IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // November 20, 2008, 1:28 PM PST

    The safest way to sanitize input: avoid having to do it at all

    Sanitizing user input is a critical part of secure software development, but software can be made more secure by avoiding having to sanitize input altogether.


  • Chad Perrin // November 18, 2008, 5:29 AM PST

    No such thing as effective license enforcement

    License security is not the same as software security. In fact, sometimes they are at odds with one another.


  • Chad Perrin // November 13, 2008, 2:33 AM PST

    Microsoft finally catches the eight year bug

    Microsoft released a patch this week for a critical vulnerability. The catch: this vulnerability has been known since 2000, and it's a bug in a service active on almost every MS Windows system in the world. How safe do you feel?


  • Tom Olzak // November 11, 2008, 8:00 PM PST

    How do new private browsing capabilities affect forensics?

    Chrome has it. IE8 and Firefox 3.1 have it. So what does it mean to forensics investigators? I'm talking about private browsing--the ability to visit sites, conduct research, or participate in illegal/unethical activities without leaving tell-tale signs behind.


  • Paul Mah // November 17, 2008, 1:55 AM PST

    Simple hardware approaches to secure laptops

    Users are increasingly buying laptops and netbooks, attracted by their portability and low prices. The inevitable result is more employees bringing personal laptops into the office, where they are used to access and store corporate data. Here are some ways to mitigate the risks of data breaches.


  • Tom Olzak // November 16, 2008, 8:00 PM PST

    DNS resource record integrity is still a big, big problem

    The need to secure DNS has never been greater. Attacks against DNS cache integrity, including entire zone references, are an easy way for criminals to redirect your unsuspecting users to malicious sites. Current controls are still lacking.


  • Chad Perrin // November 11, 2008, 2:45 AM PST

    More email security tips

    Email security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of email security is ensuring you don't shoot yourself in the foot.


  • Tom Olzak // November 9, 2008, 8:00 PM PST

    Prevent your employees from "going rogue"

    There is often a personal crisis trigger that causes an already borderline employee to cross the border. Would intervention prevent information compromise or system loss? Can an employee be helped in a way which prevents an incident?


  • Paul Mah // November 9, 2008, 3:59 PM PST

    Security News Roundup: Security researchers to demonstrate WPA packet injection

    This week's security events include news that there will be just two updates for Microsoft's Patch Tuesday this month, the appearance of an exploit for Adobe Reader spotted in- the-wild, Adobe releasing an update to resolve a ColdFusion vulnerability, and news that security researchers will demonstrate WPA packet injection for the first time.


  • Chad Perrin // November 6, 2008, 2:09 AM PST

    Security, complexity, and the GUI environment

    As our computing environments grow more sophisticated, security suffers. It may be time to simplify, starting with the GUI environment.


  • Tom Olzak // November 4, 2008, 8:00 PM PST

    Keys successfully reproduced using digital images

    How secure are key locks? Is a single locked door considered reasonable and appropriate security? Based on current research, the answer to the first question is increasingly negative. The answer to the second has always been in question.


  • Sam Diaz // July 21, 2009, 2:49 AM PST

    Report: Americans dumber than a box of rocks about spam

    When it comes to spam, we Americans are quick to point our fingers at Russia, China and eastern Europe as the regions responsible for the bulk of it. But a new report issued today found that Americans are largely to blame - not because we create it, but because we're too stupid to recognize that we're spreading it.


  • Michael Kassner // July 20, 2009, 7:51 AM PST

    IPv6: Oops, it's on by default

    Do you know whether your computers are actively using IPv6 or not? Better check, as the bad guys probably already know. Michael Kassner explains how that might be exploited.


  • Chad Perrin // July 16, 2009, 3:46 PM PST

    How anti-sec is Anti-sec?

    Some person or organization, calling itself "Anti-sec", is waging war on full disclosure. What exactly does all this mean?


  • Michael Kassner // July 13, 2009, 6:27 AM PST

    Cybersecurity: It's our problem

    Two law professors want a paradigm shift in how we approach cybersecurity. Michael Kassner discusses this new theory and wants to know what you think about it.