» read more

» read more

» read more

Ads by TechWords
  • Confessions of a Security Optimist

    I used to be a cynic. I wore the black geek t-shirts and firmly believed that the worst would always happen. I used to say things such as "Users are dumb." So what happened?

  • Have we all become "Patch Crazy?"

    I've heard "Oh, I just can't wait until the next Service Pack" all too often by those loyal users that stand by their software no matter what. Most recently, I've heard it from early adopters of OS X Leopard, but it's the battle cry of Vista users the world over. Have software vendors given up on releasing good software the first time? Are they relying on patches and Service Packs to deliver software that's just decent?

  • When DDoS Attacks Become Personal

    Two semi-recent events have hit home for many people that have introduced them to the Distributed Denial of Service attack or DDoS. These events have shaken you to the core if you have children or if you are a baseball fan. The events: Hannah Montana and The Rockies trying to sell their tickets to online users only.

» read more

» read more

  • SQL Server : The Real Security Story

    SQL Server has come a long way in the past 5 years, though the history seems to linger. Let's look at the recent history and see what the story is with database vulnerabilities.

  • Windows Server 2008 Launch Security Highlights

    Building upon the progress made in Windows Server 2003, SQL Server 2005 and Visual Studio 2005, Microsoft today launched the new generation of each of these products.

  • Jesper Johannsen Does Some Windows Vista Analysis

    Okay, so you had some further questions after reading my Windows Vista One Year Vulnerability Analysis. So, did Jesper Johannson, but he decided to do the analysis and find some answers. Read here to see what questions he asked ... and then go look at the findings.

» read more

» read more

  • Contractors and Laptops

    When businesses entrust highly sensitive information (e.g., non-public information of a consumer or valuable trade secret information) to their consultants, a best practice is to preclude the consultant from storing any of the information on its laptop computers. The risk is simply too great a compromise of the laptop will lead to the business being featured in yet another front page story involving data loss.

  • Laptops Gone Wild

    Sadly this is not the title of new spring break video. Rather it reflects the continuing growth industry that is lost and stolen laptops. As the number of laptops going missing grows at an ever alarming rate, many businesses have adopted policies regarding laptop security, tried to better educate their users regarding the security risks associated with this problem, and implemented stronger user authentication and even encryption on laptops containing sensitive information. Proactive businesses are now taking a further step in deploying "phone home" software in their laptops or installing applications that can be triggered remotely to irretrievably erase or encrypt data on a missing laptop. Clearly, these are all steps in the right direction. There are, however, some risks associated with implementing remote erasure software that should be addressed in your contract with the vendor.

  • More Thoughts on System Availability

    Following up on my comments last week on the need for service level agreements (SLAs) to ensure data availability in hosted environments (e.g., ASPs, SAAS, cloud environments, and other online services). This week some further suggestions and considerations for SLA:

» read more

  • Red Flag Rules - a scramble among creditors

    CSOs subject to the Red Flag Rules of FACTA are scrambling to get compliant before the looming deadline.

  • Notes from ISC West

    I dropped in on the ISC West show this week in Las Vegas to see what's up in the physical security marketplace.

  • eDiscovery: Watch out for FRCP changes!

    Changes to the Federal Rules of Civil Procedure are creating a small storm as businesses begin to understand the new rules governing eDiscovery and realize that many of them aren't remotely prepared. Have you spoken with your general counsel today?

» read more

» read more

Sponsored Links