Menu

Security / Opinions /

Research says online password meters are unreliable

By now, you've probably been lectured about the importance of using strong passwords by your company's IT department, technology-savvy friends and any number of tech writers. You get it, so I won't repeat the lecture. However, the passwords you think are strong might not be.

Written by Bill Snyder31 March 15 06:47

Where's the data?

It's a time-honored tradition: U.S. businesses find ways to skirt inconvenient or expensive laws by moving operations to other countries. Thus we have had U.S. corporations operating overseas to exploit child labor, run sweatshops or avoid taxes and rigorous health and safety inspections. Now the U.S. government says something similar is happening in regards to email.

Written by Evan Schuman18 March 15 01:56

Don't get into an email mess

Though she may have broken no laws, Hillary Clinton acted irresponsibly in using a personal email account to conduct official U.S. government business in her capacity as secretary of State.

Written by Kenneth van Wyk13 March 15 08:01

Making the case for security

Having been at my new company for several months now, this week I was invited to inform executive management about the state of our security. I had half an hour to formally introduce myself and talk about my philosophy, my initial findings and the priorities I think we need to have.

Written by By Mathias Thurman11 March 15 03:46

Web browsers are also to blame for Lenovo's Superfish fiasco

Lenovo pre-installing Superfish software was a security disaster. Whether Lenovo was evil, or, as they eventually claimed, merely incompetent, it's hard to trust them going forward. If nothing else, their initial denials that anything was wrong, leave a lasting impression. Of course, Superfish, along with the software that they bundled from Komodia, also deserve plenty of blame for breaking the security of HTTPS and SSL/TLS.

Written by Michael Horowitz10 March 15 00:07

Rating the payment options

Several electronic and mobile payment options have become available, but most of us in the U.S. are still using plain-vanilla credit and debit cards with magnetic stripes. They use technology that dates to the first Nixon administration. That's not a problem in itself; I have no problem with time-tested security measures that work effectively. But just look around: Data breaches are everywhere, and those magnetic-stripe cards are often implicated.

Written by Kenneth van Wyk27 Feb. 15 03:07

Patent trolls: Congress gets down to business

White Castle might not be the first company that comes to mind when high tech is mentioned, but the restaurant chain found itself in the middle of the patent troll controversy when it started sending menu updates from its headquarters to digital screens in restaurants around the country.

Written by By Steven Titch11 Feb. 15 03:42

The ‘sophisticated attack' myth

Sometimes I wonder whether any company will ever fall victim to an unsophisticated cyberattack. Because after every attack that comes to light, we hear that same excuse: It was a sophisticated attack.

Written by Ira Winkler11 Feb. 15 03:26

Protect yourself from hackers and the NSA

The downside of email, chat, text and messaging apps is that they make you feel like you're communicating privately, with only the intended recipients. And that your messages are private. Until they're not.

Written by Mike Elgan07 Feb. 15 23:07

Uber shows how not to do a privacy report

The Uber privacy report released last week (Jan. 30) is the perfect example of how not to handle a privacy PR disaster -- or any privacy policy matters at all.

Written by Evan Schuman06 Feb. 15 06:08

It's time for the chip-and-PIN'ing of America

Thank goodness for that signature on the back of my credit card. If it weren't for that smudged scrawl, a thief might steal my card (or card number) and make fraudulent purchases. Or steal my identity. Right.

Written by By Bret Swanson05 Feb. 15 02:05

Can you trust Amazon's WorkMail?

When Amazon unveiled its cloud-based corporate WorkMail email offering last week (Jan. 28), it stressed the high-level of encryption it would use and the fact that corporate users would control their own decryption keys. But Amazon neglected to mention that it will retain full access to those messages -- along with the ability to both analyze data for e-commerce marketing and to give data to law enforcement should subpoenas show up.

Written by Evan Schuman03 Feb. 15 20:07

7 smartphone rules changed this week

Federal regulators have been throwing their weight around lately, and mostly to good effect for consumers and users of mobile technology.

Written by Mike Elgan03 Feb. 15 01:24

Be prepared for the breach that's headed your way

January 2015 is already winding down, but it's not too late to think about the lessons of 2014. For anyone in information security, 2014 was a year marked by spectacular breaches. It ended with Sony Pictures Entertainment getting its clock cleaned by hackers, quite possibly from North Korea. Wouldn't it be great if 2015 doesn't include the same sort of clock cleaning at your company?

Written by By Kenneth van Wyk27 Jan. 15 02:28

Facebook, take note!

In the last few weeks it's possible some of your Facebook chums posted messages on their walls in which they tried to revoke permission for the social network to use and distribute content they post.

Written by Jonny Evans22 Jan. 15 13:58

Let's not make patent trolls stronger

As you can tell by the name we've given them, patent trolls aren't popular critters. The game these operators play is shady and sleazy, bordering on extortion -- though it's completely legal. What they do is to purchase patents, with no intention of using or selling them, but rather to shake down as many people as possible by accusing them of violating the patent, even if the patent troll has no reason to believe that.

Written by Evan Schuman20 Jan. 15 22:29

Sony and Chase: Don't blame the CISO

Over the last couple of weeks, I have read numerous news stories about the widely publicized security breaches at Sony and JPMorgan Chase. It seems as if everybody is a Monday-morning quarterback, with every other reporter voicing an opinion on how these breaches should have been prevented. In particular, I read two articles that specifically blamed the information security organizations at those companies for failing to properly stop the attackers. That's not fair.

Written by By J.F. Rice08 Jan. 15 01:23

Market Place

Computerworld
ARN
Techworld
CMO