Follow this blog:: RSS; Email Alert

IT Security

Selena Frye

TechRepublic Staff

TechRepublic

Contact
Bio

Newest
Hottest

3

Unsecured connections: Checking the basics

The sheer number of connections we make every day using common programs and protocols multiplies the risk that basic security is overlooked.

Posted by Patrick Lambert | September 1, 2011, 12:00 PM PDT | Latest comment by seanferd
3

Protecting the blind side: Invest in security awareness to protect data

Dominic Vogel crafts an apt football analogy to underscore the importance of investing in security awareness training for employees. Not doing so could undo all of your high-dollar tech solutions.

Posted by Dominic Vogel | August 30, 2011, 6:40 AM PDT | Latest comment by birumut
3

Security Daily: A new way to aggregate InfoSec news

Security Daily uses unique Swiss technology to supply information security news. And it's based on tweets and hashtags.

Posted by Michael Kassner | August 30, 2011, 6:00 AM PDT | Latest comment by Michael Kassner
15

Balancing the needs for online advertising and privacy

Michael Kassner gets schooled on issues surrounding the advertising versus privacy debate. It's not as black and white as you might think.

Posted by Michael Kassner | August 29, 2011, 7:18 AM PDT | Latest comment by birumut

9

(Cyber) Rebels with a cause

Cyber civil disobedience is a concept that is increasingly in the news as high-profile protests and attacks proliferate. Deb Shinder looks at the new "hacktivism" and the line between crime and...

Posted by Deb Shinder | August 22, 2011, 11:42 AM PDT | Latest comment by seanferd
3

Back to basics: A four phase approach to patch management

Alfonso Barreiro addresses one of the most common risk mitigation tools in every organization -- patch management. He presents a four-phase approach that will help you create your own patch...

Posted by Alfonso Barreiro | August 22, 2011, 6:00 AM PDT | Latest comment by Charles Bundy
124

Android's permission system: Does it really work?

Under certain conditions, Android allows applications to sidestep permissions. The bad guys probably know which ones. Do you?

Posted by Michael Kassner | August 20, 2011, 1:43 PM PDT | Latest comment by ohhoes
11

Kaspersky disputes McAfee's Shady Rat report

Eugene Kaspersky's rebuttal of McAfee's Shady Rat report is stirring some controversy in the security industry. Read why he thinks the report is "alarmist" and spreading unfounded claims.

Posted by Selena Frye | August 18, 2011, 1:47 PM PDT | Latest comment by Charles Bundy
13

Six stages of malware response: Streamline your approach

Dominic Vogel is a rookie security guy making his way in a corporate setting. Here, he offers his streamlined approach to malware response, and the important things you can learn from this routine...

Posted by Dominic Vogel | August 17, 2011, 11:19 AM PDT | Latest comment by AnsuGisalas
51

LinkedIn: Surprise changes to defaults affect your privacy

Do you know what Social Advertising is? If you use LinkedIn, you may already be part of it. Michael Kassner sorts out LinkedIn's privacy policy and suggests settings you may want to change.

Posted by Michael Kassner | August 12, 2011, 10:30 AM PDT | Latest comment by Michael Kassner
42

The great debate on strong passwords: xkcd weighs in

The xkcd web comic offers a humorous snapshot of the value of security advice about password strength over the years. This might be a good one to pin up in your office.

Posted by Selena Frye | August 11, 2011, 1:01 PM PDT | Latest comment by wendygoerl@...
71

And now, an important message from Anonymous

Anonymous has declared war on Facebook with a video that threatens some kind of operation on November 5, 2011. Cyberthreat or PSA about guarding your privacy with more zeal?

Posted by Selena Frye | August 10, 2011, 7:14 AM PDT | Latest comment by HAL 9000
2

Deb does DEFCON: Hacking conference tackles cyberwar and civil liberties

There's a little more rebellion and fun among the free spirits at DEFCON after the more buttoned-down BlackHat, according to Deb Shinder. But the topics are serious business.

