Knowledge.

Another Certificate Authority (CA) Blunder; No Hack Required

The Certificate Authority (CA) system that currently handles how we publicly interact 'securely' with web sites, mail servers, and other services around the world can't catch a break. In the latest black-eye, an Entrust bulletin speaks about how a... Read more

Mitigating the Risks of Poor Web Programming

If you weren't paying attention during the early Summer months this year, you may have missed the overwhelming rate at which web sites were being publicly compromised and mocked. Often, these sites were prone to compromise due to SQL injection and... Read more

Cloud Should Not Be Spelt FUD

Fear, Uncertainty, and Doubt (FUD) are sadly a corner-stone of those who don't know enough to know better, or those that just don't care if they are wrong. When it comes to information technology, FUD is alive and well in 'cloud computing', at least... Read more

Security Folks on Twitter Who Deserve Attention

This is a first round of trying to provide community awareness of digital and social media that deserves a look (or listen). Today's post is a somewhat verbose listing of folks on Twitter I've found valuable over the years in the field of... Read more

American Express Leaves a Door Wide-Open

Not to be left in the dust for instances of confusingly-bad security practices by industry friends such as Citibank and Bank of America, American Express served up their own face-palm of security today. In this case, it appears that a breakdown... Read more

Two-Factor Authentication for MediaWiki with Duo Security

Two-factor authentication can be the difference between a major compromise and just a fleeting annoyance for a company. While there have always been a few multifactor authentication options on the market, they rarely have gone to the lengths that... Read more

Don’t Miss Out on National Cyber Security Awareness Month

If you're not already aware, October is National Cybersecurity Awareness Month! What may surprise some is that this designation is in its eighth year already and has really picked-up momentum among communities. Michigan is rather lucky to be... Read more

Browser Exploit Against SSL/TLS (BEAST)—Another Blow to Browser Security

Aside from crisis situations involving now-defunct Certificates Authorities, other SSL news has been making waves in the security community the past week. The Browser Exploit Against SSL/TLS (BEAST) demonstrated by Juliano Rizzo and Thai Duong this... Read more

Skype Security Risks for the Enterprise, Part 1

Recently, I have had a number of questions from clients about the use of Skype in the Enterprise and the security risks that it presents.  While Skype is not new, I believe this represents exactly the type of question that IT security will be... Read more

It’s Time for Healthcare Organizations to Get Serious About HIPAA and HITECH

Earlier this year, Connecticut Attorney General Richard Blumenthal filed the first known HIPAA lawsuit at the state level. He filed against Health Net of Connecticut Inc. for allegedly failing to secure patients’ private records, including medical... Read more

With Experian EI3PA Security Program In Effect, How Soon Will Equifax and Transunion Follow Suit?

In the world of credit bureaus, we all know who the big 3 players are; Experian, Equifax, and Transunion. When Experian decided that they were going to implement their own security program for its resellers to follow, I was quite interested to see... Read more

Anti-virus is a Poor Substitute for Common Sense

A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.

Last week,... Read more