IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // May 14, 2008, 6:03 AM PST

    The "insecure memory" FAQ

    The problem of "insecure memory" is little-known and pervasive. Read on to find out what "insecure memory" means, and how it affects you. I even intentionally changed settings on a (secured) machine to use "insecure" memory just to show you how such a message might look. See the sacrifices I make for my readers?

    0

  • Chad Perrin // May 20, 2008, 4:49 AM PST

    Detect and replace vulnerable SSH keys on Debian

    As many of my readers no doubt already know, Debian GNU/Linux recently had some cryptographic vulnerability problems. By far, the most common effect of this on users of Debian will be the existence of weak cryptographic keys for OpenSSH. If you have SSH keys generated by OpenSSH on Debian or a Debian-derived system such as Ubuntu since the introduction of the Etch release, you are at risk, and should probably generate new SSH keys.

    0

  • Chad Perrin // May 22, 2008, 8:42 AM PST

    Not Invented Here has no place in open source development

    Last week, many Debian users got something of a shock when they realized that encryption keys for OpenSSH, OpenSSL, and OpenVPN have all been vulnerable to relatively easy compromise for a while. Previously, I discussed how you can detect and replace vulnerable SSH keys on Debian, and Vincent Danen explained another means to find and fix crypto key vulnerabilities that arose as a result of this snafu. So much for the technical matters -- read on for a quick overview of the rest of the story.

    0

  • Paul Mah // May 25, 2008, 2:34 PM PST

    Close to half of government laptops encrypted, 1.2 million more to go

    Over 800,000 licenses for encryption software have been purchased through the Data at Rest (DAR) Encryption program last year. The DAR program is run jointly by the General Services Administration and the Department of Defense.

    0

  • Chad Perrin // May 26, 2008, 6:16 AM PST

    Making encryption popular

    We've already discussed the importance of being encrypted. Now it's time to discuss the very real problem of encryption system adoption. How do we get people to actually use encryption?

    0

  • Chad Perrin // May 28, 2008, 3:50 AM PST

    Is PhoneFactor really better security?

    Chad Perrin explores the security solution, PhoneFactor, which favors a two-factor authentication process for accessing your online banking account. Is the extra inconvenience worth it for the security offered? How secure is a third-party solution from your bank?

    0

  • Chad Perrin // May 29, 2008, 10:37 PM PST

    Security alarmism helps the bad guys win

    Chad Perrin examines what passes for security in the "post-9/11 world" and finds it lacking, particularly as it affects users and cybercrime. Instead of security awareness, he sees security alarmism on the rise, and along with it, the threat of innocent people being persecuted and actual criminals slipping through the cracks.

    0

  • Chad Perrin // June 5, 2008, 5:52 AM PST

    Why you can't get management on board

    Chad Perrin breaks down the psychology of upper managers who are willing to take a gamble on security by refusing to allocate the funds needed to implement a strong security policy. What do you think of this reasoning? Is it irresponsibility or just human nature?

    0

  • Chad Perrin // June 6, 2008, 4:19 AM PST

    How should we handle security notifications?

    A team of researchers at Carnegie-Mellon University studied the statistical relationship between rates of identity fraud and laws that require customers to be notified when there's been a security breach. As a security professional, this should raise a question in your mind: What should breach notification laws achieve?

    0

  • Michael Kassner // May 30, 2009, 7:17 AM PST

    Prio: Task Manager on security steroids

    I normally don't review products, but Prio by O&K Software is a special case. I consider it to be an extremely useful security tool and I'd like to show you why.

    0

  • Chad Perrin // June 2, 2009, 3:51 PM PST

    Microsoft may be Firefox's worst vulnerability

    In a surprise move this year, Microsoft has decided to quietly install what amounts to a massive security vulnerability in Firefox without informing the user. Find out what Microsoft has to say about it, and how you can undo the damage.

    0

  • Michael Kassner // June 4, 2009, 6:35 AM PST

    ioSafe Solo: Could I interest you in a fire-proof hard drive

    ioSafe, well-known for creating disaster-proof equipment has developed a rather unique product that might be of interest to security-conscious individuals and SMB organizations.

    0

  • Chad Perrin // June 4, 2009, 11:27 AM PST

    Pentagon has bold plan for digital warfare

    Pentagon officials are making plans for a new cyberwarfare strategic command, but the plans still await final details and approval.

    0

  • Michael Kassner // June 8, 2009, 3:30 AM PST

    Defcon founder to advise the Department of Homeland Security

    In an interesting turn of events, Jeff Moss (aka, the hacker "Dark Tangent") was sworn in as a member of the Homeland Security Advisory Council.

    0

  • Chad Perrin // June 11, 2009, 8:16 AM PST

    The broken Windows fallacy

    The idea that malicious security crackers serve a greater good is an example of the broken window fallacy. Chad Perrin addresses the idea that the industry "needs" these miscreants for certain IT jobs to survive.

    0