http://www.insecuremag.com Notifications of new (IN)SECURE Magazine issues. http://creativecommons.org/licenses/by-sa/1.0/ en-us Mon, 18 Jul 2022 07:00:06 GMT https://www.helpnetsecurity.com/insecuremag/issue-72-july-2022/
- Review: Hornetsecurity 365 Total Protection Enterprise Backup
- 7 threat detection challenges CISOs face and what they can do about it
- How to set up a powerful insider threat program
- Top 5 security analytics to measure
- How to avoid security blind spots when logging and monitoring
- Photo gallery: Cyber Week 2022
- Review: Enzoic for Active Directory
- An offensive mindset is crucial for effective cyber defense
- The SaaS-to-SaaS supply chain is a wild, wild mess
- How the blurring of the supply chain opens your doors to attackers—and how you can close them
]]> https://www.helpnetsecurity.com/insecuremag/issue-70-november-2021/
- How to develop a skilled cybersecurity team
- Securing your WordPress website against ransomware attacks
- The warning signs of burnout and how to deal with it
- How to prevent corporate credentials ending up on the dark web
- Risky business: Steps for building an effective GRC program
- ​A ​remedial approach to destructive IoT hacks
- Zero trust: Bringing security up to speed for the “work-from-anywhere” age
- What is the HIPAA Security Rule? Three safeguards to have in place
- Why automated pentesting won’t fix the cybersecurity skills gap
- What are the post-pandemic security concerns for IT pros and their organizations
- Vulnerability management is facing three core problems: Here’s how to solve them
- How building a world class SOC can alleviate security team burnout
- Top tips for preventing SQL injection attacks
]]> https://www.helpnetsecurity.com/insecuremag/issue-69-july-2021/
- Why threat hunting is obsolete without context
- Review: Group-IB Threat Hunting Framework
- Navigating the waters of maritime cybersecurity
- Defending against Windows RDP attacks
- The evolution of the modern CISO
- Understanding the cloud shared responsibility model
- Why is patch management so difficult to master?
- Preventing security issues from destroying the promise of IoT
- Reformulating the cyber skills shortage
- Cybersecurity industry analysis: Another recurring vulnerability we must correct
- For CISOs and artificial intelligence to evolve, trust is a must
- Quantum computing is imminent, and enterprises need crypto agility now
- When the adversarial view of the attack surface is missing, digital transformation becomes riskier
]]> https://www.helpnetsecurity.com/insecuremag/issue-68-march-2021/
- Physical cyber threats: What do criminals leave when they break in? 
- Review: Group-IB Fraud Hunting Platform
- The transportation sector needs a standards-driven, industry-wide approach to cybersecurity
- Tips for boosting the “Sec” part of DevSecOps
- When it comes to vulnerability triage, ditch CVSS and prioritize exploitability
- Homomorphic encryption: Myths and misconceptions
- How to motivate employees to take cybersecurity seriously
- Enable secure remote workspaces without trashing your entire IT infrastructure
- Protecting productivity within the disappearing perimeter
- Closing the data divide: How to create harmony among data scientists and privacy advocates
- Database encryption: Protecting the crown jewels
- Can we put a stop to cyber harassment?
- Preparing for the CMMC onslaught
- For SOC teams, the analytics and automation hype is real
- Three ways MITRE ATT&CK can improve your organizational security
]]> https://www.helpnetsecurity.com/insecuremag/issue-66-june-2020/
- Let us be realistic about our expectations of AI
- Full-time bug hunting: Pros and cons of an emerging career
- Crowdsourced pentesting is not without its issues
- Changing the mindset of the CISO: From enforcer to enabler
- Review: Specops Key Recovery
- Is the future of information security and tech conferences virtual?
- Cybersecurity is a board level issue: 3 CISOs tell why
- The top four Office 365 security pain points
- On my mind: Transitioning to third party cloud services
]]> https://www.helpnetsecurity.com/insecuremag/issue-65-february-2020/
- A case for establishing a common weakness enumeration for hardware security
- Things to keep in mind when raising capital for your cybersecurity venture
- Burner phones are an eavesdropping risk for international travelers
- Hardware hacks: The next generation of cybercrime
- California’s IoT cybersecurity bill: What it gets right and wrong
- 7 signs your cybersecurity is doomed to fail in 2020
- How to test employee cyber competence through pentesting
- Smart cities are on the rise: What are the dangers?
- Modern security product certification best practices
- Why outsourcing your DPO is an effective insurance policy
]]> https://www.helpnetsecurity.com/insecuremag/issue-64-december-2019/
- Could audio warnings augment your ability to fight off cyberattacks?
- Your supplier’s BEC problem is your BEC problem
- Product Showcase: SpyCloud Active Directory Guardian
- Unmask cybercriminals through identity attribution
- Phishing attacks are a complex problem that requires layered solutions
- Winning the security fight: Tips for organizations and CISOs
- Want to build a SOC? Here is what you need to know beforehand
- Product showcase: Alsid for AD
- When is the right time to red team?
- IoT is an ecosystem, as secure as its weakest link
]]> https://www.helpnetsecurity.com/insecuremag/issue-63-september-2019/
- Identifying evasive threats hiding inside the network
- Inside the NIST team working to make cybersecurity more user-friendly
- Report: Black Hat USA 2019
- Healthcare blind spot: Unmanaged IoT and medical devices
- What the education industry must do to protect itself from cyber attacks
- Solving security problems: Security advice for those with limited resources
- Review: Specops uReset
- True passwordless authentication is still quite a while away
- Six criteria for choosing the right security orchestration vendor
- Ensuring supply chain security: 5 IT strategies for choosing vendors wisely
- Have you thought about the often-overlooked mobile app threat?
