame for continued cybersecurity problems in the U.S. government and beyond lies with Congress and its "scattershot" approach to dealing with the issue, a former assistant secretary for cybersecurity at the U.S. Department of Homeland Security said Thursday.

NSA Helped with Windows 7 Development
The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged yesterday during testimony before Congress.

Security Vendor Fortinet Sparkles in IPO
Shares of security vendor Fortinet surged 33 percent Wednesday as the company made its debut on the public markets.

CIO.com - Security

 

Global warming research exposed after hack
An anonymous hacker has posted private e-mails, files and other documents belonging to a noted climate researcher, sparking an international debate between skeptics of global warming and those who see it as an urgent problem.

Chrome shines, Gore opines, staffs decline
Google's Chrome OS captured a lot of headlines and hype this week after the company invited the media in to have a look-see, setting off a whole lot of opinions about whether it will be any good. Microsoft, predictably, doesn't think so. Otherwise, Al Gore offered his opinion on the role supercomputers can play to quell climate change, and for the first time we can recollect there were not one, but two, cat-related IT stories that caught our attention.

Teen gets prison term for attack on Scientology Web site
A New Jersey teenager was sentenced to a year in jail and was fined $37,500 after pleading guilty to charges in connection with a DDOS attack on the Church of Scientology Web site.

Judge sets schedule for Google book search case
The judge in the copyright infringement case pitting the Authors Guild and the Association of American Publishers (AAP) against Google and its book search program has set a date for the final hearing on the parties' controversial settlement proposal.

Banks on watch after suspected card breach
An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions.

Three indicted for Comcast hack last year
Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.

More Security News
View more Security news and analysis from Computerworld.com

Computerworld Security News

 

News: Popular apps need better patching, says report
Popular apps need better patching, says report

News: Hacker charged with Heartland, other breaches
Hacker charged with Heartland, other breaches

News: Web attacks hit U.S., South Korean sites
Web attacks hit U.S., South Korean sites

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

News: FTC persuades court to shutter rogue ISP
FTC persuades court to shutter rogue ISP

Brief: No cyberwar yet, but soon, says firm
No cyberwar yet, but soon, says firm

Brief: Survey: Majority of Web sites vulnerable
Survey: Majority of Web sites vulnerable

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Brief: Microsoft fixes kernel, Office flaws
Microsoft fixes kernel, Office flaws

Brief: Point-and-click forensics tool leaks to Net
Point-and-click forensics tool leaks to Net

News: Researcher busts into Twitter via SSL reneg hole
Researcher busts into Twitter via SSL reneg hole

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

News: Security firm chokes sprawling spam botnet
Security firm chokes sprawling spam botnet

News: FBI and SOCA plot cybercrime smackdown
FBI and SOCA plot cybercrime smackdown

News: Botnet boosts criminals' revenues from Google
Botnet boosts criminals' revenues from Google

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One

Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack

Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Infocus: WiMax: Just Another Security Challenge?
WiMax: Just Another Security Challenge?

Gunter Ollmann: Time to Squish SQL Injection
Time to Squish SQL Injection

Mark Rasch: Lazy Workers May Be Deemed Hackers
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Adam O'Donnell: The Scale of Security
The Scale of Security

Mark Rasch: Hacker-Tool Law Still Does Little
Hacker-Tool Law Still Does Little

More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

 

Deploying Oracle within the Data Center
Once you decide to deploy Oracle within the data center, a continuous lifecycle begins - moving from initial development, test, and deployment, to ongoing migration, to new releases of Oracle and deployment of new features with each release. The EMC Solutions Practice for Oracle can help you get started quickly. Published by: EMC Corporation

How Application Whitelisting Can Increase Your Desktop Security
No single technology guarantees security, but application whitelisting covers situations not addressed by firewalls or anti-virus utilities. This webinar focuses on how application whitelisting can be effectively used as an important layer in your security scenario. Published by: Faronics

Stopping Data Leakage: Making the Most of Your Security Budget
This paper demonstrates the need for a high-profile acceptable use policy to prevent data leakage, gives practical guidance on how to use your security budget effectively to protect data at the gateway and endpoint, and highlights the benefits of encryption in securing data in the event that it does get stolen or lost. Published by: Sophos Inc.

Closing the Gaps in Enterprise Data Security: A Model for 360° Protection
This paper examines the primary data threats that currently concern chief security officers (CSOs) and IT security management within enterprises, and recommends best-practice techniques to minimize and overcome risks to data security. These best practices have been successfully implemented and deployed in organizations worldwide as components of a Published by: Sophos Inc.

eGuide: 7 Security Questions to Ask Your SaaS Provider
Outsourcing an application means your organization relinquishes some control. In this article Heather Clancy will offer seven questions that you should resolve with your provider before investing in SaaS. Published by: Panda Security

How to Protect Data Against Theft and Ensure That it Remains Confidential - No Matter Where it is Stored
This white paper introduces SafeGuard Enterprise 5.40, an innovative solution from Sophos that fulfills all the requirements a company could have for protecting confidential data on mobile PCs and data media. Published by: Sophos Inc.

