Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Social Responsibility's Strategic Benefits
December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)
Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.
Working With and Communicating to Your Board of Directors
January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)
CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.
IT's Role in Growing Mid-Market Companies
January 14, 4:00 PM - 5:00 PM ET (GMT-5)
Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
June 25, 2008 — IDG News Service —
Yahoo has fixed a vulnerability in its Web mail site that could allow a hacker to get access to a person's account.
The problem was in the way Yahoo's Web mail interacts with version 8.1.0.209 of its instant messaging (IM) desktop application, according to Web application security company Cenzic.
Cenzic notified Yahoo of the problem in May, and the company fixed it on June 13.
If a hacker using the IM application starts chatting with a victim who is using the IM function of Yahoo's Web e-mail, a new chat tab is opened in the victim's Web browser. The attacker can then manipulate his presence status message to send a malicious script via IM. That script would then be executed in the context of Yahoo's e-mail service on the person's PC.
The script can reveal the victim's session ID to the attacker, who can then get access to information stored in that account, Cenzic said.
Cenzic classified the vulnerability as a cross-site scripting flaw, where scripts or commands from one Web application that shouldn't run in another are successfully executed. Security experts contend that cross-site scripting vulnerabilities are rampant on Web sites, posing dangerous risks to Web users.
Once in control of the account, the hacker could send spam. Yahoo and other free e-mail providers such as Microsoft have seen increasing use of their services for spam.
That's in part because the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) security feature, which requires users to decode a jumble of distorted characters, has been increasingly defeated by machine-based processing.
The vulnerability would also allow access to a person's IM contacts. The hacker can then send instant messages purporting to be from a legitimate contact but with links leading to sites that try and exploit vulnerabilities in a person's Web browser or operating system.
Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.
This report shows the findings of a recent Proofpoint and Forrester Consulting study on e-mail security, data loss prevention, and includes statistics on electronic risks.
Learn how Proofpoint delivers a dedicated, hosted e-mail security solution that combines state-of-the-art anti-spam and virus control.
Learn about the key e-discovery challenges facing legal and IT departments today and how businesses can develop an e-mail archiving strategy to deal with e-discovery requests.
Download this paper to learn why e-mail encyrption is critical to an organization's overall security architecture and the advantages of identity-based encryption.
This whitepaper discusses the latest global regulations that impact the e-mail security policies and strategies of today's enterprises, universities and government organizations.
Unlock the Power of Device ID to Combat Online Fraud and Abuse
Operational Excellence Is Key to Maximizing IT Investments
The Business Case for Web Application Firewalls, by Ken Tyminski, former VP and CISO for the Prudential Insurance Company of America
Optimizing Infrastructure Control
File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
Configuration Assessment: Choosing the Right Solution
Constructing Partnerships That Work
Grassroots Data Governance with SAP MDM
Want to Improve your Global Organization's Agility? Leverage the Power of ECM
Protecting Sensitive and Confidential Information with Endpoint Security
Endpoint Security: Compliance at the Endpoint
Cash in on the promise of virtualization - without the management risks.
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Microsoft Releases Next Wave of Windows Live Services
Report: Former AOL CEO Miller Trying to Buy Yahoo
Sierra Wireless to Buy Wavecom
Zoho Releases SQL-Based Data-Access Service
Open-Source Developers Set Out Software Road Map for 2020
VMware Expands Desktop Virtualization Capabilities
IE Share Slips Under 70% as Firefox Surges Past 20%
Filing: SAP Co-CEO had Concerns About TomorrowNow Deal
Windows Market Share Drops Below 90% for First Time
Apple Quietly Recommends Using Antivirus Software
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
- CIO|
- Computerworld|
- CSO|
- DEMO|
- Game Pro|
- Games.net|
- IDG|
- IDG UK|
- IDG Connect|
- IDG Tech Network |
- IDG World Expo|
- Industry Standard|
- InfoWorld|
- ITworld|
- JavaWorld|
- LinuxWorld|
- MacUser|
- Macworld|
- Network World|
- PC World|
- Playlist|
- CIO UK|
- CIO Germany|
- CIO China|
- CIO Sweden|
- CIO Australia|
- Other CIO Sites
