 |
ISSUE 37 (March 2013)
The covered topics are:
- Becoming a malware analyst
- Review: Nipper Studio
- Five questions for Microsoft's Chief Privacy Officer
- Application security testing for AJAX and JSON
- Penetrating and achieving persistence in highly secured networks
- Report: RSA Conference 2013
- Social engineering: An underestimated danger
- Review: Hacking Web Apps
- Improving information security with one simple question
- Security needs to be handled at the top
- 8 key data privacy considerations when moving servers to the public cloud
|
|
 |
ISSUE 36 (December 2012)
The covered topics are:
- What makes security awareness training successful?
- Review - Incapsula: Enterprise-grade website security
- Five questions for Microsoft's Worldwide Chief Security Advisor
- Computer forensic examiners are from Mars, attorneys are from Venus
- In the field: RSA Conference 2012 Europe
- A mobile environment security assessment
- Hack In The Box CEO on the information security landscape
- In the field: IRISSCERT Cybercrime Conference 2012
- Comply or die: The importance of a business-centric approach to compliance
- Hackers can get in when systems are off: The risks of lights out management
- It's just the guest wireless network... right?
|
|
 |
ISSUE 35 (September 2012)
The covered topics are:
- Administrative scripting with Nmap
- Information security in Europe with ENISA Executive Director Prof. Udo Helmbrecht
- Unintended, malicious and evil applications of augmented reality
- The enemy at the gate
- Top five hurdles to security and compliance in industrial control systems
- How to monitor the blind spots in your IT system: Logging versus auditing
- DBI aid reverse engineering: Pinpointing interesting code
- The importance of data normalization in IPS
|
|
 |
ISSUE 34 (June 2012)
The covered topics are:
- Fitness as a model for security
- Security and migrating to the cloud: Is it all doom and gloom?
- Solid state drives: Forensic preservation issues
- Introduction to Android malware analysis
- Hack in The Box Conference 2012 Amsterdam
- ISO 27001 standard: Breaking the documentation myth with Dejan Kosutic
- Preparing a breach response plan
- Security beyond the operating system: Into the cloud and beyond
- Amphion Forum 2012 Munich
- The challenges of data recovery from modern storage systems
- Two-factor authentication for the cloud: Does it have to be hard?
|
|
 |
SPECIAL ISSUE: RSA CONFERENCE 2012 (March 2012)
The covered topics are:
- News from RSA Conference 2012
- Information security within emerging markets
- Evolving security trends in smartphone and mobile computing
- The biggest problem in application security today
- RSA Conference 2012 award winners
- Innovation Sandbox
|
|
 |
ISSUE 33 (February 2012)
The covered topics are:
- Securing Android: Think outside the box
- Interview with Joe Sullivan, CSO at Facebook
- White hat shellcode: Not for exploits
- Using mobile device management for risk mitigation in a heterogeneous environment
- Metasploit: The future of penetration testing with HD Moore
- Using and extending the Vega open source web security platform
- Next-generation policies: Managing the human factor in security
|
|
 |
ISSUE 32 (December 2011)
The covered topics are:
- 7 questions you always wanted to ask a professional vulnerability researcher
- Insights on drive-by browser history stealing
- Review: Kingston DataTraveler 6000
- RSA Conference Europe 2011
- PacketFence: Because NAC doesn't have to be hard!
- Information security and the threat landscape with Raj Samani
- Security is a dirty word
- Smartphone apps are not that smart: Insecure development practices
- Virus Bulletin 2011
- Infosec professionals: Accomplishing your day job without breaking the law
- WPScan: WordPress Security Scanner
- Securing the enterprise: Is your IT department under siege?
|
|
 |
ISSUE 31 (September 2011)
The covered topics are:
- The changing face of hacking
- Review: [hiddn] Crypto Adapter
- A tech theory coming of age
- SecurityByte 2011: Cyber conflicts, cloud computing and printer hacking
- The need for foundational controls in cloud computing
- A new approach to data centric security
- The future of identity verification through keystroke dynamics
- Visiting Bitdefender's headquarters
- Rebuilding walls in the clouds
- Testing Domino applications
- Report: Black Hat 2011 USA
- Safeguarding user access in the cloud with identity governance
|
|
 |
ISSUE 30 (June 2011)
The covered topics are:
- Microsoft's Enhanced Mitigation Experience Toolkit
- Transaction monitoring as an issuer fraud risk management technique in the banking card payment system
- IPv6: Saviour and threat
- The hard truth about mobile application security: Separating hype from reality
- Don't fear the auditor
- Book review: Kingpin
- Secure mobile platforms: CISOs faced with new strategies
- Security needs to be unified, simplified and proactive
- Whose computer is it anyway?
