Tổng hợp Tạp Chí Bảo Mật [IN]SECURE

Tổng hợp Tạp Chí Bảo Mật [IN]SECURE

Tổng hợp Tạp Chí Bảo Mật [IN]SECURE

1.ISSUE 1 (April 2005)



The covered topics are:

* Does Firefox really provide more security than Internet Explorer?
* Security risks associated with portable storage devices
* 10 tips on protecting customer information from identity theft
* Linux security - is it ready for the average user?
* How to secure your wireless network
* Considerations for preventing information leakage
* An introduction to securing Linux with Apache, ProFTPd & Samba
* Security vulnerabilities in PHP Web applications.

Download

2.ISSUE 2 (June 2005)



The covered topics are:

* Information security in campus and open environments
* Web applications worms - the next Internet infestation
* Integrating automated patch and vulnerability management into an enterprise-wide environment
* Advanced PHP security - vulnerability containment
* Protecting an organization’s public information
* Application security: the noveau blame game
* What you need to know before migrating your applications to the Web
* Clear cut cryptography
* How to lock down enterprise data with infrastructure services.

Download

3.ISSUE 3 (August 2005)



The covered topics are:

* Security vulnerabilities, exploits and patches
* PDA attacks: palm sized devices - PC sized threats
* Adding service signatures to Nmap
* CSO and CISO - perception vs. reality in the security kingdom
* Unified threat management: IT security's silver bullet?
* The reality of SQL injection
* 12 months of progress for the Microsoft Security Response Centre
* Interview with Michal Zalewski, security researcher
* OpenSSH for Macintosh
* Method for forensic validation of backup tape.

Download

4.ISSUE 4 (October 2005)



The covered topics are:

* Structured traffic analysis
* Access Control Lists in Tiger and Tiger Server - true permission management
* Automating I.T. security audits
* Biometric security
* PDA attacks, part 2: airborne viruses - evolution of the latest threats
* Build a custom firewall computer
* Lock down your kernel with grsecurity
* Interview with Sergey Ryzhikov, director of Bitrix
* Best practices for database encryption solutions.

Download

5.ISSUE 5 (January 2006)



The covered topics are:

* Web application firewalls primer
* Review: Trustware BufferZone 1.6
* Threat analysis using log data
* Looking back at computer security in 2005
* Writing an enterprise handheld security policy
* Digital Rights Management
* Revenge of the Web mob
* Hardening Windows Server 2003 platforms made easy
* Filtering spam server-side.

Download

6.ISSUE 6 (March 2006)



The covered topics are:
* Best practices in enterprise database protection
* Quantifying the cost of spyware to the enterprise
* Security for websites - breaking sessions to hack into a machine
* How to win friends and influence people with IT security certifications
* The size of security: the evolution and history of OSSTMM operational security metrics
* Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London
* PHP and SQL security today
* Apache security: Denial of Service attacks
* War-driving in Germany - CeBIT 2006.

Download

7.ISSUE 7 (June 2006)



The covered topics are:

* SSH port forwarding: security from two perspectives, part one
* An inside job
* CEO spotlight: Q&A with Patricia Sueltz, SurfControl
* Server monitoring with munin and monit
* Compliance vs. awareness in 2006
* Infosecurity 2006
* 2005 *nix malware evolution
* InfoSec World 2006
* Overview of quality security podcasts.

Download

8.ISSUE 8 (September 2006)



The covered topics are:

* Payment Card Industry demystified
* Skype: how safe is it?
* Computer forensics vs. electronic evidence
* Review: Acunetix Web Vulnerability Scanner 4.0
* SSH port forwarding - security from two perspectives, part two
* Log management in PCI compliance
* Airscanner vulnerability summary: Windows Mobile security software fails the test
* Proactive protection: a panacea for viruses?
* Introducing the MySQL Sandbox
* Continuous protection of enterprise data: a comprehensive approach.

Download

9.ISSUE 9 (December 2006)



The covered topics are:

* Effectiveness of security by admonition: a case study of security warnings in a web browser setting
* Interview with Kurt Sauer, CSO at Skype
* Web 2.0 defense with AJAX fingerprinting and filtering
* Hack In The Box Security Conference 2006
* Where iSCSI fits in enterprise storage networking
* Recovering user passwords from cached domain records
* Do portable storage solutions compromise business security?
* Enterprise data security - a case study
* Creating business through virtual trust: how to gain and sustain a competitive advantage using information security.

