Roger A. Grimes
Author Archives: Roger A. Grimes
- Home → Author's archive:
Roger A. Grimes
0
Has the quantum crypto break already happened?
Better quantum algorithms and a strange silence since last year from quantum computing researchers suggest that we are closer to breaking traditional encryption than most people believe.
0
Has the quantum crypto break already happened?
Better quantum algorithms and a strange silence since last year from quantum computing researchers suggest that we are closer to breaking traditional encryption than most people believe.
0
Foiled! 15 tricks to hold off the hackers
Malicious hackers have outsize reputations. They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says. Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here
0
Foiled! 15 tricks to hold off the hackers
Malicious hackers have outsize reputations. They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says. Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here
0
9 new hacks coming to get you
Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here
0
9 new hacks coming to get you
Securitywise, the internet of things is going as badly as most computer security experts predicted. In fact, most vendors don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes. Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, are being used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.To read this article in full or to leave a comment, please click here
0
Sniff out and kick out Windows malware for free
No single antimalware engine can keep up with all the malware out there. But how about 57 of 'em?[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] In this video, you'll learn how to download and run Windows Sysinternals Process Explorer to test all currently running executables on your Windows system against VirusTotal's 57 antivirus engines, which together offer the best accuracy you can ever get (with a small percentage of false positives that are pretty easy to spot).To read this article in full or to leave a comment, please click here
0
Sniff out and kick out Windows malware for free
No single antimalware engine can keep up with all the malware out there. But how about 57 of 'em?[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] In this video, you'll learn how to download and run Windows Sysinternals Process Explorer to test all currently running executables on your Windows system against VirusTotal's 57 antivirus engines, which together offer the best accuracy you can ever get (with a small percentage of false positives that are pretty easy to spot).To read this article in full or to leave a comment, please click here
0
17 essential tools to protect your online identity, privacy
Make no mistake: Professional and state-sponsored cybercriminals are trying to compromise your identity -- either at home, to steal your money; or at work, to steal your employer’s money, sensitive data, or intellectual property.Most users know the basics of computer privacy and safety when using the internet, including running HTTPS and two-factor authentication whenever possible, and checking haveibeenpwned.com to verify whether their email addresses or user names and passwords have been compromised by a known attack.[ Watch out for 11 signs you've been hacked -- and learn how to fight back, in InfoWorld's PDF special report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] But these days, computer users should go well beyond tightening their social media account settings. The security elite run a variety of programs, tools, and specialized hardware to ensure their privacy and security is as strong as it can be. Here, we take a look at this set of tools, beginning with those that provide the broadest security coverage down to each specific application for a particular purpose. Use any, or all, of these tools to protect your privacy and have the best computer security possible.To Continue reading
0
17 essential tools to protect your online identity, privacy
Make no mistake: Professional and state-sponsored cybercriminals are trying to compromise your identity -- either at home, to steal your money; or at work, to steal your employer’s money, sensitive data, or intellectual property.Most users know the basics of computer privacy and safety when using the internet, including running HTTPS and two-factor authentication whenever possible, and checking haveibeenpwned.com to verify whether their email addresses or user names and passwords have been compromised by a known attack.[ Watch out for 11 signs you've been hacked -- and learn how to fight back, in InfoWorld's PDF special report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] But these days, computer users should go well beyond tightening their social media account settings. The security elite run a variety of programs, tools, and specialized hardware to ensure their privacy and security is as strong as it can be. Here, we take a look at this set of tools, beginning with those that provide the broadest security coverage down to each specific application for a particular purpose. Use any, or all, of these tools to protect your privacy and have the best computer security possible.To Continue reading
0
Essential certifications for smart security pros
If you’re pursuing a career in IT security, certifications can only help you. Certification-critics often say a certification means nothing, and acumen and experience are the true differentiators, but as a holder of dozens of IT security certifications, I beg to differ. So do employers.A particular certification is often the minimum hurdle to getting an one-on-one in-person job interview. If you don’t have the cert, you don’t get invited. Other times, having a particular certification can give you a leg up on competing job candidates who have similar skill sets and experience.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Every certification I’ve gained took focused, goal-oriented study -- which employers view favorably, as they do with college degrees. More important, I picked up many new skills and insights in IT security while studying for each certification test. I also gained new perspectives on even familiar information I thought I had already mastered. I became a better employee and thinker because of all the certifications I have studied for and obtained. You will too.To read this article in full or to Continue reading
0
Essential certifications for smart security pros
If you’re pursuing a career in IT security, certifications can only help you. Certification-critics often say a certification means nothing, and acumen and experience are the true differentiators, but as a holder of dozens of IT security certifications, I beg to differ. So do employers.To read this article in full or to leave a comment, please click here(Insider Story)
0
11 signs your kid is hacking — and what to do about it