- 10 golden rules of information security
- The token is dead
- Book review: IPv6 for Enterprise Networks
- Cyber security revisited: Change from the ground up?
|
|
 |
ISSUE 29 (March 2011)
The covered topics are:
- Virtual machines: Added planning to the forensic acquisition process
- Review: iStorage diskGenie
- Managers are from Mars, information security professionals are from Venus
- PacketWars: A cyber security sport for a cyber age
- Q&A: Graham Cluley on Facebook security and privacy
- Financial Trojans: Following the money
- Mobile encryption: The new frontier
- Report: RSA Conference 2011
- Q&A: Stefan Frei on security research and vulnerability management
- The expanding role of digital certificatesÉ in more places than you think
- AND MORE!
|
|
 |
ISSUE 28 (November 2010)
The covered topics are:
- Database protocol exploits explained
- Review: MXI M700 Bio
- Measuring web application security coverage
- Inside backup and storage: The expert's view
- Combating the changing nature of online fraud
- Successful data security programs encompass processes, people, technology
- Sangria, tapas and hackers: SOURCE Barcelona 2010
- What CSOs can learn from college basketball
- Network troubleshooting 101
- America's cyber cold war
- RSA Conference Europe 2010
- Bootkits - a new stage of development
- AND MORE!
|
|
 |
ISSUE 27 (September 2010)
The covered topics are:
- Review: BlockMaster SafeStick secure USB flash drive
- The devil is in the details: Securing the enterprise against the cloud
- Cybercrime may be on the rise, but authentication evolves to defeat it
- Learning from bruteforcers
- PCI DSS v1.3: Vital to the emerging demand for virtualization and cloud security
- Security testing - the key to software quality
- Payment card security: Risk and control assessments
- Security as a process: Does your security team fuzz?
- Intelligent security: Countering sophisticated fraud
- AND MORE!
|
|
 |
ISSUE 26 (June 2010)
The covered topics are:
- PCI: Security's lowest common denominator
- Analyzing Flash-based RIA components and discovering vulnerabilities
- Logs: Can we finally tame the beast?
- Launch arbitrary code from Excel in a restricted environment
- Placing the burden on the bot
- Data breach risks and privacy compliance
- Authenticating Linux users against Microsoft Active Directory
- Hacking under the radar
- iPhone backup, encryption and forensics
- AND MORE!
|
|
 |
ISSUE 25 (April 2010)
The covered topics are:
- The changing face of penetration testing: Evolve or die!
- Review: SmartSwipe
- Unusual SQL injection vulnerabilities and how to exploit them
- Take note of new data notification rules
- RSA Conference 2010 coverage
- Corporate monitoring: Addressing security, privacy, and temptation in the workplace
- Cloud computing and recovery, not just backup
- EJBCA: Make your own certificate authority
- Advanced attack detection using OSSIM
- AND MORE!
|
|
 |
ISSUE 24 (February 2010)
The covered topics are:
- Writing a secure SOAP client with PHP: Field report from a real-world project
- How virtualized browsing shields against web-based attacks
- Review: 1Password 3
- Preparing a strategy for application vulnerability detection
- Threats 2.0: A glimpse into the near future
- Preventing malicious documents from compromising Windows machines
- Balancing productivity and security in a mixed environment
- AES and 3DES comparison analysis
- OSSEC: An introduction to open source log and event management
- Secure and differentiated access in enterprise wireless networks
- AND MORE!
|
|
 |
ISSUE 23 (November 2009)
The covered topics are:
- Microsoft's security patches year in review: A malware researcher's perspective
- A closer look at Red Condor Hosted Service
- Report: RSA Conference Europe 2009, London
- The U.S. Department of Homeland Security has a vision for stronger information security
- Q&A: Didier Stevens on malicious PDFs
- Protecting browsers, endpoints and enterprises against new Web-based attacks
- Mobile spam: An old challenge in a new guise
- Report: BruCON security conference, Brussels
- Study uncovers alarming password usage behavior
- Elevating email to an enterprise-class database application solution
- AND MORE!
|
|
 |
ISSUE 22 (September 2009)
The covered topics are:
- Using real-time events to drive your network scans
- The Nmap project: Open source with style
- A look at geolocation, URL shortening and top Twitter threats
- Review: Data Locker
- Making clouds secure
- Top 5 myths about wireless protection
- Securing the foundation of IT systems
- Is your data recovery provider a data security problem?