The Business Impact of Data Security Regulations: Featuring Massachusetts
Massachusetts has taken the lead in passing a new regulation - 201 CMR 17:00 -that requires companies to implement a comprehensive data security plan that includes encryption. This article discusses some aspects of this regulation and offers suggestions on how data security best practices can help with compliance. Published by: Sophos Inc.

Storage for Electronic Health Care Systems
With all of the uncertainty surrounding electronic health records, one thing is for sure: You’ll be storing more data, with more protection and for longer times. Read this eGuide to learn how to accomplish that without breaking the bank. Published by: SearchCIO.com

Software Reliability: Building Security In
Fixing software security vulnerabilities during development is expensive, difficult and time-consuming. But fixing them after deployment is far more expensive and counterproductive. In this video featuring security expert Diana Kelley, learn state-of-the-art techniques for building a secure software development process. Published by: Ounce Labs, an IBM Company

Countdown: Selling security in the SDLC
Building security into the software development lifecycle takes more than just a plan. You need the support of both the development and security/audit organizations to make it work. This podcast, featuring Diana Kelley, presents a plan for selling the value of security to all of the constituencies who matter in your organization. Published by: Ounce Labs, an IBM Company

Expert Guide to Managing .PST File Size, Usage, and Access
In this Pocket E-Guide, you will discover expert tips for managing .PST file size, usage, and access. Learn how to successfully migrate .PST files to the Exchange information store to ensure all data is housed in one location and being backed up regularly. Published by: Sherpa Software

Integrating Data Protection Manager 2007 with SPI with Iron Mountain’s Cloud Recovery Service
Managed Service Providers with customers who have or are considering Microsoft's System Center Data Protection Manager (DPM) 2007 can now offer secure, cloud-based protection and recovery for DPM 2007 data with the CloudRecovery service, created by Iron Mountain and Microsoft. Learn how this service can help your customer meet today’s requirements. Published by: Iron Mountain Digital

No More Tiers: Reduce Storage Costs with an Age-in-Place Strategy
As mid-size enterprises find themselves strapped for time, money and management resources, they have to find ways of doing more with less. Age-in-Place is a data management strategy that means no more tiers – the easiest and most cost effective way to manage the life-cycle of your data. Published by: Nexsan Technologies

Understanding and Simplifying SharePoint 2007 Permissions Management
Authentication to a SharePoint environment is the process in which a firm's architecture approves a user's credentials; most commonly a Windows-based authentication. This whitepaper will discuss the finer points and give a greater understanding of securable objects, permissions, permission levels, and access scenarios. Published by: Metalogix

Presentation Transcript: Best of Breed Data Protection: Architecting Deduplication and Virtualisation
This transcript documents a presentation featuring Brad Blake, Director, IT at Boston Medical Center. Mr. Blake will discuss how he initially started working with Data Domain as part of a VMware project. The meat of his presentation focuses on architecting deduplication and virtualisation for best of breed data protection. Published by: Data Domain

Podcast - Best of Breed Data Protection: Architecting Deduplication and Virtualisation
Discover the benefits of disk over tape-based storage systems. This podcast will examine a large medical nonprofit’s transition from a tape-based storage system to a disk-based system. Find out how this organisation increased backup performance, shortened RTOs, lightened management burden, cut costs and more by switching to disk-only storage. Published by: Data Domain

Webcast - Best of Breed Data Protection: Architecting Deduplication and Virtualisation
Please watch this presentation featuring Brad Blake, Director, IT at Boston Medical Center. The presentation will illuminate topics such as Boston Medical Center’s decision process and successful implementation of Data Domain deduplication storage - as well as the economic benefits received by going tapeless for backup and disaster recovery. Published by: Data Domain

Web Content Control: Five Steps to a Successful Implementation
Implementing Web Content Control can seem intimidating. It represents the uneasy marriage of network administration and human resource management. With a little forethought, however, it becomes straightforward and very effective. Read this whitepaper for a step-by-step overview of a successful web content control implementation. Published by: Untangle, Inc.

eBook: Data loss prevention strategies, practices and tools
Data loss prevention strategies, practices and tools are more important than ever. Read this e-book for expert advice on DLP, encryption, risk management and more. Published by: SearchSecurity.com & SearchCompliance.com

Intelligent Defense: SIMs for Threat Management
Learn about security information management systems (SIMs) and how they support a security information lifecycle of collection, alerting, reporting, and forensics. Published by: Q1 Labs

Secrets of Log Management
This video offers an in-depth look at a number of log management strategies that security administrators use in their organizations today and explain their "secrets" for success. Published by: Q1 Labs

Workforce Freedom: Strong Authentication for PC and Mobile Devices.
This podcast will discuss what strong authentication is and why it is important. Doron will examine who needs strong authentication and which types of users will benefit from a more secure solution. Published by: SafeNet, Inc.

What Every Managed Service Provider Should Know About Cloud Storage
Cloud storage presents Managed Service Providers an exciting opportunity to help customers accommodate data growth, but can raise doubts about security, privacy, and compliance. As THINKStrategies notes, choosing the right cloud storage partner is essential to maintaining customers’ trust. Published by: Iron Mountain Digital

Iron Mountain’s Cloud-Based Protection for Servers
Managed Service Providers working with smaller businesses can help them better protect their data with two cloud-based strategies from Iron Mountain. Learn how LiveVault and CloudRecovery can bring your customers peace of mind. Published by: Iron Mountain Digital

Remote Branch Office Trends
In this podcast, an industry expert discusses how the recession has affected branch office growth; what’s driving change in branch offices, and how to over cover the never-ending challenge of branch office security. Published by: SonicWALL

Why Traditional Anti-Malware Solutions Are No Longer Enough
Security used to be a straightforward matter. Email was the primary attack vector. Simply installing an anti-virus product and using caution with attachments was enough. Today's threats are rapidly evolving, stealthy, and targeted. Read this paper to find out where your current security solutions may be lacking and how to close that gap. Published by: AVG Technologies USA, Inc.

Information Security Essential Guide to SIMs
Security information management systems can now be used for proactive risk management and business intelligence. This Essentials Guide explains how this can be achieved. Read on to find articles that cover topics like today's SIM trends, incident response, threat management, and data analysis. Published by: Information Security Magazine

EVault Remote Disaster Recovery
EVault Remote Disaster Recovery Service (RDR) is a hosted service to help you quickly recover your key servers and data after a site disaster, and remotely access them in a secure virtual environment. Published by: i365, A Seagate Company

Transformational Change in Financial Services: The Value of Delivery Options in IT Vendors
As improving business functionality increasingly depends on IT, CIOs find themselves between the proverbial rock and a hard place. They must find ways to bring new and dynamic value to the business with fewer resources. To meet this challenge, more CIOs are sourcing IT through vendors that offer multiple delivery options. Published by: i365, A Seagate Company

The Keys to Disaster Recovery Planning: i365’s EVault Disaster Recovery Solutions help protect you from losing valuable data due to complete site outage
Disasters happen in many ways and can disrupt or even completely destroy your business. What happens if and when disaster strikes? Do you have duplicate copies of your mission critical data stored offsite? How fast and reliable will your recovery of information be? Will your company survive? Published by: i365, A Seagate Company

Ten Steps to Safeguard Small Business Data
Your small business has distinct needs that differ from either consumers or larger businesses. Here are ten steps to help you to protect your data if your resources are limited? Published by: i365, A Seagate Company

Ensuring The Availability of Blackberry Enterprise Server
In order to implement a plan for protecting and backing up BlackBerry handhelds, it's important to understand how the Blackberry Enterprise Server solution works within an existing email environment. This paper gives a quick lessong to that end, then concentrates on ensuring the availability of the Blackberry Enterprise Server Published by: Double-Take Software

Five Cost-Effective Ways to Enable Fast Recovery
This white paper reviews options for a multifaceted recovery strategy, ensuring that your key systems are protected with maximum efficiency at minimal cost. Published by: i365, A Seagate Company

EVault SaaS - World-class online backup service offerings packaged to fit your business
EVault SaaS is our automated online backup and recovery offering that provides secure, reliable, efficient protection of your organization’s critical data, directly through the Internet. With EVault SaaS, you get a world-class data protection infrastructure that lets you safeguard your data without additional capital or IT expenses. Published by: i365, A Seagate Company

Protecting Microsoft Exchange
Though the technological reasons to protect Exchange systems are obvious, there are quantifiable fiscal reasons to protect it as well. Learn how to protect and recover business critical data and applications relevant to your Exchange system. Published by: Double-Take Software

Data Privacy Compliance Report
44 states now have privacy laws in force. Combine those with PCI, HIPAA, SOX, etc., and it's difficult to comply with all the laws that apply to your Enterprise. Now we've made it simple. Just take 8 minutes to answer these 8 questions. Then click "submit" to receive your customized report. Published by: Patrick Townsend Security Solutions

Pocket E-Guide: Web 2.0: Problem or Paranoia?
Web 2.0 has radically changed the way information is disseminated and consumed. However, there must be controls in place to create a security balance that prevents serious risks. This Pocket E-Guide reviews the pros and cons of various Web 2.0 strategies for security and compliance. Find out if updating employee usage policies is enough. Published by: Sophos Inc.

