Follow this blog:: RSS; Email Alert

IT Security

Selena Frye

TechRepublic Staff

TechRepublic

Contact
Bio

Newest
Hottest

16

How to test Firefox 23 change on unsecured content before it happens

Mozilla announced that the next version of its browser, Firefox 23, will automatically block unsecured content on encrypted web pages. You can check how that change will affect your own or other...

Posted by Patrick Lambert | April 16, 2013, 5:45 AM PDT | Latest comment by Deadly Ernest
105

DropSmack: Using Dropbox to steal files and deliver malware

Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks -- something the bad guys probably figured out as well.

Posted by Michael Kassner | April 15, 2013, 7:46 AM PDT | Latest comment by Michael Kassner
3

Securing Bitcoins: Barrage of attacks undermines value

Patrick Lambert looks into the tumultuous world of Bitcoins and recent threats to the virtual currency system.

Posted by Patrick Lambert | April 9, 2013, 6:00 AM PDT | Latest comment by frylock
21

Software-Defined Networking: How it affects network security

SDN technology is set to rewrite the book of networking. Michael P. Kassner looks into how SDN will improve security, and where it's vulnerable.

Posted by Michael Kassner | April 8, 2013, 7:13 AM PDT | Latest comment by Michael Kassner

10

DDoS strike on Spamhaus highlights need to close DNS open resolvers

Patrick Lambert breaks down the Spamhaus DDoS attack and some of the controversies that have ensued. What isn't up for debate -- fixing the open resolver flaw on DNS servers.

Posted by Patrick Lambert | April 2, 2013, 5:30 AM PDT | Latest comment by JesusChristSuperStar
17

Security policies must address legal implications of BYOD

BYOD is controversial, particularly when it comes to security and privacy. Michael P. Kassner learns from an expert there is a legal can of worms as well.

Posted by Michael Kassner | April 1, 2013, 6:02 AM PDT | Latest comment by Jay_H
13

The security implications of 420,000 vulnerable hosts

Patrick Lambert presents a case of security findings that could get its researcher jail time. Is there such as thing as a "benevolent" botnet?

Posted by Patrick Lambert | March 26, 2013, 5:00 AM PDT | Latest comment by wdewey@...
297

Is uncovering digital vulnerabilities doing more harm than good?

A noted virtual-reality technologist and author views "security through obscurity" as the only true way security can exist. Michael P. Kassner looks at what this uniquely divergent viewpoint means.

Posted by Michael Kassner | March 25, 2013, 8:48 AM PDT | Latest comment by mla_ca520@...
5

Stolen credit reports: What you can do to protect yourself

Patrick Lambert follows up on the stolen celebrity credit reports. You don't have to be famous to be at risk. What can individuals and businesses do for protection?

Posted by Patrick Lambert | March 19, 2013, 5:30 AM PDT | Latest comment by JCitizen
67

Rootkit coders beware: Malwarebytes is in hot pursuit

Anti-malware heavy-hitter Malwarebytes is now laser-focused on eliminating rootkits. Michael P. Kassner asks the creators of MBAM how they approach this particular threat.

Posted by Michael Kassner | March 18, 2013, 7:12 AM PDT | Latest comment by Michael Kassner
0

Making online payments safe from fraud: Conversion rate vs. security

Patrick Lambert looks at the vulnerable area of online payment fraud. Is there a way to make payment forms both convenient and secure?

Posted by Patrick Lambert | March 15, 2013, 8:00 AM PDT
4

Ask potential cloud vendors these 10 security questions

Dominic Vogel offers his list of ten questions you should be asking cloud vendors about their security practices. Make sure you get the proof to back up their claims.

Posted by Dominic Vogel | March 12, 2013, 5:30 AM PDT | Latest comment by 120529-000107
45

CISPA pits privacy against security: A closer look at the issues

The United States Congress is once again considering a bill that could forever change how we as individuals use the internet. Michael P. Kassner looks at what those changes are.

