Security > Opinions

Projects that sail along smoothly, with no resistance, are great. But it's the ones that throw lots of roadblocks in our way that end up teaching us things.

Whom can you trust? In security, many of us nurture a healthy sense of paranoia and tend to be distrustful. But as human beings, as social beings, we form bonds of trust with those around us.

Does my company need to be more proactive about insiders during hard times?

This year's Global Forum met last week in this paradoxically ancient and modern European city, and celebrated technological advance while noting chaotic policy environment conditions.

There has been a long history of attacks on the Domain Name System ranging from brute-force denial-of-service attacks to targeted attacks requiring specialized software. In July 2008 a new DNS cache-poisoning attack was unveiled that is considered especially dangerous because it does not require substantial bandwidth or processor resources nor does it require sophisticated techniques.

If you've had any money in the stock market, it's been a bloodbath the last few weeks. It's hard to remember that any 10-year period in stock market history has always ended up with better returns than any other investment. As financial analysts argue over whether we are already in or just headed into a deep global recession, we are facing a rough, contracting period. People with good jobs are holding on to them tighter than ever.

While there are a number of security risks in the world of electronic commerce, SQL injection is one of the most common Web site attack techniques used to steal customer data such as credit card numbers, hold customer data hostage by encrypting it or destroy data outright.

Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

Heard about a competitor's security being breached? Then you're probably next. In fact, you may already be owned.

In the last three columns, I’ve been looking at the complexities of protecting client or prospect privacy (personally identifiable information or PII) in an interconnected world.

There's IT, and then there's shadow IT.