About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
The Internet as we know it today was designed to be a place where people could go about their business, whatever it happened to be, anonymously and without interference from other users. This model worked reasonably well for a long time, but it’s become painfully clear in recent months that some fundamental changes are needed in the way people use the network and, more importantly, how their PCs are allowed to behave.
By Adam Shostack, Emergent Chaos
Nearly a decade ago Bruce Schneier wrote “Security is a process, not a product.” His statement helped us advance as a profession, but with the benefit of hindsight, we can see he’s only half right. Security isn’t about technology.
From SearchMidmarketSecurity (Mike Chapple)
Many SMB IT administrators face a serious challenge when it comes to delivering serious security to their users. They may not have the budget or expertise they need and outsourcing can be expensive and troublesome if it’s not approached in the right way. As Mike Chapple writes on SearchMidmarketSecurity.com, asking a few key questions up front can be the difference between success and failure.
Software security expert Neil Daswani of Google discusses the key things that every Web developer, and developers in general, should know about security, including how SQL injection attacks work.
Dennis Fisher talks to Chris Hoff, author of the Rational Survivability blog and well-known speaker on cloud security and virtualization security issues.
This Google Tech Talk features Dr. Alan Karp of HP Labs, who details the company’s Virus Safe Computing Initiative.
The supposedly new attacks on the electrical grid and other portions of the country’s critical infrastructure that came to light this week are in fact not new at all and have been ongoing for several years. Attackers have been making serious inroads into U.S. government, utility and military networks for most of this decade and the problem is continuing to worsen, security experts say.
From Network World (Jeremy Kirk)
Millions of PCs infected with the Conficker virus have received a series of updated files over peer-to-peer connections that improve the worm’s defenses against security products and also include a sniffer and some fake anti-virus software.
From Cnet (Elinor Mills)
The security of U.S. networks is in such disarray that the Pentagon has spent $100 million in the last six months alone to repair damage done by cyber attacks. That huge number presumably includes cleaning up after external attacks, viruses and internal problems.
This quick tutorial gives you a foundation for understanding the IPSec protocol and how it can be used to secure some online sessions.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
