5 tips to protect your admin credentials

5 tips to protect your admin credentials

Credentials are the main battlefront in our ongoing computer security war. Deploy everything you have to keep them safe

02/09/16

5 steps to make threat intelligence work for you

5 steps to make threat intelligence work for you

Determining your top threats is not rocket science -- and the effort will pay off in successful mitigations

02/02/16

Why patching is still a problem -- and how to fix it

Why patching is still a problem -- and how to fix it

Many obstacles stand in the way of perfect patching. Getting around them may be easier than you think

01/26/16

Why you don't need an RFID-blocking wallet

Why you don't need an RFID-blocking wallet

You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist

01/19/16

Train your users to beat phone scams

Train your users to beat phone scams

'Press 1 to hand us the family jewels' works more often than you might think. A little training can stop this sort of social engineering

01/12/16

A better way to move past insecure SHA-1 certs

A better way to move past insecure SHA-1 certs

The digital certificate switchover from weak SHA-1 to the vastly stronger SHA-2 promises to be brutal, but a new industry proposal could ease the pain

01/05/16

How computer security changed in 2015

How computer security changed in 2015

We made progress, suffered setbacks, added complexity, and did little to deter the onslaught of cyber crime

12/22/15

Why identity is the new security

Why identity is the new security

We're long past the days of perimeter security being enough. Now we need to figure out how to manage user identity in an increasingly complex world

12/15/15

Attention, 'red team' hackers: Stay on target

Attention, 'red team' hackers: Stay on target

You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws

12/08/15

4 do's and don'ts for safer holiday computing

4 do's and don'ts for safer holiday computing

It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily

12/01/15

To catch a thief: Cyber sleuth edition

To catch a thief: Cyber sleuth edition

Several bizarre coincidences led to the pursuit of a suspected fraudster in a shopping mall. It did not end well

11/24/15

7 keys to better risk assessment

7 keys to better risk assessment

When bad guys penetrate a network, too many defenders worry about what they stole rather than how they broke in. Focus on causes! Here's how

11/17/15

Math to the rescue! Try this novel hacking defense

Math to the rescue! Try this novel hacking defense

Can drilling into logs tell you whether you have been -- or are being -- hacked? Yes, if you use advanced math to look for weird variations like Anomaly Detective does

11/10/15

The sorry state of certificate revocation

The sorry state of certificate revocation

Certificates need to be revoked for all sorts of reasons, but the process is so slipshod, some propose an entirely new system. Why not just enforce existing rules instead?

11/03/15

Encryption is under siege. Move to SHA-2 now!

Encryption is under siege. Move to SHA-2 now!

Between new NSA pronouncements and poorly protected hard drives, the crypto world has been turned upside down. One certainty: Switch to SHA-2 ASAP

10/27/15

Freedom or security? Most users have chosen

Freedom or security? Most users have chosen

Think about it: App stores are highly restrictive, and now both mobile and desktop OSes employ stores to bar bad apps

10/20/15

The most important security question to ask users

The most important security question to ask users

You have several options for improving corporate security, but user education is a crucial measure, and it all comes down to one point

10/13/15

Know your threats before you deploy defenses

Know your threats before you deploy defenses

Collecting information about how your organization was compromised in the past may not be fun, but without that step, you'll never do security right

10/06/15

The No. 1 problem with computer security

The No. 1 problem with computer security

Everyone focuses on the wrong threats. You've undoubtedly been breached already, so the key is to collect data that can help you prevent attackers from succeeding again

09/29/15

American ingenuity: Why the U.S. has the best hackers

American ingenuity: Why the U.S. has the best hackers

The United States is No. 1 at hacking, mainly because we're always pushing the limits of what can be done. The proof? U.S. hackers seldom get caught

09/22/15

Load More