SearchSecurity.com.au Articles

You've lost some data and its time to explain the incident to your bosses. Learn how to talk to executives about a breach with this Q&A! Read more »

Microsoft says it has no plans to patch the Windows Virtual PC environment, as it does not consider a recently-identified flaw to be a vulnerability. Read more »

The COBIT framework is not new, but is a useful tool to define the parameters of a security program. And once you have those parameters in place, compliance gets easier. Read more »

Windows Server's Group Policy features can help to improve your organisation's security - if you are tweaking the right policies! We've got five that can make a difference in this story. Read more »

Even if you use all sorts of security, your smartphone is still potentially vulnerable to attacks that include eavesdropping on calls. Read more »

Learn the differences between between static and dynamic verification of security in software engineering, to improve the security of your bespoke applications. Read more »

WhiteHat security's CTO Jeremiah Grossman told the RSA Conference 2010 attendees that rogue certificate authorities remain the worst threat on the Web, and that the combination of a secure browser and a secure website infrastructure must be present to provide protection. Read more »

Recent downtime at alleged Kazak malware and spam host Troyak.org meant that the Zeus botnet lost a quarter of its nodes, but the network as bounced back with remarkable speed. Read more »

Cryptographer Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Read more »

The DNSSEC standard is gathering support and experts say its improved authentication features are welcome. Read more »

Nemertes Research Analyst John Burke explains how LAN edge switch security functions enable network administrators to use switch access control lists (ACLs) to filter incoming and outgoing traffic, as well as port-level traffic filtering and VLAN management for a more in-depth approach to LAN security. Read more »

Microsoft has issued patches for Excel, a new IE zero-day and Movie Maker in its March patch bundle. Read more »

SIM systems and identity management systems are designed to operate independently; by understanding where each technology's integration points are and how to maintain their effectiveness once they're joined, it's possible to create a more effective incident-response tool. Read more »

Verisign is close to implementing DNSSEC, new security extensions that will improve the domain name system. Learn about the company's progress in this video with the company's Joe Waldron. Read more »

Learn how to use Scapy, a Python-based tool, to use packet crafting to test rules you create in the Snort intrusion detection system. Read more »

Virtual patching involves using an intrusion prevention system to block known dangerous sources of traffic, thereby effectively killing off a threat. But while this quick method can help,  experts at RSA Conference 2010 say it is no substitute for actual patches. Read more »

Tokenization can help to secure credit card transactions, but merchants want standards and guarantees it will ease PCI assessments before they adopt the technology. Read more »

The RSA 2010 conference has turned its attention to how security managers can cope with the consumerisation of IT and users' desire to use smartphones, USB drives and social media. Read more »

The Australian Bureau of Statistics says generic firewalls are not what it needs to secure planned new web applications it will deploy for the 2011 Census. Read more »

Scott Charney, Microsoft's top Trustworthy Computing executive, has discussed the company's new approach to protecting against botnets at the 2010 RSA conference.  Charney also detailed Microsoft's new identity management technologies. Read more »