Stories by Ellen Messmer

Established vendors and startups last week announced products and services for network intrusion-detection and outsourced security management.

HP today unveiled "Secure Boardroom," an online portal where the corporate CEO, CIO and risk officer can be presented with a view of technical and business information related to operational security.

If your company suffered a data breach, would you know what to do to comply with state, federal and local law? Start-up Co3 Systems is offering a software-as-a-service (SaaS) application to tackle that unhappy task, tracking how a corporate data-loss incident is handled.

What's hot at VMworld this year.

This past week in security news was highlighted by a hacking revelation out of China, bad news for banks, good news for Sony gaming customers and a curious email that might have been at the heart of the big RSA data breach.

Google's Android operating system is now the most-targeted mobile platform for malware, according to McAfee's latest threat report.

The federal government's National Strategy for Trusted Identities in Cyberspace (NSTIC) program, set up this spring, is making progress against its goal of identifying and supporting more secure alternatives to simple passwords that the government as well as anyone else might use in authenticating to online applications.

Heartland Payment Systems today unveiled a mobile-payment device for merchants called "Mobuyle" that works with any Android phone or tablet to handle customer card payments.

At the upcoming VMworld conference, VMware plans to highlight new data-loss prevention capabilities in an updated version of its virtual system security product, vShield.

McAfee today published a report that tells how it discovered evidence in a server on the Internet of stealthy intrusions, probably by an unnamed "nation-state," into 72 businesses and government agencies since 2006. The goal, says McAfee, is to steal massive amounts of confidential information.

The biggest business challenge today, in the minds of many information security officers, is the stealthy online infiltration by attackers to steal valuable proprietary information. The reality, they say, is that these so-called "advanced persistent threats" are so rampant and unrelenting they are forcing IT to rethink network security.

About 100,000 Web pages for e-commerce sites based on the open source OS Commerce software have been compromised with malware through a mass iFrame injection attack, according to security firm Armorize.

It's fairly simple to find corporate or consumer printers and scanners online and, without breaking into them, get a hold of documents that these devices recently processed.

Like cleaning the windows, IT security can be a thankless task because they only notice when you don't do it. But to get the job done in the era of virtualization, smartphones and cloud computing, you've got to avoid technical and political mistakes. In particular, here are five security mistakes to avoid:

Apple's website for Mac OS X, iPhone and iPad developers has a vulnerability that could lead to phishing attacks, according to a hacker group.