(IN)SECURE Magazine from Net-Security (PDF download)

A little more light reading :-)

Latest issue, #13:	
(86 pages, with ads [not animated ads] - like a printed magazine)

Archives of past issues:

ISSUE 13 (September 2007)
     * Interview with Janne Uusilehto, Head of Nokia Product Security
     * Social engineering social networking services: a LinkedIn example
     * The case for automated log management in meeting HIPAA compliance
     * Risk decision making: whose call is it?
     * Interview with Zulfikar Ramzan, Senior Principal Researcher with 
the Advanced Threat Research team at Symantec
     * Securing VoIP networks: fraud
     * PCI DSS compliance: a difficult but necessary journey
     * A security focus on China outsourcing
     * A multi layered approach to prevent data leakage
     * Safeguard your organization with proper password management
     * Interview with Ulf Mattsson, Protegrity CTO
     * DEFCON 15
     * File format fuzzing
     * IS2ME: Information Security to Medium Enterprise

ISSUE 12 (July 2007)
     * Enterprise grade remote access
     * Review: Centennial Software DeviceWall 4.6
     * Solving the keylogger conundrum
     * Interview with Jeremiah Grossman, CTO of WhiteHat Security
     * The role of log management in operationalizing PCI compliance
     * Windows security: how to act against common attack vectors
     * Taking ownership of the Trusted Platform Module chip on Intel Macs
     * Compliance, IT security and a clear conscience
     * Key management for enterprise data encryption
     * The menace within
     * A closer look at the Cisco CCNP Video Mentor
     * Network Access Control.

ISSUE 11 (May 2007)
     * On the security of e-passports
     * Review: GFI LANguard Network Security Scanner 8
     * Critical steps to secure your virtualized environment
     * Interview with Howard Schmidt, President and CEO R & H Security 
     * Quantitative look at penetration testing
     * Integrating ISO 17799 into your Software Development Lifecycle
     * Public Key Infrastructure (PKI): dead or alive?
     * Interview with Christen Krogh, Opera Software's Vice President of 
     * Super ninja privacy techniques for web application developers
     * Security economics
     * iptables - an introduction to a robust firewall
     * Black Hat Briefings & Training Europe 2007
     * Enforcing the network security policy with digital certificates.

ISSUE 10 (February 2007)
     * Microsoft Windows Vista: significant security improvement?
     * Review: GFI Endpoint Security 3
     * Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
     * Top 10 spyware of 2006
     * The spam problem and open source filtering solutions
     * Office 2007: new format and new protection/security policy
     * Wardriving in Paris
     * Interview with Joanna Rutkowska, security researcher
     * Climbing the security career mountain: how to get more than just 
a job
     * RSA Conference 2007 report
     * ROT13 is used in Windows? You're joking!
     * Data security beyond PCI compliance - protecting sensitive data 
in a distributed environment.

ISSUE 9 (December 2006)
     * Effectiveness of security by admonition: a case study of security 
warnings in a web browser setting
     * Interview with Kurt Sauer, CSO at Skype
     * Web 2.0 defense with AJAX fingerprinting and filtering
     * Hack In The Box Security Conference 2006
     * Where iSCSI fits in enterprise storage networking
     * Recovering user passwords from cached domain records
     * Do portable storage solutions compromise business security?
     * Enterprise data security - a case study
     * Creating business through virtual trust: how to gain and sustain 
a competitive advantage using information security.

ISSUE 8 (September 2006)
     * Payment Card Industry demystified
     * Skype: how safe is it?
     * Computer forensics vs. electronic evidence
     * Review: Acunetix Web Vulnerability Scanner 4.0
     * SSH port forwarding - security from two perspectives, part two
     * Log management in PCI compliance
     * Airscanner vulnerability summary: Windows Mobile security 
software fails the test
     * Proactive protection: a panacea for viruses?
     * Introducing the MySQL Sandbox
     * Continuous protection of enterprise data: a comprehensive approach.

ISSUE 7 (June 2006)
     * SSH port forwarding: security from two perspectives, part one
     * An inside job
     * CEO spotlight: Q&A with Patricia Sueltz, SurfControl
     * Server monitoring with munin and monit
     * Compliance vs. awareness in 2006
     * Infosecurity 2006
     * 2005 *nix malware evolution
     * InfoSec World 2006
     * Overview of quality security podcasts.

ISSUE 6 (March 2006)
     * Best practices in enterprise database protection
     * Quantifying the cost of spyware to the enterprise
     * Security for websites - breaking sessions to hack into a machine
     * How to win friends and influence people with IT security 
     * The size of security: the evolution and history of OSSTMM 
operational security metrics
     * Interview with Kenny Paterson, Professor of Information Security 
at Royal Holloway, University of London
     * PHP and SQL security today
     * Apache security: Denial of Service attacks
     * War-driving in Germany - CeBIT 2006.

ISSUE 5 (January 2006)
     * Web application firewalls primer
     * Review: Trustware BufferZone 1.6
     * Threat analysis using log data
     * Looking back at computer security in 2005
     * Writing an enterprise handheld security policy
     * Digital Rights Management
     * Revenge of the Web mob
     * Hardening Windows Server 2003 platforms made easy
     * Filtering spam server-side.

ISSUE 4 (October 2005)
     * Structured traffic analysis
     * Access Control Lists in Tiger and Tiger Server - true permission 
     * Automating I.T. security audits
     * Biometric security
     * PDA attacks, part 2: airborne viruses - evolution of the latest 
     * Build a custom firewall computer
     * Lock down your kernel with grsecurity
     * Interview with Sergey Ryzhikov, director of Bitrix
     * Best practices for database encryption solutions.

