IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Patrick Lambert // March 4, 2012, 10:00 PM PST

    WikiLeaks publishes millions of Stratfor emails accessed by Anonymous

    Patrick Lambert offers an overview of the latest Anonymous exploit -- publishing millions of emails it accessed from a company that has been called a "shadow CIA."


  • Chad Perrin // May 12, 2008, 2:39 AM PST

    Has security grown beyond DIY?

    On Friday, I discussed Joshua Corman's contention that "there is no perimeter," and my take on the phrase. That was only one of seven "dirty secrets" of the security industry he mentioned at Interop Las Vegas. Another is, he tells us, that security has grown beyond "do-it-yourself."


  • Chad Perrin // May 14, 2008, 6:03 AM PST

    The "insecure memory" FAQ

    The problem of "insecure memory" is little-known and pervasive. Read on to find out what "insecure memory" means, and how it affects you. I even intentionally changed settings on a (secured) machine to use "insecure" memory just to show you how such a message might look. See the sacrifices I make for my readers?


  • Chad Perrin // May 20, 2008, 4:49 AM PST

    Detect and replace vulnerable SSH keys on Debian

    As many of my readers no doubt already know, Debian GNU/Linux recently had some cryptographic vulnerability problems. By far, the most common effect of this on users of Debian will be the existence of weak cryptographic keys for OpenSSH. If you have SSH keys generated by OpenSSH on Debian or a Debian-derived system such as Ubuntu since the introduction of the Etch release, you are at risk, and should probably generate new SSH keys.


  • Chad Perrin // May 22, 2008, 8:42 AM PST

    Not Invented Here has no place in open source development

    Last week, many Debian users got something of a shock when they realized that encryption keys for OpenSSH, OpenSSL, and OpenVPN have all been vulnerable to relatively easy compromise for a while. Previously, I discussed how you can detect and replace vulnerable SSH keys on Debian, and Vincent Danen explained another means to find and fix crypto key vulnerabilities that arose as a result of this snafu. So much for the technical matters -- read on for a quick overview of the rest of the story.


  • Paul Mah // May 25, 2008, 2:34 PM PST

    Close to half of government laptops encrypted, 1.2 million more to go

    Over 800,000 licenses for encryption software have been purchased through the Data at Rest (DAR) Encryption program last year. The DAR program is run jointly by the General Services Administration and the Department of Defense.


  • Chad Perrin // May 26, 2008, 6:16 AM PST

    Making encryption popular

    We've already discussed the importance of being encrypted. Now it's time to discuss the very real problem of encryption system adoption. How do we get people to actually use encryption?


  • Chad Perrin // May 28, 2008, 3:50 AM PST

    Is PhoneFactor really better security?

    Chad Perrin explores the security solution, PhoneFactor, which favors a two-factor authentication process for accessing your online banking account. Is the extra inconvenience worth it for the security offered? How secure is a third-party solution from your bank?


  • Chad Perrin // May 29, 2008, 10:37 PM PST

    Security alarmism helps the bad guys win

    Chad Perrin examines what passes for security in the "post-9/11 world" and finds it lacking, particularly as it affects users and cybercrime. Instead of security awareness, he sees security alarmism on the rise, and along with it, the threat of innocent people being persecuted and actual criminals slipping through the cracks.


  • Chad Perrin // June 5, 2008, 5:52 AM PST

    Why you can't get management on board

    Chad Perrin breaks down the psychology of upper managers who are willing to take a gamble on security by refusing to allocate the funds needed to implement a strong security policy. What do you think of this reasoning? Is it irresponsibility or just human nature?


  • Chad Perrin // June 6, 2008, 4:19 AM PST

    How should we handle security notifications?

    A team of researchers at Carnegie-Mellon University studied the statistical relationship between rates of identity fraud and laws that require customers to be notified when there's been a security breach. As a security professional, this should raise a question in your mind: What should breach notification laws achieve?


  • Paul Mah // June 9, 2008, 4:59 PM PST

    Security news roundup: Nuclear power plant shutdown attributed to a single computer

    Here's a collection of recent security vulnerabilities, alerts, and news, covering a new version of VLC media player, an unpatched Sun Solaris network library vulnerability, an update from VMware, a free security configuration for VMware ESX, and news of a nuclear power plant shutdown attributed to a single computer.


  • Chad Perrin // June 10, 2008, 6:22 AM PST

    What do you do if management won't get on board?

    Sometimes, no matter how hard you try, you can't get management on board. When management refuses to see reason, and security is treated as the unwanted stepchild of business priorities, you can still do something: you can protect yourself.


  • Selena Frye // June 11, 2008, 2:45 AM PST

    New way to protect networks from worms, Kaspersky cracking down on 'blackmailer' virus

    New scientific research claims to have found a method for early detection of the most destructive Internet worms as Kaspersky Lab gets to work on the "blackmailer" virus.


  • Mike Mullins // June 17, 2008, 12:24 AM PST

    Craft your own Internet usage policy with this sample

    Mike Mullins provides a general guideline for Internet and intranet usage in your organization and encourages you to educate users by distributing a formal Internet usage policy.