- Software [In]security: Balancing All the Breaking with some Building
- Aug 30, 2011
- Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
|
- Software [In]security: Software Security Zombies
- Jul 21, 2011
- Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
|
- Software [In]security: Partly Cloudy with a Chance of Security
- Jun 17, 2011
- Security expert Gary McGraw provides some issues to consider when it comes to adoption of cloud services and their impact on security in your organization.
|
- Software [In]security: Computer Security and International Norms
- May 30, 2011
- The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
|
- Data Leakage During a Time of Economic Recession
- May 25, 2011
- Brad Bowers looks at some of the causes of data leakage and how a weak economy may increase the risks.
|
- 2011 Collegiate Cyber Defense Challenge: Shaping the Cyber Warriors of Tomorrow
- May 2, 2011
- Brad Bowers provides an intriguing look into the 2011 Mid-Atlantic CCDC attack-and-defense competition for information technology students.
|
- Software [In]security: vBSIMM (BSIMM for Vendors)
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|
- Secure Your Windows 7 System Now!
- Mar 9, 2011
- John Traenkenschuh presents three simple tasks to help you secure your Windows 7 system: create backups, consider optional security software, and control the interfaces to the system.
|
- Secure Your Facebook Account Now!
- Mar 2, 2011
- John Traenkenschuh guides you through several profile changes you can implement to protect your data on Facebook.
|
- Software [In]security: Software Patents and Fault Injection
- Feb 28, 2011
- Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
|
- Secure Your Android™ Phone Now!
- Feb 23, 2011
- John Traenkenschuh reviews eight simple tools and techniques you can try to secure your service, your information, and more on your Android phone.
|
- Firesheep, Fireshepherd, and Facebook: Understanding Session Hijacking
- Feb 22, 2011
- Mike Chapple shows you how web authentication makes session hijacking possible, how Firesheep exploits these vulnerabilities, and the measures that website administrators, web developers, and end users can take to protect against session hijacking attacks.
|
- Encryption 101: Keys, Algorithms and You
- Feb 15, 2011
- Mike Chapple shows how to protect confidential information via encryption, and teaches the basics when it comes to selecting an encryption technology.
|
- Computer Incident Response and Product Security: Operating an Incident Response Team
- Dec 17, 2010
- This chapter covers aspects of running an incidence response team (IRT) such as team size, team member profiles, cooperating with other groups, preparing for incidents, and measuring success.
|
- Information Security Bookshelf: Part 2 (2011 Edition)
- Dec 13, 2010
- In this second part of a two-part series on information security books, Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Information Security Bookshelf: Part 1 (2011 Edition)
- Dec 6, 2010
- In this first part of a two-part series on information security books, Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Software [In]security: Cyber Warmongering and Influence Peddling
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: Technology Transfer
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|
- The Evolution of Evil: Changes in the Use of USB Devices as Delivery Mechanisms for Malicious Code
- Oct 7, 2010
- USB microcontrollers are small, capable of circumventing most malware detection software, and can deliver devastating payloads. Brad Bowers takes a closer look at this new attack vector and reveals some of the challenges IT security professionals face as the use of microcontrollers as an attack platform matures.
|
- Getting Owned: The USB Keystroke Injection Attack
- Oct 6, 2010
- What do you call a USB-based device that can bypass all AV and autorun policies? Although most would consider it a perfect mischievous attack vector, Hyundai has used it as a tool to build customer loyalty. This leaves Seth Fogie wondering: Are people planning to use this technology maliciously?
|