Posted by Deb Shinder | August 8, 2011, 1:06 PM PDT | Latest comment by hippiekarl
16

Crimeware subverts mobile OSs: Is Android next?

Believe two-factor authentication using SMS texts is secure? Think again. Michael Kassner reports that Zeus malware now has a smartphone partner called Zitmo.

Posted by Michael Kassner | August 8, 2011, 6:29 AM PDT | Latest comment by JCitizen
19

Black Hat demo shows vulnerability of insulin pumps to remote attack

Security analyst Jerome Radcliffe had good reason to research the vulnerability of insulin pumps and similar medical devices to remote attack -- he's a diabetic. What he found out is pretty scary.

Posted by Selena Frye | August 5, 2011, 11:14 AM PDT | Latest comment by thegeekdiddy
0

Wrapping up Black Hat 2011 with Robert Clark of the U.S. Cyber Command

Deb Shinder reports from Black Hat 2011. On day two, she attended a talk on cyberlaw issues given by Robert Clark of U.S. Army Cyber Command.

Posted by Deb Shinder | August 5, 2011, 9:12 AM PDT
0

Day two of Black Hat 2011: Peiter (Mudge) Zatko

Deb Shinder reports on Peiter Zatko's address from Black Hat 2011, where he talked about system complexity and increasing attack surfaces.

Posted by Deb Shinder | August 4, 2011, 2:25 PM PDT
8

Black Hat 2011 update: Macs in the crosshairs, Kaminsky on BitCoin

Deb Shinder reports on two of the sessions from Black Hat 2011 -- insecure default settings in Mac OS X and Dan Kaminsky on online payment systems, including BitCoin.

Posted by Deb Shinder | August 4, 2011, 8:05 AM PDT | Latest comment by HypnoToad72
11

Attention, world, you've been pwned! McAfee details global cyber-espionage campaign

McAfee reports that large-scale cyber warfare operations against the U.S. and other global targets have been well underway for five years in an extensive campaign dubbed "Operation Shady Rat."

Posted by Selena Frye | August 3, 2011, 1:11 PM PDT | Latest comment by mhenriday
1

Black Hat 2011 update: Keynote address complete with sirens

Deb Shinder kicks off the news from Black Hat 2011 with a report from the keynote address and a mysterious series of alarms at the conference center.

Posted by Deb Shinder | August 3, 2011, 12:36 PM PDT

Page 14 of 56

103

DropSmack: Using Dropbox to steal files and deliver malware

Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks -- something the bad guys probably figured out as well.

Posted by Michael Kassner | April 15, 2013, 7:46 AM PDT | Latest comment by Michael Kassner
2

List open ports and listening services

You should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Different systems will have different services running by default,...

Posted by Chad Perrin | April 15, 2008, 8:47 PM PDT | Latest comment by jackhard
151

Hackers: From innocent curiosity to illegal activity

Researchers asked why talented youth skilled in "computerese" evolve into criminal hackers. Michael P. Kassner explains their unexpected results.

Posted by Michael Kassner | May 6, 2013, 7:59 AM PDT | Latest comment by mattohare@...
36

Battling the Google Redirect virus

Consultant Bob Eisenhardt recounts his frustrating experience trying to track down and get rid of a client's search-redirect virus. Here's how he finally ditched it.

Posted by Bob Eisenhardt | January 2, 2013, 10:56 AM PST | Latest comment by Jane3344

36

Cloud-service contracts and data protection: Unintended consequences

There are things your cloud-service (Facebook, Amazon, Google, Dropbox, etc.) contracts aren't telling you. Michael P. Kassner interviews an attorney concerned about what's not being said.

Posted by Michael Kassner | May 13, 2013, 11:52 AM PDT | Latest comment by Michael Kassner
36

Understanding what motivates Chinese hackers

Michael P. Kassner, with the help of a noted academic and author, looks at what motivates Chinese hackers. It may not be what you think.