What Executives Need to Know About Web Application Development Security
The most common approach to securing a web application involves doing a single security test, usually a Web Application Security Assessment, when a development project is completed. While this is still a requirement, this paper discusses why security needs to be incorporated earlier and throughout the software development life cycle (SDLC). Published by: Redspin, Inc.

Mapping Application Security To Business Value: Considerations And Recommendations For IT And Business Decision Makers
This white paper outlines considerations and recommendations for reducing business risk by ensuring that your web applications are secure. Published by: Redspin, Inc.

Disaster Recovery Planning With Virtualization Technologies
This whitepaper demonstrates how leveraging real-time replication and application availability for disaster recovery using solutions from Double-Take Software is a cost-effective way to ensure that a mission-critical application's RPO and RTO goals are adequately met. Published by: Double-Take Software

Information Security Magazine November 2009: Stay in Control
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it. Read this magazine and find out how a consistent change management process puts you in charge. Published by: Information Security Magazine

Pocket E-Guide: Expert Analysis of the Top Ten Windows Security Threats
This Pocket E-Guide provides expert insight into the common weaknesses that exist in today's Windows-based systems. Explore the top ten most frequent Windows security vulnerabilities and how to counter these threats. Discover the pivotal role proper malware protection, usage of firewalls, and updated patches play in a secure Windows environment. Published by: ESET

Six Data Protection Tips for SMBs
This whitepaper provides six tips for an SMB approach to protecting critical data. These tips used in conjunction with Double-Take Availability from Double-Take Software can help SMBs defend against crippling downtime and data loss. Published by: Double-Take Software

Protecting and Enhancing SQL Server With Double-Take Availability
Double-Take Software provides organizations with a solution that offers distinct recovery and protection advantages over manual Microsoft SQL built-in replication capabilities: Double-Take Availability saves more data real-time and restores that data in a much faster manner. Published by: Double-Take Software

Pocket E-Guide: Managing Windows Security Risks While Maintaining System Usability
This Pocket E-Guide discusses the steps essential for balancing Windows security requirements with the needs and priorities of IT administrators. Gain insight into the common mindset of many of today's IT administrators and learn how to reasonably manage security risks while ensuring consistent usability and user convenience. Published by: ESET

Pocket E-Guide: The Top Causes of Windows Server Security Risks
In this Pocket E-Guide, you will find insight into the causes of persistent Windows server security risks. Learn how a lack of standards adoption, delegation, and coordination among security teams can lead to compliance gaps and security breaches, and why a lack of cohesive priorities within a team can create significant Windows vulnerabilities. Published by: ESET

Virtualization Challenges Are Highlighted by User Survey
To understand the impact of server virtualization, Syncsort commissioned Ziff Davis Media to conduct a survey around end-user experiences with migrating physical servers to virtual machines (referred to as P2V migration). Read the results here. Published by: Syncsort

Rip and Replace: Choosing the Best Strategy when Switching Antivirus Solutions
Switching security solutions on a large scale can be challenging for any organization. A well-planned strategy can minimize the impact on business processes without sacrificing security. The most effective approach is one that is customized for the unique needs of your organization. Check out this data sheet to learn about one such strategy. Published by: ESET

EVault Advanced Security: Proven protection provides peace of mind to companies worldwide
Because tape-based backups are vulnerable to theft, EVault has removed the human element, and threat of exposure, through its datacentric technologies of DeltaPro processing, Adaptive Compression, and encryption to create a powerful and reliable security model. Published by: i365, A Seagate Company

The Evolving Branch Office
With nearly 90% of companies operating a virtual workplace and large percentages of employees working away from home office or the primary data center, IT must support ever-increasing numbers of remote and virtualized workers. This E-Guide details the security and optimization best practices for various types of branch offices. Published by: SonicWALL

Most Popular White Papers and WebcastsSecurity Research
White papers, webcasts, podcasts, IT downloads and product information provided by Bitpipe

 

Job Spam Uses Twitter
TrendLabs researchers were alerted to the discovery of spammed messages that contained Twitter URLs. The spam uses subjects such as N3 Earn Extra Income! 7L, C2 Exrtra Income Daily 4P, and Q0 $$$ Oppurtunity 6O. It informs users about supposed work-from-home opportunities for Google that pay good sums of money. It then entices users to click the Twitter [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Job Spam Uses Twitter

Fake Blogs Lead to FAKEAV
Media reports have revealed the existence of fake blogs that were used to spread FAKEAV malware. The blogs do not actually contain any useful content. Instead, they have posts that contain nothing but images with post titles that use a wide variety of topics. The images used appear to have simply been taken from a [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Fake Blogs Lead to FAKEAV

Payment Request Spam Contains Malware
TrendLabs researchers received spammed messages purporting to have come from various companies such as eBay, J.P. Morgan Chase and Co., and Colgate-Palmolive, among others. The email bore the subject, “Payment request from,” and informs users about a certain recorded payment request. The spammed message even gave users two options—to either ignore the email if the payment request has been made or to [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Payment Request Spam Contains Malware

Meteor Shower and New Moon Lead to FAKEAV
TrendLabs threat analysts found another FAKEAV campaign piggybacking on the Leonid meteor shower and the much-anticipated sequel to the Twilight saga, New Moon. Users searching for news and updates using the keywords “meteor shower tonight november 16 time” and “New Moon premiere live stream” end up with poisoned search results. These results redirect users to fake [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Meteor Shower and New Moon Lead to FAKEAV

Pacquiao vs Cotto Fight Live Stream Leads to FAKEAV
As Filipinos and Puerto Ricans were busy rooting for their champions in yesterday’s fight, so were cybercriminals who wished to capitalize on the match. Through SEO poisoning, users searching for a live stream of the Pacquiao vs Cotto fight were instead served a FAKEAV variant. According to Threat Response Engineer Jasper Manuel, search results led to the download of [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Pacquiao vs Cotto Fight Live Stream Leads to FAKEAV

Bogus “Balance Checker” Tool Carries Malware
Trend Micro threat analysts received samples of spammed messages purporting to have come from mobile phone companies, Vodafone and Verizon Wireless. The email messages carry the subject, “Your credit balance is over its limits” and inform users that their credit balance is due. To be able to review the payments, users should employ the balance [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Bogus “Balance Checker” Tool Carries Malware

New SMB Zero-Day Exploit?
Third-party security researchers reported that they found a vulnerability in both Windows 7 and Windows Server 2008 Release 2. The said bug exists in the handling of Server Message Block (SMB) packets and can allow malicious users to remotely crash systems if a malformed packet is received by the target system. The crash does not [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

New SMB Zero-Day Exploit?

Twitter DM Spam Collects Mobile Numbers
Cybercriminals are using compromised Twitter accounts to spam out information-gathering websites to unknowing users. The attack starts with compromised Twitter accounts. The accounts are used to send out Direct Messages to the followers of the users who own the compromised accounts. The Direct Message—which is basically the Twitter counterpart of a private message—contains a link to what [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Twitter DM Spam Collects Mobile Numbers

Beware: Never Share Your Capita with Phishers
Trend Micro threat analysts recently discovered a phishing attack targeting the website of the Capita Group. The said site is dedicated for the company shareholders’ use. It aims to reduce the need for paperwork and provides 24 hour access for greater convenience. The fake Web portal asks users to enter their surname, shareholder reference number, postal code, telephone number, date of birth, and [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Beware: Never Share Your Capita with Phishers

November Patch Tuesday Addresses 15 Vulnerabilities
Microsoft released six security bulletins to fix 15 vulnerabilities in this month’s Patch Tuesday. Three of these security advisories (MSO9-063, MS09-064, MS09-65) are considered “critical” while the other three have been dubbed “important.” MS09-067 deals with eight security holes plaguing Microsoft Excel that when successfully exploited can allow remote code execution when users open a specially crafted .XLS file. Users are thus strongly [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

November Patch Tuesday Addresses 15 Vulnerabilities

New Koobface Component Imitates Facebook User
The Koobface botnet has pushed out a new component that automates the following routines: Registering a Facebook account Confirming an email address in Gmail to activate the registered Facebook account Joining random Facebook groups Adding Facebook friends Posting messages to Facebook friends’ walls Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook. [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

New Koobface Component Imitates Facebook User

Koobface Abuses Google Reader Pages
We are seeing another development from the Koobface botnet, this time abusing the Google-owned service Google Reader to spam malicious URLs in social networking sites such as Facebook, MySpace, and Twitter. The Koobface gang used controlled Google Reader accounts to host URLs containing an image that resembles a flash movie. These URLs are spammed through the said social networks. When [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Koobface Abuses Google Reader Pages

Are You Being (Facebook) Phished?
Trend Micro security experts received email messages that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the URL provided in the email message. When the user clicks the URL, it points them to a spoofed Facebook website where they are required to [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Are You Being (Facebook) Phished?

