Last week Symantec released their 2008 Internet Security Threat Report (ISTR).  The report provides an analysis of worldwide Internet threat activity, vulnerabilities, malicious code, phishing, spam and activity on underground economy servers. The ISTR contains a lot of interesting information and I’d encourage you to read it — I’m certainly not going to repeat all […]

[This article originally appeared in MONiTOR Magazine] Protecting sensitive information gets more difficult every day, and it shows. We hear about major security breaches on a weekly – sometimes even daily – basis. There are several reasons: Corporate perimeters are disappearing due to information sharing requirements and an increasingly mobile workforce; To remain competitive, applications […]

Security is a hot topic today, at least partially thanks to the Internet.  It’s not that the Internet is good or bad – it’s neither – but rather because of the connectivity that the Internet provides.  Just as the car made it possible for criminals to seek out targets farther away than horses could carry […]

As a security guy, I can’t help but find Skype interesting.  Some people love it, others hate it.  Individuals flock to it, yet many corporations avoid it.  Some privacy advocates herald it, yet some in the open source community slam it.  Oh, and it uses encryption. I don’t remember how it came up, but I […]

I received an interesting email from a reader. To paraphrase, the question is how one can go about removing all personal information from a laptop prior to crossing the border so that, in the event the computer is searched, one’s email, contact lists, documents, browsing history, etc., remain private. It’s an interesting question partially because […]

There are few absolutes in security and privacy and I spend a lot of my time weighing benefits and risks. There is often no right answer and we’re often left contemplating how to best manage risks so that business can continue. But, every so often, there’s an exception. Like late last week, when I was […]

I use a lot of Adobe products. Lightroom, Photoshop, Premiere and Acrobat to name some. So, when blogs started buzzing about an Acrobat vulnerability, they grabbed my attention. And, when my distinguished colleague Larry Seltzer at eWeek.com wrote that “It May Be Time to Abandon Adobe”, I began to wonder if the sky was falling. […]

The Net has been thundering over the last few days about a security issue at Google, and some users have reported receiving the following email: Dear Google Docs user, We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you […]

The Internet is a great place to shop. But, at times, it can be difficult to tell if you’re looking at the Web site of a reputable business or a fraud. Criminals and the ethically challenged are increasingly taking advantage of this fact to separate you from your money. The scams are numerous but you […]

Some of the most interesting security debates involve anonymity and privacy.  Everyone seems to have a different idea about what those words mean.  For example, some people think anonymity is a binary thing – you’re either anonymous or you’re not.  But when I think of anonymity I think of two axis. The first is how […]

Another round of credit card number exposures and my wife’s bank proactively changing her card number due to an  ‘ongoing investigation’ reminded me that I haven’t written about credit card issues for a while. But please don’t click away — this isn’t going to be another ‘how you can protect yourself’ article. Security can be […]

A recent count case in Minnesota poses an interesting question. In summary, a man accused of impaired driving says he should be able to review the source code of the breathalyzer used to gather the evidence against him. On the surface, the man’s request seems reasonable. As I understand it, the primary evidence against him […]