]]> http://helpnet.pro/qqyc
- What's your company's risk exposure?
- The modern threat landscape and expanding CISO challenges
- Product showcase: Veriato Cerebral user & entity behavior analytics software
- Building a modern data registry: Go beyond data classification
- What happened to trust and transparency in cybersecurity?
- Prioritising risks in a climate of geopolitical threats
- An intelligence-driven approach to cyber threats
- Is curiosity killing patient privacy? Combatting insider threats in the healthcare contact center
- Protecting applications against DFA attacks
- The SEC demands better disclosure for cybersecurity incidents and threats
]]> http://helpnet.pro/s36s
- How to make the CFO your best cybersecurity friend
- Review: Specops Password Policy
- Break out of malware myopia by focusing on the fundamentals
- Securing our future in the age of IoT
- Blind spots and how to see them: Observability in a serverless environment
- There are no real shortcuts to most security problems
- Bridging the priority gap between IT and security in DevOps
- Are you ready? A good incident response plan can protect your organization
- Privacy laws do not understand human error: Securing unstructured data in the age of data privacy regulations
- The future of OT security in critical infrastructure
]]> http://helpnet.pro/96kt
- The importance of career pathing in the cybersecurity industryy
- Securing healthcare organizations: The challenges CISOs facey
- Fingerprinting HTTP anomalies to dissect malicious operationsy
- How to keep cryptominers from opening up your IT container boxesy
- Report: Black Hat USA 2018y
- Vulnerability research and responsible disclosure: Advice from an industry veterany
- Managing migration mayhem: A roadmap for successy
- For the love of a good IT book: The No Starch Press storyy
- Overcoming the threat of ransomware with zero-day recoveryy
- Infosec and the future: Dr. Giovanni Vigna on lessons learned over 25 yearsy
]]> https://www.helpnetsecurity.com/insecuremag/issue-57-march-2018/
- Achieving zero false positives with intelligent deception
- Expected changes in IT/OT convergence and industrial security
- Testing machine learning products requires a new approach
- Why do we need a risk-based approach to authentication?
- Healthcare organizations and the cloud: Benefits, risks, and security best practices
- A deep dive into blockchain and Bitcoin
]]> https://www.helpnetsecurity.com/insecuremag-archive/
- How consumers, enterprises and insurance providers tackle cyber risk
- Industrial cyber insurance comes of age
- The modern challenges of cyber liability
- Rethinking corporate risk practices in the cyber age
- Cyber insurance's inevitable evolution into risk management services
- As cyber risks enter the top three global business risks, the insurance industry - responds
- Cut the FUD: Why Fear, Uncertainty and Doubt is harming the security industry
- Using a robust platform for cyber threat analysis training
- Sophisticated threats? It's usually the basic ones that get you
]]> https://www.helpnetsecurity.com/insecuremag-archive/
- Building a successful information security monitoring program in an age of overwhelming data
- AI for cybersecurity: Promises and limitations
- Report: Black Hat USA 2017
- Designing security policies to fit your organization’s needs
- KPN CISO paints a greater security picture
- Has healthcare misdiagnosed the cybersecurity problem?
- Review: Acunetix 11
- Why end-to-end encryption is about more than just privacy
- Journey to the cloud: Automated, continuous, visible
- How to catch a phish
]]> https://www.helpnetsecurity.com/insecuremag/issue-54-june-2017/
- The death of passwords: Cybersecurity fake news?
- Breaking the secure enough mindset
- Cyber hygiene: The more you know
- What's an IT architect, and could you become one?
- Report: Infosecurity Europe 2017
- Is your dragline dragging in security threats?
- Businesses finally realize that cyber defenses must evolve
- A simplified guide to PCI DSS compliance
]]> https://www.helpnetsecurity.com/insecuremag/issue-53-march-2017/
- How to leverage the benefits of open source software in a secure way
- Antivirus 2017: Security with a hint of surveillance
- Evolving PKI for the Internet of Things
- 7 real-world steps to security nirvana
- The HTTPS interception dilemma: Pros and cons
- Deception security doesnt have to be onerous or expensive
- Report: BSides Ljubljana 0x7E1
- 5 spring cleaning tips for your Identity and Access Management program
]]> https://www.helpnetsecurity.com/insecuremag/issue-52-december-2016/
- SCADA cybersecurity: A long history of errors
- Healthcare security: Combating advanced threats
- Do nott let your security education and awareness to take the back seat
- The devil is in the details: What your metadata says about you
- ICS cybersecurity: Futurism vs the here and now
- Will cybersecurity change with a change in administration?
