Stories by Bill Brenner

SecTor 2010: Why security is the enemy of privacy

As we noted in last year's CSO article, "Six ways we gave up our privacy," people are increasingly -- and willingly -- throwing their privacy to the wind, thanks to an addiction to Google apps, GPS devices, the BlackBerry, iPhone and Android, and social networking sites like Facebook and Twitter. Some security experts believe privacy is dead already.

Written by Bill Brenner27 Oct. 10 03:28

Why CIOs are resetting information security priorities

The threats and challenges you face haven't changed much in the past year, but you're finding a better recipe for protecting your corporate data and networks, according to our eighth annual Global Information Security Survey.

Written by Bill Brenner30 Sept. 10 07:04

Vulnerability management basics: Pen testing techniques

It should go without saying that pen testing is one of the most important pieces of an IT security shop's vulnerability management program. And yet it's something that was <a href="http://www.csoonline.com/article/468766">declared a dead art by Fortify Co-founder Brian Chess</a> a couple years ago.

Written by Bill Brenner18 Sept. 10 04:05

Sticks and stones: Picking on users AND security pros

I took my share of name-calling as a kid. I did my share of name-calling, too. We're taught that nothing good comes of such behavior. I've been thinking a lot about that since writing an article two weeks ago called "Security blunders 'dumber than dog snot'" during the 2010 USENIX Security Symposium.

Written by Bill Brenner26 Aug. 10 02:08

Security blunders 'dumber than dog snot'

Voltaire is famous for noting that the main problem with common sense is that it's not all that common. Proof of that abounds in the security industry, where people who should know better do idiotic things daily, according to Roger G. Johnston, a member of the vulnerability assessment team at Argonne National Laboratory.

Written by Bill Brenner12 Aug. 10 02:00

A striking disconnect between CSOs and hackers

Though I've been writing about Internet security for six-plus years, there's an interesting problem in the industry that I've only noticed in the last couple years: Security executives and the hacking community tend to live in different worlds.

Written by Bill Brenner28 July 10 05:08

Search engine optimization techniques for hackers

Any company that does business online knows the importance of mastering search engine optimization (SEO) techniques to get their content atop the Google rankings. It turns out malware pushers care about SEO, too, and at DefCon later this week researchers will show just how big a deal it has become.

Written by Bill Brenner28 July 10 01:13

iPhones, iPads in the enterprise: 5 security views

When it comes to mobile devices, IT security practitioners prefer employees use a BlackBerry because it's easier to control the data users share on them than, say, an Android or iPhone. But as consumer-based devices like the Apple brands get more sophisticated with each release, it's getting harder to keep them out of the workplace. Proliferation of the iPad has only heightened enterprise hunger.

Written by Bill Brenner24 June 10 03:07

Mobile Security: Why I still want my iPad, iPhone

Everything I've learned about mobile security tells me it's bad to use the consumer-based technology for work. That's where all the bad stuff comes from. That includes devices like the iPhone and iPad.

Written by Bill Brenner17 June 10 05:38

Data Protection: SIEM use up in midsized orgs, surveys say

IT security practitioners typically greet vendor-based studies with skepticism because they come off as a sales pitch for whatever products that vendor sells. People become especially leery when a study leads to the predicted death of a particular security tool. But when looked at cumulatively, such studies offer small snapshots of why companies are making certain security decisions.

Written by Bill Brenner03 June 10 03:28

Inside Sourcefire's Vulnerability Research Team

In many IT security shops, administrators rely on open-source tools to keep up with the malware bad guys continue to toss their way. One industry favorite is Sourcefire, parent of <a href="http://www.csoonline.com/article/546763/Tuning_Snort_with_Host_Attribute_Tables">the Snort IDS tool</a> and ClamAV.

Written by Bill Brenner13 May 10 04:32

Why your information security stinks & what to do

Amit Yoran was the Department of Homeland Security's first director of the National Cyber Security Division of the Information Analysis and Infrastructure Protection office. But by September 2004 he was frustrated by what he saw as a lack of concern and commitment to Internet security. So he quit his post.

Written by Bill Brenner22 April 10 03:19
[]