A Behavioral Approach to Security The CTO of Finjan, Yuval Ben-Itzhak, makes a strong case for a new approach to security that relies more on analyzing the behavior of suspicious code than signatures that have to developed after the attacks have already started.
The Silent Security Epidemic Ryan Sherstobitoff, CTO of Panda Software, describes what new types of sophisticated attacks are being created and what proactive steps developers need to take to protect their applications.
The Evolution of Security The risk-management strategies of honeybees can teach us a lot about security.
Daniel E. Geer, Verdasys from the DNS issue, April 2007
One Step Ahead Threats from rogue employees and partners exist inside the perimeter.
Vlad Gorelik, Sana Security from the Open Source Security issue, February 2007
Open vs. Closed Which source is more secure? The debate rages on, but what are the real pros and cons?
Richard Ford, Florida Institute Of Technology from the Open Source Security issue, February 2007
The Criminal Mind We're all vulnerable to cybercrime.
Charlene O'Hanlon, ACM Queue from the Cybercrime issue, November 2006
Playing for Keeps The only alternative to the problem of complexity vs. security is to make computing not be so general purpose.
Daniel E. Geer, Verdasys from the Cybercrime issue, November 2006
Cybercrime - An Epidemic Can we protect ourselves from the hazards of an online world?
Team Cymru from the Cybercrime issue, November 2006
Pointless PKI PKI without a Cause
Kode Vicious from the HCI issue, July/August 2006
Phishing for Solutions Phishing provides a cornucopia of challenging programmatic puzzles
Kode Vicious from the Web Services issue, May 2006
Vicious XSS Cross-Site-Scripting Attacks
Kode Vicious from the Systems of Scale issue, December 2005 / January 2006
The Doctor is In You get back a pointer to destination, which presumably you passed to the API in the first place. The logic for this escapes me.
Kode Vicious from the Social Computing issue, November 2005
Security: Problem Solved? Solutions to many of our security problems already exist, so why are we still so vulnerable?
John Viega, Secure Software from the Security issue, June 2005
The Answer is 42 of Course If we want our networks to be sufficiently difficult to penetrate, we've got to ask the right questions.
Thomas Wadlow, Independent Consultant from the Security issue, June 2005
VoIP Security: Not an Afterthought DDOS takes on a whole new meaning
Douglas C. Sicker and Tom Lookabaugh, University of Colorado at Boulder from the VoIP issue, September 2004
The Spinning Cube of Potential Doom Practically every computer linked to the Internet is constantly being scanned for security vulnerabilities and targeted for attack by viruses, worms, and worse.
Stephen Lau, NERSC from the Virtual Machines issue, July/August 2004
Security Is Harder Than You Think Still waiting for your set-it-and-forget-it fantasy about SSL to become reality?
John Viega and Matt Messier, Secure Software from the Virtual Machines issue, July/August 2004
Building Systems to be Shared Securely Running multiple virtual servers on one machine makes sense, but what happens when not everyone plays nice?
Poul-Henning Kamp, FreeBSD Developer, and Robert Watson, McAfee Research from the Virtual Machines issue, July/August 2004
The Insider, Naivety, and Hostility: Security Perfect Storm? Firewalls don't protect you from insiders unintentionally (or otherwise) giving out free passes to the corporate intranet.
Herbert H. Thompson, Security Innovation, and Richard Ford, Florida Institute of Technology from the Security issue, June 2004
Blaster Revisited A second look at the cost of Blaster sheds new light on today's blended threats.
Jim Morrison, Symantec Security Services from the Security issue, June 2004
The New Screen of Death Is security a problem that just can't be solved?
Edward Grossman, Editor, Queue from the Security issue, June 2004
Sensible Authentication Is there a failproof way to confirm someone's identity?
Bruce Schneier, Counterpane Internet Security from the Game Development issue, February 2004
Securing The Edge If you have any geeks working for you, do you realize they may have tunnels behind your firewall to their home machines?
Avi Freedman, Akamai Technologies from the Building Web Services issue, March 2003