LESSONS TO LEARN FROM MYDOOM: " With MyDoom (aka Novarg or MiMail.R) still going strong, this is a good time to review good practices for using antivirus scanners and Outlook's preview pane."
MS Exchange Blog : Article: Security With Exchange 2003: "Markus Klein has written a new article titled Implementing Email Security with Exchange Server 2003. Summary: Has anyone ever considered Email Security (S/MIME) within their Exchange Server 2003 network environment? As complex as it was to configure with earlier versions of Exchange Server, now itâ
Martin Blackstone's List of Danger: "This is a list of the file types that you should consider blocking with your Exchange or SMTP antivirus scanner. Each of these file types can be executed and thus release a virus into your systems. There are two lists. The first is the basics. These are the 'must have' extensions to be blocked. Those extensions are considered critical to attachment blocking. The second is the full list. This list includes most file types that could be used against you. Choose your list depending on your environment and your users needs."
MS Exchange Blog : "How Safe Is The Preview Pane?": There's some very useful information in the latest Slipstick Newsletter about the security of Outlook's preview pane... the bottom line is that the preview panes for Outlook 97, 2000, 2002 and 2003 are considered very secure, provided that some security updates are included for 2000 and 2002, with Outlook 98 meanwhile being the least secure, and consideration needing to be given to using Chilton Preview instead."
Cracks appear in Bluetooth security: "Be careful the next time you turn on your Bluetooth-enabled phone: You could unknowingly be opening the door to a nasty intruder who could steal confidential information such as your address book or even use your phone to make expensive calls."
Computerworld | Security predictions for 2004: "n 2004, information security professionals will experience more of the darker side of human behavior, but organizations will also take more control over their network and computing infrastructures, particularly end-user systems"
Dual curses: Viruses and spam - Computerworld: "Controlling virus and spam epidemics is the top e-mail concern of CIOs, a Ferris Research/Computerworld survey finds."
Stepping Up to Sarbanes-Oxley - Computerworld: "When it comes to compliance, some aspects of meeting the law's requirements may fall to the IT security group."
InfoWorld: Are your Web apps secure?: February 06, 2004: By Curtis Franklin Jr.andJordan Wiens: Security: "Web-based applications have become vital pieces of business infrastructure. Along the way, they’ve also become major security risks for the organizations that rely on them. Large volumes of sensitive information exchanged through Web applications -- and stored in databases behind those applications -- hold an irresistible attraction for cyber thieves and vandals who know how to exploit structural and programmatic weaknesses. Low-profile, low-traffic sites, especially those that don’t host transactions, seldom elicit enough hacker interest to cause worry. On the other hand, high-visibility or high-traffic sites invite innovative attacks. The job of a dedicated Web application firewall is to guard against such sophisticated exploits. For this review, we tested four products dedicated to this task: KaVaDo InterDo 3.0, NetContinuum NC-1000 Web Security Gateway V3.5, Sanctum AppShield 4.0, and Teros Secure Application Gateway 100. For higher traffic volumes, these security systems make perfect sense, because they can apply special rules to Web-specific traffic while maintaining adequate network performance...."
disLEXia 3000 blog: Routing Security: "If you haven't done so you should start looking into routing security. Today the Internet routing infrastructure is nearly completely unprotected against attacks. And this attacks are happening. I have seen such attacks the first time around 1998 and I'm told that since a few years even spammers use routing manipulation to dump their junk."
Comprehensive guide to .htaccess- intro: "I am sure that most of you have heard of htaccess, if just vaguely, and that you may think you have a fair idea of what can be done with an htaccess file. You are more than likely mistaken about that, however. Regardless, even if you have never heard of htaccess and what it can do for you, the intention of this tutorial is to get you two moving along nicely together."
Aktuelle IT-News auf www.pc-magazin.de - 06.02.2004, 15:24: Fast jede Web-Applikation hat Sicherheitslücken - 92 Prozent aller Web-Applikationen verfügen über Schwachstellen, die von versierten Hackern für ihre Zwecke ausgenutzt werden können. Das brachte eine vier Jahre andauernde Studie zu Tage.: "92 Prozent aller Web-Applikationen verfügen über Schwachstellen, die von versierten Hackern für ihre Zwecke ausgenutzt werden können. Das brachte eine vier Jahre andauernde Studie zu Tage. Wie das Unternehmen WebCohort auf seinen Internetseiten berichtet, kann nicht einmal jede zehnte Web-Anwendung als sicher gegen Hackerangriffe gelten. In der Studie, an denen die Experten von Web Cohort seit Januar 2000 arbeiten, heißt es, dass das am häufigsten auftauchende Problem mit dem so genannten Cross-Site Scripting zu tun hat. ..."
BBC NEWS | Technology | Microsoft 'critical' flaw warning: "Microsoft has warned that a 'critical' flaw in the latest versions of its Windows operating system could leave computers vulnerable to hackers."