Home / Blogs
Follow this blog:
RSS
Email Alert

IT Security

Selena Frye

Selena Frye

TechRepublic Staff

Selena Frye

Selena Frye
Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and IT Security blogs.
  • 16

    10 common security mistakes that should never be made

    Read about ten very basic, easily avoided security mistakes that should never be made -- but are among the most common security mistakes people make.

    Posted by Chad Perrin | August 15, 2008, 10:50 AM PDT | Latest comment by wallionmick

  • 2

    Security news roundup: States urged to do more to tackle cybercrime

    This week's security events includes a Defcon talk by MIT students stopped by a court order, a critical vulnerability in the Joomla CMS, Microsoft's bumper Patch Tuesday in the month of August,...

    Posted by Paul Mah | August 15, 2008, 7:08 AM PDT | Latest comment by BALTHOR

  • 17

    Identity thefts continue as employees and employers play blame game

    Finger-pointing is a time-wasting blame game, usually accomplishing very little. It has similarities to Nero's fiddling while Rome burned. Focusing on the problem, however, adds real value.

    Posted by Tom Olzak | August 13, 2008, 4:00 AM PDT | Latest comment by iamthesrc@...

  • 4

    Keyczar: another open source security tool from Google

    Google has done it again: just over a month since the open source release of RatProxy comes a cryptographic toolkit called Keyczar.

    Posted by Chad Perrin | August 12, 2008, 1:22 PM PDT | Latest comment by boxfiddler

  • 1

    Defcon brings together security pros and hackers

    Check out what's going on at the 16th annual Defcon security conference in Las Vegas. It brings together mainstream security professionals and underground hackers for a unique perspective on security.

    Posted by Selena Frye | August 12, 2008, 11:55 AM PDT

  • 0

    Four reasons to validate your backup processes

    When is the last time you asked WHY you perform backups? Those tapes sitting in off-site storage might just cause you and the other members of IS -- as well as Legal and Internal Audit -- more...

    Posted by Tom Olzak | August 11, 2008, 4:00 AM PDT

  • 32

    Perfect vs. Good Enough

    When considering security in your organization, how do you reconcile the competition between the desire for perfection and the need for "good enough?"

    Posted by Chad Perrin | August 10, 2008, 11:24 AM PDT | Latest comment by apotheon

  • 15

    When it comes to security, what does it mean to be good enough?

    What are the security implications of "good enough?" Does it reflect a cynical belief that just the impression of good security is sufficient, or does it refer to the realistic balance that must...

    Posted by Chad Perrin | August 8, 2008, 10:41 AM PDT | Latest comment by Tony Hopkinson

  • 1

    Behavior-based AV solutions cannot stand alone

    Someday, behavior analysis might replace signature comparison in AV solutions. But I don't think so. Like all security controls, these two approaches to detecting malware are layered defenses,...

    Posted by Tom Olzak | August 6, 2008, 4:00 AM PDT | Latest comment by koen.bossaert@...

  • 18

    CNN Top 10 e-mail leading users to malware

    Attention news junkies: The Belgian MX virus and spam blog is reporting that today's CNN Top 10 e-mail links are sending unwitting users to sites hosting malware.

    Posted by Selena Frye | August 5, 2008, 8:10 AM PDT | Latest comment by seanferd

  • 2

    Five steps to protect mobile devices anywhere, anytime

    It should not take warnings about Chinese hackers to push users and organizations toward secure mobile computing. Cybercriminals come in all shapes, sizes, and from all ethnic backgrounds....

    Posted by Tom Olzak | August 4, 2008, 4:00 AM PDT | Latest comment by davidsont@...

  • 1

    Security news roundup: Apple's DNS patch flawed

    This week's security events includes news that the DNS patch released by Apple is flawed, a warning about the ease with which eavesdroppers can listen in to most wireless phone conversations,...

    Posted by Paul Mah | August 3, 2008, 11:59 PM PDT

  • 58

    How does bad password policy like this even happen?

    Just when you think you've seen the worst case of bad authentication policy you'll ever see, you'll stumble across something even more surprising and unfathomable.

