IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Tom Olzak // October 7, 2008, 9:00 PM PST

    Security training: Delivering the message

    Tom Olzak finishes up a series on security awareness training for users. Once you understand awareness and training outcomes, proper delivery is key to reaching them.


  • Chad Perrin // October 7, 2008, 4:19 AM PST

    What to do about RFID chips in your wallet

    Have you wondered about the security implications of RFID chips in your driver's license, credit cards, and passport? The growing prevalence of RFID transponders in these items, and others, can raise security concerns. You should know what issues arise, and what you can do about them.


  • Tom Olzak // June 29, 2008, 11:00 PM PST

    Ethics vs. Whitewash

    Security doesn't happen by wishful thinking. It takes hard work, commitment, and management support. Doing the right thing isn't always easy, but we should expect it from those to whom we entrust our information.


  • Paul Mah // June 28, 2008, 3:53 PM PST

    Security news roundup: Hackers crack London Tube's Oyster Cards

    This week's security events include a vulnerability in the multicast filter of an unpatched Solaris 10 system, Trojans targeting the ARDAgent flaw in Mac OS X, hacks of the London Tube's Oyster Card, and an IT manager who got 63 months for causing massive data loss at his former employer.


  • Chad Perrin // June 27, 2008, 5:55 AM PST

    Knowing the superficial side of security is important, too

    Maybe you're a sole proprietor or a home computer user, answerable to nobody but yourself for security policy. If you have to answer to others, though, you need to know more than good security practice; you also need to know the good, bad, and ugly of industry best practices.


  • Tom Olzak // June 25, 2008, 5:28 AM PST

    Free security tools: Secunia Personal Software Inspector

    Making sure applications in new or existing endpoint system images are free from unpatched vulnerabilities is not an easy task. Secunia provides a free utility to help identify and quickly remediate out-of-date or EOL programs.


  • Tom Olzak // June 24, 2008, 3:48 AM PST

    Managing risk with After Action Reviews

    Responding to security incidents, whether they are malicious or accidental, requires a final step that many organizations neglect. An After Action Plan (AAR) helps to reduce the probability of a recurrence and improve response activities. Tom Olzak shows you how to execute a standard AAR.


  • Paul Mah // June 22, 2008, 7:39 PM PST

    Security news roundup: New vulnerability affects Firefox 3

    This week's security roundup includes a new vulnerability discovered in Firefox, Microsoft admitting to a mistake with a recent Bluetooth patch, the lack of any progress at cracking the Gpcode.ak ransomware, and the loss of NHS laptops that could expose the personal particulars of up to 30,000 patients.


  • Chad Perrin // June 19, 2008, 5:12 AM PST

    Vulnerability counting revisited: a hypothetical example

    Vulnerability counting is, in many cases, worse than useless as a means of quantifying the security of the software. I've made this point before, but this article tries a different approach to making it: demonstration by hypothetical example.


  • Paul Mah // August 22, 2008, 4:59 PM PST

    Security news roundup: The security risks of SSDs

    This week's security events include news that servers belonging to Fedora and Red Hat have been broken into, the release of Opera 9.52, a vulnerability in Tomcat which could result in arbitrary file access, and the security risks of SSDs.


  • Tom Olzak // August 19, 2008, 9:00 PM PST

    Not all data breaches are created equal

    Understanding the root cause of a breach is a better use of time and resources than chasing elusive causes, causes that arise because someone was quick to point a finger at security ignorance as the reason things fell apart.


  • Tom Olzak // August 17, 2008, 9:00 PM PST

    Three ways to prevent data leakage due to typo-squatting

    Typo-squatting is more than a way to make a buck. It also enables data leakage. Secretive attackers don't even put up a page corresponding with the squatted-domain. Only an MX record exists to forward e-mails to potentially malicious mail servers.


  • Tom Olzak // August 12, 2008, 9:00 PM PST

    Identity thefts continue as employees and employers play blame game

    Finger-pointing is a time-wasting blame game, usually accomplishing very little. It has similarities to Nero's fiddling while Rome burned. Focusing on the problem, however, adds real value.


  • Paul Mah // August 15, 2008, 12:08 AM PST

    Security news roundup: States urged to do more to tackle cybercrime

    This week's security events includes a Defcon talk by MIT students stopped by a court order, a critical vulnerability in the Joomla CMS, Microsoft's bumper Patch Tuesday in the month of August, and states urged to do more to tackle cybercrime.


  • Tom Olzak // August 10, 2008, 9:00 PM PST

    Four reasons to validate your backup processes

    When is the last time you asked WHY you perform backups? Those tapes sitting in off-site storage might just cause you and the other members of IS -- as well as Legal and Internal Audit -- more pain than you realize.