The recent release of I2P 2.5.0, an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew of improvements and new features that will certainly intrigue security practitioners. This release aim...
Significant weaknesses in the common configuration of Kerberos-based authentication servers could allow attackers to more easily circumvent security measures in networks that rely on the open authentication standard, according to recent research presented by consultants at the recent Black Hat USA 2010 conference.
Network security architecture expert Robert Bird saw the difficulties universities have protecting their systems while maintaining an open and collaborative environment. As director of network services at the University of Florida's 10,000 user residence hall network, Bird began designing a system that could identify users and track their activity on the university network while protecting their privacy.
Network stress testing tools are not for the underfunded, the underskilled or the faint of heart. Consider them carefully before deciding whether to purchase them or how to use them.
See the companion article "Stress-testing your network" for details on software from BreakingPoint, Mu Dynamix, Spirent and Ixia. Here are dos and don'ts to help you get the most from these tools.
If you don't like command mode to interact with metasploit, I have good news for you: there is a new Java GUI. Don't forget to install Java to execute it.
Comodo, a leading Certificate Authority and Internet security organization, today announced it will be exhibiting at the sixth annual HostingCon,in Austin on July 19-21 at the Austin Convention Center located in the heart of the Texas capital.
Some IT execs dismiss public cloud services as being too insecure to trust with critical or sensitive application workloads and data. But not Doug Menefee, CIO of Schumacher Group, an emergency management firm in Lafayette, La.
The dream of bolting security onto the Internet's Domain Name System takes one step closer to reality Wednesday as Internet policymakers host a ceremony in northern Virginia to generate and store the first cryptographic key that will be used to secure the Internet's root zone.
We laid out the essential concepts of cloud security in Cloud security: The basics.
Perhaps the best way to further understand cloud security is through specific examples. Here's a peek into a few of the biggest concerns that users have and how four companies have chosen to handle them.
Network adapters come preconfigured from the factory with their own globally unique physical or Media Access Control (MAC) address, which helps them identify themselves when communicating with other networking components. Though you can't change the permanent MAC address actually stored by the network adapter, you can make it provide a different address using your operating system (OS). We'll see how to do this with Windows, Mac OS X, and Linux.
Chris wrote in and mentioned a talk at Auscert which highlighted that (Sender Policy Framework) SPF would have helped in the instance of an intrusion and suggested a diary outlining some of the things that can and can't be achieved using SPF.
Results from a survey just released makes the interesting assertion that cloud computing - far from causing IT security problems in businesses - will actually improve security for most organisations.
Cyber-attack is an ever-present threat that can result in major damage to government and business web sites, as the following examples show.
U.S. and South Korea, 2009: Officials in both countries reported attacks in the summer, aimed mainly at government web sites, as well as financial services sites.
Google has released a programming tool to help move its Native Client project--and more broadly, its cloud-computing ambitions--from abstract idea to practical reality.
A new type of DDoS attack has currently infected hundreds of web servers. Unlike traditional DDoS methods that capitalize on bot-infected PCs, the attackers have turned the web servers themselves into payload-throwing bots.
On Wednesday (5th May) the last of the 13 authoritative root servers for the domain name system switched over to the DNS Security Extensions (DNSSEC) security protocol. DNSSEC is intended to prevent DNS exploits such as cache poisoning. All 13 root servers are now serving a signed version of the root zone. However, it is not possible to validate these signatures at present as the public key remains undisclosed.
More Internet traffic is expected to be carried via tunnels as the Internet infrastructure migrates from IPv4, the current version of the Internet protocol, to the long-anticipated upgrade known as IPv6.
Google has released a new tool that allows administrators at firms using Google Apps to remotely reset cookies to ensure that sensitive data cannot be accessed if a device is lost or stolen.
Malware attacks are a growing concern amongst enterprises. It not only results in downtime but also poses the threat of data theft. In the second of this four part series on malware attacks on enterprises, we bring to you the implications of malware attacks on businesses.