Lose/Lose: Kill an Alien, Delete a File
Anyone who has ever played a video game—whether in an arcade, using a gaming console, or on a PC—knows how a good kill can get one all excited and pumped up. Games that involve killing certain entities give us the thrill of being in such an exhilarating situation, without suffering any serious consequence. A certain [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Lose/Lose: Kill an Alien, Delete a File

DOWNAD/Conficker Turns 1yr
Worm Exploits MS08-067 Bug DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors—the Sasser and Nimda worms—it also raised security concerns with regard to a spike in port 445 activity. A few days after its appearance, [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

DOWNAD/Conficker Turns 1yr

TrendLabs | Malware Blog - by Trend Micro
Hottest news about malware -- worms, viruses, trojans, adware and other internet or web threats by Trend Micro.

 

Microsoft Window...
Security Advisory: Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability

November 2009 - ...
Security Advisory: November 2009 - Microsoft Releases 6 Security Advisories

October 2009 - M...
Security Advisory: October 2009 - Microsoft Releases 13 Security Advisories

September 2009 -...
Security Advisory: September 2009 - Microsoft Releases 5 Security Advisories

August 2009 - Mi...
Security Advisory: August 2009 - Microsoft Releases 9 Security Advisories

(MS09-034) Cumul...
Security Advisory: (MS09-034) Cumulative Security Update for Internet Explorer (972260)

(MS09-035) Vulne...
Security Advisory: (MS09-035) Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

Vulnerability in...
Security Advisory: Vulnerability in Authplay.dll in Certain Versions of Adobe Reader, Acrobat and Flash Player

July 2009 - Micr...
Security Advisory: July 2009 - Microsoft Releases 6 Security Advisories

Microsoft Window...
Security Advisory: Microsoft Windows 'MPEG2TuneRequest' Object Remote Code Execution Vulnerability (972890)

Trend Micro - Security Advisories
Latest security advisory from Trend Micro

 

MAL_OTORUN2
MAL_OTORUN2

CRYP_MANGLED
CRYP_MANGLED

CRYP_KRAP
CRYP_KRAP

MAL_OTORUN1
MAL_OTORUN1

WORM_DOWNAD.AD
WORM_DOWNAD.AD

CRYP_NAIX-7
CRYP_NAIX-7

MAL_DOWNADJ
MAL_DOWNADJ

MAL_VUNDO-9
MAL_VUNDO-9

WORM_DOWNAD
WORM_DOWNAD

CRYP_YODAP
CRYP_YODAP

Trend Micro - Malware Top10
Malware Top 10 from Trend Micro

 

Is It Doing Anything?
Part two in a series about Norton 360’s smart task scheduler. In this entry, product development manager, Collin Davis, introduces a new tool that gives users insight into what this feature of Norton 360 is doing behind the scenes.

Norton 360’s Smart Scheduler
Norton 360’s smart task scheduler doesn’t rely on a fixed schedule – instead it works around yours. Product Development Manager Collin Davis explains how Norton 360 is always looking for times that you’re away from your desk to perform the routine maintenance tasks it needs to keep your PC safe and tuned.

Do you Yahoo?
I do! And if you’re among Yahoo!’s 27 million users*, you probably do too. A few weeks ago, Yahoo! announced its new Beta version of their popular instant messaging software called Yahoo! Messenger 9.0. Symantec worked alongside Yahoo! to bring additional security to instant messaging by enabling security scans of files that are sent via IM.

Passmark Performance Testing
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.

Tackling Performance Impact with Norton Internet Security and Norton AntiVirus 2008
As most of our users know, over the years, the threat environment has changed drastically. Viruses gave way to worms, then came spyware, phishing, and botnets. In turn, Symantec responded by updating our consumer products each year with new features designed to protect users against these threats.

Detection and Remediation
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.

Stray thoughts on security
With the pending trial of alleged spam mogul Robert Alan Soloway, I thought it might be interesting to look at today's threat landscape to see what consumers today are faced with when they switch on their computers.

Security is a funny thing
Security is a funny thing. Everyone knows they want it and need it. Most people using computers today want security software to be vigilantly on guard, but want it to function in the background as an invisible shield without hindering common tasks.

Organized Crime 2.0
Organized criminals are ramping up their use of the Internet as an attack medium.

Stop Cyberbullying Day
Today has been declared "Stop Cyberbullying Day" by Andy Carvin, Internet activist and founding editor of the Digital Divide Network. Recent threatening posts against well-known computer industry blogger, Kathy Sierra, have raised concerns about the increasingly vicious nature of cyberbullying as well as the growth of activity.

Not all Security Solutions are Created Equal
Protecting consumers from the ever expanding universe of online threats requires focus, commitment and experience. Looks like Microsoft- and sadly, users of their Windows Live OneCare software – are finding this out the hard way.

The Envelope Please...

