IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Tom Olzak // November 9, 2008, 8:00 PM PST

    Prevent your employees from "going rogue"

    There is often a personal crisis trigger that causes an already borderline employee to cross the border. Would intervention prevent information compromise or system loss? Can an employee be helped in a way which prevents an incident?


  • Paul Mah // November 9, 2008, 3:59 PM PST

    Security News Roundup: Security researchers to demonstrate WPA packet injection

    This week's security events include news that there will be just two updates for Microsoft's Patch Tuesday this month, the appearance of an exploit for Adobe Reader spotted in- the-wild, Adobe releasing an update to resolve a ColdFusion vulnerability, and news that security researchers will demonstrate WPA packet injection for the first time.


  • Chad Perrin // November 6, 2008, 2:09 AM PST

    Security, complexity, and the GUI environment

    As our computing environments grow more sophisticated, security suffers. It may be time to simplify, starting with the GUI environment.


  • Tom Olzak // November 4, 2008, 8:00 PM PST

    Keys successfully reproduced using digital images

    How secure are key locks? Is a single locked door considered reasonable and appropriate security? Based on current research, the answer to the first question is increasingly negative. The answer to the second has always been in question.


  • Chad Perrin // November 4, 2008, 4:18 AM PST

    10 security tips for Microsoft Windows XP

    When installing and using MS Windows XP, there are some security practices you should keep in mind.


  • Paul Mah // November 2, 2008, 8:04 PM PST

    Security News Roundup: Digital Dark Age may doom some data

    This week's security events include news of yet another new version of Opera to resolve discovered critical vulnerabilities in the Web browser, VMware releasing a patch for ESX Server, news of SonicWall fixing vulnerabilities in its router operating system, and a warning that a looming "Digital Dark Age" may doom some data.


  • Tom Olzak // November 2, 2008, 8:00 PM PST

    Government data losses: Distributed databases are not the answer

    As elected officials and non-elected government employees struggle with how to arise above bureaucratic, information security ineffectiveness, they continue to plan for and establish large, centralized databases containing our information. Is spreading the data across disparate repositories the answer?


  • Paul Mah // October 29, 2008, 2:16 PM PST

    Security News Roundup: Programming tools for cracking Mifare published

    This week's security events include news of the release of OpenOffice 2.4.2 to address critical vulnerabilities in its 2.4.x branch, a finding that corporate security policies are ineffective, exploits for a just-patched Microsoft vulnerability already out in the wild, and release of programming tools for cracking Mifare Classic.


  • Tom Olzak // October 28, 2008, 9:00 PM PST

    Use application firewalls to secure browser-based solutions

    The application firewall is not a replacement for other layers in the controls framework. It supplements them. So what is it and why do you need it? How do you make a business case for another security control?


  • Chad Perrin // October 28, 2008, 4:10 AM PST

    MS Windows 7 pre-beta gets a security patch 13 days early

    Is the release of a security update for MS Windows 7 two weeks before it's available to the public a sign of security troubles to come, or is it a sign that Microsoft is finally paying real attention to security?


  • Tom Olzak // October 24, 2008, 9:12 PM PST

    Social engineering or Microsoft marketing research?

    I don't expect my largest operating system and general information processing product vendor to call asking the same questions I'd expect during a social engineering phone call, even if ostensibly conducting a phone survey. But thats exactly what happened recently.


  • Paul Mah // October 23, 2008, 4:59 PM PST

    Security News Roundup: Researchers successfully eavesdrop on wired keyboards

    This week's security events include news of an out-of-band update by Microsoft for a new critical flaw in Windows, experts predicting that the botnet scourge will reach mobile devices as early as next year, a serious vulnerability in the RealVNC client, and how researchers successfully eavesdropped on wired keyboards.


  • Chad Perrin // October 23, 2008, 6:49 AM PST

    Wim van Eck's legacy

    In 1985, Dutch computer researcher Wim van Eck authored a paper on EMR eavesdropping effective against CRT monitors. What are the implications for computer security?


  • Tom Olzak // October 22, 2008, 7:56 AM PST

    Four ways to measure data exploitability

    Understanding how exploitable your data is and how easy it is to get to for nefarious purposes, is an important part of assessing risk due to unpatched vulnerabilities.


  • Chad Perrin // October 21, 2008, 11:35 AM PST

    5 characteristics of security policy I can trust

    Obviously, you should consider security when selecting software. Part of that security depends on the security policies of both the developers of the software and the distributors.