IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // July 17, 2008, 3:28 AM PST

    Five good security reads

    Check out a list of five security related books Chad Perrin has read in the past year that he thinks you should read, too.


  • Chad Perrin // July 19, 2008, 10:13 AM PST

    Who is really to blame for the San Fran network lockout?

    A strange sort of techno-drama is playing out in the city of San Francisco, California right now. The blame for the fiasco may not be as easily assigned as it first appeared.


  • Tom Olzak // July 20, 2008, 9:00 PM PST

    Strong password management for the mobile user

    Truly strong passwords are necessary to protect our information, but they can be a pain to generate, manage, and access globally. There are free online tools that can help meet these challenges.


  • Paul Mah // July 20, 2008, 4:59 PM PST

    Security news roundup: Free software to trace stolen laptops

    This week's security events includes news of a free laptop tracking system, patches released to fix two critical holes in Firefox, a critical vulnerability of the BlackBerry Enterprise Server, and the release of Adobe Acrobat 9.


  • Rick Vanover // July 21, 2008, 12:25 AM PST

    Compliance audits must go beyond only the technology

    Compliance audits driven simply on technology analysis can fall short of a quality compliance assessment. Here is a peek at a solution that focuses not only on the technology, but the people, processes, and facilities involved.


  • Chad Perrin // July 22, 2008, 4:19 AM PST

    Bignum arithmetic and premature optimization

    What does Knuth's statement, "premature optimization is the root of all evil," mean for security?


  • Tom Olzak // July 22, 2008, 9:00 PM PST

    The security control nobody used...

    Not every security control is successful, particularly those not transparent to business users. This is the story of a failed attempt to encrypt email and the lessons learned.


  • Chad Perrin // July 25, 2008, 7:39 AM PST

    Use tcpdump for traffic analysis

    The tcpdump tool is powerful and flexible, but compared with graphical tools like Wireshark its effective use may appear to be a dark art. It really isn't that difficult to use once you pick up the basics, though.


  • Tom Olzak // July 27, 2008, 9:00 PM PST

    Five ways to show business value of M-F authentication

    There's more to selecting an enterprise second-factor authentication method than meets the retina scanner. As with any IT project, each dollar spent must produce business value. With M-F authentication, this translates to value beyond simply verifying an employee's identity.


  • Paul Mah // July 27, 2008, 3:42 PM PST

    Security news roundup: Tool lets you resolve location of rogue Wi-Fi users

    This week's security events includes news of a security update to the popular Thunderbird e-mail client, news of a buffer overflow in BEA WebLogic, exploits for DNS vulnerability released, and a tool that allows you to resolve the actual physical location of rogue Wi-Fi users.


  • Tom Olzak // July 29, 2008, 9:00 PM PST

    Write information owner responsibility into policy

    The information owner is a key player in protecting sensitive data and systems. His or her role must be clearly defined in policies. However, security personnel should review information owner decisions to ensure regulatory and policy compliance.


  • Chad Perrin // July 30, 2008, 2:23 PM PST

    How does bad password policy like this even happen?

    Just when you think you've seen the worst case of bad authentication policy you'll ever see, you'll stumble across something even more surprising and unfathomable.


  • Tom Olzak // August 3, 2008, 9:00 PM PST

    Five steps to protect mobile devices anywhere, anytime

    It should not take warnings about Chinese hackers to push users and organizations toward secure mobile computing. Cybercriminals come in all shapes, sizes, and from all ethnic backgrounds. Securing systems is simply the right thing to do.


  • Paul Mah // August 3, 2008, 4:59 PM PST

    Security news roundup: Apple's DNS patch flawed

    This week's security events includes news that the DNS patch released by Apple is flawed, a warning about the ease with which eavesdroppers can listen in to most wireless phone conversations, critical holes discovered in K9 Web Protection, and a DOS vulnerability in F-PROT's virus scanner.


  • Tom Olzak // August 5, 2008, 9:00 PM PST

    Behavior-based AV solutions cannot stand alone

    Someday, behavior analysis might replace signature comparison in AV solutions. But I don't think so. Like all security controls, these two approaches to detecting malware are layered defenses, supporting each other, identifying threats the other misses.