IT Security
Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.
-
How safe are online password managers?
People who use online password managers have a lot riding on the application's integrity. What are the chances of others gaining access to the stored passwords?
-
Are we heading for a 'cryptopocalypse'?
Patrick Lambert considers the current state of cryptography. Is it doomed to become obsolete as technology advances?
-
Researchers reverse-engineer the Dropbox client: What it means
There were doubts about being able to reverse engineer heavily-obfuscated applications written in Python. Two researchers have removed all doubt by reverse engineering the immensely popular Dropbox client.
-
A bridge too far: Assessing the current state of application security
A recent report finds that applying security procedures to application development is severely lacking in many organizations.
-
Is metadata collected by the government a threat to your privacy?
Seemingly unobtrusive digital bytes known as metadata have been vaulted to the tech media limelight. What is metadata, and why all of a sudden is it so interesting to so many?
-
Resources for aspiring IT security pros
Are you contemplating in career in IT security? There are some basic resources to help you decide if it's right for you.
-
Breach Detection Systems take aim at targeted persistent attacks
You've just been told to get a Breach Detection System in place. Where do you start? How about a buyer's guide created by an independent test facility?
-
Freedom Hosting and 'torsploit': Troubles on the Onion router
The arrest of the Freedom Hosting CEO has set in motion a crisis for TOR and unleashed a java exploit designed to expose Freedom Hosting users.
-
Corporate espionage or fearmongering? The facts about hardware-level backdoors
Spying accusations against Chinese companies like Huawei have resulted in bans by US, UK, and Australian government agencies. Is there any technical merit to these charges?
-
New strain of ransomware evades detection by AV apps
Learn about a new type of ransomware that has the potential to snare many victims - and it's not even malware.
-
RiskRater: An IT-security test that no one fails
Three minutes. That's it. Take the RiskRater challenge. You could save yourself, your fellow employees, and family members from a costly Internet oops.
-
Worst IT fail ever? US agency spends millions in useless security
A branch of the U.S. Commerce Department recently trashed perfectly good computers and wasted millions on a bogus malware infection. How did this happen?
-
Why security metrics aren't helping prevent data loss
Security metrics are supposedly a way for upper management and IT departments to converse intelligently about in-house security programs. Why aren't the metrics working?
-
The emergence of enterprise risk compliance
At the intersection of IT compliance and risk, new solutions are helping security professionals to prioritize where limited resources need to be directed.
-
Android's very real 'Master Key' vulnerability
Android Master Key cryptography ensures applications are not tampered with. Michael P. Kassner interviews researchers who say the crypto process is severely flawed.
-
DDoS attack methods and how to prevent or mitigate them
Patrick Lambert covers the various methods attackers use to launch distributed denial of service attacks, and the precautions you can take to prevent or at least, mitigate these types of events.
-
DropSmack: Using Dropbox to steal files and deliver malware
Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks -- something the bad guys probably figured out as well.
-
How safe are online password managers?
People who use online password managers have a lot riding on the application's integrity. What are the chances of others gaining access to the stored passwords?
-
BoxCryptor vs. DropSmack: The battle to secure Dropbox
Can DropSmack malware be stopped? Michael P. Kassner asks the creators of BoxCryptor if it is up to the task of securing the Dropbox file-synchronization service.
-
Everything you need to know about using TOR
TOR's anonymizing and encrypting features make it a very useful tool for privacy. Here's a quick look at the basics.
-
Hacker vs. cracker
The word "hacker" gets used in a pejorative sense by journalists an awful lot. Some people think this is perfectly reasonable; others find it offensive, and recommend an alternative term for that meaning. Read on to find out why.
-
Use PuTTY as a secure proxy on Windows
Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY -- probably the single most popular SSH client available for Microsoft's operating system platforms (and also available in the software management systems of many free UNIX/Linux systems).
-
The CIA Triad
The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security. Read on for an introduction to the CIA Triad's strengths and weaknesses.
-
Ask potential cloud vendors these 10 security questions
Dominic Vogel offers his list of ten questions you should be asking cloud vendors about their security practices. Make sure you get the proof to back up their claims.
-
What makes cybercrime laws so difficult to enforce
Deb Shinder discusses both the difficulty of enforcing cybercrime laws and of tracking down cybercriminals in the first place.
-
Locating cell-phone owners the non-GPS way
Using GPS, a cell phone can be located within a few feet. So why are researchers concerned about locating a cell phone by its association with a specific cell tower?
-
Understanding layered security and defense in depth
What are "layered security" and "defense in depth" and how can they be employed to better protect your IT resources? Understanding these strategies and how they can be used to improve your own security is important for any system or network administrator.
-
Lock down Cisco switch port security
One way to boost network security is to use Cisco's Port Security feature to lock down switch ports. Learn the basics of port security, and find out how to configure this feature.
-
The FBI locked your computer? Watch out for new spins on ransomware
The FBI locks your computer. Can they do that? Or is it fake? How does one know? Michael Kassner asks an expert for help with the latest forms of ransomware.