IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Tom Olzak // October 7, 2008, 9:00 PM PST

    Security training: Delivering the message

    Tom Olzak finishes up a series on security awareness training for users. Once you understand awareness and training outcomes, proper delivery is key to reaching them.


  • Paul Mah // October 3, 2008, 4:59 PM PST

    Security news roundup: Newly discovered bugs has potential to crash Internet systems

    This week's security events include news of WinZip opening a security hole in Windows 2000 systems, hackers leveraging Google Trends to more efficiently socially engineer users, a new bill offering more protection against unsubstantiated border searches of laptops and electronic devices, and a bag of newly discovered bugs that has the potential to crash Internet systems.


  • Chad Perrin // October 7, 2008, 4:19 AM PST

    What to do about RFID chips in your wallet

    Have you wondered about the security implications of RFID chips in your driver's license, credit cards, and passport? The growing prevalence of RFID transponders in these items, and others, can raise security concerns. You should know what issues arise, and what you can do about them.


  • Tom Olzak // October 12, 2008, 9:00 PM PST

    FACTA "Red Flags Rule": Concern for security managers?

    A new security compliance deadline arrives on November 1, 2008. If your organization is one of the covered entities, there are Red Flag rules concerning PII that you need to know about. Tom Olzak covers the basics of FACTA (U.S. Fair and Accurate Credit Transaction Act of 2003) for security managers.


  • Chad Perrin // October 9, 2008, 4:26 AM PST

    How closed policies hurt security development

    Development policies designed to keep the competition out can actually prove counterproductive. Don't make the same mistake the US government made in the 1990s with information security technologies.


  • Tom Olzak // October 14, 2008, 9:00 PM PST

    Use a security controls matrix to justify controls and reduce costs

    A controls matrix exercise is a good way to step back and make sense of what you've done over the past three or four years, strengthening the security controls foundation before moving forward.


  • Tom Olzak // October 19, 2008, 9:00 PM PST

    Video surveillance: Four ways to protect privacy and achieve business outcomes

    Video surveillance is easy to deploy. An increasing number of employers are exploring implementation of inexpensive video systems to protect employees and the business. Before writing the check, however, there are several regulatory and employee relation safeguards to consider.


  • Chad Perrin // October 14, 2008, 11:03 AM PST

    TSA Communication may get your bag searched

    Evan Roth's T.S.A. Communication project is described as art, and is funny at times. It may also be a problem.


  • Paul Mah // October 15, 2008, 4:59 PM PST

    Security News Roundup: Start-up launches virtual firewall

    This week's security events include news of Symantec acquiring MessageLabs, a bumper edition of patches from Microsoft on Patch Tuesday, critical flaws found in ARCserve Backup, and a start-up launching a new virtual firewall.


  • Chad Perrin // October 16, 2008, 1:15 PM PST

    12 security suites tested and 12 security suites fail

    Chad Perrin warns users and admins against the lure of one-size-fits-all security suites and offers advice on building an effective defense of your network.


  • Chad Perrin // October 21, 2008, 11:35 AM PST

    5 characteristics of security policy I can trust

    Obviously, you should consider security when selecting software. Part of that security depends on the security policies of both the developers of the software and the distributors.


  • Tom Olzak // October 22, 2008, 7:56 AM PST

    Four ways to measure data exploitability

    Understanding how exploitable your data is and how easy it is to get to for nefarious purposes, is an important part of assessing risk due to unpatched vulnerabilities.


  • Chad Perrin // October 23, 2008, 6:49 AM PST

    Wim van Eck's legacy

    In 1985, Dutch computer researcher Wim van Eck authored a paper on EMR eavesdropping effective against CRT monitors. What are the implications for computer security?


  • Paul Mah // October 23, 2008, 4:59 PM PST

    Security News Roundup: Researchers successfully eavesdrop on wired keyboards

    This week's security events include news of an out-of-band update by Microsoft for a new critical flaw in Windows, experts predicting that the botnet scourge will reach mobile devices as early as next year, a serious vulnerability in the RealVNC client, and how researchers successfully eavesdropped on wired keyboards.


  • Tom Olzak // October 24, 2008, 9:12 PM PST

    Social engineering or Microsoft marketing research?

    I don't expect my largest operating system and general information processing product vendor to call asking the same questions I'd expect during a social engineering phone call, even if ostensibly conducting a phone survey. But thats exactly what happened recently.