Follow this blog:: RSS; Email Alert

IT Security

Selena Frye

TechRepublic Staff

TechRepublic

Contact
Bio

Newest
Hottest

1

How closed policies hurt security development

Development policies designed to keep the competition out can actually prove counterproductive. Don't make the same mistake the US government made in the 1990s with information security technologies.

Posted by Chad Perrin | October 9, 2008, 11:26 AM PDT
0

Security training: Delivering the message

Tom Olzak finishes up a series on security awareness training for users. Once you understand awareness and training outcomes, proper delivery is key to reaching them.

Posted by Tom Olzak | October 8, 2008, 4:00 AM PDT
212

What to do about RFID chips in your wallet

Have you wondered about the security implications of RFID chips in your driver's license, credit cards, and passport? The growing prevalence of RFID transponders in these items, and others, can...

Posted by Chad Perrin | October 7, 2008, 11:19 AM PDT | Latest comment by LedLincoln
0

Selecting employee security training topics and delivery methods

After an organization's workforce is familiar with why information security is important as well as management's commitment to security, actual training can begin. In this post we examine the...

Posted by Tom Olzak | October 6, 2008, 4:00 AM PDT

2

Security news roundup: Newly discovered bugs has potential to crash Internet systems

This week's security events include news of WinZip opening a security hole in Windows 2000 systems, hackers leveraging Google Trends to more efficiently socially engineer users, a new bill...

Posted by Paul Mah | October 3, 2008, 11:59 PM PDT | Latest comment by Jaqui
19

Choose the right licensing model for security software

There are three general licensing models available for security software. There's a case to be made for one of them being more suitable than the others, and it may not be what you think.

Posted by Chad Perrin | October 2, 2008, 11:37 PM PDT | Latest comment by apotheon
0

Security begins with employee understanding and acceptance

Security awareness and training are typically covered under the single heading of Information Security Awareness Training. This high-level approach is appropriate for many organizations,...

Posted by Tom Olzak | October 1, 2008, 4:00 AM PDT
72

Do you still need to run scheduled virus scans on machines protected by antivirus packages?

A fellow IT pro said that you should never need to run a virus scan on a PC because most antivirus packages scan the system in real time anyway. Blogger Brad Bird responds to this assumption.

Posted by Brad Bird | September 29, 2008, 1:38 PM PDT | Latest comment by JCitizen
0

Security news roundup: Researchers warn of new clickjacking attack

This week's security events include news of Apple patching its Java vulnerabilities, the United States and China topping a cybercrime list compiled by SecureWorks, a new class of browser attacks...

Posted by Paul Mah | September 29, 2008, 6:54 AM PDT
0

Security awareness training success depends on effective planning

Once you obtain management approval for an Information Security Awareness Training Program (ISATP), the next step is identifying appropriate content and the target audience. This planning phase...

Posted by Tom Olzak | September 29, 2008, 4:00 AM PDT
56

Is suggesting improved security the same as blaming the victim?

Sometimes, discussing how security can be improved is interpreted as blaming the victim. This may be one of the worst obstacles in the way of good security practice advocacy.

Posted by Chad Perrin | September 25, 2008, 3:08 PM PDT | Latest comment by apotheon
6

Raise user security awareness with a free training kit

Information Security Awareness Training Programs are an important but often overlooked element of an organization's security program. This series of articles provides a process for obtaining...

Posted by Tom Olzak | September 24, 2008, 4:00 AM PDT | Latest comment by lempey@...
242

The so-called group called Anonymous

What is the "anonymous" network? How do they operate, and what do they want?

Posted by Chad Perrin | September 23, 2008, 10:58 AM PDT | Latest comment by apotheon
0

Manage social networks with policy and balance

Management shouldn't simply ignore social networks because they might introduce some business risk. Rather, they should engage the right people to design an innovative solution, which provides...

Posted by Tom Olzak | September 22, 2008, 4:00 AM PDT
2

Security news roundup: Malware writers abuse celebrity names to lure users

This week's security events include news of the latest iPhone update, a serious vulnerability found in phpMyAdmin, and how malware writers are abusing celebrity names to lure users into...

Posted by Paul Mah | September 21, 2008, 11:59 PM PDT | Latest comment by NickNielsen
51

E-mail security advice for politicians

How much attention would you give e-mail security if you were running for office? One would hope that the people who run for public office in this country with promises of increased domestic...

Posted by Chad Perrin | September 18, 2008, 12:49 PM PDT | Latest comment by mitrix.net@...
8

Are social networking solutions safe for work?

There are benefits as well as risks to using business-controlled social networking solutions. Whether the benefits outweigh the risks is a question each management team must answer, given its...

Posted by Tom Olzak | September 17, 2008, 4:00 AM PDT | Latest comment by markidgconnect
3

Prioritize security concerns with a simple risk assessment

Even a simplified risk assessment process can protect your organization from disaster. Find out why risk assessments are important, and how to perform a simple risk assessment yourself.

Posted by Chad Perrin | September 16, 2008, 2:37 PM PDT | Latest comment by seanferd
1

Use cause and effect diagrams to stop recurring service delivery interruptions

The only way to prevent recurrence of unwanted events is to eliminate the underlying causes. Treating symptoms is usually easier. But treating the sickness when the cause is a compromised immune...

Posted by Tom Olzak | September 15, 2008, 4:00 AM PDT
15

Can you mitigate risk by replacing sensitive resources?