Norton360 Ships!
I’m very pleased to announce the availability of Norton 360 on XP and Vista. Norton 360 is the new flagship product for the consumer team at Symantec, and it spans five key areas of functionality:

New Norton Identity Client Unveiled at DEMO '07
The new Norton Identity Client (NIC) was unveiled this week at

SONAR: Symantec Online Network for Advanced Response and PeaComm
On January 17th, Symantec announced a new technology, SONAR, which stands for Symantec Online Network for Advanced Response. In the week of the announcement, SONAR already played a critical role as an early warning system and Zero Hour detection for the PeaComm threat, let’s examine how:

Norton 360 Blog #5
Welcome back from the holidays! I hope everyone’s now had a chance to get more comfortable with the latest Beta build of Norton 360 to support Vista 6000.

Norton 360 Design Philosophy: User Experience and Performance
I’m very pleased to announce the availability of Norton 360 on Vista. I know many of you have been asking about Vista support, so the Norton 360 team is anxious to get your feedback on what you like and what we can improve.

Norton 360 Design Philosophy: Right Balance of Functionality
Hello All, I’m continuing our blog about the design philosophy behind Norton 360.

Norton 360 Blog #2: Design Philosophy Blog: Automation
Hello and welcome again to the Norton 360 blog. I want to share with you our thinking in the design of this product and expand a bit more about our design philosophy.

Spammers hit blogs...
An interesting new trend and vector for spammers.

Norton 360 Blog #1: Welcome Blog
It is my pleasure to say "Welcome!" to the Norton 360 blog community.

The Illusion of Control, Part 3
In two previous posts I’ve talked about why firewalls fail as outbound control mechanisms due to what amounts to lack of visibility into the traffic they are passing.

The Illusion of Control, Part 2
Previously I made the claim that firewalls fail as outbound control mechanisms because they depend on port bindings for protocol identification and because they make the assumption that they can do content inspection. Let’s explore that a little deeper now.

The Illusion of Control
A key aspect of security is control. In recent years, security and network administrators have spent a great deal of time and money attempting to control their networks for the sake of security.

Criminal ingenuity - online identity theft hits brokerages
Criminals are now targeting brokerage accounts to commit identity fraud against consumers. Consumers need to learn how to transact safely online, both by being more cautious and skeptical as well as utilizing new technology that is now available.

Security 2.0 and Identity
Last week we made some announcements about our "Security 2.0" initiative and talked in some detail about the various products and services. One topic that got some attention was identity. I thought I might write a little about digital identity and why we see it as so important.

Upgrading to Norton 2007 products
Upgrading to Norton 2007 products

Where to download Norton Internet Security Add-on Pack
Where to download Norton Internet Security Add-on Pack

FREE NIS Add-on pack available
FREE NIS Add-on pack available

Norton Internet Security Add-on pack
Norton Internet Security Add-on Pack

Threat Landscape
One of the things Symantec has an extremely good viewpoint into is the evolution of the threat landscape on the Internet.

New 2007 releases – Light and Tight!... continued
Norton Internet Security Add-on Pack

Hardware and Software Firewalls – which one should I use?
Home networking equipment often includes a hardware firewall. Norton Internet Security also includes a software firewall. Find out what makes each type of firewall different and what to use for the absolute best protection.

New 2007 releases – Light and Tight!
I am pleased to let you know that we have just shipped Norton Internet Security 2007 and Norton AntiVirus 2007. These releases were the result of the combined efforts of hundreds of Symantec employees, and I am personally very proud to have been a member of this team.

Norton Confidential
Norton Confidential is a new security product we are working on, and it is unlike anything else in the market. When something so different is released, it’s bound to create excitement, and to prompt some questions like: what does it do? Why do I need it?

Viruses, phishing... they happen to me too.
In the last few weeks I have received several instant messages linking to phishing sites. I find myself really disturbed when security threats find their way to one of my computers, or when they happen to someone I know.

Norton Internet Security 2007 beta
Many of our loyal Norton users are beginning to ask what new things we have been working on, and what will be coming out with this year’s product refreshes. A beta version for Norton Internet Security 2007 was posted last week (check it out here:

Beware of Vishing Attacks
In May of this year, our response organization

Online transaction security - protecting your personal information
As online threats change, you need to continue to evaluate your security protection. Online transactions are identity thieves’ sweet spots - is your security software designed to protect you specifically from the new type of threats like phishing and keystroke logging that are designed to steal your passwords, account numbers and other personal information? I have some tips for those of you banking and shopping online as to how to take more responsibility for your own security.

The importance of Network Intrusion Prevention technology
Intrusion Prevention Technology is a critical component of a comprehensive desktop security solution. This blog entry discusses the main benefits behind Network Intrusion Prevention Systems (NIPS), how they complement other security technologies and the importance of their role in defending a system against common attack vectors in today’s security threats.