I've shared a lot of security knowledge in my tenure as InfoWorld's Security Advisor. But what I've never shared before is that much of my initial computer security defense knowledge, which I turned into my first book, came from trying to stop my teenage stepson from being a malicious hacker.I was newly dating his mother and he was a precocious 15-year-old who liked messing around with electronics and computers. He and his closest friends also flirted with malicious hacking, including harassing "ignorant" users, DoS-ing popular computer networks, making malware, and all sorts of unquestionably illegal and unethical hacking behavior.To read this article in full or to leave a comment, please click here
0
11 signs your kid is hacking — and what to do about it
I've shared a lot of security knowledge in my tenure as InfoWorld's Security Advisor. But what I've never shared before is that much of my initial computer security defense knowledge, which I turned into my first book, came from trying to stop my teenage stepson from being a malicious hacker.I was newly dating his mother and he was a precocious 15-year-old who liked messing around with electronics and computers. He and his closest friends also flirted with malicious hacking, including harassing "ignorant" users, DoS-ing popular computer networks, making malware, and all sorts of unquestionably illegal and unethical hacking behavior.To read this article in full or to leave a comment, please click here
0
Effective IT security habits of highly secure companies
When you get paid to assess computer security practices, you get a lot of visibility into what does and doesn’t work across the corporate spectrum. I’ve been fortunate enough to do exactly that as a security consultant for more than 20 years, analyzing anywhere between 20 to 50 companies of varying sizes each year. If there’s a single conclusion I can draw from that experience, it’s that successful security strategies are not about tools -- it's about teams. With very good people in the right places, supportive management, and well-executed protective processes, you have the makings of a very secure company, regardless of the tools you use. Companies that have an understanding of the importance and value of computer security as a crucial part of the business, not merely as a necessary evil, are those least likely to suffer catastrophic breaches. Every company thinks they have this culture; few do.To read this article in full or to leave a comment, please click here
0
Effective IT security habits of highly secure companies
When you get paid to assess computer security practices, you get a lot of visibility into what does and doesn’t work across the corporate spectrum. I’ve been fortunate enough to do exactly that as a security consultant for more than 20 years, analyzing anywhere between 20 to 50 companies of varying sizes each year. If there’s a single conclusion I can draw from that experience, it’s that successful security strategies are not about tools -- it's about teams. With very good people in the right places, supportive management, and well-executed protective processes, you have the makings of a very secure company, regardless of the tools you use. Companies that have an understanding of the importance and value of computer security as a crucial part of the business, not merely as a necessary evil, are those least likely to suffer catastrophic breaches. Every company thinks they have this culture; few do.To read this article in full or to leave a comment, please click here
0
The 10 Windows group policy settings you need to get right
One of the most common methods to configure an office full of Microsoft Windows computers is with group policy. For the most part, group policies are settings pushed into a computer's registry to configure security settings and other operational behaviors. Group policies can be pushed down from Active Directory (actually, pulled down by the client) or configured locally.I've been doing Windows computer security since 1990, so I've seen a lot of group policies. In my work with customers, I scrutinize each group policy setting within each group policy object. With Windows 8.1 and Windows Server 2012 R2, for example, there are more than 3,700 settings for the operating system alone.To read this article in full or to leave a comment, please click here(Insider Story)
0
A free, almost foolproof way to check for malware
No single antimalware engine can keep up with all the malware out there. But how about 57 of 'em?In this video, you'll learn how to download and run Windows Sysinternals Process Explorer to test all currently running executables on your Windows system against VirusTotal's 57 antivirus engines, which together offer the best accuracy you can ever get (with a small percentage of false positives that are pretty easy to spot). Neither the Sysinternals Process Explorer software nor the VirusTotal service cost anything at all. The whole setup process will take you about five minutes and the scan, which you can execute any time you like, takes less than a minute. Only malware in memory will be detected, but if you're infected, very likely that malicious process will be running -- and this easy method will sniff it out. Watch and learn.To read this article in full or to leave a comment, please click here
0
10 reasons why phishing attacks are nastier than ever
Phishing emails have been the scourge of the computer world for decades, defeating even our best efforts to combat them. Most of us can easily spot them by their subject lines and delete without even opening. If we’re not entirely sure and end up opening them, we can immediately identify a phishing attempt by its overly formal greetings, foreign origins, misspellings, and overly solicitous efforts to send us millions of unearned dollars or to sell us dubious products. Most of the time, phishing attempts are a minor menace we solve with a Delete key.Enter spearphishing: a targeted approach to phishing that is proving nefariously effective, even against the most seasoned security pros. Why? Because they are crafted by thoughtful professionals who seem to know your business, your current projects, your interests. They don’t tip their hand by trying to sell you anything or claiming to have money to give away. In fact, today’s spearphishing attempts have far more sinister goals than simple financial theft.To read this article in full or to leave a comment, please click here
0
10 security technologies destined for the dustbin
Perhaps nothing, not even the weather, changes as fast as computer technology. With that brisk pace of progress comes a grave responsibility: securing it.Every wave of new tech, no matter how small or esoteric, brings with it new threats. The security community slaves to keep up and, all things considered, does a pretty good job against hackers, who shift technologies and methodologies rapidly, leaving last year’s well-recognized attacks to the dustbin.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Have you had to enable the write-protect notch on your floppy disk lately to prevent boot viruses or malicious overwriting? Have you had to turn off your modem to prevent hackers from dialing it at night? Have you had to unload your ansi.sys driver to prevent malicious text files from remapping your keyboard to make your next keystroke reformat your hard drive? Did you review your autoexec.bat and config.sys files to make sure no malicious entries were inserted to autostart malware?To read this article in full or to leave a comment, please click here