security flaws

More Oracle patches on the way

Thu, 17 Jan 2008 06:59:58 -0500

What did CIOs do before the patch? It's certainly being used a lot to fix system security flaws these days. This week alone, Oracle released 26 fixes across its product line in its latest critical patch update--nine of which repair flaws that are remotely exploitable. In October 2007, Oracle fixed a total of 51 vulnerabilities with critical patch update. We expect to see plenty more patches this year as hackers become more creative and new products arrive on the market that tempt them to attack.

For more on Oracle's security woes:
- Check out this InfoWorld article

Google faces security hurdles in the enterprise

Sun, 15 Jul 2007 20:01:39 -0400

Google seems to be everywhere these days, but as the search giant moves into the enterprise, they're facing much of the same security scrutiny as those who have gone before them. Researchers at Ponemon Institute are expected to release a report today that outlines the concerns among IT professionals regarding the overall security of Google Desktop, the company's PC search utility, specifically within the confines of business operations. Their research revolves around a cross-site scripting vulnerability reported and subsequently patched by Google in February; the authors of the report say that their work underscores a growing level of concern over the company's rapidly expanding footprint in the enterprise. In a survey of more than 600 IT security specialists who indicated that they were familiar with the Google Desktop vulnerability, an overwhelming 71 percent said that they believe that the product likely harbors other security flaws. The company is trying to address security through its acquisitions of software vendors and has sponsored malware research projects such as Stopbadware.org.

For more on Google's security challenge in the enterprise:
- read all the details in this Infoworld. Article

ALSO NOTED: Survey: Experience most important; Mapping out a data protection plan;

Mon, 23 Apr 2007 20:01:38 -0400

> Mapping out a data protection plan. Article

> Where to begin with ITIL and configuration management. Article

> Survey: Experience more important than qualifications for IT management. Article

> New Bluetooth 2.1 spec will fix security flaws. Column

> Executive buy-in and project success. Article

> Blogging for effective marketing. Article

And Finally… The three-minute meeting. Blog

ALSO NOTED: Showing appreciation has many payoffs; The IT workforce needs to work on non-tech skills;

Thu, 12 Apr 2007 20:01:38 -0400

> Praising people for a job well done may lead to bigger profits. Article

> The IT workforce needs to buff up its non-technical skills. Article

> Monitoring employees' Internet and telephone use at work may contravene human rights laws. Article

> Application maintenance is a challenge for SMBs. Article

> Mind your manners when social networking. Article

> Oracle update will fix 37 security flaws. Article

And Finally… How much would data theft cost you? Calculator

ALSO NOTED: CIOs as evangelists; keeping server TCO down;

Wed, 07 Mar 2007 19:01:38 -0500

> CIOs as evangelists. Blog

> Keeping server TCO down. Article

> Microsoft to beta VoIP server soon. Blog

> OpenBravo gains converts. Blog

> Hackers exploiting security flaws device drivers, physical memory and PCI cards. Article

> Apple works to break into the enterprise market. Article

> A minority opinion on SOA. Article

And Finally... IT departments are under unreasonable pressure to support compliance issues. Article

Black Hat event cites IBM vulnerabilities

Mon, 07 Aug 2006 20:01:36 -0400

The Black Hat conference spawned another security risk alert before it ended last week, and this time it is IBM's database vulnerabilities that came under fire. As FierceCIO reported last week, the annual conference began with Microsoft and network access control vendors under scrutiny for poor security and discovered product flaws. Now there are apparently over 20 security flaws with IBM's Informix database family, according to Next Generation Security Software Ltd. The vulnerabilities could let attacks launch a denial-of-service attack, grab data or simply compromise the database system.

For more on the database issues:
- check out Computerworld's news item

Symantec reports on Vista account control flaws

Mon, 24 Jul 2006 20:01:38 -0400

Symantec is still spending some time looking at the upcoming Vista system, identifying some bugs and security issues. This week it's focused on relating how the Microsoft OS has some security flaws within the User Account Control (UAC) feature. According to Symantec, an attacker could commandeer a Vista PC using IE 7 by burying a nasty file on a Vista UAC when a malicious Web site is visited. According to the security vendor's report, the malware could provide unauthorized access to the PC for malicious intentions. Microsoft, for its part, says the vulnerability is tied to a user logging in with an administrator account, a practice it doesn't recommend. The Symantec report is the second of three the vendor will be releasing on Vista, due out in January. The third report, supposedly coming this week as well, will highlight security issues with the Vista core.

For more on Vista vulnerability issues:
- check out this article at CNet News.com

ALSO NOTED: New security flaws for IE and Firefox; IT salaries on the rise in the UK; and much more...

Tue, 06 Jun 2006 20:01:33 -0400

> New security flaws for IE and Firefox. Article

> IT salaries on the rise in the UK. Article

> System admin on trial for network logic bomb incident. Article

> Texas turns on the Web cam for border patrolling. Article

> AOL puts a big toe into the security market. Article

And Finally... The required cultural shift involved in going mobile. Article