Unprotected PCs can be hijacked in minutes: "'It's a hostile environment out there,' says tech security consultant Kevin Mitnick, who served five years in prison for breaking into corporate computer systems in the mid-1990s. 'Attackers have become extremely indiscriminate.'"—USA Today

Protecting Your Enterprise Network from Vendor App Servers?: "anomaly wonders: 'I work for a company with a large IT infrastructure. We have lots of applications in our environment. For a number of applications, vendors provide the apps, and provide core support to those app servers. Our vendors are notorious for demanding superuser access to the boxes that support their applications. To protect our enterprise network from attacks allowed in by well-meaning but less-than-perfectly-competent vendors, we have set up a quarantined network for each vendor. This works well when the model is ASP-like and all of the components live on a single box, but fails when the application needs to be connected to one or more enterprise applications (RDBMS, smtp, they want backup, etc) or when it needs to be connected to lots of target systems inside our environment on lots of different ports. How can I restrict a vendor/application server's access to our enterprise network while still providing platforms to make the applications productive for our user community?'"—Slashdot:

Social engineering - where the user is the weakest link: "Human nature causes security holes"—The Register

Malware: Fighting Malicious Code: "Adam Jenkins writes 'I have had a fair bit of experience with malware, from removing DOS viruses to removing rootkits on Windows servers. Currently I am working in desktop support at a university -- exactly where many of the anti-malware battles occur.' With that background, he provides a review of the reprinted Malware: Fighting Malicious Code, writing 'As with many things computer-related, this book might age quickly, but it has lots of sound theory that will stay relevant for a long time, even if it doesn't discuss the latest worm by name. I haven't read the author's earlier book (Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses) but he is well known as both the author of that and also for the SANS lectures he runs.' Read on for the rest of Jenkins' review, or revisit Matt Linton's review."—Slashdot:

How Much Harm Can One Web Site Do?: "Ben Edelman has written extensively on issues including censorship and spyware. He's got a very interesting piece on his site now about who profits from spyware, and how much spyware can be installed on a Windows XP machine when the user simply visits a single Web site using Internet Explorer."—Slashdot:

Hidden gold in corporate cleanup: "Corporations' rush to comply with the Sarbanes-Oxley Act looks likely to be a boon for security product makers."—News.com

Study: Tools Let Spyware Slip Through Cracks: "A researcher has found that even the best-performing anti-spyware scanner failed to detect about 25 percent of the 'critical' files and registry entries installed by the malicious programs."—eWEEK

Citrix to Acquire SSL VPN Provider: "Updated: Citrix claims 'good footing' in a rapidly expanding portion of the security market with its acquisition of Net6. The small company's Hybrid-VPN appliance combines features of both SSL and IPSec VPNs."—eWEEK

SSL VPN security threatened by desktop search engines: "New PC indexing tools such as Google (Profile, Products, Articles) Desktop Search pose security risks to businesses that use SSL remote access because the tools copy material accessed during SSL sessions and make it available to unauthorized people who later use the same PC."—InfoWorld

Check Point Announces Immediate Availability of Integrity Clientless Security 3: "Without requiring installation of client software, Integrity Clientless Security 3 is unique in providing the four pillars of vital protection: detect and disable spyware, ensure session confidentiality, enforce security policy compliance before granting remote access, and help users and IT remediate security issues. As a result, Integrity Clientless Security prevents identity and password theft as well as the loss of sensitive or proprietary data."—Yahoo! Finance

Security Expectations, Response Rise in India: "The key threats include unauthorized data access, accidental information loss and sabotage, loss of intellectual property, and damage from worms and viruses."—ComputerWorld

McAfee Adds Real-Time Scanning to Zap Spyware: "A new anti-spyware module brings McAfee's enterprise clients another layer of protection against spyware, keystroke loggers and password thieves."—eWEEK

Liquid Machines pours out new DRM software: "Liquid Machines today announced the release of Email Control Version 6.0, an e-mail policy and security messaging software package designed for enterprise networks."—InfoWorld: Top News