The Security Laugh Metric; Feds plot massive Internet routing security upgrade

Browser bug provides bait for phishing attacks; Two security advisories from Cisco Security Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Oracle Successfully Manage a Secure Database. Database professionals are invited to join this Oracle Live Webcast on Thursday, February 5 at 2:00 p.m. ET/11:00 a.m. PT. Gain a better understanding of database security and how to more strategically work with security administrators. Don't miss out. Register for this live webcast now Spotlight Story The Security Laugh Metric By Ben Rothke Individuals such as Pete Lindstrom and groups like securitymetrics have done a great job creating awareness of the need for security metrics. In fact, nearly a thousand security metrics can be found in the book Complete Guide to Security and Privacy Metrics for those who are metrics obsessed. Read full story Related News: Feds plot massive Internet routing security upgrade The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications. 4 open source BGP tools The U.S. Department of Homeland Security is funding the following industry and academic groups involved in developing open source tools aimed at securing the Internet's Border Gateway Protocol-based (BGP) routing infrastructure. Podcast: Browser bug provides bait for phishing attacks Researchers at security vendor Trusteer this week discovered a browser bug that could make it easier for criminals to steal online banking credentials via a new type of attack called "in-session phishing." Amit Klein, chief technology officer at Trusteer, shares how it works and how to prevent such attacks. (14:17) Cisco IronPort flaw could expose contents of secure e-mails Cisco released two security advisories: one announcing two vulnerabilities in its IronPort PXE Encryption product that could expose contents of secure e-mail messages, and the other referring to a TCP vulnerability affecting its ONS 15xxx edge optical platforms. Security prognostications are too easy Stiennon: It is never satisfying being the Nostradamus of security. No matter how many warnings you give through your writing, presentations, and conversations you will always be in a position to say “I told you so” because security is not enabled until after the fact. Encryption programs open to kernel hack Many popular Windows encryption programs that hide files inside mounted volumes could be fatally compromised by a new type of attack uncovered by a German researcher. Giving in to malwareGibbs thought he'd fixed his problem with malware on a Windows XP system, but as it turns out, he just made the malware work better. Here's the sad tale. Can Mozilla Prove Firefox Is the Most Secure Browser A little over a year ago, I challenged some of the security claims asserted by Mozilla that Firefox "won't harbor nearly as many security flaws as those that have Microsoft's Internet Explorer" with an Internet Explorer and Firefox Vulnerability Analysis. Of course, the publication of my report was quickly followed by a vigorous rebuttal from Mozilla's Mike Shaver (please do read it, so you have his viewpoint). Stop data leaks Yes, you can keep sensitive data from leaving your organization. Our revamped Product Guide tells you what you need to know, including 5 questions to ask data-leak protection vendors before buying. January giveaways from Cisco Subnet and Microsoft Subnet Up for grabs: Two Cisco training courses from Skyline-ATS worth up to $6,990, a Microsoft training course from New Horizons worth up to $2,500, 15 copies each of the hot book titles Microsoft SQL Server 2008 Management and Administration, IPv6 Security and Chained Exploits: Advanced Hacking Attacks. Get all the entry details here. IT Outlook '09 In-depth analysis of the latest enterprise strategies, start-ups to watch, people to know, and more. 9 hot technologies for '09 Our annual rundown, plus a tip or two about how to approach each hot technology. Sponsored by Oracle Successfully Manage a Secure Database. Database professionals are invited to join this Oracle Live Webcast on Thursday, February 5 at 2:00 p.m. ET/11:00 a.m. PT. Gain a better understanding of database security and how to more strategically work with security administrators. Don't miss out. Register for this live webcast now Effectively Managing Change. Find the right network/system management platforms that leverage the latest IT technologies in this Executive Guide, "The New Network/System Management Challenges." Get a handle on server sprawl, managing 802.11n wireless LANs, and data center automation tool integration. Confidently deploy innovative technologies that drive efficiencies today. Download this Executive Guide now. Executive Guide: Green IT Download this Network World Executive Guide, "Going Green: Trends, tips and case studies," for timely, real-world advice. By adopting an effective green approach to IT you'll save your company money and even bolster company profits. Find out how to make it happen today.   01/16/09 Today's most-read stories: The presidential portrait goes digital Why Windows 7 will never kill off Linux Who is Apple's stand-in CEO Tim Cook? Why Windows 7 will crush Linux FAQ: What's in store for Nortel Worm infects 1.1M Windows PCs in 24 hours Nortel bankruptcy filings are last-ditch effort Microsoft/Nortel relationship again under microscope Apple's Steve Jobs takes leave of absence Palm Pre vs. Apple iPhone: How they stack up The Evolution of Network Security Zero in on the hottest security technologies you need to know about in this Executive Guide. Better protect your IT environment with NAC, data leakage prevention controls and auditing tools. Learn more. Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com