Security Bytes:

April, 2008


April 30, 2008  10:48 AM

Why lateral SQL injection and NULL pointer attacks matter

David Schneier David Schneier Profile: David Schneier

There has been a lot of interesting work going on in the research community of late on a handful of really specialized and esoteric application attacks, like Mark Dowd's NULL pointer attack and David...

April 28, 2008  3:29 PM

Sophos: Sharp rise in Web threats

Marcia Savage Marcia Savage Profile: Marcia Savage

The Web now hosts an "unprecedented" number of threats, according to a report recently released by Sophos. In the first quarter of this year, Sophos researchers discovered a newly infected Web page every five seconds, three times more than last year. What's especially unsettling is that a whopping...


April 24, 2008  8:57 AM

Cybercriminals use Beijing Olympics in Trojan attacks

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

We’ve seen the protests in the streets, but now MessageLabs is warning that it has tracked 13 Olympic themed attacks, designed to spread malware and ultimately steal data. The attacks are originating from IP addresses in Asia, but there’s no surprises here. The attackers are using social...


April 23, 2008  1:24 PM

Secure Computing CEO steps down

Marcia Savage Marcia Savage Profile: Marcia Savage

Secure Computing today named Daniel Ryan as interim CEO. He replaces John McNulty, who served as board chairman and CEO since 1999. Ryan has served as the company's president and chief operating officer since last August. Richard Scott, a Secure Computing board member since January 2006, was...


April 22, 2008  9:55 AM

IBM Phantom to analyze virtual security

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

IBM's X-Force security research team and IBM Research are studying ways to protect virtual computing environments. Code named Phantom, the research project has been ongoing and could result in new products and best practices designed to leverage the hypervisor to improve security. In this interview...


April 22, 2008  9:29 AM

Richard Stiennon joins new MSSP as CEO

David Schneier David Schneier Profile: David Schneier

Richard Stiennon, the well-traveled vendor executive and industry analyst, has taken up a new post as the CEO of new MSSP Seccom Global, an offshoot of Seccom Networks, an Australian company. Stiennon is a former Gartner analyst who probably is best known for a research study he was involved with...


April 17, 2008  10:42 AM

Fighting security FUD

Leigha Leigha Cardwell Profile: Leigha

Bill BrennerI...


April 17, 2008  5:00 AM

Flaw fixes for Firefox, Mac

Leigha Leigha Cardwell Profile: Leigha

A couple of notable security fixes to flag this morning: First, Apple has patched the Safari Web browser flaw that famously earned a researcher $10,000 at the CanSecWest...


April 11, 2008  10:12 AM

Oracle preps CPU for 41 flaws

Leigha Leigha Cardwell Profile: Leigha

Oracle said Thursday that it is prepping a Critical Patch Bulletin (CPU) to address 41 security holes across its product line. According to the database giant's advance CPU bulletin, attackers...


April 11, 2008  12:05 AM

RSA 2008: Firm makes log management a priority for compliance

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Ira Hanson-Ralph of EnCana explains why the oil and gas exploration company made log management a priority as part of its compliance program. Hanson-Ralph is EnCana’s group leader of IS compliance and controls monitoring. The interview was conducted at RSA Conference 2008.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: