Defense in Depth

Column: Raising Cain at Black Hat

Robert Vamosi — Fri, 08 Aug 2008 17:10:00 GMT

LAS VEGAS--On the second day of the Black Hat security conference, a trio of journalists turned on other journalists within the press room.

This was my ninth Black Hat in nine years, and I have lived in dread year after year that such a headline would affect me. On Thursday, ...

Black Hat 2008: Notes from the field

Robert Vamosi — Tue, 05 Aug 2008 20:58:00 GMT

LAS VEGAS--This year marks my ninth year of attending Black Hat in Las Vegas. From a small gathering of security professionals in 2000 to an uberconference in 2008, Black Hat has scaled well. And the transition from private company to corporate-owned also appears smooth. But hardly anyone's here yet.

...

Column: Finally, ID fraud protection that works

Robert Vamosi — Mon, 28 Jul 2008 17:13:00 GMT

Jay Foley, co-founder of the Identity Theft Resource Center, told me recently that 57 percent of all identity fraud involves opening new accounts "for short-term gain." The ITRC should know: it has been surveying ID fraud victims for several years and has amassed some impressive real-world statistics.

Foley also said ...

Column: Will you be ditching your antivirus app anytime soon?

Robert Vamosi — Mon, 21 Jul 2008 18:38:00 GMT

For the last few months, I've been hearing some well-regarded security people tell me they are considering ditching their antivirus protection all together. They haven't done it, but these individuals feel the days of having a special application scan to remove malware on your desktop are numbered. Malware

...

A real simple answer to password protection

Robert Vamosi — Thu, 17 Jul 2008 21:33:00 GMT

It's a question I get asked a lot: what's a good way to remember passwords for a computer?

Here's how Christopher Horn over at Real Simple chose to answer it:

Writing down random log-in user names and passwords is unsafe and leaves them vulnerable to getting lost.

...

Despite patch, today's systems still vulnerable to 2002 flaw

Robert Vamosi — Thu, 17 Jul 2008 21:14:00 GMT

For the last week, I've written that Dan Kaminsky undertook unprecedented action in coordinating a variety of vendors in secret over the last six months. Ari Takanen, co-founder and chief technology officer of Codenomicon, wrote to challenge that notion.

In an e-mail on Thursday, Takanen cited his work on ...

Adding risk to our homes

Robert Vamosi — Wed, 16 Jul 2008 21:18:00 GMT

Gaining the ability to remotely control your HVAC might seem like an energy-responsible thing to do, but it might also pose hidden security risks.

In a recent blog titled Security implications in HVAC equipment SANS handler Swa Frantzen wrote of his concerns regarding one energy-saving program in Texas. The utility, ...

Column: The man who changed Internet security

Robert Vamosi — Mon, 14 Jul 2008 16:12:00 GMT

Programming note: As of Friday, July 11, 2008, Defense in Depth will now only carry my weekly column plus additional commentary on the state of computer security. My security news blogs will instead appear under the CNET News Security banner going forward. And my CNET News Security Bites podcasts can ...

ZoneAlarm updated after Microsoft's DNS patch

Robert Vamosi — Thu, 10 Jul 2008 17:39:00 GMT

On Thursday, Check Point Software Technologies released updated versions of all its ZoneAlarm products, addressing an incompatibility with a patch Microsoft released earlier this week.

The fix requires ZoneAlarm users to download the latest version, 7.0.438.000, from its site. A reboot is required to complete installation.

Since

...

Apple TV gets a security update

Robert Vamosi — Thu, 10 Jul 2008 17:22:00 GMT

Apple released a security update on Thursday for its Apple TV. Version 2.1 includes six patches that address buffer overflow and arbitrary code execution vulnerabilities.

Apple TV 2.1 can be automatically downloaded when the update is detected by the Apple TV device. The patches may take up to ...