ISSUE 3 (August 2005)
     * Security vulnerabilities, exploits and patches
     * PDA attacks: palm sized devices - PC sized threats
     * Adding service signatures to Nmap
     * CSO and CISO - perception vs. reality in the security kingdom
     * Unified threat management: IT security's silver bullet?
     * The reality of SQL injection
     * 12 months of progress for the Microsoft Security Response Centre
     * Interview with Michal Zalewski, security researcher
     * OpenSSH for Macintosh
     * Method for forensic validation of backup tape.

ISSUE 2 (June 2005)
     * Information security in campus and open environments
     * Web applications worms - the next Internet infestation
     * Integrating automated patch and vulnerability management into an 
enterprise-wide environment
     * Advanced PHP security - vulnerability containment
     * Protecting an organization�s public information
     * Application security: the noveau blame game
     * What you need to know before migrating your applications to the Web
     * Clear cut cryptography
     * How to lock down enterprise data with infrastructure services.

ISSUE 1 (April 2005)
     * Does Firefox really provide more security than Internet Explorer?
     * Security risks associated with portable storage devices
     * 10 tips on protecting customer information from identity theft
     * Linux security - is it ready for the average user?
     * How to secure your wireless network
     * Considerations for preventing information leakage
     * An introduction to securing Linux with Apache, ProFTPd & Samba
     * Security vulnerabilities in PHP Web applications.
10/16/2007 1:52:13 AM
grc.security 16608 articles. 3 followers. Follow

0 Replies

Similar Articles

[PageSpeed] 50
Get it on Google Play
Get it on Apple App Store


Similar Artilces:

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

asp.net's built in security. How secure is it?
If I were to use the login control, create user control, and and password recovery control, how secure would my site be? Is asp.net's built in security more secure than the classic session based security? Are there any articles that ouline this? I've got a dba who says he doesn't believe the built in security is secure enough, and invests too much into asp.net (not enough levels of seperation). Though, I personally think that's retarded. The built in security still uses sessions, and if I were building my own session based security I would be using asp.net to create the sessi...

Difference between asp.net security 2.0 & asp.net security 3.5 framework?
 HI, What are the difference between asp.net security 2.0 & asp.net security 3.5 framework? ASP.NET 3.5 security for me is almost the same as 2.0 as the former is built on top of the latter with the exceptions of framework specific libraries added to the newer framework. Most likely, your 2.0 applications will run well on 3.5 but not necessarily the other way around. The number of new classes added/improved from 2.0 to 3.5 is published and you may search them using your favorite search engine.  Patrick OliverosWeb Developer - Emerson Electric Asia, Ltd. - ROHQwebthinker.wor...

Netstorage Secure then UN-Secure
Have a problem with Netstorage: I log in under the secure website of https://ipaddress:51443/oneNet/NetStorage and then after drilling down to folder, the secure web site changes to http://ipaddress:51443/oneNet/NetStorage/Documents. Why??? does it go to the unsecure site? Claudia, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com...

Secure page to Secure page
Name: Jonathan Email: jbeldonatopenwaterloansdotcom Product: Firefox Release Candidate Summary: Secure page to Secure page Comments: I have had several crashes going from a secure page to another secure page. The response I often get is that the page does not exist. This only seems to occur on secure pages. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 From URL: http://hendrix.mozilla.org/ ...

Web resources about - (IN)SECURE Magazine from Net-Security (PDF download) - grc.security

Open Letter to Mark Zuckerberg Regarding Internet.org, Net Neutrality, Privacy, and Security
Dear Mark Zuckerberg, We, the undersigned, share a common concern about the launch and expansion of Facebook’s Internet.org platform and its ...

Senator blasts Homeland Security's Net efforts
Sen. Tom Coburn says government still isn't ready to handle a 'cyber Katrina,' calls for immediate change. A CNET article by Anne Broache, Staff ...

Microsoft continues RC4 encryption phase-out plan with .NET security updates
Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from ...

Why Vint Cerf Thinks Net Security Should Go Back to the Future
EXCLUSIVE: Cerf on the IoT: "I am very worried about the [future] headline that says: 'One Hundred Million Refrigerators Attack Bank of America.' ...

Fix a Huge Net Security Risk
Fix a Huge Net Security Risk

Blizzard Faces Class Action Over Battle.net Security
Two gamers have filed a class action against Blizzard Entertainment last week on behalf of Battle.net account holders, accusing the company of ...

Herding Code 187: Brock Allen on ASP.NET Security and Identity
... open source libraries designed to simplify cross platform development on C#. Download / Listen: Herding Code 187: Brock Allen on ASP.NET Security ...

Qualys Pumps $500,000 Into Net Security Collaborative
Trustworthy Internet Movement aims to accelerate progress against tough problems like botnets, cloud security, announced Qualys CEO in RSA keynote. ...

.NET Security
... Sign in - United States - English - - MSDN Library Design Tools Development Tools and Languages Mobile and Embedded Development .NET Development ...

DHS use of deep packet inspection technology in new net security system raises serious privacy questions ...
To protect the federal civilian agencies against cyberthreats, the Department of Homeland Security (DHS) is preparing to deploy a more powerful ...

Resources last updated: 12/3/2015 10:44:45 AM