A look at moments in infosec history that left us dumbfounded.
Stories by Bill Brenner
A look at 10 of the more notorious acts of hacktivism by Anonymous and LulzSec
As we noted in last year's CSO article, "Six ways we gave up our privacy," people are increasingly -- and willingly -- throwing their privacy to the wind, thanks to an addiction to Google apps, GPS devices, the BlackBerry, iPhone and Android, and social networking sites like Facebook and Twitter. Some security experts believe privacy is dead already.
The threats and challenges you face haven't changed much in the past year, but you're finding a better recipe for protecting your corporate data and networks, according to our eighth annual Global Information Security Survey.
It should go without saying that pen testing is one of the most important pieces of an IT security shop's vulnerability management program. And yet it's something that was <a href="http://www.csoonline.com/article/468766">declared a dead art by Fortify Co-founder Brian Chess</a> a couple years ago.
I took my share of name-calling as a kid. I did my share of name-calling, too. We're taught that nothing good comes of such behavior. I've been thinking a lot about that since writing an article two weeks ago called "Security blunders 'dumber than dog snot'" during the 2010 USENIX Security Symposium.
Voltaire is famous for noting that the main problem with common sense is that it's not all that common. Proof of that abounds in the security industry, where people who should know better do idiotic things daily, according to Roger G. Johnston, a member of the vulnerability assessment team at Argonne National Laboratory.
Though I've been writing about Internet security for six-plus years, there's an interesting problem in the industry that I've only noticed in the last couple years: Security executives and the hacking community tend to live in different worlds.
Any company that does business online knows the importance of mastering search engine optimization (SEO) techniques to get their content atop the Google rankings. It turns out malware pushers care about SEO, too, and at DefCon later this week researchers will show just how big a deal it has become.
An open letter to those who are distraught over the impending retirement of Windows XP SP2:
When it comes to mobile devices, IT security practitioners prefer employees use a BlackBerry because it's easier to control the data users share on them than, say, an Android or iPhone. But as consumer-based devices like the Apple brands get more sophisticated with each release, it's getting harder to keep them out of the workplace. Proliferation of the iPad has only heightened enterprise hunger.
Everything I've learned about mobile security tells me it's bad to use the consumer-based technology for work. That's where all the bad stuff comes from. That includes devices like the iPhone and iPad.
IT security practitioners typically greet vendor-based studies with skepticism because they come off as a sales pitch for whatever products that vendor sells. People become especially leery when a study leads to the predicted death of a particular security tool. But when looked at cumulatively, such studies offer small snapshots of why companies are making certain security decisions.
In many IT security shops, administrators rely on open-source tools to keep up with the malware bad guys continue to toss their way. One industry favorite is Sourcefire, parent of <a href="http://www.csoonline.com/article/546763/Tuning_Snort_with_Host_Attribute_Tables">the Snort IDS tool</a> and ClamAV.
Amit Yoran was the Department of Homeland Security's first director of the National Cyber Security Division of the Information Analysis and Infrastructure Protection office. But by September 2004 he was frustrated by what he saw as a lack of concern and commitment to Internet security. So he quit his post.