IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // March 10, 2008, 9:30 AM PST

    Use PuTTY as a secure proxy on Windows

    Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY -- probably the single most popular SSH client available for Microsoft's operating system platforms (and also available in the software management systems of many free UNIX/Linux systems).


  • Paul Mah // March 12, 2008, 3:15 AM PST

    Secure your data on the go

    To secure your data on the go, you might want to take a look at the IronKey USB flash drive.


  • Mike Mullins // March 12, 2008, 11:54 PM PST

    Disable NetBIOS and SMB to protect public Web servers

    As the connection between your internal network and the rest of the world, public Web servers always deserve an extra measure of protection. Find out one way to lock down these servers.


  • Chad Perrin // March 13, 2008, 8:03 AM PST

    Ensure basic Web site security with this checklist

    While I normally advocate a principles-based approach to maintaining system security, and deplore the typical "best practices" checklist approach, that does not mean that security checklists are without value. Employing a security procedures checklist is only the first step toward securing a resource, a means of aiding your memory before you apply your critical thinking skills and imagination to the problem of improving on the checklist in each individual case. Sometimes, a checklist can be useful in affecting workplace security policies as well.


  • Paul Mah // March 15, 2008, 5:39 PM PST

    Security news roundup: Backdoor found in Cisco's IPM, Mifare Classic RFID cracked

    Here’s a collection of recent security vulnerabilities and alerts, which covers patches for multiple products from Adobe, a backdoor discovered in Cisco's IPM, an IFRAME exploit that showed up at Trend Micro's Web site, and news that the Mifare Classic RFID has been cracked.


  • Chad Perrin // March 18, 2008, 5:47 AM PST

    What is cross-site scripting?

    Cross-site scripting, also known as "XSS", is a class of security exploit that has gotten a fair bit of attention in the last few years. Many users, and even Web developers, aren't entirely clear on what the term means, however. I'll explain cross-site scripting for you, so you will know where the dangers lie.


  • Chad Perrin // March 22, 2008, 7:04 AM PST

    The Big Brother Awards

    In Montreal, Canada, at the Computers, Freedom, and Privacy conference in May 2007, Privacy International presented the first International Big Brother Awards. The "winners" of the Big Brother Awards are, in the words of Privacy International, "the government and private sector organisations which have done the most to threaten personal privacy". Read on to find out who Privacy International dubbed the world's worst invaders of privacy in each of five categories.


  • Paul Mah // March 23, 2008, 4:59 PM PST

    Security news roundup: Spybot Search & Destroy scans for rootkits, multiple patches from Apple

    Here’s a collection of recent security vulnerabilities and alerts, which covers news that Spybot Search & Destroy now comes with the ability to detect rootkits, a re-release of a patch that affects Microsoft Office Excel 2003 SP2 and SP3, a slew of patches from Apple, and a warning from Microsoft that Word is a possible vector of a new vulnerability.


  • Chad Perrin // March 24, 2008, 8:55 AM PST

    Using GnuPG encryption tools with Gpg4win

    Last month, I wrote about using GnuPG on Unix and Linux systems. You can get OpenPGP functionality on your Microsoft Windows system with GnuPG as well, and I aim to explain how.


  • Chad Perrin // March 26, 2008, 4:33 AM PST

    The importance of being encrypted

    People often complain that using encryption in email is too much work. Sometimes, it can be fraught with difficulty for the encryption novice. Managing public and private keys can be confusing at first, and getting someone at the other end to use encryption as well can sometimes be a challenge. Worse yet, it can be difficult to maintain an encryption key "identity" properly once you've gotten everything set up -- as things stand, good encryption practice is not a "fire-and-forget" proposition where you can just go through the hassle of setup once and be done with it. I can understand the desire to forget about it, and just ignore good encryption practice altogether. There's just one problem with that attitude.


  • Paul Mah // March 27, 2008, 4:40 AM PST

    The Firewire hole

    A while back, I wrote about how the humble USB port could be a possible vector for social engineering attacks. Today, I want to talk about the IEE-1394 Firewire which contains a vulnerability that is far more dangerous than the fallibility posed by the USB port.


  • Chad Perrin // March 28, 2008, 7:40 AM PST

    Security 101, Remedial Edition: Obscurity is not security

    Chad Perrin reinforces his argument that obscurity is not security by defending open source security solutions against claims that it is inherently more vulnerable.


  • Paul Mah // March 30, 2008, 4:59 PM PST

    Security news roundup: 911 hacker gets three years, Ubuntu Linux stays untouched

    Here’s a collection of recent security vulnerabilities, alerts and news, which covers a 911 hacker being sentenced to 3 years jail, an RTSP vulnerability that affects current versions of MPlayer and VLC media players, Cisco having its first patch day, and news that Ubuntu Linux remained untouched at the conclusion of the latest "PWN TO OWN" contest.


  • Tom Olzak // July 13, 2008, 9:00 PM PST

    Security Tools: Sun's VirtualBox

    Using Sun Microsystems' VirtualBox, Linux security tools and threat testing can be executed on a Windows platform. And the cost is right. VirtualBox is an open-source solution.


  • Chad Perrin // July 13, 2008, 10:19 AM PST

    The reason I talk about security

    Security isn't just for professionals any longer -- it's important for everyone to maintain a basic level of security awareness. Find out why.