- Review: IS Decisions UserLock
- "Build security in from the start" for app developers
- Executive hot seat: Lior Frenkel, CEO at Waterfall Security Solutions
- Narrowing the attack surface: A strategic approach to security
- Black Friday sales and enterprise data: Compromised information on the dark web - Commonly overlooked threat vectors
- Kaspersky Lab sets up a global ICS-CERT
- A checklist for people who understand cyber security
]]> https://www.helpnetsecurity.com/insecuremag/issue-50-june-2016/
- Securing the future: Best practices for keeping corporate information safe during an M&A
- Executive hot seat: Ron Green, Executive VP, CISO at MasterCard
- 7 tips to get the absolute best price from security vendors
- How CISOs can bridge the gap between their organizations’ IT and security needs
- Risk management: Risks are lurking everywhere
- Report: Infosecurity 2016
- Internet of Fail: How modern devices expose our lives
- Executive hot seat: Sumedh Thakar, Chief Product Officer at Qualys
- Security: Missing from DevOps thinking?
- The life of a social engineer: Hacking the human
- What 17 years as an infosec trainer have taught me
]]> https://www.helpnetsecurity.com/insecuremag/issue-49-february-2016/
- Privacy by design: What it is and where to build it
- Harnessing artificial intelligence to build an army of virtual analysts
- Building and implementing an incident response program from scratch
- Take it to the boardroom: Elevating the cybersecurity discussion
- Cyber security control maturity: What it is, and why you should care
- Have I been hacked? The indicators that suggest you have
- Demanding accountability: The need for cyber liability
- Adding the cloud to your rainy day plan
- The slings and arrows of encryption technology
]]> http://www.net-security.org/insecuremag.php
- Ivan Ristic and SSL Labs: How one man changed the way we understand SSL
- Review: Change and configuration auditing with Netwrix Auditor 7.0
- How things change: Secure remote access to industrial control systems
- Developing and implementing an information security program
- Applying machine learning techniques on contextual data for threat detection
- Why governments need to take the lead in cybersecurity
- How talking to recognition technologies will change us
- Why I recommend Chrome to family
- Inside the largely unexplored world of mainframe security
- The Lord of the Hacktivist Rings
- Minutes matter: Why detection, visibility and response are critical in the post-prevention era
- Web application fingerprinting with Blind Elephant
]]> http://www.net-security.org/insecuremag.php
- Redefining security visualization with Hollywood UI design
- Best practices for ensuring compliance in the age of cloud computing
- The evolution of DDoS and how ISPs can respond
- NowSecure Lab cloud: Mobile app assessment environment
- Why vulnerability disclosure shouldn’t be a marketing tool
- Report: Black Hat USA 2015
- We don't know what we don't know
- Outdated protocols put IoT revolution at risk
- The challenges of implementing tokenization in a medium-sized enterprise
- Automated threat management: No signature required
- Re-thinking security to detect active data breaches
- How to prevent insider threats in your organization
- ISO/IEC 27001 scoping and beyond
- Combatting human error in cybersecurity
- Threat intelligence matters to everyone
]]> http://www.net-security.org/insecuremag.php
- The Art of War applied to web application security
- Signature antivirus' dirty little secret
- Review: Tresorit for Business
- Making IoT security a reality
- Report: Hack In The Box
- Avoiding an IT disaster: Smart security for smart meters
- The standardization of tokenization and moving beyond PCI
- 10 practical security tips for DevOps
- Identifying the insider threat
- EMV’s impact on increasing card-not-present fraud: Now what?
- Identity crisis? Honoring the IAM legacy while taking action and embracing the future
- Report: Infosecurity Europe 2015
- IoT, interoperability, and identity
]]> http://www.net-security.org/insecuremag.php
- How do we ensure the Security of Things in light of the Internet of Threats?
- Security and compliance: A balancing act of inequalities
- Which kind of security professional are you?
- The derived credential: delivering digital security to a mobile world
- Declaring personal data bankruptcy and the cost of privacy
- Total threat protection: Myth and reality
- DevOps vs security: Can Docker make a difference?
- Best practices for securing PoS systems
- Challenges faced by global network professionals
- Who are the role models in cyberspace?
- Tackling today’s authentication complexities
]]> http://www.net-security.org/insecuremag.php
- What is the value of professional certification?
- How to tell if your security system has been fingerprinted by evasive malware
- Mobile hackers look to the network
- Why every security-conscious organization needs a honeypot
- Securing the U.S. electrical grid
- Using Hollywood to improve your security program
- How a large ISP fights DDoS attacks with a custom solution
- Black Hat USA 2014
- The synergy of hackers and tools at the Black Hat Arsenal
- Web application security today
- Big Data analytics to the rescue
- Why now is the time for enterprises to implement context-based authentication
- HoneyMalt: Mapping honeypots using Maltego
- Failure is an option
- Cloud security: Do you know where your data is?
]]> http://www.net-security.org/insecuremag.php
- Six infosec tips I learned from Game of Thrones
- Dissecting the newly-discovered desire for control and privacy
- Incident response and failure of the "Just Fix It" attitude
- How to learn information security
- Who are you? The impact of security breaches on authentication
- Thecus N5550 NAS Server inside and out
- Report: Hack In The Box Amsterdam 2014
- Ensuring the integrity of Rostelecom’s Wi-Fi network
- What inspired you to start hacking?
- Beyond Heartbleed: Closing SSL implementation gaps within our own networks
- Ironclad incident response
- Hands-on fun at HacKid 2014
- Are you ready for the day when prevention fails?
- Why privacy engineering is needed
]]> http://www.net-security.org/insecuremag.php
The show, which attracted more than 15,000 unique industry professionals from 73 countries across the three days, had a massive show floor featuring 345 exhibitors from 24 countries. Presented in this issue are some of the most interesting news and companies we've seen at the show. ]]> http://www.net-security.org/insecuremag.php
On top of that, spread over two expo floors, a total of 400 companies showcased the tools and technologies that will protect personal and professional assets now and in the future.