- Security for multi-enterprise applications
- In mashups we trust?
- AND MORE!
|
|
 |
ISSUE 21 (June 2009)
The covered topics are:
- Malicious PDF: Get owned without opening
- Review: IronKey Personal
- Windows 7 security features: Building on Vista
- Using Wireshark to capture and analyze wireless traffic
- "Unclonable" RFID - a technical overview
- Secure development principles
- Q&A: Ron Gula on Nessus and Tenable Network Security
- Establish your social media presence with security in mind
- A historical perspective on the cybersecurity dilemma
- A risk-based, cost effective approach to holistic security
- AND MORE!
|
|
 |
ISSUE 20 (March 2009)
The covered topics are:
- Improving network discovery mechanisms
- Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
- What you need to know about tokenization
- Q&A: Vincenzo Iozzo on Mac OS X security
- A framework for quantitative privacy measurement
- Why fail? Secure your virtual assets
- Phased deployment of Network Access Control
- Web 2.0 case studies: challenges, approaches and vulnerabilities
- ISP level malware filtering
- Q&A: Scott Henderson on the Chinese underground
- AND MORE!
|
|
 |
ISSUE 19 (December 2008)
The covered topics are:
- The future of AV: looking for the good while stopping the bad
- Eight holes in Windows login controls
- Extended validation and online security: EV SSL gets the green light
- Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
- Web filtering in a Web 2.0 world
- RSA Conference Europe 2008
- The role of password management in compliance with the data protection act
- Securing data beyond PCI in a SOA environment: best practices for advanced data protection
- Three undocumented layers of the OSI model and their impact on security
- Interview with Rich Mogull, founder of Securosis
- AND MORE!
|
|
 |
ISSUE 18 (October 2008)
The covered topics are:
- Network and information security in Europe today
- Browser security: bolt it on, then build it in
- Passive network security analysis with NetworkMiner
- Lynis - an introduction to UNIX system auditing
- Windows driver vulnerabilities: the METHOD_NEITHER odyssey
- Removing software armoring from executables
- Insecurities in privacy protection software
- Compliance does not equal security but it's a good start
- Secure web application development
- The insider threat
- Web application security: risky business?
- AND MORE!
|
|
 |
ISSUE 17 (July 2008)
The covered topics are:
- Open redirect vulnerabilities: definition and prevention
- The future of security is information-centric
- Securing the enterprise data flow against advanced attacks
- Bypassing and enhancing live behavioral protection
- Security flaws identification and technical risk analysis through threat modeling
- Migration from e-mail to web borne threats
- Security training and awareness: strengthening your weakest link
- Assessing risk in VoIP/UC networks
- Building a secure wireless network for under $300
- Reverse engineering software armoring
- Point security solutions are not a 4 letter word
- Hacking Second Life
- AND MORE!
|
|
 |
ISSUE 16 (April 2008)
The covered topics are:
- Security policy considerations for virtual worlds
- US political elections and cybercrime
- Using packet analysis for network troubleshooting
- The effectiveness of industry certifications
- Is your data safe? Secure your web apps
- RSA Conference 2008 / Black Hat 2008 Europe
- Windows log forensics: did you cover your tracks?
- Traditional vs. non-tranditional database auditing
- Payment card data: know your defense options
- Security risks for mobile computing on public WLANs: hotspot registration
- Network event analysis with Net/FSE
- Producing secure software with security enhanced software development processes
- AND MORE!
|
|
 |
ISSUE 15 (February 2008)
The covered topics are:
- Proactive analysis of malware genes holds the key to network security
- Advanced social engineering and human exploitation
- Free visualization tools for security analysis and network monitoring
- Internet terrorist: does such a thing really exist?