Posted by Michael Kassner | March 11, 2013, 7:24 AM PDT | Latest comment by Michael Kassner
5

How passwords can wreck your two-factor authentication

Patrick Lambert shares a friend's experience with having his iCloud and Gmail accounts compromised. Make sure you know the gaps in two-factor authentication and app-specific passwords.

Posted by Patrick Lambert | March 7, 2013, 6:00 AM PST | Latest comment by leissoo
35

High-tech home security products: Who are they really helping?

Easy and convenient, wireless home security will keep your home safe. Michael P. Kassner looks at why bad guys might like them as well.

Posted by Michael Kassner | March 4, 2013, 7:43 AM PST | Latest comment by Michael Kassner
6

In the post-PC era, information security must adapt to new realities

Alfonso Barreiro identifies some fundamental changes that infosec personnel need to make to their approach in order to operate effectively in their organizations.

Posted by Alfonso Barreiro | March 4, 2013, 6:00 AM PST | Latest comment by Tony Hopkinson
5

How to check and configure your browser plugins

Patrick Lambert offers some basic tips on how to check web plugins in four major browsers.

Posted by Patrick Lambert | February 27, 2013, 1:00 PM PST | Latest comment by lehnerus2000
10

Redirection and decryption of mobile traffic: Is your browser a MitM?

By design, certain mobile web browsers send HTTPS-encrypted traffic to their home servers first. Michael Kassner finds out why, and what it means to each of us.

Posted by Michael Kassner | February 25, 2013, 7:21 AM PST | Latest comment by HAL 9000
1

What the Mandiant report reveals about the future of cyber espionage

Mandiant reported on an overwhelming campaign of organized hacking from China against US and other Western targets. Cyber espionage is ramping up and security pros must be aware of the risk.

Posted by Patrick Lambert | February 25, 2013, 6:00 AM PST
0

Insider threats: Implementing the right controls

Tom Olzak describes the signs that an employee might become an insider threat and recommends the various controls and monitoring that can be implemented to mitigate such threats.

Posted by Tom Olzak | February 22, 2013, 7:00 AM PST

Page 2 of 57

2

List open ports and listening services

You should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Different systems will have different services running by default,...

Posted by Chad Perrin | April 15, 2008, 8:47 PM PDT | Latest comment by jackhard
36

Battling the Google Redirect virus

Consultant Bob Eisenhardt recounts his frustrating experience trying to track down and get rid of a client's search-redirect virus. Here's how he finally ditched it.

Posted by Bob Eisenhardt | January 2, 2013, 10:56 AM PST | Latest comment by Jane3344
7

BGP and Internet security: Is it better to be lucky or good?

Does "it's not a problem until it actually happens" apply to Internet security? Michael P. Kassner interviews a networking expert who's wondering about the same thing.

Posted by Michael Kassner | June 10, 2013, 9:11 AM PDT | Latest comment by wdewey@...
105

DropSmack: Using Dropbox to steal files and deliver malware

Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks -- something the bad guys probably figured out as well.

Posted by Michael Kassner | April 15, 2013, 7:46 AM PDT | Latest comment by Michael Kassner

10

New Android malware should be wake-up call for security admins

Security firm Kaspersky reported on a new malware threat that it calls the most sophisticated it has seen in targeting Android phones.

Posted by Patrick Lambert | June 12, 2013, 10:29 AM PDT | Latest comment by Michael Kassner
27

The anatomy of a phishing operation

There are far better things than being phished, like writing about how not to get phished. Michael P. Kassner reviews a research paper that provides amazing insight into a successful phishing...

Posted by Michael Kassner | June 3, 2013, 7:04 AM PDT | Latest comment by JCitizen
8

Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works

Strongbox was Aaron Swartz's final project. Michael P. Kassner explains why The New Yorker requested a way to keep sources and their information secret.