    Posted by Chad Perrin | July 30, 2008, 9:23 PM PDT | Latest comment by seanferd

  • 0

    Write information owner responsibility into policy

    The information owner is a key player in protecting sensitive data and systems. His or her role must be clearly defined in policies. However, security personnel should review information owner...

    Posted by Tom Olzak | July 30, 2008, 4:00 AM PDT

  • 1

    Five ways to show business value of M-F authentication

    There's more to selecting an enterprise second-factor authentication method than meets the retina scanner. As with any IT project, each dollar spent must produce business value. With M-F...

    Posted by Tom Olzak | July 28, 2008, 4:00 AM PDT

  • 2

    Security news roundup: Tool lets you resolve location of rogue Wi-Fi users

    This week's security events includes news of a security update to the popular Thunderbird e-mail client, news of a buffer overflow in BEA WebLogic, exploits for DNS vulnerability released, and a...

    Posted by Paul Mah | July 27, 2008, 10:42 PM PDT | Latest comment by Michael Kassner

  • 19

    Use tcpdump for traffic analysis

    The tcpdump tool is powerful and flexible, but compared with graphical tools like Wireshark its effective use may appear to be a dark art. It really isn't that difficult to use once you pick up...

    Posted by Chad Perrin | July 25, 2008, 2:39 PM PDT | Latest comment by apotheon

  • 2

    The security control nobody used...

    Not every security control is successful, particularly those not transparent to business users. This is the story of a failed attempt to encrypt email and the lessons learned.

    Posted by Tom Olzak | July 23, 2008, 4:00 AM PDT | Latest comment by Jeff Dickey

  • 12

    Bignum arithmetic and premature optimization

    What does Knuth's statement, "premature optimization is the root of all evil," mean for security?

    Posted by Chad Perrin | July 22, 2008, 11:19 AM PDT | Latest comment by Sterling "chip" Camden

  • 0

    Compliance audits must go beyond only the technology

    Compliance audits driven simply on technology analysis can fall short of a quality compliance assessment. Here is a peek at a solution that focuses not only on the technology, but the people,...

    Posted by Rick Vanover | July 21, 2008, 7:25 AM PDT

  • 2

    List open ports and listening services

    You should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Different systems will have different services running by default,...

    Posted by Chad Perrin | April 15, 2008, 8:47 PM PDT | Latest comment by jackhard

  • 151

    Hackers: From innocent curiosity to illegal activity

    Researchers asked why talented youth skilled in "computerese" evolve into criminal hackers. Michael P. Kassner explains their unexpected results.

    Posted by Michael Kassner | May 6, 2013, 7:59 AM PDT | Latest comment by mattohare@...

  • 36

    Cloud-service contracts and data protection: Unintended consequences

    There are things your cloud-service (Facebook, Amazon, Google, Dropbox, etc.) contracts aren't telling you. Michael P. Kassner interviews an attorney concerned about what's not being said.

    Posted by Michael Kassner | May 13, 2013, 11:52 AM PDT | Latest comment by Michael Kassner

  • 36

    Battling the Google Redirect virus

    Consultant Bob Eisenhardt recounts his frustrating experience trying to track down and get rid of a client's search-redirect virus. Here's how he finally ditched it.

    Posted by Bob Eisenhardt | January 2, 2013, 10:56 AM PST | Latest comment by Jane3344

  • 103

    DropSmack: Using Dropbox to steal files and deliver malware

    Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks -- something the bad guys probably figured out as well.

    Posted by Michael Kassner | April 15, 2013, 7:46 AM PDT | Latest comment by Michael Kassner

  • 15

    BoxCryptor vs. DropSmack: The battle to secure Dropbox

    Can DropSmack malware be stopped? Michael P. Kassner asks the creators of BoxCryptor if it is up to the task of securing the Dropbox file-synchronization service.

    Posted by Michael Kassner | April 29, 2013, 10:30 AM PDT | Latest comment by Michael Kassner

  • 63

    How to spoof a MAC address

    MAC address filtering for wireless networking isn't real "security". Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective...

