informa
/
10 MIN READ
Commentary

Ultrafast 802.11n Wi-Fi Routers Reviewed

If you're a Web merchant, you are (or had better be) familiar with the Payment Card Industry Data

CMP Information Week
InformationWeek Daily - Monday, Feb 11, 2008


Editor's Note

PCI Web Application Security Deadline Looms

If you're a Web merchant, you are (or had better be) familiar with the Payment Card Industry Data Security Standard, or PCI DSS. What you may not know is that this June some new rules apply.

Because of the growing risks surrounding Web applications, the PCI Data Security Council -- founded by Visa, MasterCard, Discover, American Express, and JCB Cards -- will be enforcing stricter rules when it comes to Web app security.

To their credit, they're mandating that merchants protect Web applications by either Web application firewalls (which aim to protect these apps from exploitation) or have Web applications evaluated by security experts.

The best way to avoid security worries is to develop secure software from the jump. While that's easier said than done, a good tool in your arsenal is a Web application vulnerability scanner that will help you to find and fix flaws during production of your applications.

Be warned: These products aren't perfect, and don't replace eyes skilled at the art of bug finding. But develop Web code without one (or two) at your own risk.

Here are a few pointers to consider when choosing a Web application security scanner:

Relentless, automated bug finder: Any Web application vulnerability scanner you choose needs to be able to find the broad range of Web application vulnerabilities. These include problems such as unvalidated inputs, cracked access controls, cross-site scripting flaws, buffer overflows, and such.

Act like a user: Any scanner you choose should be smart enough to be able to mimic some the actions of a user. It's tough for developers to predict all of the silly things that users will do with their applications. Developers get caught up in how they think users should use the applications. But as any good hacker knows, the fun (and danger) lurks in trying to bend applications in unexpected directions. So let your Web application scanner login and rip through the (hopefully) preproduction version. You could be amazed at what it finds, and the vulnerabilities it finds after the logon.

Web application security is complex, even for experienced developers. This Rolling Review, Strategic Security: Web Applications Scanners, is an excellent place to start.

Read the rest of my blog post and tell me how you are preparing for the new PCI DSS rules.

George Hulme
[email protected]
www.informationweek.com

Quote of The Day

"There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction." -- John F. Kennedy

Top Stories

Review: 6 Ultrafast 802.11n Wi-Fi Routers
Here's a look at 802.11n routers from Apple, Belkin, Buffalo, D-Link, Linksys, and Netgear. Read on to find out which device is your best choice.

White Paper

Ford Adds RFID To F-150

Using an on-dash, touch-screen computer that displays information about what equipment is in the truck, drivers can ensure they leave for job sites with the correct tools.

TSA Blog Draws Hundreds Of Comments, Prompts A Change

The Transportation Security Administration's Evolution of Security blog drew more than 700 comments on the first day.

Dell Stops Selling Most AMD-Based Consumer PCs Online

Dell will continue to sell AMD-based consumer PCs over the phone and through retailers such as Best Buy, Staples, and Wal-Mart.

Virtual Iron Shows Investors Flocking To Virtualization Plays

As its fifth round of funding rolls in, the company presents itself as more industry standards compliant and less of a proprietary company than VMware.

Timbaland To Release First Mobile Album On V-Cast

The artist widely known for hits like "Apologize" and "The Way I Are" will become Verizon Wireless' first Mobile Producer in Residence.

Year Of The Rat Could Be Mousy For Mobile Handset Makers

A U.S. recession could send the global mobile handset business into the first year-over-year decline in unit sales since the 2001 tech bubble crashed.

TrueSpace Maker Caligari Acquired By Microsoft, CEO Says

The company's 3-D imaging technology is expected to be used to bolster Microsoft's Virtual Earth project.

Mozilla Issues Firefox 2.0.0.12 Security Update

The update addresses 10 security advisories, three of which Mozilla classifies as critical.

Tech Companies To Get Some Help From Stimulus Plan

CompTIA estimates the bill will give laborers newer IT tools with which to be more productive and average Americans cash to purchase IT.

Yahoo Launches Live Video Service

The experiment reflects a strategy of building and launching services quickly, and responding to the immediate market feedback.

Microsoft OOXML File Format Faces EU Probe

Microsoft is hoping to position OOXML as an alternative to the Open Document Format, which has already received ISO approval.

Gemalto, LG Partner To Build Advanced Mobile Phone

The phones, available later this year, will have a Web server embedded in a SIM card, which is accessed through a phone's browser.

All Our Latest News

On The Go

See InformationWeek's daily breaking news on your mobile device, visit wap.informationweek.com and sign up for daily SMS notifications.