Featured in this magazine are the most important news and companies from the conference, which allows you to get an in-depth look at the highlights of the event. ]]> http://www.net-security.org/insecuremag.php
- Cloud insecurity? Time to bust the myth
- Executive hot seat: Cloud Security Alliance CEO
- Security uncertainty in the cloud: Problems and potential solutions
- Share with the world: Who reads my data in the cloud?
- Executive hot seat: Intrinsic-ID CEO
- Privacy in the cloud: The power of encryption
- How to recover deleted or corrupted digital currency
- Leveraging Big Data for security operations
- The past, present, and future of Big Data security
- Information stewardship: Avoiding data breaches and managing Big Data
- Generating value from Big Data analytics
- Too big to fail: The Big Data dilemma
]]> http://www.net-security.org/insecuremag.php
- How malware became the cyber threat it is today
- Testing anti-malware products
- Shoulder surfing via audio frequencies for XBox Live passwords
- How to write Yara rules to detect malware
- Report: HITBSecConf2013 Malaysia
- Using Tshark for malware detection
- 5 questions for the head of a malware research team
- Beyond apps, beyond Android: 2013 mobile threat trends
- Malware analysis on a shoestring budget
- Report: Virus Bulletin 2013
- Digital ship pirates: Researchers crack vessel tracking system
- Exploring the challenges of malware analysis
- Evading file-based sandboxes
- Report: RSA Conference Europe 2013
- Data security to protect PCI data flow
]]> http://www.net-security.org/insecuremag.php
- Dear CSO, do you know how to build security culture?
- How to secure a company’s Chinese development center?
- Stephen Pao, GM, Security Business at Barracuda Networks, on web application security
- The state of web application security in numbers
- Web application exploitation with broken authentication and path traversal
- Joel Smith, AppRiver CTO, on web threats
- With big data comes big responsibility: The (in)security of OLAP systems
- There are no winners in the blame game
- Digital graphology: It's all in the signature
- Security from within: Proactive steps towards protecting corporate assets from attack
- The five biggest reasons your IT staff is losing sleep
- How to manage your passwords with KeePass
]]> http://www.net-security.org/insecuremag.php
- Becoming a malware analyst
- Review: Nipper Studio
- Five questions for Microsoft's Chief Privacy Officer
- Application security testing for AJAX and JSON
- Penetrating and achieving persistence in highly secured networks
- Report: RSA Conference 2013
- Social engineering: An underestimated danger 
- Review: Hacking Web Apps
- Improving information security with one simple question
- Security needs to be handled at the top
- 8 key data privacy considerations when moving servers to the public cloud
- A closer look to HITBSecConf 2013 Amsterdam
]]> http://www.net-security.org/insecuremag.php
- Becoming a malware analyst
- Review: Nipper Studio
- Five questions for Microsoft's Chief Privacy Officer
- Application security testing for AJAX and JSON
- Penetrating and achieving persistence in highly secured networks
- Report: RSA Conference 2013
- Social engineering: An underestimated danger 
- Review: Hacking Web Apps
- Improving information security with one simple question
- Security needs to be handled at the top
- 8 key data privacy considerations when moving servers to the public cloud
]]> http://www.net-security.org/insecuremag.php
- What makes security awareness training successful?
- Review - Incapsula: Enterprise-grade website security
- Five questions for Microsoft's Worldwide Chief Security Advisor
- Computer forensic examiners are from Mars, attorneys are from Venus
- In the field: RSA Conference 2012 Europe
- A mobile environment security assessment
- Hack In The Box CEO on the information security landscape
- In the field: IRISSCERT Cybercrime Conference 2012
- Comply or die: The importance of a business-centric approach to compliance
- Hackers can get in when systems are off: The risks of lights out management
- It's just the guest wireless network…right?
]]> http://www.net-security.org/insecuremag.php
- Administrative scripting with Nmap
- Information security in Europe with ENISA Executive Director Prof. Udo Helmbrecht
- Unintended, malicious and evil applications of augmented reality
- The enemy at the gate
- Top five hurdles to security and compliance in industrial control systems
- How to monitor the blind spots in your IT system: Logging versus auditing
- DBI aid reverse engineering: Pinpointing interesting code
- The importance of data normalization in IPS
]]> http://www.net-security.org/insecuremag.php
- Fitness as a model for security
- Security and migrating to the cloud: Is it all doom and gloom?
- Solid state drives: Forensic preservation issues
- Introduction to Android malware analysis
- Hack in The Box Conference 2012 Amsterdam
- ISO 27001 standard: Breaking the documentation myth
- Preparing a breach response plan
- Security beyond the operating system: Into the cloud and beyond
- Amphion Forum 2012 Munich
- The challenges of data recovery from modern storage systems
- Two-factor authentication for the cloud: Does it have to be hard?
]]> http://www.net-security.org/insecuremag.php
- News from RSA Conference 2012
- Information security within emerging markets
- Evolving security trends in smartphone and mobile computing
- The biggest problem in application security today
- RSA Conference 2012 award winners
- Innovation Sandbox
]]> http://www.net-security.org/insecuremag.php
- Securing Android: Think outside the box
- Interview with Joe Sullivan, CSO at Facebook
- White hat shellcode: Not for exploits
- Using mobile device management for risk mitigation in a heterogeneous environment
- Metasploit: The future of penetration testing with HD Moore
- Using and extending the Vega open source web security platform
- Next-generation policies: Managing the human factor in security
]]> http://www.net-security.org/insecuremag.php
- 7 questions you always wanted to ask a professional vulnerability researcher
- Insights on drive-by browser history stealing
- Review: Kingston DataTraveler 6000
- RSA Conference Europe 2011
- PacketFence: Because NAC doesn't have to be hard!
- Information security and the threat landscape with Raj Samani
- Security is a dirty word
- Smartphone apps are not that smart: Insecure development practices
- Virus Bulletin 2011
- Infosec professionals: Accomplishing your day job without breaking the law
- WPScan: WordPress Security Scanner
- Securing the enterprise: Is your IT department under siege?
]]> http://www.net-security.org/insecuremag.php
- The changing face of hacking
- Review: [hiddn] Crypto Adapter
- A tech theory coming of age
- SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
- The need for foundational controls in cloud computing
- A new approach to data centric security
- The future of identity verification through keystroke dynamics
- Visiting Bitdefender's headquarters
- Rebuilding walls in the clouds
- Testing Domino applications
- Report: Black Hat 2011 USA
- Safeguarding user access in the cloud with identity governance
]]> http://www.net-security.org/insecuremag.php
- Microsoft's Exploit Mitigation Experience Toolkit
- Transaction monitoring as an issuer fraud risk management technique in the banking card payment system
- IPv6: Saviour and threat
- The hard truth about mobile application security: Separating hype from reality
- Don't fear the auditor
- Book review: Kingpin
- Secure mobile platforms: CISOs faced with new strategies
- Security needs to be unified, simplified and proactive
- Whose computer is it anyway?
- 10 golden rules of information security
- The token is dead
- Book review: IPv6 for Enterprise Networks
- Cyber security revisited: Change from the ground up?
]]> http://www.net-security.org/insecuremag.php
- Virtual machines: Added planning to the forensic acquisition process
- Review: iStorage diskGenie
- Managers are from Mars, information security professionals are from Venus
- PacketWars: A cyber security sport for a cyber age
- Q&A: Graham Cluley on Facebook security and privacy
- Financial Trojans: Following the money
- Mobile encryption: The new frontier
- Report: RSA Conference 2011
- Combating public sector fraud with better information analysis
- Q&A: Stefan Frei on security research and vulnerability management
- The expanding role of digital certificates… in more places than you think
- 5 questions to ask when reevaluating your data security solution
- How to achieve strong authentication on the Web while balancing security, usability and cost
]]> http://www.net-security.org/insecuremag.php
- Database protocol exploits explained
- Review: MXI M700 Bio
- Measuring web application security coverage
- Inside backup and storage: The expert's view
- Combating the changing nature of online fraud
- Book review: CISSP Study Guide
- Successful data security programs encompass processes, people, technology
- Sangria, tapas and hackers: SOURCE Barcelona 2010
- What CSOs can learn from college basketball
- Network troubleshooting 101
- America’s cyber cold war
- RSA Conference Europe 2010
- Book review: Dissecting the Hack: The F0rb1dd3n Network (Revised Edition)
- Bootkits – a new stage of development
]]> http://www.net-security.org/insecuremag.php
- Review: BlockMaster SafeStick secure USB flash drive
- The devil is in the details: Securing the enterprise against the cloud
- Cybercrime may be on the rise, but authentication evolves to defeat it
- Learning from bruteforcers
- PCI DSS v1.3: Vital to the emerging demand for virtualization and cloud security
- Security testing - the key to software quality
- A brief history of security and the mobile enterprise
- Payment card security: Risk and control assessments
- Security as a process: Does your security team fuzz?
- Book review: Designing Network Security, 2nd Edition
- Intelligent security: Countering sophisticated fraud
]]> http://www.net-security.org/insecuremag.php
- PCI: Security's lowest common denominator
- Analyzing Flash-based RIA components and discovering vulnerabilities
- Logs: Can we finally tame the beast?
- Launch arbitrary code from Excel in a restricted environment
- Placing the burden on the bot
- Data breach risks and privacy compliance: The expanding role of the IT security professional
- Authenticating Linux users against Microsoft Active Directory
- Hacking under the radar
- Photos: Infosecurity Europe 2010
- Securing the office in your pocket
- iPhone backup, encryption and forensics
- The growing problem of cyber bullying
- Secure collaboration: Managing the inside threat posed by trusted outsiders
- SMS spamming
- A new scalable approach to data tokenization
]]> http://www.net-security.org/insecuremag.php
- The changing face of penetration testing: Evolve or die!
