Reality sets in not longer after taking an information security job, as step two of this author's "Five Stages of Employment" series continues.

The automatic update features in many software applications are proving to be vulnerable to attack. Hackers are taking notice. You should, too.

Apple is the third largest PC maker with about an eight percent market share. This hasn't gone unnoticed by hackers.

Modern security and policy compliance assessment solutions coalesce IT security and regulatory management efforts more effectively.

It seems information security is getting to the front line of business imperatives. More than ever before, executives are giving IT security and data protection initiatives the attention they've required for some time

The intensity with which attackers exploit endpoint application security isn't going to subside any time soon. For its part, Microsoft has published a security guide to help you better defend this security flashpoint.

Full Disclosure is dead. Let me explain why. The information security world has changed, even if some don't see it or are unwilling to accept it.

Hurtling into our annual Reboot edition, I became conscious of the break-neck speed at which 2007 has come to its end.

The screaming headlines have been running for years. Whether they're in press releases about cybercrime exceeding international drug profits or the billions of dollars lost to breach disclosures or videos highlighting the meltdown of power generators due to a myriad of vulnerabilities, the anti-malware industry has long relied on fear to move their products.

AJAX is hot, and many companies are developing new or porting legacy applications to AJAX to deliver a richer, more vibrant web experience. The risk: AJAX is complex, and security pros need to be aware how the development technique can increase the attack surface of their websites.

The open standard OVAL promises to ease the integration of security applications and help organizations develop security checks for highly-customized networks and applications.

A new vulnerability, termed JavaScript hijacking, was recently identified that specifically affects the rich, interactive interfaces typically associated with Ajax and Web 2.0 applications. The vulnerability, which can occur in any application that uses JavaScript as a data transport mechanism, can compromise the integrity of the vulnerable website, as well as expose users sensitive private information. JavaScript hijacking represents a new and critical attack vector that organizations developing Web 2.0 applications should take immediate steps to avoid. In other words, its hot.

The new scoring system promises to make it easier for security managers and the IT industry to better measure the real-world risks associated with software flaws.

Webster defines security as, the quality or state of being free from risk of loss and that measures [are] taken to guard against espionage or sabotage, crime, attack or escape.

IT security has the potential to impact a business at every level. Few other business areas, if any, have the potential to damage customer relations, disrupt supplier dealings, lower employee productivity, lose revenue and even lead to the arrest of the CEO.

Buffer overflows have long been a primary vector of attack against computer systems — and the rise of local buffer overflow vulnerabilities and zero-day attacks makes it a problem that's likely to grow more troublesome.

SaaS is no longer just about CRM — more security vendors are revamping their applications to be delivered as services over the web. SaaS is coming to the security market in a big way. And this trend promises to save organizations time and some of what they spend on security gear, and free more resources to actually secure systems.

The concept of malware morphing is not new. For years, malware authors and anti-virus researchers have documented and classified the methods used to obfuscate and hide malware code with each infection.

Due to the interactive nature and required access to exploit, local privilege escalation vulnerabilities have traditionally been thought to have a minimal impact on the strategies enterprise IT departments incorporate to protect networks when compared to other code execution vulnerabilities.

Hot: It's one of the primary methods that malicious hackers use to find new application and operating system vulnerabilities. And it's also a powerful tool that professionals use to analyze the security strength of their applications. We're talking about reverse code engineering.

On-demand security services, or "in the cloud" services, refer to security technology that is managed from a central location and delivered over the Internet, eliminating the need for small to medium sized businesses (SMBs) to deal with the high costs of hardware deployment, software upkeep and future scalability.

Last months race between a group of security researchers who promised to disclose, every day, a newfound vulnerability in the Apple OS X platform, and an opposing group, led by a former Apple employee, to independently plug those security flaws, has sparked new debate around the validity of third-party security patches.

Just like the detectives do on weekly television crime dramas, put yourself in the mind of the bad guy. Pretend that you're the criminal who brokers stolen personal information with organized crime syndicates overseas. Put yourself behind the eyes of the malicious hacker who plans to breach merchant networks and compromise wholesale volumes of consumer payment card information, the kind of information that can be bartered within the internet's dark underbelly.

There's been plenty of talk about the security capabilities of Windows Vista, but what's at the heart of the security defenses within Microsoft's latest operating system? This article aims to take a close look at the technology that will make a difference.