Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
IP Spoofing: An Introduction
IP spoofing allows an attacker to gain unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.
U.S. Information Security Law, Part 1
This is the first article in a four-part series exploring the law of information security in the United States. This article addresses the legal framework for protection of information systems and the role of information security professionals in the creation of trade secret interests, one type of intellectual property.
Instant Insecurity: Security Issues of Instant Messaging
Instant messaging services are becoming an increasingly popular form of communication, both in the personal and the professional spheres. This paper will describe instant messaging and offer a brief overview of some of the security threats associated with the service.
Securing Outlook, Part Two: Many Choices to Make
This is the second of two articles focusing on ways to secure one of the world's most popular e-mail clients, Microsoft's Outlook. The first article offered a brief overview of Outlook, as well as some security issues. It also discussed configuring Outlook for optimal security. This article will look at some more things that Outlook users can do to secure their e-mail.
Securing Outlook, Part One: Initial Configuration
Millions of Outlook users around the world, in homes, organizations, and businesses, have had to face the insecurities inherent in their email program, sometimes painfully. This article is the first of a two-part article that will examine ways that Outlook users can secure their email client.
Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks
DDoS attacks first made headlines in February 2000. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.
Security Concerns in Licensing Agreements, Part Two: Negotiating Security Provisions
This is the second of two articles that will discuss some security-related aspects of software licenses and agreements for Web-based information services. Part One focused on shrinkwrap and clickwrap agreements. This article will emphasize individually negotiated agreements, with particular regard to the opportunities for information security professionals to work with legal counsel in the negotiation and preparation of such agreements.
Assessing Internet Security Risk, Part 5: Custom Web Applications Continued
This article is the fifth and final in a series that is designed to help readers to assess the risk that their Internet-connected systems are exposed to. The previous installment discussed a relatively unexplored aspect of Internet security, custom Web applications. This article will conclude the discussion of Web applications.
Assessing Internet Security Risk, Part 4: Custom Web Applications
This article is the fourth in a series that is designed to help readers to assess the risk that their Internet-connected systems are exposed to. This installment will discuss a relatively unexplored aspect of Internet security, custom Web applications.
Who Goes There? An Introduction to On-Access Virus Scanning, Part Two
This article is the second in a two-part series that will offer a brief overview of a particular type of anti-virus technique known as on-access scanning. This article will explore some of the strategies that virus writers have adopted to circumvent on-access scanners and the ways that anti-virus developers are in turn reacting to those changes.