- Review: SmartSwipe
- Unusual SQL injection vulnerabilities and how to exploit them
- Take note of new data notification rules
- RSA Conference 2010 coverage
- Corporate monitoring: Addressing security, privacy, and temptation in the workplace
- Cloud computing and recovery, not just backup
- EJBCA: Make your own certificate authority
- Advanced attack detection using OSSIM
- The world of claims-based security
- Enterprise Authentication: Increasing security without breaking the bank
]]> http://www.net-security.org/insecuremag.php
- Writing a secure SOAP client with PHP: Field report from a real-world project
- How virtualized browsing shields against web-based attacks
- Review: 1Password 3
- Preparing a strategy for application vulnerability detection
- Threats 2.0: A glimpse into the near future
- Preventing malicious documents from compromising Windows machines
- Balancing productivity and security in a mixed environment
- AES and 3DES comparison analysis
- OSSEC: An introduction to open source log and event management
- Book review - Hacking: The Next Generation
- Q&A: Sandra Toms LaPedis on RSA Conference 2010
- Secure and differentiated access in enterprise wireless networks
- Achieving continuous PCI compliance with IT GRC
]]> http://www.net-security.org/insecuremag.php
- Microsoft's security patches year in review: A malware researcher's perspective
- A closer look at Red Condor Hosted Service
- Report: RSA Conference Europe 2009, London
- The U.S. Department of Homeland Security has a vision for stronger information security
- Q&A: Didier Stevens on malicious PDFs
- Protecting browsers, endpoints and enterprises against new Web-based attacks
- Mobile spam: An old challenge in a new guise
- Report: BruCON security conference, Brussels
- Are you putting your business at risk?
- Why out-of-band transactions verification is critical to protecting online banking
- Study uncovers alarming password usage behavior
- Q&A: Noise vs. Subversive Computing with Pascal Cretain
- Elevating email to an enterprise-class database application solution
- Ask the social engineer: Practice
- Report: Storage Expo 2009, London
- Jumping fences - the ever decreasing perimeter
]]> http://www.net-security.org/insecuremag.php
- Using real-time events to drive your network scans
- Review: Data Locker
- The Nmap project: Open source with style
- Enterprise effectiveness of digital certificates: Are they ready for prime-time?
- A look at geolocation, URL shortening and top Twitter threats
- How "fake stuff" can make you more secure
- Making clouds secure
- Q&A: Dr. Herbert Thompson on security ROI and RSA Conference
- Book review - Cyber Crime Fighters: Tales from the Trenches
- Top 5 myths about wireless protection
- Securing the foundation of IT systems
- A layered approach to making your Web application a safer environment
- In mashups we trust?
- Adopting the security best practice of least privilege
- Is your data recovery provider a data security problem?
- New strategies for establishing a comprehensive lifetime data protection program
- Security for multi-enterprise applications
- EU data breach notification proposals: How will your business be affected?
- Book review - 97 Things Every Software Architect Should Know
- Safety in the cloud: How CIOs can ensure the safety of their data as they migrate to cloud applications
- Vulnerability management
]]> http://www.net-security.org/insecuremag.php
- Malicious PDF: Get owned without opening
- Review: IronKey Personal
- Windows 7 security features: Building on Vista
- Web 2.0 emerging threats
- Using Wireshark to capture and analyze wireless traffic
- Q&A: Paul Cooke on Windows 7
- RSA Conference 2009
- Your applications are trying to tell you something - are you listening?
- Q&A: Hord Tipton on certification and (ISC)2
- "Unclonable" RFID - a technical overview
- The application security maturity (ASM) model
- Secure development principles
- Enterprise risk and compliance reporting
- Q&A: Ron Gula on Nessus and Tenable Network Security
- Infosecurity Europe 2009
- Establish your social media presence with security in mind
- HTTPS is bad?
- A historical perspective on the cybersecurity dilemma
- Q&A: Brent Huston on security in general, CEO challenges and Microsolved
- Black Hat Europe 2009
- Germany: The current debate on the Internet filter
- A risk-based, cost effective approach to holistic security
]]> http://www.net-security.org/insecuremag.php
- Improving network discovery mechanisms
- Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
- Review: SanDisk Cruzer Enterprise
- Forgotten document of American history offers a model for President Obama's vision of government information technology
- Security standpoint by Sandro Gauci: The year that Internet security failed
- What you need to know about tokenization
- Q&A: Vincenzo Iozzo on Mac OS X security
- Book review - Hacking VoIP: Protocols, Attacks and Countermeasures
- A framework for quantitative privacy measurement
- Why fail? Secure your virtual assets
- Q&A: Scott Henderson on the Chinese underground
- iPhone security software review: Data Guardian
- Phased deployment of Network Access Control
- Playing with authenticode and MD5 collisions
- Web 2.0 case studies: challenges, approaches and vulnerabilities
- Q&A: Jason King, CEO of Lavasoft
- Book review - Making Things Happen: Mastering Project Management
- ISP level malware filtering
- The impact of the consumerization of IT on IT security management
]]> http://www.net-security.org/insecuremag.php
- The future of AV: looking for the good while stopping the bad
- Security standpoint by Sandro Gauci: How security can hurt us -Review: Eikon To Go
- Eight holes in Windows login controls
- Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
- Extended validation and online security: EV SSL gets the green light
- Web filtering in a Web 2.0 world
- RSA Conference Europe 2008
- The role of password management in compliance with the data protection act
- Interview with Rich Mogull, founder of Securosis
- 5 strategies for proactively embracing failure
- The present and future of Web application security discussed in Portugal
- Securing data beyond PCI in a SOA environment: best practices for advanced data protection
- Navigating a sea of fake codecs
- Role Based Access Control
- How to build a security strategy to grow your career, success and results
- Three undocumented layers of the OSI model and their impact on security