    Posted by Chad Perrin | January 22, 2008, 1:28 PM PST | Latest comment by Doug Vitale

  • 8

    Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works

    Strongbox was Aaron Swartz's final project. Michael P. Kassner explains why The New Yorker requested a way to keep sources and their information secret.

    Posted by Michael Kassner | May 20, 2013, 7:17 AM PDT | Latest comment by tylerpitchford

  • 10

    The basics of using a proxy server for privacy and security

    Patrick Lambert goes over the basics of how proxy servers work and why they are used to add security and privacy.

    Posted by Patrick Lambert | December 5, 2012, 6:30 AM PST | Latest comment by Tony Hopkinson

  • 0

    DDoS attack methods and how to prevent or mitigate them

    Patrick Lambert covers the various methods attackers use to launch distributed denial of service attacks, and the precautions you can take to prevent or at least, mitigate these types of events.

    Posted by Patrick Lambert | October 15, 2012, 11:24 AM PDT

  • 67

    Use PuTTY as a secure proxy on Windows

    Last month, I wrote about using OpenSSH as a secure Web proxy on UNIX and Linux systems. This time, I'll show you how to do the same thing on Microsoft Windows using PuTTY -- probably the single...

    Posted by Chad Perrin | March 10, 2008, 4:30 PM PDT | Latest comment by abaabaa

  • 0

    Security lessons from the 2013 Verizon Data Breach Report

    Verizon's latest report on data breach statistics offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.

    Posted by Alfonso Barreiro | May 15, 2013, 6:00 AM PDT

  • 64

    Dropbox: Convenient? Absolutely, but is it secure?

    A potential security lapse and possibly misleading statements are plaguing Dropbox, a hugely popular file-syncing app. What are the issues and is concern justified?

    Posted by Michael Kassner | June 13, 2011, 8:03 AM PDT | Latest comment by kprivigyi@...

  • 21

    Software-Defined Networking: How it affects network security

    SDN technology is set to rewrite the book of networking. Michael P. Kassner looks into how SDN will improve security, and where it's vulnerable.

    Posted by Michael Kassner | April 8, 2013, 7:13 AM PDT | Latest comment by Michael Kassner

  • 5

    The future of IT security compliance: 201 CMR 17.00

    Why should you be concerned about a security rule that is part of the State law of Massachusetts -- especially if you aren't in business there? Donovan Colbert explains how compliance regulations...

    Posted by Donovan Colbert | April 30, 2013, 6:00 AM PDT | Latest comment by dcolbert@...

  • 9

    New McAfee patent hints at a more walled-off online world

    A McAfee patent hints at content filtering at the user level in order to block sites that offer pirated content.

    Posted by Patrick Lambert | May 3, 2013, 9:00 AM PDT | Latest comment by public_domain

  • 36

    Understanding what motivates Chinese hackers

    Michael P. Kassner, with the help of a noted academic and author, looks at what motivates Chinese hackers. It may not be what you think.

    Posted by Michael Kassner | April 22, 2013, 10:16 AM PDT | Latest comment by HAL 9000

  • 101

    Hacker vs. cracker

    The word "hacker" gets used in a pejorative sense by journalists an awful lot. Some people think this is perfectly reasonable; others find it offensive, and recommend an alternative term for that...

    Posted by Chad Perrin | April 17, 2009, 1:20 PM PDT | Latest comment by wizard57m-cnet

  • 74

    10 services to turn off in MS Windows XP

    As I pointed out on 19 October, in point number four of the article 10 security tips for all general-purposes OSes, an important step in the process of securing your system is to shut down...

    Posted by Chad Perrin | November 7, 2007, 10:02 AM PST | Latest comment by JonB2008

  • 11

    The CIA Triad

    The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security. Read on for an introduction to the...

    Posted by Chad Perrin | June 30, 2008, 3:13 PM PDT | Latest comment by white house

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Questions

Ask a Question
View All

Hot Discussions

Start a Discussion