IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // November 27, 2008, 2:53 AM PST

    Use cryptographic hashes for validation

    You can use cryptographic hash functions to provide a little more security when exchanging files.


  • Tom Olzak // November 25, 2008, 8:00 PM PST

    Highly Predictive Blacklists: What, how, and caveats

    General blacklisting is not always efficient. To enable organizations to be more proactive, and minimize firewall processor allocation for blacklist filtering, SRI International and the SANS Institute have developed highly predictive blacklists (HPB), creating a blacklist unique to each participant.


  • Chad Perrin // November 25, 2008, 9:08 AM PST

    5 tips to improve physical access security

    One of the most overlooked facets of security is casual physical access. Don't let the need to use the restroom turn into a security breach.


  • Tom Olzak // November 23, 2008, 8:03 PM PST

    Shifting from compliance to security requires patience

    It is not just government managers who require behavior changes when it comes to securing sensitive assets. Managers in private industry often mistakenly see compliance as security. But changing this view takes patient persistence.


  • Paul Mah // November 22, 2008, 3:59 PM PST

    Security News Roundup: Yoggie opens up its miniature hardware firewall

    This week's security events include news that Sun has released a new patch for StarOffice 8, a malicious Web site link that can force iPhones to dial a number, news of a computer virus bringing the networks of three London hospitals to a standstill, and Yoggie opening up its miniature hardware firewall.


  • Chad Perrin // November 20, 2008, 1:28 PM PST

    The safest way to sanitize input: avoid having to do it at all

    Sanitizing user input is a critical part of secure software development, but software can be made more secure by avoiding having to sanitize input altogether.


  • Tom Olzak // November 18, 2008, 8:00 PM PST

    You don't have to wait to deploy DNSSEC

    A look at DNS security with a high-level examination of DNSSEC, why DNSSEC is still not globally deployed, and some things you can do to improve DNS transaction integrity until it is.


  • Chad Perrin // November 18, 2008, 5:29 AM PST

    No such thing as effective license enforcement

    License security is not the same as software security. In fact, sometimes they are at odds with one another.


  • Paul Mah // November 17, 2008, 1:55 AM PST

    Simple hardware approaches to secure laptops

    Users are increasingly buying laptops and netbooks, attracted by their portability and low prices. The inevitable result is more employees bringing personal laptops into the office, where they are used to access and store corporate data. Here are some ways to mitigate the risks of data breaches.


  • Tom Olzak // November 16, 2008, 8:00 PM PST

    DNS resource record integrity is still a big, big problem

    The need to secure DNS has never been greater. Attacks against DNS cache integrity, including entire zone references, are an easy way for criminals to redirect your unsuspecting users to malicious sites. Current controls are still lacking.


  • Chad Perrin // November 13, 2008, 2:33 AM PST

    Microsoft finally catches the eight year bug

    Microsoft released a patch this week for a critical vulnerability. The catch: this vulnerability has been known since 2000, and it's a bug in a service active on almost every MS Windows system in the world. How safe do you feel?


  • Tom Olzak // November 11, 2008, 8:00 PM PST

    How do new private browsing capabilities affect forensics?

    Chrome has it. IE8 and Firefox 3.1 have it. So what does it mean to forensics investigators? I'm talking about private browsing--the ability to visit sites, conduct research, or participate in illegal/unethical activities without leaving tell-tale signs behind.


  • Chad Perrin // November 11, 2008, 2:45 AM PST

    More email security tips

    Email security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of email security is ensuring you don't shoot yourself in the foot.


  • Tom Olzak // November 9, 2008, 8:00 PM PST

    Prevent your employees from "going rogue"

    There is often a personal crisis trigger that causes an already borderline employee to cross the border. Would intervention prevent information compromise or system loss? Can an employee be helped in a way which prevents an incident?


  • Paul Mah // November 9, 2008, 3:59 PM PST

    Security News Roundup: Security researchers to demonstrate WPA packet injection

    This week's security events include news that there will be just two updates for Microsoft's Patch Tuesday this month, the appearance of an exploit for Adobe Reader spotted in- the-wild, Adobe releasing an update to resolve a ColdFusion vulnerability, and news that security researchers will demonstrate WPA packet injection for the first time.