- Weaknesses and protection of your wireless network
- Fraud mitigation and biometrics following Sarbanes-Oxley
- Application security matters: deploying enterprise software securely
- The insider threat: hype vs. reality
- How B2B gateways affect corporate information security
- Reputation attacks, a little known Internet threat
- Data protection and identity management
- The good, the bad and the ugly of protecting data in a retail environment
- Malware experts speak: F-Secure, Sophos, Trend Micro
- AND MORE!
|
|
 |
ISSUE 14 (November 2007)
The covered topics are:
- Attacking consumer embedded devices
- Review: QualysGuard
- CCTV: technology in transition - analog or IP?
- Interview with Robert "RSnake" Hansen, CEO of SecTheory
- The future of encryption
- Endpoint threats
- Review: Kaspersky Internet Security 7.0
- Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc.
- Network access control: bridging the network security gap
- Change and configuration solutions aid PCI auditors
- Data protection and identity management
- Information security governance: the nuts and bolts
- 6 CTOs, 10 Burning Questions: AirDefense, AirMagnet, Aruba Networks, AirTight Networks, Fortress Technologies and Trapeze Networks
- AND MORE!
|
|
 |
ISSUE 13 (September 2007)
The covered topics are:
- Interview with Janne Uusilehto, Head of Nokia Product Security
- Social engineering social networking services: a LinkedIn example
- The case for automated log management in meeting HIPAA compliance
- Risk decision making: whose call is it?
- Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced Threat Research team at Symantec
- Securing VoIP networks: fraud
- PCI DSS compliance: a difficult but necessary journey
- A security focus on China outsourcing
- A multi layered approach to prevent data leakage
- Safeguard your organization with proper password management
- Interview with Ulf Mattsson, Protegrity CTO
- DEFCON 15
- File format fuzzing
- IS2ME: Information Security to Medium Enterprise
|
|
 |
ISSUE 12 (July 2007)
The covered topics are:
- Enterprise grade remote access
- Review: Centennial Software DeviceWall 4.6
- Solving the keylogger conundrum
- Interview with Jeremiah Grossman, CTO of WhiteHat Security
- The role of log management in operationalizing PCI compliance
- Windows security: how to act against common attack vectors
- Taking ownership of the Trusted Platform Module chip on Intel Macs
- Compliance, IT security and a clear conscience
- Key management for enterprise data encryption
- The menace within
- A closer look at the Cisco CCNP Video Mentor
- Network Access Control.
|
|
|
ISSUE 11 (May 2007)
The covered topics are:
- On the security of e-passports
- Review: GFI LANguard Network Security Scanner 8
- Critical steps to secure your virtualized environment
- Interview with Howard Schmidt, President and CEO R & H Security Consulting
- Quantitative look at penetration testing
- Integrating ISO 17799 into your Software Development Lifecycle
- Public Key Infrastructure (PKI): dead or alive?
- Interview with Christen Krogh, Opera Software's Vice President of Engineering
- Super ninja privacy techniques for web application developers
- Security economics
- iptables - an introduction to a robust firewall
- Black Hat Briefings & Training Europe 2007
- Enforcing the network security policy with digital certificates.
|
|
 |
ISSUE 10 (February 2007)
The covered topics are:
- Microsoft Windows Vista: significant security improvement?
- Review: GFI Endpoint Security 3
- Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
- Top 10 spyware of 2006
- The spam problem and open source filtering solutions
- Office 2007: new format and new protection/security policy
- Wardriving in Paris
- Interview with Joanna Rutkowska, security researcher
- Climbing the security career mountain: how to get more than just a job
- RSA Conference 2007 report
- ROT13 is used in Windows? You're joking!
- Data security beyond PCI compliance - protecting sensitive data in a distributed environment.
|
|
 |
ISSUE 9 (December 2006)
DOWNLOAD ISSUE 9 HERE
The covered topics are:
- Effectiveness of security by admonition: a case study of security warnings in a web browser setting
- Interview with Kurt Sauer, CSO at Skype
- Web 2.0 defense with AJAX fingerprinting and filtering
- Hack In The Box Security Conference 2006
- Where iSCSI fits in enterprise storage networking
- Recovering user passwords from cached domain records
- Do portable storage solutions compromise business security?
