• United States

Microsoft outlines identity management roadmap

May 26, 20047 mins

Latest security news.

Microsoft outlines identity management roadmap, 05/25/04

Microsoft Tuesday laid out the roadmap for its identity management platform, including federation services that will ship next year and eventually provide Web single sign-on features.

Review: Breaking through IP telephony, 05/24/04

In tests, Avaya and Cisco attempt to strut VoIP security stuff.

Weblog: Can software patching be automated? 05/24/04

There’s no argument over the need to patch software as quickly as possible to prevent exploits associated with vulnerabilities as they become known. The larger question is how speedily this can be done and whether the process in most instances can or should be automated

Weblog: Security testing exercises, 05/26/04

Jeremy Wright is writing a proposed set of security excercises to help a company test its defenses.

Weblog: Building up your immunity, 05/24/04

So we have researchers using the models of disease epidemics to make large-scale database systems more efficient. Why not study the way bodies develop immunity to disease to better protect against viruses?

Opinion: An open-source VPN, 05/24/04

Where can I find an open source SSL VPN package for Windows?

Opinion: IPSec vs SSL VPN, 05/24/04

We have more and more people traveling on business at my company, and management wants them to have access to resources on the network. I’m trying to find the best solution with the least overhead and costs.

Opinion: Rethinking e-mail management, 05/24/04

With viruses and spam, e-mail server duty is costing more than you think.

Secure coding attracts interest, investment, 05/24/04

A new product from computer security firm @stake will help developers search computer code for errors, security holes and other flaws that malicious hackers can use to break applications – and break into computers.

Experts disagree about seriousness of IOS code theft, 05/24/04

While the FBI and Cisco scrambled last week to recover source code stolen from the network giant, expert opinion differs about how serious a threat the incident is for corporate customers.

Core Security unwraps security-test tool, 05/24/04

Core Security Technologies this week updated Core Impact, its security penetration-test tool for desktops and servers that lets customers run a series of exploits to determine how far into corporate resources a hacker could burrow.

Network Associates readies updated security appliances, 05/24/04

Network Associates next week will make available the beta version of its WebShield line of gateway security appliances, adding filtering controls to block inbound or outbound content, and set policy based on usage groups.

ServGate joins forces with IBM to beef up security, 05/24/04

ServGate this week will announce an alliance with IBM to offer managed security services to customers who own ServGate EdgeForce security appliances.

Sygate’s new devices batten down net endpoints, 05/24/04

Sygate this week is announcing new hardware that can discover unauthorized devices on networks and check known devices periodically to ensure they are functioning and continue to comply with security policies.

Microsoft scrambling to secure Web services, 05/24/04

Microsoft this week is scheduled to plug a major gap in its perimeter security software by integrating a partner’s XML filtering and acceleration technology into its firewall and caching server.

DHS privacy director: We’re paying attention, 05/21/04

Peter Sand, the new director of privacy technology at the U.S. Department of Homeland Security (DHS), walked into a lunch meeting with what could have been a hostile crowd and told privacy advocates the agency is working hard to make sure privacy rights are respected as the DHS fights terrorism.

Microsoft eyeing merger of two secure e-mail specs, 05/21/04

After submitting its Caller ID e-mail authentication specification to the Internet Engineering Task Force (IETF) earlier this week, Microsoft is now in detailed discussions to merge the specification with another, called Sender Policy Framework, or SPF.

Spam clogs German government’s e-mail system, 05/21/04

German parliamentarians and government employees experienced long delays with their e-mail delivery earlier this week, following a flood of spam that clogged the government’s e-mail system, a spokesman at the Federal Ministry of the Interior said Friday.

Newsletter: Creating the CIRT: Staffing, 05/20/04

The computer incident response team may be a permanent, full-time assignment for a fixed group of experts or it may be a part-time role assigned dynamically, as conditions require. In either case, or for any of the intermediate arrangements, certain fundamentals will dictate your choice of staff members for the CIRT.

Phishing scourge prompts calls for change, 05/20/04

The sentencing this week of a Texas man was a notable victory for the U.S. government in its fight against a form of online fraud known as “phishing.” However, a recent surge in such scams highlights the need for more than customer education, with some computer security experts calling for major changes in the way sensitive information is exchanged online.

Newsletter: AEP launches SSL appliance for small businesses, 05/20/04

AEP Systems has released a Secure Sockets Layer remote access appliance for small business offices.

CAN-SPAM law: Little impact so far, 05/20/04

The chairman of a U.S. Senate committee called for more federal enforcement of a new anti-spam law amid reports Thursday that the amount of spam sent to U.S. consumers may be rising, not dropping, since the law went into effect in January.

Newsletter: Reining in your remote workforce, 05/19/04

In case you’ve been under a rock, the Sasser worm recently wreaked havoc with networks around the world – just the latest in a string of nasty worms that are challenging the normally nerves of steel in IT.

Newsletter: Potential attackers gain tools, 05/19/04

What is arresting is that this toolkit takes the “script kiddie’s” job to a higher level, making a fairly straightforward task out of building a complete exploit, even if little is known about the actual attacks available for packaging. It even features a graphical user interface!

Via details next-generation processor core, 05/19/04

Via Technologies provided a glimpse on Tuesday of features that will be offered with the company’s upcoming next-generation processor core, called Esther.

Symantec snatches up anti-spam vendor, 05/19/04

Symantec Wednesday signed an agreement to acquire anti-spam vendor Brightmail for $370 million to complement its lineup of gateway security software.

Newsletter: Setting up a certificate authority in simple terms, 05/18/04

One way to secure a VPN is to issue digital certificates to handle digital signatures as an authentication method and to distribute encryption keys. But according to many users, setting up a certificate authority, even one that ships with a vendor’s VPN gear, is not always simple.