Follow Me to Safety Town
Here at Symantec, we’ve been experimenting with new ways to capture people’s attention – and warn them about some of the dangers of going online without proper security precautions. Here’s one of our most recent experiments.

Suite Security
Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. They can also be more secure. Let's examine how.

Are all desktop security products created equal, or are they getting harder to test?
It has become increasingly difficult to test the latest security products which use behavior-based systems to protect against today’s real-world threats. Traditionally, security product testing is done by running the product against a set of threats (files), and seeing how many of them are discovered.

Online Identity Theft & Fraud - A Growth Business...continued
Last time I discussed the rise in ID theft and online criminal activity. This week, I’d like to touch on how consumers and companies need to deal with emerging threats, like phishing, pharming, and key loggers.

Welcome to the Norton Protection Blog
Our goal with this blog is to generate an interactive dialog between Symantec and you – our customers, our partners, members of the media, analysts, security experts, and anyone else interested in the issues, technologies, and trends surrounding consumer security and protecting consumers when they go online.

Online Identity Theft & Fraud - A Growth Business
Identity theft continues to rise with reports indicating the vast majority of identity theft takes place offline – I’m not so sure I believe that. Fraud associated with identity theft is often unreported and not prosecuted, and it’s difficult to pinpoint the method by which personal data was stolen. The more technologically challenging the case, the less likely it is the victim will understand how their identity was originally compromised.

They Said It Couldn’t Be Done – A Silent Outbound Firewall and Usable Security
A silent outbound firewall has been made possible by recent innovations at Symantec in the field of Usable Security. While many industry experts believe that you cannot have both security and ease of use, Symantec engineers have applied a unique combination of technologies to provide strong security that is easy to use.

The Rest of the Iceberg
In the consumer security industry, we tend to focus a great deal on the “client software” –Norton Internet Security or some other security software that runs on a user’s PC. While this software is vitally important to effectively protecting people online, it’s really just the “tip of the iceberg” of what’s required to provide comprehensive, effective protection.

Norton Protection Blog - Symantec Corp.
none

 

Security pro says new SSL attack can hit many sites
A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

UK police reveal arrests over Zeus banking malware
British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC.

64-bit Windows safer, claims Microsoft
Windows users running 64-bit versions of the operating system are less likely to get infected by attack code, Microsoft's security team said yesterday.

SSL flaw could have been used to hack Twitter
A flaw in the protocol used to secure communications over the Internet could have been used to hack Twitter accounts, according to an IBM security researcher.

Microsoft confirms first Windows 7 zero-day bug
Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports on their firewall.

Fake Verizon 'balance-checker' is a Trojan
Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments.

More Viruses News
View more Viruses news and analysis from Computerworld.com

Computerworld Viruses News

 

Vuln: Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities

Vuln: Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness

Vuln: Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability

Vuln: Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability

Bugtraq: VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Bugtraq: IE7
IE7

Bugtraq: [security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access
[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access

Bugtraq: PHP "multipart/form-data" denial of service
PHP "multipart/form-data" denial of service

More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

SecurityFocus Vulnerabilities
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

 

New Malware Scams: Balloon Boy, Windows 7
Latching on to major headlines tend to be widely used techniques for hackers hoping to spread malware.

Spammers Target Auto Industry
A mere ten percent of the email received by auto industry and its staffers is legitimate.

Electronic Health Records: Privacy Issues Remain
Converting paper records to a digital format creates its own issues, even as it makes the health system more efficient.

Mcafee Unveils Email App as Cloud Hybrid
The security software firm is offering its new email security solution as a cloud or on-premise app, or a hybrid of both.

Windows and Online Banking: A Dangerous Mix
This security expert uses Windows for most functions, yet feels it’s not safe enough for the average user to trust for online banking.

McAfee Launches Mac Endpoint Protection
The software includes antivirus and antispyware protection as well as a system firewall.

Security
Security

 

Microsoft MMC How To: Hardening Desktops for Improved Security
A free-for-all user desktop environment is a recipe for malware infections, data leaks, or worse. Learn how to take control of your end-user systems with Microsoft MMC and Active Directory.

Ten Back to School Security Tips for Administrators
Soon students and faculty will put many schools' IT departments to the test. Schools (and businesses, too) can take steps to keep their users and their data safe.

Verisign Aims to Deflate 'Pump and Dump' Scams
A fraud-detection service warns online brokerages when they're about to make a trade that looks fishy.

Bandwidth Alert: Brace Yourself for the Beijing Olympics
Enterprises would do well to consider the strain their Internet access will take during the Games -- not to mention increased malware attacks.

Security Basics: A Strong Password is the Key
Protecting your data and your identity starts with a strong password. Here's what you need to know to make your computer life safer and more secure.

Security Best Practices
Security Best Practices