Privacy, Security Archive

Remembering all the logins and passwords to all the services and systems you've got access to is pretty hard to do nowadays. Many people use the same login and password for multiple sites and systems. That won't improve security. One of the IT buzzwords is SSO (Single Sign-on). Most SSO systems are hard to setup and will only provide SSO to the systems of one company. It is possible to easily provide worldwide single sing-on.

The Application Vulnerability Description Language (AVDL) is a rather new security interoperability standard within the Organization for the Advancement of Structured Information Standards (OASIS). Caleb Sima, SPI Dynamics CTO, talks to Help Net Security about this interesting web application security topic.

Removable media devices are here to stay. Their ease of use and low cost have made them ubiquitous in the work environment – but at what price? In this article they look at the pros and cons of removable media, and the steps IT managers can take to mitigate the security risks associated with them.

In this article you will learn how to set up FreeBSD to use a USB thumbdrive, how to configure and use the Cryptographic File System (CFS), and then for the FreeBSD 5.X users, how to use the brand new Geom Based Disk Encryption system (gbde).

Security researchers claimed today that millions of Microsoft customers are at risk from 10 serious security vulnerabilities uncovered in Windows XP patched with Service Pack 2.

Beginning this month, Microsoft will start to publish details about upcoming security updates in a newsletter available to the general public. Previously this information had been available, but only to those who knew about it and would sign a confidentiality agreement, which ended up being a handful of its largest customers.

In this article we'll discuss the claim made by proponents of open source software that such software is more secure. Is open source really inherently more secure than closed source commercial software? If so, why? And if not, why do so many have that perception? Read Article

SUN Microsystems Java and Microsoft's .NET platforms are no more than programming languages that exploit network potential with the idea that the same software should function on different platforms. Both systems are centered around the principle of running software that doesn't reside on the client machine to provide greater functionality or faster execution, saving connection time and improving public perception of the server to which the client connects. Read Article

Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products.

Microsoft CEO Steve Ballmer says the task of trying to stay one step ahead of virus writers and hackers will be a never-ending battle.

Wireless PCs and wireless laptops are being increasingly used in both business and the home. . . Unfortunately, in the enthusiasm with which people have adopted wireless, the question of security has been seriously overlooked.

Managers, mind your patches and VPNs! While none has yet been reported, exploits of the Kerberos vulnerabilities uncovered by MIT researchers could wreak havoc on a network.

This paper discusses the collaboration between security and development in the enterprise software development lifecycle.

While spyware protection on single home machines is quite easy using today's removal tools like AdAware or Spybot Search & Destroy, deploying and managing such tools in corporate networks is still a problem. AdAxis promises to ease both deployment and managability of AdAware in such environments. It provides a facility for pushing reference file updates to corporate network workstations, executing AdAware on workstations remotely without user interaction and monitor the spyware contamination degree of machines.