http://www.infoworld.com InfoWorld - Information Technology News, Computer Networking & Security http://ad.doubleclick.net/ad/idg.us.info.rss/logo;pos=rssfeed_infologo;sz=214x54;ord=? http://ad.doubleclick.net/jump/idg.us.info.rss/logo;pos=rssfeed_infologo;sz=214x54;ord=? http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/02/22/08OP-security-schneier_1.html As longtime readers already know, I?m a big fan of Bruce Schneier, CTO and founder of BT Counterpane. Besides being a cryptographic and computer security authority, cryptographic algorithm creator, and author of many best-selling books on security, Bruce produces some of the most relevant conversations on computer security. I consider his books, his Cryptogram newsletter, and his blog must-reads for anyone in computer security. Fri, 22 Feb 2008 11:00:00 GMT http://www.infoworld.com/article/08/02/22/08OP-security-schneier_1.html 2008-02-22T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/02/15/07OP-secadvise-fip-compliant_1.html I?ve been involved in a lot of FIPS-compliance Web site testing lately. I?m a crypto hobbyist, not a crypto expert, so I hesitate to write about it, but I?ll explain the basics as well as I understand them. Crypto experts, please write in if I messed up something important. Fri, 15 Feb 2008 11:00:00 GMT http://www.infoworld.com/article/08/02/15/07OP-secadvise-fip-compliant_1.html 2008-02-15T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/02/08/06OPsecadvise-computer-security-least-privilege_1.html My previous column on the questionable long-term effects of least privilege created a firestorm of controversy and discussion. Personally, I think controversy is good if it gives people on both sides of the argument a chance to reconsider their previous conclusions. If the argument changes your mind, then maybe your original conclusions needed more consideration. And if it strengthens your support, one way or the other, then at least you had an opportunity to reexamine your beliefs and provide yourself even stronger arguments. Fri, 08 Feb 2008 11:00:00 GMT http://www.infoworld.com/article/08/02/08/06OPsecadvise-computer-security-least-privilege_1.html 2008-02-08T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/02/01/05OP-secadvise-security-strategy-authentication_1.html It's a common dilemma: You host multiple Web-accessible applications, for both internal customers and external users. A few of your developers are keeping up on the last programming trends and security models, while some of your highest-seniority employees are stuck in programming models outdated a decade ago. You've got a hodgepodge of access and authentication methods, along with a lot of client-server interaction, and a little bit of Web services and SOA, as well as Citrix or Terminal Services thrown in. There are even a few people still dialing in on phone lines to access dumb terminal-based applications. Fri, 01 Feb 2008 11:00:00 GMT http://www.infoworld.com/article/08/02/01/05OP-secadvise-security-strategy-authentication_1.html 2008-02-01T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/01/25/04OP-secadvise-verify-software_1.html I've written many times over the years, including as recently as last week, that letting users execute and install their own software will always allow viruses, worms, and Trojans to be successfully installed. Traditionally, I've recommended that users not have admin or root access, that they let system administrators choose what software is allowed and what is blocked. But this recommendation breaks down for several reasons. Fri, 25 Jan 2008 11:00:00 GMT http://www.infoworld.com/article/08/01/25/04OP-secadvise-verify-software_1.html 2008-01-25T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/01/18/03OP-secadvise-internet-security_1.html In the first column of this year, I discussed computer security outlook and hopes for 2008. I forecast more of the same that we saw in 2007: more spam, more malware, more bad guys basically owning the Internet and our connected computers. I don't see any trends or new leaders with significant power to change the status quo. Fri, 18 Jan 2008 11:00:00 GMT http://www.infoworld.com/article/08/01/18/03OP-secadvise-internet-security_1.html 2008-01-18T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/01/11/02OPsecadvise-user-account-control_1.html It's security's dirty little secret: Not having your users logged in as root or administrator will not stop malware. Fri, 11 Jan 2008 11:00:00 GMT http://www.infoworld.com/article/08/01/11/02OPsecadvise-user-account-control_1.html 2008-01-11T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/08/01/04/01OP-secadvise-technology-security-predictions-for-2008_1.html At the beginning of each year I like to talk about what did or didn?t happen during the past year, and what to expect in the coming year. Unlike past years, I?ll try not to get too emotionally ramped up on all the failures. Fri, 04 Jan 2008 11:00:00 GMT http://www.infoworld.com/article/08/01/04/01OP-secadvise-technology-security-predictions-for-2008_1.html 2008-01-04T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/07/12/21/51OPsecadvise_1.html A hash is cryptographic algorithm that attempts to uniquely describe inputted content by outputting a value that is unique for a given piece of inputted content. A good hash algorithm has several characteristics, including: Fri, 21 Dec 2007 11:00:00 GMT http://www.infoworld.com/article/07/12/21/51OPsecadvise_1.html 2007-12-21T11:00:00Z http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/07/12/14/50OP-secadvise-better-password-questions_1.html I just love how many Web sites take my complex, hard-to-guess password and make it as easy to crack as guessing my favorite color or the city of my birth. It seems nearly every Web site comes with user-accessible, self-service, password reset questions, and nearly all of those same sites make resetting or obtaining my password magnitudes easier than actually knowing my correct password. Thanks. Fri, 14 Dec 2007 11:00:00 GMT http://www.infoworld.com/article/07/12/14/50OP-secadvise-better-password-questions_1.html 2007-12-14T11:00:00Z