- Enterprise data security - a case study
- Creating business through virtual trust: how to gain and sustain a competitive advantage using information security.
|
|
 |
ISSUE 8 (September 2006)
DOWNLOAD ISSUE 8 HERE
The covered topics are:
- Payment Card Industry demystified
- Skype: how safe is it?
- Computer forensics vs. electronic evidence
- Review: Acunetix Web Vulnerability Scanner 4.0
- SSH port forwarding - security from two perspectives, part two
- Log management in PCI compliance
- Airscanner vulnerability summary: Windows Mobile security software fails the test
- Proactive protection: a panacea for viruses?
- Introducing the MySQL Sandbox
- Continuous protection of enterprise data: a comprehensive approach.
|
|
 |
ISSUE 7 (June 2006)
DOWNLOAD ISSUE 7 HERE
The covered topics are:
- SSH port forwarding: security from two perspectives, part one
- An inside job
- CEO spotlight: Q&A with Patricia Sueltz, SurfControl
- Server monitoring with munin and monit
- Compliance vs. awareness in 2006
- Infosecurity 2006
- 2005 *nix malware evolution
- InfoSec World 2006
- Overview of quality security podcasts.
|
|
 |
ISSUE 6 (March 2006)
DOWNLOAD ISSUE 6 HERE
The covered topics are:
- Best practices in enterprise database protection
- Quantifying the cost of spyware to the enterprise
- Security for websites - breaking sessions to hack into a machine
- How to win friends and influence people with IT security certifications
- The size of security: the evolution and history of OSSTMM operational security metrics
- Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London
- PHP and SQL security today
- Apache security: Denial of Service attacks
- War-driving in Germany - CeBIT 2006.
|
|
 |
ISSUE 5 (January 2006)
DOWNLOAD ISSUE 5 HERE
The covered topics are:
- Web application firewalls primer
- Review: Trustware BufferZone 1.6
- Threat analysis using log data
- Looking back at computer security in 2005
- Writing an enterprise handheld security policy
- Digital Rights Management
- Revenge of the Web mob
- Hardening Windows Server 2003 platforms made easy
- Filtering spam server-side.
|
|
 |
ISSUE 4 (October 2005)
DOWNLOAD ISSUE 4 HERE
The covered topics are:
- Structured traffic analysis
- Access Control Lists in Tiger and Tiger Server - true permission management
- Automating I.T. security audits
- Biometric security
- PDA attacks, part 2: airborne viruses - evolution of the latest threats
- Build a custom firewall computer
- Lock down your kernel with grsecurity
- Interview with Sergey Ryzhikov, director of Bitrix
- Best practices for database encryption solutions.
|
|
 |
ISSUE 3 (August 2005)
DOWNLOAD ISSUE 3 HERE
The covered topics are:
- Security vulnerabilities, exploits and patches
- PDA attacks: palm sized devices - PC sized threats
- Adding service signatures to Nmap
- CSO and CISO - perception vs. reality in the security kingdom
- Unified threat management: IT security's silver bullet?
- The reality of SQL injection
- 12 months of progress for the Microsoft Security Response Centre
- Interview with Michal Zalewski, security researcher
- OpenSSH for Macintosh
- Method for forensic validation of backup tape.
|
|
 |
ISSUE 2 (June 2005)
DOWNLOAD ISSUE 2 HERE
The covered topics are:
- Information security in campus and open environments
- Web applications worms - the next Internet infestation
- Integrating automated patch and vulnerability management into an enterprise-wide environment
- Advanced PHP security - vulnerability containment
- Protecting an organization’s public information
- Application security: the noveau blame game
- What you need to know before migrating your applications to the Web
- Clear cut cryptography
- How to lock down enterprise data with infrastructure services.
|
|
 |
ISSUE 1 (April 2005)
DOWNLOAD ISSUE 1 HERE
The covered topics are:
- Does Firefox really provide more security than Internet Explorer?
- Security risks associated with portable storage devices
- 10 tips on protecting customer information from identity theft
- Linux security - is it ready for the average user?
- How to secure your wireless network
- Considerations for preventing information leakage
- An introduction to securing Linux with Apache, ProFTPd & Samba
- Security vulnerabilities in PHP Web applications.
|
