Perspectives provides out-of-band verification for SSH
There is more to Perspectives than the Firefox extension for TLS/SSL validation.
Is Firefox + Perspectives the most secure browser for TLS/SSL encryption?
Perspectives is a TLS/SSL encryption certificate validation tool that works even for self-signed certificates.
Tags: Authentication and encryption, Security applications/tools, Security Management
IT security: Maxims for the ages
Roger G. Johnston of the Argonne National Laboratory's Nuclear Engineering Division attempts to enlighten the rest of the world about managing security.
Tags: Data security, Network security, Security Management
Hire security pros based on reasoning and aptitude
In-house education--not resume bullet points--is the key to having the best possible employees.
Tags: Security Management, HR policies and procedures, Recruiting
The Bobby Tables guide to SQL injection
Avoiding SQL injection vulnerabilities is much easier than you might think. XKCD inspired a simple tutorial.
Tags: Network security, Security Management, Security implementation/standards
Is paranoid cookie management for you?
How much paranoia you employ in Web cookie management determines how much work you must put in, and which strategies you'll use.
Tags: Web sites, Web browsers, Security Management
Flash cookies: What's new with online privacy
If you thought refusing HTTP cookies prevented tracking, think again. Web site developers have found a way.
Tags: Web sites, Privacy, Cookie
IT security policies: Why they don't always work
IT security policies never pleases everyone, and can be nebulous and difficult to get right. Learn from one company's experience of getting its plan to work.
Tags: Security Management, Security implementation/standards, Data security
Unmask your passwords with this JavaScript trick
If you think you mistyped a password into a password field in your browser, a simple JavaScript trick can help you find out by unmasking the password.
Tags: Security, Web Browser, Jakob Nielsen
Use RFC 2606 example domains for example e-mail
Example e-mail domains were created specifically for use in examples, so that people with real e-mail accounts that happen to coincide with your examples don't suffer the fallout of an unfortunate choice of example.
Tags: Security implementation/standards, Security Management, E-mail Address
Why automatic updates may be the next big threat
Michael Kassner discusses a potential problem--an attacker hijacking automatic updates and downloading malware onto users' computers.
Tags: Network security, Security Management, Malware
IPv6: Oops, it's on by default
Do you know whether your computers are actively using IPv6 or not? Better check, as the bad guys probably already know.
Tags: IPv6, Security Management, Data security
Understanding risk, threat and vulnerability
IT security, like any other technical field, has its own specialized language developed to make it easier for experts to discuss the subject. It pays to understand this jargon when researching security.
Tags: Security Management, Network security, Data security
Basics of secure admin privilege use with Unix
Sometimes, it's worthwhile to get back to basics. Read about the basics of secure administrative privilege use on Unix-like systems.
Tags: UNIX, Security Management, Security applications/tools
Why masking passwords isn't a good idea
A respected individual argued that password masking isn't worth the effort, even detrimental. Michael Kassner digs deeper to see if that's really the case.
Tags: Authentication and encryption, Security applications/tools, Security Management
Six principles of practical ciphers
Core ideas of a set of principles familiar to cryptographers and other security experts as Kerckhoffs' Principle, are still relevant today--more than 125 years after they were articulated.
Tags: Authentication and encryption, Security Management, Security implementation/standards
Intellectual property: Do you have a leak?
Is your organization's intellectual property floating around the Internet? Not sure? Here are some ways to check.
Tags: Security, Operations, Twitter
Microsoft may be Firefox's worst vulnerability
In a surprise move, Microsoft decided to install what could amount to a massive security vulnerability in Firefox without user knowledge. Find out the company's stance, and how you can undo the damage.
Tags: Security Management, Network security, Microsoft Windows
China chooses FreeBSD as basis for secure OS
What OS would one choose as a basis for fortified software platforms? China decided to go open source, and it may be pulling ahead of the West in information warfare preparedness.
Tags: Security Management, Security implementation/standards, Network security
Compromised at boot
It's not just theory any longer--your computer can be compromised at boot, at least for Microsoft Windows and certain Linux distributions.
Tags: Security Management, Network security, Data security
Self-destructing botnets
Self-destruct code is often written into bot malware. Up until recently that wasn't considered an issue. So, what changed and what does it mean to IT security personnel?
Tags: Operating systems, Network security, Security Management
