• United States

Technology Insider: Web application security

May 19, 20046 mins

Latest security news.

Technology Insider: Web application security, 05/17/04

The battle between hackers and security professionals has moved from the network layer to the Web applications themselves.

Redmond enlists security vendors to automate policy compliance, 05/17/04

Microsoft is working with anti-virus vendors to ensure that in the future its software will be able to verify a user’s desktop is secure and updated anti-virus signatures are in place before granting access to corporate resources.

Bluetooth’s sprawl heightens security concerns, 05/17/04

A number of basically trivial but still troubling Bluetooth exploits prompted the Bluetooth Special Interest Group, a vendor group, last week to hold a teleconference on security.

New evidence points to Cisco network hack, 05/18/04

More details about the computer code stolen from Cisco surfaced on Tuesday, including new samples of the source code and information on how the code was distributed, four days after a Russian Web site reported news of the theft and posted sample code files to support the claim.

Honeypot on a disk, 05/18/04

Honeywall CDROM is a bootable honeypot that lets you see what would-be intruders are up to.

Transmeta targets Pentium M users with NX security bit, 05/17/04

Upcoming versions of Transmeta’s Efficeon chips will support the NX (No Execute) feature enabled by Microsoft’s upcoming Windows XP Service Pack 2 release, but Intel’s Pentium M processor won’t be ready for NX technology until 2005, representatives from both companies confirmed Monday.

EU seeks quantum cryptography response to Echelon, 05/17/04

The European Union is to invest €11 million ($13 million) over the next four years to develop a secure communication system based on quantum cryptography, using physical laws governing the universe on the smallest scale to create and distribute unbreakable encryption keys, project coordinators said Monday.

The Enforcers, 05/17/04

For years, network managers have said they’d like to be able to require anyone coming onto their corporate networks have up-to-date anti-virus signatures and software patches. Finding a way to enforce that security policy is the hard part. But with the innovations underway in the high-tech industry, it looks like that the network-based “security check” could become a far more commonplace practice.

Start-up reveals NIC-styled encryption, 05/17/04

Start-up Seclarity last week unveiled a security-based network interface card called SiNic that customers can use for peer-to-peer encryption and firewall protection for desktops and servers.

Application firewall appliances: Defending servers from HTTP-based attacks, 05/17/04

To keep tabs on the emerging Web application firewall market, we recently reviewed two of the appliance-oriented offerings in this market.

All-out blitz against Web app attacks, 05/17/04

Armed with Web application firewalls, intrusion-protection systems and vulnerability scanners, companies can defend against app-level cyberattacks.

Quick tips for Web application security, 05/17/04

Sharpen your pencils: It’s time for Web Application Security 101.

Web application firewall buyer’s guide, 05/17/04

Detailed data on Web application firewalls.

Forced admissions of poor security, 05/17/04

There does seem to have been a cluster of security problems in San Diego, but maybe the reality is that this type of exposure is quite commonplace.

Worry, worry, worry, worry, 05/17/04

So, if I have been rejecting patches offered through Microsoft’s automatic Windows update system because I don’t use Outlook Express, am I potentially, to use a technical IT term, screwed?

Mostly an issue of trust, 05/17/04

Johnny Carson’s first national TV gig was as host (from 1957 to 1962) of a game show called “Who Do You Trust?” It was patterned after the earlier Groucho Marx show called “You Bet Your Life.”

Protecting data in an open WLAN environment, 05/17/04

What is the best way to protect data in an open environment (i.e. education), where IT has little control over clients (i.e. operating system, manufacturer, etc.)?

Learning more about how viruses and worms work, 05/17/04

Is there a way I can learn more about how viruses and worms work to possibly find ways of better protecting our network?

Agobot Trojan author released in Germany, 05/14/04

A 21-year-old man who was arrested in Germany last Friday and charged with creating a malicious computer program called Agobot was released from police custody Friday.

Fortinet to launch homegrown content-filtering service, 05/14/04

Fortinet is introducing a second content-filtering service to its multi-function security hardware – this time it’s home-grown.

Wallon worm uses Yahoo, Microsoft to spread, 05/13/04

Anti-virus software companies issued warnings and software updates on Tuesday and Wednesday for a new worm, Wallon, that uses deceptive Web links to to trick users into downloading malicious programs.

Critical 802.11 wireless flaw identified, 05/13/04

A serious wireless network technology flaw that could lead to the breakdown of some critical infrastructures in just five seconds has been identified by Queensland University of Technology’s (QUT) Information Security Research Centre, a finding that is likely to have worldwide ramifications.

Further Sasser arrests but no charges in Germany, 05/13/04

Police in Lower Saxony, Germany, arrested five young men on Tuesday in connection with the Sasser Internet worm but all have been released without charge, a police spokesman said Thursday.

New worm targets Sasser code flaw, 05/13/04

A new Internet worm is spreading by exploiting a flaw in the Sasser worm, according to an alert issued Thursday.

Cyberguard adds URL filtering to security arsenal, 05/13/04

Cyberguard is continuing its pursuit of technologies to add to its core firewall VPN gear, with the latest being URL filtering.

Bachelor’s program in information assurance, 05/13/04

Norwich University is proud to present a completely new Bachelor of Science in Computer Security and Information Assurance (BSIA for short).

Whose worms are they? 05/12/04

Security issues continue to be top-of-mind for most of us as worms, viruses and other germs plague us almost constantly, as last week’s Sasser worm demonstrated.