Download

10.ISSUE 10 (February 2007)



The covered topics are:

* Microsoft Windows Vista: significant security improvement?
* Review: GFI Endpoint Security 3
* Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
* Top 10 spyware of 2006
* The spam problem and open source filtering solutions
* Office 2007: new format and new protection/security policy
* Wardriving in Paris
* Interview with Joanna Rutkowska, security researcher
* Climbing the security career mountain: how to get more than just a job
* RSA Conference 2007 report
* ROT13 is used in Windows? You're joking!
* Data security beyond PCI compliance - protecting sensitive data in a distributed environment.

Download

11.ISSUE 11 (May 2007)



The covered topics are:

* On the security of e-passports
* Review: GFI LANguard Network Security Scanner 8
* Critical steps to secure your virtualized environment
* Interview with Howard Schmidt, President and CEO R & H Security Consulting
* Quantitative look at penetration testing
* Integrating ISO 17799 into your Software Development Lifecycle
* Public Key Infrastructure (PKI): dead or alive?
* Interview with Christen Krogh, Opera Software's Vice President of Engineering
* Super ninja privacy techniques for web application developers
* Security economics
* iptables - an introduction to a robust firewall
* Black Hat Briefings & Training Europe 2007
* Enforcing the network security policy with digital certificates.

Download

12.ISSUE 12 (July 2007)



The covered topics are:

* Enterprise grade remote access
* Review: Centennial Software DeviceWall 4.6
* Solving the keylogger conundrum
* Interview with Jeremiah Grossman, CTO of WhiteHat Security
* The role of log management in operationalizing PCI compliance
* Windows security: how to act against common attack vectors
* Taking ownership of the Trusted Platform Module chip on Intel Macs
* Compliance, IT security and a clear conscience
* Key management for enterprise data encryption
* The menace within
* A closer look at the Cisco CCNP Video Mentor
* Network Access Control.

Download

13.ISSUE 13 (September 2007)



The covered topics are:

* Interview with Janne Uusilehto, Head of Nokia Product Security
* Social engineering social networking services: a LinkedIn example
* The case for automated log management in meeting HIPAA compliance
* Risk decision making: whose call is it?
* Interview with Zulfikar Ramzan, Senior Principal Researcher with the Advanced Threat Research team at Symantec
* Securing VoIP networks: fraud
* PCI DSS compliance: a difficult but necessary journey
* A security focus on China outsourcing
* A multi layered approach to prevent data leakage
* Safeguard your organization with proper password management
* Interview with Ulf Mattsson, Protegrity CTO
* DEFCON 15
* File format fuzzing
* IS2ME: Information Security to Medium Enterprise

Download

14.ISSUE 14 (November 2007)



The covered topics are:

* Attacking consumer embedded devices
* Review: QualysGuard
* CCTV: technology in transition - analog or IP?
* Interview with Robert "RSnake" Hansen, CEO of SecTheory
* The future of encryption
* Endpoint threats
* Review: Kaspersky Internet Security 7.0
* Interview with Amol Sarwate, Manager, Vulnerability Research Lab, Qualys Inc.
* Network access control: bridging the network security gap
* Change and configuration solutions aid PCI auditors
* Data protection and identity management
* Information security governance: the nuts and bolts
* 6 CTOs, 10 Burning Questions: AirDefense, AirMagnet, Aruba Networks, AirTight Networks, Fortress Technologies and Trapeze Networks
* AND MORE!

Download

15.ISSUE 15 (February 2008)



The covered topics are:

* Proactive analysis of malware genes holds the key to network security
* Advanced social engineering and human exploitation
* Free visualization tools for security analysis and network monitoring
* Internet terrorist: does such a thing really exist?
* Weaknesses and protection of your wireless network
* Fraud mitigation and biometrics following Sarbanes-Oxley
* Application security matters: deploying enterprise software securely
* The insider threat: hype vs. reality
* How B2B gateways affect corporate information security
* Reputation attacks, a little known Internet threat
* Data protection and identity management
* The good, the bad and the ugly of protecting data in a retail environment
* Malware experts speak: F-Secure, Sophos, Trend Micro
* AND MORE!

