Ellen Messmer

Security vendor Fortify Monday said it has identified a JavaScript-related vulnerability that lets an attacker hijack a Mozilla or Microsoft Internet Explorer Web browser session.

Open source security tools abound, so take advantage of them and avoid paying for commercial products if open source fits your needs. That was the message from Matthew Luallen, president of consulting firm Sph3r3, who spoke at Monday's InfoSec Conference.

In its annual review of the worst security problems spotted for the year, the SANS Institute recently cited zero-day attacks and human gullibility in falling victim to phishing scams or other social engineering tricks as among the most dismal trends of 2006.

The dangers of easy access wireless LANs recently prompted government officials in New York and California to create new laws to prevent network "piggybacking" and exposure of sensitive data in both businesses and homes.

In its annual review of the worst security problems this year, the SANS Institute cited zero-day (software flaw that has no patch) attacks and human gullibility in falling victim to phishing scams or other social engineering tricks as among the most dismal trends of 2006.

The blocking capabilities of intrusion prevention systems can sometimes disrupt legitimate business. Security event management technology could be an effective option, says Eugene Schultz, CTO at security event management company High Tower Software in this exclusive interview.

Two years ago U.S. President George Bush ordered the federal government to be ready by this Oct. 27 to issue a standards-based identity card that federal employees and government contractors would use for computer and building access.

Nortel Networks has added intrusion-prevention capabilities to its Alteon application switch so that the load-balancing and traffic-shaping machine can provide defence against several hundred known vulnerabilities.