]]> http://www.net-security.org/insecuremag.phpArticles in this issue include: Security standpoint by Sandro Gauci: Closing a can of worms, Network and information security in Europe today, Browser security: bolt it on, then build it in, Passive network security analysis with NetworkMiner, Lynis - an introduction to UNIX system auditing, Windows driver vulnerabilities: the METHOD_NEITHER odyssey, Removing software armoring from executables, Insecurities in privacy protection software, A proactive approach to data breaches, Compliance does not equal security but it's a good start, Secure web application development, Avoiding a "keys to the kingdom" attack without compromising security, The insider threat, Web application security: risky business?, Enterprise application security: how to balance the use of code reviews and web application firewalls for PCI compliance. http://www.net-security.org/insecuremag.phpSecurity standpoint by Sandro Gauci: when best intentions go wrong, Review: Red Condor Hosted Service, Reverse engineering software armoring (part 1), Security training and awareness: strengthening your weakest link, Hacking Second Life, Building a secure wireless network for under $300, Assessing risk in VoIP/UC networks, Open redirect vulnerabilities: definition and prevention, Migration from e-mail to web borne threats, Bypassing and enhancing live behavioral protection, Point security solutions are not a 4 letter word, The future of security is information-centric, Corporate due diligence in India: an ICT perspective, E-mail encryption service: a smart choice for SMBs, Securing the enterprise data flow against advanced attacks, How to prevent identity theft and Security flaws identification and technical risk analysis through threat modeling. http://www.net-security.org/insecuremag.phpArticles in this issue include: Security policy considerations for virtual worlds, US political elections and cybercrime, Using packet analysis for network troubleshooting, The effectiveness of industry certifications, Building a secure future: lessons learned from 2007's highest-profile security events, Advanced social engineering and human exploitation, part 2, Interview with Nitesh Dhanjani, Senior Manager at Ernst and Young, Is your data safe? Secure your web apps, RSA Conference 2008, Producing secure software with security enhanced software development processes, Network event analysis with Net/FSE, Security risks for mobile computing on public WLANs: hotspot registration, Black Hat Europe 2008 Briefings and Training, A Japanese perspective on Software Configuration Management, Windows log forensics: did you cover your tracks?, Traditional vs. non-tranditional database auditing, Payment card data: know your defense options. http://www.net-security.org/insecuremag.phpArticles in this issue include: Proactive analysis of malware genes holds the key to network security, Advanced social engineering and human exploitation, part 1, Free visualization tools for security analysis and network monitoring, Hiding inside a rainbow, Internet terrorist: does such a thing really exist?, Weaknesses and protection of your wireless network, Fraud mitigation and biometrics following Sarbanes-Oxley, QualysGuard visual walkthrough, Application security matters: deploying enterprise software securely, Web application vulnerabilities and insecure software root causes: solving the software security problem from an information security perspective, A dozen demons profiting at your (jn)convenience, The insider threat: hype vs. reality, Interview with Andre Muscat, Director of Engineering at GFI Software, How B2B gateways affect corporate information security, Reputation attacks, a little known Internet threat, Italian bank's XSS opportunity seized by fraudsters, The good, the bad and the ugly of protecting data in a retail environment, Interview with Mikko Hypponen is the Chief Research Officer for F-Secure, Interview with Richard Jacobs, Technical Director of Sophos and Interview with Raimund Genes, CTO Anti-Malware at Trend Micro. http://www.net-security.org/insecuremag.phpOne lucky (IN)SECURE reader can get a Linksys WRTG54G Wireless-G Router accompanied with the "Linksys WRTG54G Ultimate Hacking" book. Articles in this issue include: - Attacking consumer embedded devices - Review: QualysGuard - CCTV: technology in transition - analog or IP? - Interview with Robert "RSnake" Hansen, CEO of SecTheory - The future of encryption - Endpoint threats - Review: Kaspersky Internet Security 7.0 - Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc. - Network access control: bridging the network security gap - Change and configuration solutions aid PCI auditors - Data protection and identity management while browsing and transacting over the Internet - Information security governance: the nuts and bolts - Securing moving targets - The need for a new security approach - Data insecurity: lessons learned? - Wi-Fi safety and security. We also have a special wireless security topic: "6 CTOs, 10 Burning Questions". The CTOs we talked with include: - Dr. Amit Sinha, VP and CTO of AirDefense - Chia Chee Kuan, CTO and VP of Engineering of AirMagnet - Merwyn Andrade, CTO of Aruba Networks - Pravin Bhagwat, co-founder and CTO of AirTight Networks - Magued Barsoum, CTO of Fortress Technologies - Dan Simone, VP and CTO of Trapeze Networks http://www.insecuremag.com/Articles in this issue include: - Interview with Janne Uusilehto, Head of Nokia Product Security - Social engineering social networking services: a LinkedIn example - The case for automated log management in meeting HIPAA compliance - Risk decision making: whose call is it? - Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced - Threat Research team at Symantec - Securing VoIP networks: fraud - PCI DSS compliance: a difficult but necessary journey - A security focus on China outsourcing - A multi layered approach to prevent data leakage - Safeguard your organization with proper password management - Interview with Ulf Mattsson, Protegrity CTO - DEFCON 15 - File format fuzzing - IS2ME: Information Security to Medium Enterprise + We are having another book giveaway! http://www.insecuremag.com/Articles in this issue include: - Enterprise grade remote access - Review: Centennial Software DeviceWall 4.6 - Solving the keylogger conundrum - Interview with Jeremiah Grossman, CTO of WhiteHat Security - The role of log management in