Download

16.ISSUE 16 (April 2008)



The covered topics are:

* Security policy considerations for virtual worlds
* US political elections and cybercrime
* Using packet analysis for network troubleshooting
* The effectiveness of industry certifications
* Is your data safe? Secure your web apps
* RSA Conference 2008 / Black Hat 2008 Europe
* Windows log forensics: did you cover your tracks?
* Traditional vs. non-tranditional database auditing
* Payment card data: know your defense options
* Security risks for mobile computing on public WLANs: hotspot registration
* Network event analysis with Net/FSE
* Producing secure software with security enhanced software development processes
* AND MORE!

Download

17.ISSUE 17 (July 2008)



The covered topics are:

* Open redirect vulnerabilities: definition and prevention
* The future of security is information-centric
* Securing the enterprise data flow against advanced attacks
* Bypassing and enhancing live behavioral protection
* Security flaws identification and technical risk analysis through threat modeling
* Migration from e-mail to web borne threats
* Security training and awareness: strengthening your weakest link
* Assessing risk in VoIP/UC networks
* Building a secure wireless network for under $300
* Reverse engineering software armoring
* Point security solutions are not a 4 letter word
* Hacking Second Life
* AND MORE!

Download

18.ISSUE 18 (October 2008)



The covered topics are:

* Network and information security in Europe today
* Browser security: bolt it on, then build it in
* Passive network security analysis with NetworkMiner
* Lynis - an introduction to UNIX system auditing
* Windows driver vulnerabilities: the METHOD_NEITHER odyssey
* Removing software armoring from executables
* Insecurities in privacy protection software
* Compliance does not equal security but it's a good start
* Secure web application development
* The insider threat
* Web application security: risky business?
* AND MORE!

Download

19.ISSUE 19 (December 2008)



The covered topics are:

* The future of AV: looking for the good while stopping the bad
* Eight holes in Windows login controls
* Extended validation and online security: EV SSL gets the green light
* Interview with Giles Hogben, an expert on identity and authentication technologies working at ENISA
* Web filtering in a Web 2.0 world
* RSA Conference Europe 2008
* The role of password management in compliance with the data protection act
* Securing data beyond PCI in a SOA environment: best practices for advanced data protection
* Three undocumented layers of the OSI model and their impact on security
* Interview with Rich Mogull, founder of Securosis
* AND MORE!

Download

20.ISSUE 20 (March 2009)



The covered topics are:

* Improving network discovery mechanisms
* Building a bootable BackTrack 4 thumb drive with persistent changes and Nessus
* What you need to know about tokenization
* Q&A: Vincenzo Iozzo on Mac OS X security
* A framework for quantitative privacy measurement
* Why fail? Secure your virtual assets
* Phased deployment of Network Access Control
* Web 2.0 case studies: challenges, approaches and vulnerabilities
* ISP level malware filtering
* Q&A: Scott Henderson on the Chinese underground
* AND MORE!

Download

21.(IN)SECURE Magazine - June 2009

* Malicious PDF: Get owned without opening
* Review: IronKey Personal
* Windows 7 security features: Building on Vista
* Using Wireshark to capture and analyze wireless traffic
* "Unclonable" RFID - a technical overview
* Secure development principles
* Q&A: Ron Gula on Nessus and Tenable Network Security
* Establish your social media presence with security in mind
* A historical perspective on the cybersecurity dilemma
* A risk-based, cost effective approach to holistic security
# AND MORE!

Download

22.(IN)SECURE Magazine - September 2009

# Using real-time events to drive your network scans
# The Nmap project: Open source with style
# A look at geolocation, URL shortening and top Twitter threats
# Review: Data Locker
# Making clouds secure
# Top 5 myths about wireless protection
# Securing the foundation of IT systems
# Is your data recovery provider a data security problem?
# Security for multi-enterprise applications
# In mashups we trust?
# AND MORE!

Download

Theo: Thegioimang