Campus exploit Hackers exploited an unpatched flaw and a disabled firewall to infiltrate a server at the University of Colorado, Boulder, compromising the personal information of nearly 45,000 students. Attackers exploited a flaw in Symantecs Norton AntiVirus to launch a worm into the server of the College of Arts and Sciences Academic Advising Center, making off with student info.

Just a week after taking home the Rookie Security Company of the Year prize at the 2007 SC Magazine Awards Gala, The 41st Parameter landed an unexpected meeting with an industry heavyweight. Ori Eisen, founder and chief innovation officer at the Scottsdale, Ariz.-based anti-fraud firm, says executives from Oracle who attended the annual awards ceremony were impressed with The 41st Parameter and wanted to learn more about the company after seeing it win.

In the future, we will have bug-free software, computing will make paper redundant, networks will be self-defending and soon, very soon, we will have solved the spam problem.

Years ago, a friend's e-commerce company took a major hit when customer credit card information was stolen from the company database. Everyone initially assumed it was a network security breach — someone had hacked into the database and stolen the numbers. In fact, when the dust settled it was a far simpler heist — a former employee had walked into the server room and lifted the server.

Here is a roundup of the latest IT security news included in April's SC Magazine:

The heyday of massive salaries, extravagant raises and unrestrained bonuses that this industry experienced at the start of the 21st century has long since passed by the information security professional.

Another buySymantec announced its intention to acquire enterprise management software provider Altiris in an $830 million deal. The purchase, intended to better Symantec's standing in the endpoint-management market, came as Symantec representatives said that endpoint security and management markets were converging.

The breakdown of the 3,000 workstations at online advertising firm aQuantive — 80 percent PCs, 20 percent Macs, almost entirely laptops — is no longer uncommon in todays highly mobile world, where non-Windows platforms are gaining momentum in the enterprise.

Now that security pros are comfortable with Microsoft's monthly patching cycle, so too are the malware writers. The bad guys have learned that by putting out zero-day exploits close to Patch Tuesday, Microsoft cannot respond until the following month.

There are many different names for the second Tuesday of every month: Patch Tuesday, Super Tuesday, Black Tuesday — and maybe even some other unsavory nicknames not suitable for print. This day, when Microsoft rolls out security updates, is the fulcrum around which most organizations' whole patch management cycles revolve. But just as there are different nicknames for the day, there are also differing opinions about how it should be handled and how quickly organizations should respond with changes.