Posted by Michael Kassner | May 20, 2013, 7:17 AM PDT | Latest comment by tylerpitchford
63

How to spoof a MAC address

MAC address filtering for wireless networking isn't real "security". Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective...

Posted by Chad Perrin | January 22, 2008, 1:28 PM PST | Latest comment by Doug Vitale
10

The basics of using a proxy server for privacy and security

Patrick Lambert goes over the basics of how proxy servers work and why they are used to add security and privacy.

Posted by Patrick Lambert | December 5, 2012, 6:30 AM PST | Latest comment by Tony Hopkinson
15

BoxCryptor vs. DropSmack: The battle to secure Dropbox

Can DropSmack malware be stopped? Michael P. Kassner asks the creators of BoxCryptor if it is up to the task of securing the Dropbox file-synchronization service.

Posted by Michael Kassner | April 29, 2013, 10:30 AM PDT | Latest comment by Michael Kassner
11

Virtualizing apps could be the bridge over the BYOD security gap

Allowing BYOD has unfavorable implications for both the company and employees. Michael P. Kassner explores what businesses are doing to mitigate the risk.

Posted by Michael Kassner | May 28, 2013, 6:33 AM PDT | Latest comment by Michael Kassner
6

How to successfully implement the principle of least privilege

Least privilege is a core security principle, but it's one that often meets with resistance by users. Here are tips for how to implement it and get the point across to others.

Posted by Dominic Vogel | May 29, 2013, 9:27 AM PDT | Latest comment by o_p_i
0

DARPA's Plan X and the future of the U.S. cyber defense infrastructure

Plan X sounds like a summer sci-fi movie, but it's actually one of DARPA's latest projects, aimed at improving the nation's defense of critical infrastructure targets.

Posted by Patrick Lambert | June 4, 2013, 5:30 AM PDT
36

Cloud-service contracts and data protection: Unintended consequences

There are things your cloud-service (Facebook, Amazon, Google, Dropbox, etc.) contracts aren't telling you. Michael P. Kassner interviews an attorney concerned about what's not being said.

Posted by Michael Kassner | May 13, 2013, 11:52 AM PDT | Latest comment by Michael Kassner
0

DDoS attack methods and how to prevent or mitigate them

Patrick Lambert covers the various methods attackers use to launch distributed denial of service attacks, and the precautions you can take to prevent or at least, mitigate these types of events.

Posted by Patrick Lambert | October 15, 2012, 11:24 AM PDT
297

Is uncovering digital vulnerabilities doing more harm than good?

A noted virtual-reality technologist and author views "security through obscurity" as the only true way security can exist. Michael P. Kassner looks at what this uniquely divergent viewpoint means.

Posted by Michael Kassner | March 25, 2013, 8:48 AM PDT | Latest comment by mla_ca520@...
64

Dropbox: Convenient? Absolutely, but is it secure?

A potential security lapse and possibly misleading statements are plaguing Dropbox, a hugely popular file-syncing app. What are the issues and is concern justified?

Posted by Michael Kassner | June 13, 2011, 8:03 AM PDT | Latest comment by kprivigyi@...
67

Use PuTTY as a secure proxy on Windows

Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY -- probably the single...

Posted by Chad Perrin | March 10, 2008, 4:30 PM PDT | Latest comment by abaabaa
89

The FBI locked your computer? Watch out for new spins on ransomware

The FBI locks your computer. Can they do that? Or is it fake? How does one know? Michael Kassner asks an expert for help with the latest forms of ransomware.

Posted by Michael Kassner | November 15, 2012, 7:18 AM PST | Latest comment by JCitizen
74

10 services to turn off in MS Windows XP

As I pointed out on 19 October, in point number four of the article 10 security tips for all general-purposes OSes, an important step in the process of securing your system is to shut down...

Posted by Chad Perrin | November 7, 2007, 10:02 AM PST | Latest comment by JonB2008