The massive bot-enabled DDoS attacks that crippled Estonian government and business websites after officials moved a Russian World War II monument begged the question stateside: Can a similar cyber-event occur in America?

If you felt the floor shake after the feds helped indict the owners of e-gold on money laundering charges, it might be attributable to an underground fraudster community in panic mode.

As the hacker community's penchant grows for exploiting easy-to-discover web application vulnerabilities, the SANS Institute is leading a charge to educate software programmers before they hit the workforce.

Ever the champion of privacy rights online, the Electronic Frontier Foundation (EFF) announced late in 2006 that it was picking up the banner of yet another long-time privacy cause, anonymous web browsing. The support comes in the form of funding for the development of Tor, an open source technology designed to give users another option for anonymously connecting through applications that use the TCP protocol.

The IT security pros who declared victory over spam surely are eating their words now that mass waves of unsolicited email have returned to inboxes.

Now that security pros are comfortable with Microsoft's monthly patching cycle, so too are the malware writers. The bad guys have learned that by putting out zero-day exploits close to Patch Tuesday, Microsoft cannot respond until the following month.

The swearing in of the 110th Congress this month marks the end of an era for IT security-related legislation, as both authors of the Sarbanes-Oxley Act of 2002 (SOX) will have retired to the private sector.

The new amendments to the Federal Rules of Civil Procedure, which took effect Dec. 1, govern the role of electronic discovery in cases of civil litigation.

What happens when criminals looking to obtain others' personal information use a gumshoe's tools of the trade for their dirty work?

Malware writers have set up shop in one of the world's most heavily trafficked domains, myspace.com. There, they employ social engineering and cross-site scripting [XSS] attacks to exploit known vulnerabilities.