Risk assessment is about more than determining where you get your best security ROI. Sometimes, you need to examine the effects your resources have on your risk profile -- and get rid of them.

Posted by Chad Perrin | September 11, 2008, 12:38 PM PDT | Latest comment by apotheon

Page 41 of 56

2

List open ports and listening services

You should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Different systems will have different services running by default,...

Posted by Chad Perrin | April 15, 2008, 8:47 PM PDT | Latest comment by jackhard
151

Hackers: From innocent curiosity to illegal activity

Researchers asked why talented youth skilled in "computerese" evolve into criminal hackers. Michael P. Kassner explains their unexpected results.

Posted by Michael Kassner | May 6, 2013, 7:59 AM PDT | Latest comment by mattohare@...
36

Cloud-service contracts and data protection: Unintended consequences

There are things your cloud-service (Facebook, Amazon, Google, Dropbox, etc.) contracts aren't telling you. Michael P. Kassner interviews an attorney concerned about what's not being said.

Posted by Michael Kassner | May 13, 2013, 11:52 AM PDT | Latest comment by Michael Kassner
36

Battling the Google Redirect virus

Consultant Bob Eisenhardt recounts his frustrating experience trying to track down and get rid of a client's search-redirect virus. Here's how he finally ditched it.

Posted by Bob Eisenhardt | January 2, 2013, 10:56 AM PST | Latest comment by Jane3344

103

DropSmack: Using Dropbox to steal files and deliver malware

Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks -- something the bad guys probably figured out as well.

Posted by Michael Kassner | April 15, 2013, 7:46 AM PDT | Latest comment by Michael Kassner
15

BoxCryptor vs. DropSmack: The battle to secure Dropbox

Can DropSmack malware be stopped? Michael P. Kassner asks the creators of BoxCryptor if it is up to the task of securing the Dropbox file-synchronization service.

Posted by Michael Kassner | April 29, 2013, 10:30 AM PDT | Latest comment by Michael Kassner
63

How to spoof a MAC address

MAC address filtering for wireless networking isn't real "security". Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective...

Posted by Chad Perrin | January 22, 2008, 1:28 PM PST | Latest comment by Doug Vitale
8

Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works

Strongbox was Aaron Swartz's final project. Michael P. Kassner explains why The New Yorker requested a way to keep sources and their information secret.

Posted by Michael Kassner | May 20, 2013, 7:17 AM PDT | Latest comment by tylerpitchford
10

The basics of using a proxy server for privacy and security

Patrick Lambert goes over the basics of how proxy servers work and why they are used to add security and privacy.

Posted by Patrick Lambert | December 5, 2012, 6:30 AM PST | Latest comment by Tony Hopkinson
0

DDoS attack methods and how to prevent or mitigate them

Patrick Lambert covers the various methods attackers use to launch distributed denial of service attacks, and the precautions you can take to prevent or at least, mitigate these types of events.

Posted by Patrick Lambert | October 15, 2012, 11:24 AM PDT
67

Use PuTTY as a secure proxy on Windows

Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY -- probably the single...

Posted by Chad Perrin | March 10, 2008, 4:30 PM PDT | Latest comment by abaabaa
0

Security lessons from the 2013 Verizon Data Breach Report

Verizon's latest report on data breach statistics offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.

Posted by Alfonso Barreiro | May 15, 2013, 6:00 AM PDT
64

Dropbox: Convenient? Absolutely, but is it secure?

A potential security lapse and possibly misleading statements are plaguing Dropbox, a hugely popular file-syncing app. What are the issues and is concern justified?

Posted by Michael Kassner | June 13, 2011, 8:03 AM PDT | Latest comment by kprivigyi@...
21

Software-Defined Networking: How it affects network security

SDN technology is set to rewrite the book of networking. Michael P. Kassner looks into how SDN will improve security, and where it's vulnerable.

Posted by Michael Kassner | April 8, 2013, 7:13 AM PDT | Latest comment by Michael Kassner
5

The future of IT security compliance: 201 CMR 17.00

Why should you be concerned about a security rule that is part of the State law of Massachusetts -- especially if you aren't in business there? Donovan Colbert explains how compliance regulations...

Posted by Donovan Colbert | April 30, 2013, 6:00 AM PDT | Latest comment by dcolbert@...
9

New McAfee patent hints at a more walled-off online world

A McAfee patent hints at content filtering at the user level in order to block sites that offer pirated content.

Posted by Patrick Lambert | May 3, 2013, 9:00 AM PDT | Latest comment by public_domain
36

Understanding what motivates Chinese hackers

Michael P. Kassner, with the help of a noted academic and author, looks at what motivates Chinese hackers. It may not be what you think.

Posted by Michael Kassner | April 22, 2013, 10:16 AM PDT | Latest comment by HAL 9000
101

Hacker vs. cracker

The word "hacker" gets used in a pejorative sense by journalists an awful lot. Some people think this is perfectly reasonable; others find it offensive, and recommend an alternative term for that...

Posted by Chad Perrin | April 17, 2009, 1:20 PM PDT | Latest comment by wizard57m-cnet
74

10 services to turn off in MS Windows XP

As I pointed out on 19 October, in point number four of the article 10 security tips for all general-purposes OSes, an important step in the process of securing your system is to shut down...

Posted by Chad Perrin | November 7, 2007, 10:02 AM PST | Latest comment by JonB2008
11

The CIA Triad

The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security. Read on for an introduction to the...

Posted by Chad Perrin | June 30, 2008, 3:13 PM PDT | Latest comment by white house