In This Issue


Community

Is The Internet Getting More Dangerous?
Security researchers are identifying new families of threats with cute names like "adspoits" and "snookies." Meanwhile, the old threats like viruses and phishing are as deadly as ever. Is the Internet getting to be more dangerous? Or has it always been bad, and we just need to tighten our firewalls, pull up our socks, and quit being a bunch of crybabies? Join the discussion at the InformationWeek Forums

InformationWeek Live Looks At Location-Based Services
Join us 3 pm Eastern time on Tuesday for a live audio Q&A to talk about how GPS and other location-based services are transforming business. Applications include users receiving customized weather reports, logistics companies tracking the locations of their trucks, and consumers checking on the status of their pizza deliveries. Join our host, Mitch Wagner, executive editor of InformationWeek, and guests Marianne Kolbasuk McGee, senior writer, and Stephen Wellman, editor & analyst of business mobility for InformationWeek.

The latest research, polls, and tools

Virtualization At The Desktop?
Examine how more than 250 companies plan to adopt server virtualization technology in this recent InformationWeek Research report, Server Virtualization.

The BI Explosion
Examine the business intelligence strategies of 500 companies, including deployment drivers and challenges, spending plans, and vendor selection, in this recent InformationWeek Research report.

Latest InformationWeek Blog Posts

Playing The Devil's Advocate About Microhoo
Daring Fireball's John Gruber says his gut feeling is that the Microsoft-Yahoo deal would be a disaster, but he notes that it could work out to be a triumph for Microsoft -- but only if Microsoft acts in a very, very un-Microsoftian way.

Mac Tip: Use The Keyboard To Access Menu Selections
Here's a nifty workaround for accessing menu items in Mac applications without taking your fingers off the keyboard. The Unofficial Apple Weblog:

Reports: Apple Sets Date For Launching iPhone SDK, Third-Party Apps
A couple of the more reliable Apple blogs are reporting that they're getting solid tips that Apple has scheduled an event for Feb. 26, where it will launch the software developer kit for the iPhone and iPod Touch, and applications including Exchange and Lotus Notes support.

Yahoo To Answer Microsoft Today? Google Waits With Bated Breath
TechCrunch is citing sources that say Yahoo is prepared to answer Microsoft's takeover bid as early as today. It seems the board of directors at Yahoo were setting up a meeting for today. That meeting could decide the future and the shape of the Internet for years to come. What will Yahoo do, and what will Google's response be?

The Power Plant In Your Pants
Scientists have developed a knee brace that captures energy from a moving knee, much like regenerative braking charges a battery in a Toyota Prius.

PCI Web Application Security Deadline Looms
If you're a Web merchant, you're (or had better be) familiar with the Payment Card Industry Data Security Standard, or PCI DSS. What you may not know is that this June some new rules apply.

PortableApps.com, February Edition
It's been a while since I checked in to see what's new in the free and open source world of PortableApps.com.  To my delight, I found quite a bit that's both new and updated -- and if you haven't checked in with the folks at PA before, you're likely to be delighted, too.

An Obscure Concern
I'm attending a symposium on Fair Use at Columbia Law today. Here's a 'rights' angle to consider for VMs while I listen to eight hours of lawyer-talk.

Nokia N96 Multimedia Computer Spotted On German Nokia Site
Someone messed up. Numerous blogs found pictures and specifications of Nokia's next darling superphone, the N96, spiritual successor of the N95, on Nokia's own German site. This phone has not been officially announced. Much of the information has since been pulled, but not before we were able to get a really good idea of what the N96 will feature.

Report: Consumers Starting To Adopt More Advanced Phones
Last summer Over The Air reported that the vast majority of Americans get the free or el-cheap-o phone when they upgrade. Turns out the tide is changing. The word has gotten out that cell phones do more than call home to get the grocery list or gossip about you-know-who. You'll never guess which two advanced-phone makers are the winners here.

White Paper

NAC Best Practices: Three Simple Steps to Deploy Network Access Control
You need network access control (NAC)—not just to ensure compliance of systems known to IT—but also to exclude unauthorized computers. Having an enterprise-level strategy for security compliance and access control is essential to protecting your organization from a broad spectrum of potential threats.

Breaking the Bottleneck - Solving the Storage Challenges of Next Generation Data
This paper takes a holistic view of the data center, discusses each of these components individually, and explains how the crucial element of Storage has lagged behind advancements in Compute Power and the Network.

Data Center Transformation
This white paper presented a disciplined approach to BOCA projects consisting of five phases: assess, plan, build, stabilize, and optimize.

Job Listings

Featured Jobs:

Mentor Graphics seeking Technical Marketing Engineer - DFM in San Jose, CA

Verizon seeking Fiber Network Technician in Freehold, NJ

Miami-Dade County seeking PeopleSoft Systems Administrator in Miami, FL

Allen Partners seeking Program Manager in Seattle, WA

Fulcrum Microsystems seeking Networking Software Engineer in Calabasas, CA

For more great jobs, career-related news, features and services, please visit our "Career Center.

Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.

Manage Your Newsletter Subscription

More than 20,000 IT terms, more than 20,000 definitions:
All at your fingertips, all in TechEncyclopedia

Saw a TechWeb feature you want to see again?

You are subscribed as #emailaddr#. To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Update your subscriber profile.

TechWeb Marketplace

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: [email protected]

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks. We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2008 CMP Media LLC

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing