TLS/SSL Certifying Authority system a scam?
The traditional Public Key Infrastructure implementation of TLS/SSL is a confidence game. Chad Perrin explains more in this article.
Use SCP for quick, secure file transfers
When you need to securely transfer a single file, SCP may be the ideal tool.
Tags: Data security, Security applications/tools, Security Management
What Windows 7 means to security admins
Windows expert Greg Shultz reviews the most significant differences in Windows 7 that will affect the role of security administrators, including changes to UAC, the new AppLocker, and BitLocker To Go.
Tags: Data security, Security applications/tools, Security Management
Never use dynamic variable names
How to dynamically name variables is a common subject of programming questions. That's a great way to create security problems, though.
Tags: Data security, Security applications/tools, Security Management
Perspectives provides out-of-band verification for SSH
There is more to Perspectives than the Firefox extension for TLS/SSL validation.
Tags: Data security, Security applications/tools, Security Management
Is Firefox + Perspectives the most secure browser for TLS/SSL encryption?
Perspectives is a TLS/SSL encryption certificate validation tool that works even for self-signed certificates.
Tags: Data security, Security applications/tools, Security Management
IT security: Maxims for the ages
Roger G. Johnston of the Argonne National Laboratory's Nuclear Engineering Division attempts to enlighten the rest of the world about managing security.
Tags: Data security, Security applications/tools, Security Management
Hire security pros based on reasoning and aptitude
In-house education--not resume bullet points--is the key to having the best possible employees.
Tags: Data security, Security applications/tools, Security Management
The Bobby Tables guide to SQL injection
Avoiding SQL injection vulnerabilities is much easier than you might think. XKCD inspired a simple tutorial.
Tags: Data security, Security applications/tools, Security Management
Is paranoid cookie management for you?
How much paranoia you employ in Web cookie management determines how much work you must put in, and which strategies you'll use.
Tags: Data security, Security applications/tools, Security Management
Flash cookies: What's new with online privacy
If you thought refusing HTTP cookies prevented tracking, think again. Web site developers have found a way.
Tags: Data security, Security applications/tools, Security Management
IT security policies: Why they don't always work
IT security policies never pleases everyone, and can be nebulous and difficult to get right. Learn from one company's experience of getting its plan to work.
Tags: Data security, Security applications/tools, Security Management
Unmask your passwords with this JavaScript trick
If you think you mistyped a password into a password field in your browser, a simple JavaScript trick can help you find out by unmasking the password.
Tags: Data security, Security applications/tools, Security Management
Use RFC 2606 example domains for example e-mail
Example e-mail domains were created specifically for use in examples, so that people with real e-mail accounts that happen to coincide with your examples don't suffer the fallout of an unfortunate choice of example.
Tags: Data security, Security applications/tools, Security Management
Why automatic updates may be the next big threat
Michael Kassner discusses a potential problem--an attacker hijacking automatic updates and downloading malware onto users' computers.
Tags: Data security, Security applications/tools, Security Management
IPv6: Oops, it's on by default
Do you know whether your computers are actively using IPv6 or not? Better check, as the bad guys probably already know.
Tags: Data security, Security applications/tools, Security Management
Understanding risk, threat and vulnerability
IT security, like any other technical field, has its own specialized language developed to make it easier for experts to discuss the subject. It pays to understand this jargon when researching security.
Tags: Data security, Security applications/tools, Security Management
Basics of secure admin privilege use with Unix
Sometimes, it's worthwhile to get back to basics. Read about the basics of secure administrative privilege use on Unix-like systems.
Tags: Data security, Security applications/tools, Security Management
Why masking passwords isn't a good idea
A respected individual argued that password masking isn't worth the effort, even detrimental. Michael Kassner digs deeper to see if that's really the case.
Tags: Data security, Security applications/tools, Security Management
Six principles of practical ciphers
Core ideas of a set of principles familiar to cryptographers and other security experts as Kerckhoffs' Principle, are still relevant today--more than 125 years after they were articulated.
Tags: Data security, Security applications/tools, Security Management
Intellectual property: Do you have a leak?
Is your organization's intellectual property floating around the Internet? Not sure? Here are some ways to check.
Tags: Data security, Security applications/tools, Security Management
