Why aren't we using SHA-3?
The Secure Hash Algorithm version 3 fixes flaws in the now-standard SHA-2 cipher. Here's how to prepare for a migration to SHA-3 when SHA-2 is inevitably compromised.
Stories by Roger A. Grimes
The two most important ways to defend against security threats
Patching and security training programs will thwart attacks more effectively than anything else. You're already doing them. Here's how to do them better.
How bad are Meltdown and Spectre?
Some people aren't taking hardware vulnerabilities like Meltdown and Spectre seriously. Here's a point-by-point rebuttal to their arguments.
6 reasons you’re failing to focus on your biggest IT security threats
Most companies are not focused on the real security threats they face, leaving them ever more vulnerable. That can change if they trust their data rather than the hype.
5 computer security facts that surprise most people
As a 30-year road warrior, I’ve learned some security truths that seem wrong, but must be accepted if you really want to understand the threats you face.
6 lessons learned about the scariest security threats
Advanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.
11 sure signs you've been hacked
In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.
Computer security's dubious future
As long-time readers already know, I'm a big fan of Bruce Schneier, CTO and founder of <a href="http://www.counterpane.com/">BT Counterpane</a>. Besides being a cryptographic and computer security authority, cryptographic algorithm creator, and author of many best-selling books on security, Bruce produces some of the most relevant conversations on computer security. I consider his books, <a href="http://www.schneier.com/crypto-gram.html">Cryptogram newsletter</a>, and <a href="http://www.schneier.com/blog">blog</a> must-reads for anyone in computer security.
Control user installs of software
I've written many times over the years, including as recently as last week, that letting users execute and install their own software will always allow viruses, worms, and Trojans to be successfully installed. Traditionally, I've recommended that users not have admin or root access, that they let system administrators choose what software is allowed and what is blocked. But this recommendation breaks down for several reasons.
Security predictions for 2008
At the beginning of each year I like to talk about what did or didn't happen during the past year, and what to expect in the coming year. Unlike past years, I'll try not to get too emotionally ramped up on all the failures.
How to become an exceptional security manager
I recently listened to a wonderful science program on National Public Radio discussing a book called Better: A Surgeon's Notes on Performance along with its author, Dr. Atul Gawande. The book discusses the reasons why some practitioners excel while others just meet the standards or perform poorly.
Oh so sensible Schneier
Have you ever had one of those moments where something you knew to be certain was turned upside down and you learned you had been wrong ... for years? A lot of Bruce Schneier’s writing gives me moments like that.
The best person to hack your system is you
I’ve always been a firm believer in the idea of hacking yourself. After all, if you don’t hack yourself, the hackers will. So, if you’re a good security administrator, you must learn about the various hacking tools that might be used against your environment, become familiar with them, and use them.
Securely yours — Vista shows it’s on guard
By Roger A. Grimes