Posted by Michael Kassner | April 22, 2013, 10:16 AM PDT | Latest comment by HAL 9000
15

BoxCryptor vs. DropSmack: The battle to secure Dropbox

Can DropSmack malware be stopped? Michael P. Kassner asks the creators of BoxCryptor if it is up to the task of securing the Dropbox file-synchronization service.

Posted by Michael Kassner | April 29, 2013, 10:30 AM PDT | Latest comment by Michael Kassner
63

How to spoof a MAC address

MAC address filtering for wireless networking isn't real "security". Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective...

Posted by Chad Perrin | January 22, 2008, 1:28 PM PST | Latest comment by Doug Vitale
3

Running the gauntlet: Tips for achieving your CISSP

One of the most highly regarded security certifications is the CISSP. Dominic Vogel offers these nine tips for becoming certified based on his own experience.

Posted by Dominic Vogel | April 23, 2013, 5:30 AM PDT | Latest comment by JCitizen
10

The basics of using a proxy server for privacy and security

Patrick Lambert goes over the basics of how proxy servers work and why they are used to add security and privacy.

Posted by Patrick Lambert | December 5, 2012, 6:30 AM PST | Latest comment by Tony Hopkinson
0

DDoS attack methods and how to prevent or mitigate them

Patrick Lambert covers the various methods attackers use to launch distributed denial of service attacks, and the precautions you can take to prevent or at least, mitigate these types of events.

Posted by Patrick Lambert | October 15, 2012, 11:24 AM PDT
21

Software-Defined Networking: How it affects network security

SDN technology is set to rewrite the book of networking. Michael P. Kassner looks into how SDN will improve security, and where it's vulnerable.

Posted by Michael Kassner | April 8, 2013, 7:13 AM PDT | Latest comment by Michael Kassner
64

Dropbox: Convenient? Absolutely, but is it secure?

A potential security lapse and possibly misleading statements are plaguing Dropbox, a hugely popular file-syncing app. What are the issues and is concern justified?

Posted by Michael Kassner | June 13, 2011, 8:03 AM PDT | Latest comment by kprivigyi@...
67

Use PuTTY as a secure proxy on Windows

Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY -- probably the single...

Posted by Chad Perrin | March 10, 2008, 4:30 PM PDT | Latest comment by abaabaa
101

Hacker vs. cracker

The word "hacker" gets used in a pejorative sense by journalists an awful lot. Some people think this is perfectly reasonable; others find it offensive, and recommend an alternative term for that...

Posted by Chad Perrin | April 17, 2009, 1:20 PM PDT | Latest comment by wizard57m-cnet
5

The future of IT security compliance: 201 CMR 17.00

Why should you be concerned about a security rule that is part of the State law of Massachusetts -- especially if you aren't in business there? Donovan Colbert explains how compliance regulations...

Posted by Donovan Colbert | April 30, 2013, 6:00 AM PDT | Latest comment by dcolbert@...
74

10 services to turn off in MS Windows XP

As I pointed out on 19 October, in point number four of the article 10 security tips for all general-purposes OSes, an important step in the process of securing your system is to shut down...

Posted by Chad Perrin | November 7, 2007, 10:02 AM PST | Latest comment by JonB2008
9

New McAfee patent hints at a more walled-off online world

A McAfee patent hints at content filtering at the user level in order to block sites that offer pirated content.

Posted by Patrick Lambert | May 3, 2013, 9:00 AM PDT | Latest comment by public_domain
89

The FBI locked your computer? Watch out for new spins on ransomware

The FBI locks your computer. Can they do that? Or is it fake? How does one know? Michael Kassner asks an expert for help with the latest forms of ransomware.

Posted by Michael Kassner | November 15, 2012, 7:18 AM PST | Latest comment by JCitizen
11

The CIA Triad

The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security. Read on for an introduction to the...

Posted by Chad Perrin | June 30, 2008, 3:13 PM PDT | Latest comment by white house