operationalizing PCI compliance - Windows security: how to act against common attack vectors - Taking ownership of the Trusted Platform Module chip on Intel Macs - Compliance, IT security and a clear conscience - Key management for enterprise data encryption - The menace within - A closer look at the Cisco CCNP Video Mentor - Network Access Control + We are having a book giveaway! http://www.insecuremag.com/Articles in this issue include: On the security of e-passports, Review: GFI LANguard Network Security Scanner 8, Critical steps to secure your virtualized environment, Interview with Howard Schmidt, President and CEO R and H Security Consulting, Quantitative look at penetration testing, Integrating ISO 17799 into your Software Development Lifecycle, Public Key Infrastructure (PKI): dead or alive?, Interview with Christen Krogh, Opera Software's Vice President of Engineering, Super ninja privacy techniques for web application developers, Security economics, iptables - an introduction to a robust firewall, Black Hat Briefings and Training Europe 2007 and Enforcing the network security policy with digital certificates. http://www.insecuremag.com/Articles in this issue include: Microsoft Windows Vista: significant security improvement?, Review: GFI Endpoint Security 3, Interview with Edward Gibson, Chief Security Advisor at Microsoft UK, Top 10 spyware of 2006, The spam problem and open source filtering solutions, Office 2007: new format and new protection/security policy, Wardriving in Paris, Interview with Joanna Rutkowska, security researcher, Climbing the security career mountain: how to get more than just a job, RSA Conference 2007 report, ROT13 is used in Windows? You're joking! and Data security beyond PCI compliance - protecting sensitive data in a distributed environment. http://www.insecuremag.com/Articles in this issue include: Effectiveness of security by admonition: a case study of security warnings in a web browser setting, Interview with Kurt Sauer, CSO at Skype, Web 2.0 defense with AJAX fingerprinting and filtering, Hack In The Box Security Conference 2006, Where iSCSI fits in enterprise storage networking, Recovering user passwords from cached domain records, Do portable storage solutions compromise business security?, Enterprise data security - a case study and Creating business through virtual trust: how to gain and sustain a competitive advantage using information security. http://www.insecuremag.com/archive.htmlArticles in this issue include: Payment Card Industry demystified, Skype: how safe is it?, Computer forensics vs. electronic evidence, Review: Acunetix Web Vulnerability Scanner, SSH port forwarding - security from two perspectives, part two, Log management in PCI compliance, Airscanner vulnerability summary: Windows Mobile security software fails the test, Proactive protection: a panacea for viruses?, Introducing the MySQL Sandbox and Continuous protection of enterprise data: a comprehensive approach http://www.insecuremag.com/archive.htmlArticles in this issue include: SSH port forwarding: security from two perspectives, part one, An inside job, CEO spotlight: Q and A with Patricia Sueltz at SurfControl, Server monitoring with munin and monit, Compliance vs. awareness in 2006, 2005 *nix malware evolution, Overview of quality security podcasts and coverage of Infosecurity 2006 and InfoSec World 2006. http://www.insecuremag.com/archive.htmlArticles in this issue include: Best practices in enterprise database protection, Quantifying the cost of spyware to the enterprise, Security for websites - breaking sessions to hack into a machine, How to win friends and influence people with IT security certifications, The size of security: the evolution and history of OSSTMM operational security metrics, Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London, PHP and SQL security today, Apache security: Denial of Service attacks, War-driving in Germany - CeBIT 2006 http://www.insecuremag.com/archive.html Articles in this issue include: Web application firewalls primer, Review: Trustware BufferZone 1.6, Threat analysis using log data, Looking back at computer security in 2005, Writing an enterprise handheld security policy, Digital Rights Management, Revenge of the Web mob, Hardening Windows Server 2003 platforms made easy and Filtering spam server-side http://www.insecuremag.com/archive.html Articles in this issue include: Structured traffic analysis, Access Control Lists in Tiger and Tiger Server - true permission management, Automating I.T. security audits, Biometric security, PDA attacks, part 2: airborne viruses - evolution of the latest threats, Build a custom firewall computer, Lock down your kernel with grsecurity, Interview with Sergey Ryzhikov, director of Bitrix, Best practices for database encryption solutions http://www.insecuremag.com/archive.html Articles in this issue include: Security vulnerabilities, exploits and patches, PDA attacks: palm sized devices - PC sized threats, Adding service signatures to Nmap, CSO and CISO - perception vs. reality in the security kingdom, Unified threat management: IT security's silver bullet?, The reality of SQL injection, 12 months of progress for the Microsoft Security Response Centre, Interview with Michal Zalewski, security researcher, OpenSSH for Macintosh and Method for forensic validation of backup tape. http://www.insecuremag.com/archive.html Articles in this issue include: Information security in campus and open environments, Web applications worms - the next Internet infestation, Integrating automated patch and vulnerability management into an enterprise-wide environment, Advanced PHP security - vulnerability containment, Protecting an organization's public information, Application security: the noveau blame game, What you need to know before migrating your applications to the Web, Clear cut cryptography and How to lock down enterprise data with infrastructure services. http://www.insecuremag.com/archive.html Articles in this issue include: Does Firefox really provide more security than Internet Explorer?, Security risks associated with portable storage devices, 10 tips on protecting customer information from identity theft, Linux security - is it ready for the average user?, How to secure your wireless network, Considerations for preventing information leakage, An introduction to securing Linux with Apache, ProFTPd and Samba and Security vulnerabilities in PHP Web applications