Many analysts consider Web application vulnerabilities to be among the biggest security threats facing companies these days. A lot of attention has been paid to understanding risks such as input-validation flaws, cross-site scripting errors and other Java Web application security threats.
Jaikumar Vijayan | 16 Nov | Read more
Amid signs of growing frustration in the retail community over the credit card industry's payment card industry (PCI) data security requirements, Visa on Tuesday quietly rolled out an additional set of Payment Application Security Mandates for all companies that handle credit and debit card transactions.
Jaikumar Vijayan | 26 Oct | Read more
How bad was 2007 for breaches, vulnerabilities and similar mayhem? On the bright side, it was better than 2008 is forecast to be. With more of every sort of meltdown predicted -- more criminalization of the hacker community, more Web-application attacks, more phishing, more spamming, more zero-day attacks and more virtualization-related threats -- we're happy to tell you that you are likely to look back on 2007 as the peaceful old days.
Jaikumar Vijayan | 27 Dec | Read more
The House Committee on the Judiciary last week apologized to would-be government whistle-blowers for accidentally exposing their e-mail addresses to other individuals who, like them, had used a committee Web site to secretly submit tips about alleged abuses at the U.S. Department of Justice.
Jaikumar Vijayan | 06 Nov | Read more
Every single move you make online can, and often is, tracked by online marketers and advertising networks that gather and use the information for serving up targeted advertisements.
Jaikumar Vijayan | 05 Nov | Read more
Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from.
Jaikumar Vijayan | 18 Oct | Read more
A critical security breach that may have exposed nuclear secrets at the Los Alamos National Laboratory (LANL) in January was the result of human error and not a breakdown in security processes.
Jaikumar Vijayan | 21 Jun | Read more
Last Friday while doing some online banking, I noticed two transactions I'd made recently, one a withdrawal and the other a deposit. The transaction amounts were accurate, and so were the dates. The records even referenced a phone number -- complete with a hyperlink -- that I could click on to make a Skype call to that number.
Jaikumar Vijayan | 26 Apr | Read more
Want to know just how much a data breach is likely to end up costing your company? Darwin Professional Underwriters may be able to help.
Jaikumar Vijayan | 12 Apr | Read more
The Windows animation bug (ANI) caused widespread concern because exploits against it became widely available before Microsoft could release a patch. But like other zero-day threats before it, there are measures companies can take to at least try to mitigate the risk from unpatched vulnerabilities, security experts said.
Jaikumar Vijayan | 04 Apr | Read more
Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported.
Jaikumar Vijayan | 05 Apr | Read more
Judging by the buzz at last week's RSA Conference, few data security standards have attracted as much attention in enterprise IT shops as the Payment Card Industry (PCI) data security standard.
Jaikumar Vijayan | 12 Feb | Read more
An emerging breed of sophisticated malware is raising doubts about the ability of traditional signature-based security software to fend off new viruses and worms, according to experts at this week's RSA security conference in San Francisco.
Jaikumar Vijayan | 07 Feb | Read more
Stand-alone security vendors are going the way of dinosaurs.
Jaikumar Vijayan | 08 Feb | Read more
Contrary to popular perception, computer data breaches are less likely to result in identity theft and other fraud than off-line causes such as lost or stolen wallets and checkbooks.
Jaikumar Vijayan | 18 Sep | Read more