Threat Monitor

Finding malware on your Windows box (using the command line)

2007-08-16T09:13:00.000-04:00

Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware.

Metamorphic malware sets new standard in antivirus evasion

2007-08-16T09:11:00.000-04:00

Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises.

Unified communications infrastructure threats and defense strategies

2007-07-19T16:18:00.000-04:00

Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense.

Investigating logic bomb attacks and their explosive effects

2007-07-19T16:16:00.000-04:00

There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation.

Mergers and acquisitions: Building up security after an M&A

2007-06-21T16:56:00.000-04:00

Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them.

Finding and blocking Web application server attack vectors

2007-06-07T09:02:00.000-04:00

Web application server attacks are nothing new, but attackers are coming up with creative new ways to penetrate them. Information security expert Peter Giannoulis examines how data-hungry attackers are using Web application servers to crack into back-end databases, and offers advice on what can be done to protect Web infrastructures.

Windows Vista security flaws show progress, not perfection

2007-05-17T15:37:00.001-04:00

Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect.

Employee profiling: A proactive defense against insider threats

2007-05-03T09:57:00.000-04:00

Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a multifaceted defensive strategy.

Reputation systems gaining credibility in fight against spam

2007-04-19T06:55:00.000-04:00

Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway.

Polymorphic viruses call for new antimalware defenses

2007-04-05T16:20:00.000-04:00

Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat.

Plentiful VoIP exploits demand careful consideration

2007-03-15T11:36:00.000-04:00

Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices.

The security risks of Google Notebook

2007-03-01T14:07:00.000-05:00

Security practitioners know to keep sensitive information under lock and key, but as Web services proliferate, ensuring that information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applications, Google Notebook, can lead to accidental exposure of sensitive data, and provides five ways to reduce the chances of a data leak.

Pod slurping: The latest data threat

2007-02-15T08:57:00.000-05:00

Allow iPods in the office? Perhaps it's time to reevaluate that
device policy, as iPods pose more danger to the corporate network
than it might seem. In this tip, contributor Peter Giannoulis
introduces pod slurping, the latest hacking technique, and explains
how revising corporate policies can prevent potential data leaks.

Is the CAN-SPAM Act a help or a hindrance?

2007-02-01T11:01:00.000-05:00

Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin examines if the law has effectively cracked down on spamming activities and examines how to put a stop to this email misuse.

Ten emerging malware trends for 2007

2007-01-17T09:59:00.000-05:00

From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly being discovered. In this podcast, Skoudis outlines 10 emerging malware trends and provides tools and tactics to defend against them.

Eight top information security events of 2006

2007-01-13T14:58:00.000-05:00

From WMF exploits to the Veterans Affairs data breach, information security threats were plentiful in 2006. In this tip, contributor Joel Dubin reviews what grabbed the attention of hackers in the information security world in 2006 and explains how they set the tone for 2007.

Using steganography for securing data, not concealing it

2006-12-21T08:48:00.000-05:00

Steganography is a useful technique for securely storing sensitive
data, but the difficulty in detecting its usage can create an
opportunity for digital miscreants. Michael Cobb explains how to
ensure the practice isn't used maliciously.

How simple steps ensure database security

2006-11-16T09:46:00.000-05:00

An enterprise database stores an organization’s most valuable assets, and just one small mistake can lead to a data security disaster. In this tip, Michael Cobb looks at five common database vulnerabilities and the simple steps that can eradicate them.

Defensive measures for evolving phishing tactics

2006-10-18T13:31:00.000-04:00

From image spam to cross-site scripting, hackers certainly have a large arsenal of weapons to choose from. But as AT&T recently learned, hackers are putting a new twist on ever-dependable phishing schemes to gain access to confidential and sensitive information. In this tip, Ed Skoudis examines how phishing tactics have evolved and what enterprises can do to defend themselves.

Malware: The changing landscape

2006-10-04T16:10:00.000-04:00

Malware is arguably growing faster than ever before, but not in ways the industry has come to expect. Even though the days of the superworm might be numbered, contributor Mike Chapple says it's time for organizations to adapt their defense postures because the next generation of threats won't be as easy to detect.

Does blogging pose enterprise information security risks?

2006-09-20T15:34:00.000-04:00

While blogging can be a useful marketing and communications tool, if not controlled it can pose significant risks to corporate information security. In this tip, SearchSecurity.com expert Mike Chapple examines these risks and how they can be reduced by creating and implementing blogging policies.

Laptop crypto: Do it, but realize it's not a panacea

2006-09-07T08:43:00.000-04:00

With headlines declaring data thefts becoming more prevalent and increasingly scarier, the need for enterprises to enforce laptop security is as crucial as ever. In this tip, Ed Skoudis reviews the pros and cons of laptop encryption and explains how, while it is the not the final solution, it can keep your data secure -- even if it falls in the hands of the enemy.

Battling image spam

2006-08-16T16:08:00.000-04:00

In the ever-changing world of threats, spammers have once again discovered a new way to bypass spam filters using a new technique called “image spam.” In this tip, Mike Chapple provides an example of image spam and explains how the threat can hurt your organization, and what you can do to protect against these attacks.

Avoiding the scourge of DNS amplification attacks

2006-08-02T13:23:00.000-04:00

DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization.

Secure instant messaging in the enterprise

2006-07-13T11:56:00.000-04:00

Instant messaging can be a conduit through which viruses come in to and sensitive data goes out of the corporate network. Enterprises need a thorough IM policy and the technical measures to back it up, regardless of whether IM is allowed or strictly prohibited. This tip outlines the factors you should consider when writing an IM policy and the technical measures for enforcing it.

Application logging is critical in detecting hack attacks

2006-07-06T14:00:00.000-04:00

Now that networks are fairly well-protected, attackers are targeting application servers. In this tip, security expert Mike Chapple explains how implementing application layer logging is becoming a crucial addition to every organization's security strategy.

Phone phishing: The role of VoIP in phishing attacks

2006-07-06T13:58:00.000-04:00

Attackers are taking advantage of the emerging widespread deployment of low-cost Voice over IP telephony to launch a new type of attack -- phone phishing. SearchSecurity expert Ed Skoudis says it's a matter of time before phone phishing further evolves into phone spear phishing, putting enterprises at an increased risk. In this tip, Skoudis explains how phone phishing works and how to defend your organization.

Preventing blind SQL injection attacks

2006-07-06T13:57:00.000-04:00

By now, you probably know how to prevent SQL injection attacks, but your defense measures may be leaving a door open for attackers to launch blind SQL injections. In this tip, Web application security expert Michael Cobb explains how these SQL injection attacks occur, and offers tactics for protecting your Web applications.

Skype: Its dangers and how to protect against them

2006-07-06T13:40:00.000-04:00

Skype may be free, but it could cost your enterprise its security. This tip outlines the free VoIP solution's security risks and offers tips for keeping Skype off of the network.

How to protect your company against cybercrime

2006-07-06T13:35:00.000-04:00

Thanks to the Internet's inherent anonymity, widespread reach and disjointed law enforcement status, cybercriminals have a lot to gain -- and enterprises have a lot to lose. In this tip, SearchSecurity expert and malware guru Ed Skoudis describes how organized cybercriminals use extortion and botnets to further their illicit activities, and how enterprises can protect themselves.