IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // November 6, 2008, 2:09 AM PST

    Security, complexity, and the GUI environment

    As our computing environments grow more sophisticated, security suffers. It may be time to simplify, starting with the GUI environment.


  • Tom Olzak // November 4, 2008, 8:00 PM PST

    Keys successfully reproduced using digital images

    How secure are key locks? Is a single locked door considered reasonable and appropriate security? Based on current research, the answer to the first question is increasingly negative. The answer to the second has always been in question.


  • Paul Mah // November 2, 2008, 8:04 PM PST

    Security News Roundup: Digital Dark Age may doom some data

    This week's security events include news of yet another new version of Opera to resolve discovered critical vulnerabilities in the Web browser, VMware releasing a patch for ESX Server, news of SonicWall fixing vulnerabilities in its router operating system, and a warning that a looming "Digital Dark Age" may doom some data.


  • Tom Olzak // November 2, 2008, 8:00 PM PST

    Government data losses: Distributed databases are not the answer

    As elected officials and non-elected government employees struggle with how to arise above bureaucratic, information security ineffectiveness, they continue to plan for and establish large, centralized databases containing our information. Is spreading the data across disparate repositories the answer?


  • Paul Mah // October 29, 2008, 2:16 PM PST

    Security News Roundup: Programming tools for cracking Mifare published

    This week's security events include news of the release of OpenOffice 2.4.2 to address critical vulnerabilities in its 2.4.x branch, a finding that corporate security policies are ineffective, exploits for a just-patched Microsoft vulnerability already out in the wild, and release of programming tools for cracking Mifare Classic.


  • Tom Olzak // October 28, 2008, 9:00 PM PST

    Use application firewalls to secure browser-based solutions

    The application firewall is not a replacement for other layers in the controls framework. It supplements them. So what is it and why do you need it? How do you make a business case for another security control?


  • Chad Perrin // October 28, 2008, 4:10 AM PST

    MS Windows 7 pre-beta gets a security patch 13 days early

    Is the release of a security update for MS Windows 7 two weeks before it's available to the public a sign of security troubles to come, or is it a sign that Microsoft is finally paying real attention to security?


  • Tom Olzak // October 24, 2008, 9:12 PM PST

    Social engineering or Microsoft marketing research?

    I don't expect my largest operating system and general information processing product vendor to call asking the same questions I'd expect during a social engineering phone call, even if ostensibly conducting a phone survey. But thats exactly what happened recently.


  • Paul Mah // October 23, 2008, 4:59 PM PST

    Security News Roundup: Researchers successfully eavesdrop on wired keyboards

    This week's security events include news of an out-of-band update by Microsoft for a new critical flaw in Windows, experts predicting that the botnet scourge will reach mobile devices as early as next year, a serious vulnerability in the RealVNC client, and how researchers successfully eavesdropped on wired keyboards.


  • Chad Perrin // October 23, 2008, 6:49 AM PST

    Wim van Eck's legacy

    In 1985, Dutch computer researcher Wim van Eck authored a paper on EMR eavesdropping effective against CRT monitors. What are the implications for computer security?


  • Tom Olzak // October 22, 2008, 7:56 AM PST

    Four ways to measure data exploitability

    Understanding how exploitable your data is and how easy it is to get to for nefarious purposes, is an important part of assessing risk due to unpatched vulnerabilities.


  • Chad Perrin // October 21, 2008, 11:35 AM PST

    5 characteristics of security policy I can trust

    Obviously, you should consider security when selecting software. Part of that security depends on the security policies of both the developers of the software and the distributors.


  • Tom Olzak // October 19, 2008, 9:00 PM PST

    Video surveillance: Four ways to protect privacy and achieve business outcomes

    Video surveillance is easy to deploy. An increasing number of employers are exploring implementation of inexpensive video systems to protect employees and the business. Before writing the check, however, there are several regulatory and employee relation safeguards to consider.


  • Chad Perrin // October 16, 2008, 1:15 PM PST

    12 security suites tested and 12 security suites fail

    Chad Perrin warns users and admins against the lure of one-size-fits-all security suites and offers advice on building an effective defense of your network.


  • Paul Mah // October 15, 2008, 4:59 PM PST

    Security News Roundup: Start-up launches virtual firewall

    This week's security events include news of Symantec acquiring MessageLabs, a bumper edition of patches from Microsoft on Patch Tuesday, critical flaws found in ARCserve Backup, and a start-up launching a new virtual firewall.