Open source security testing methodology
Truth is made of numbers. Following this golden rule, Federico Biancuzzi interviewed Pete Herzog, founder of ISECOM and creator of the OSSTMM, to talk about the upcoming revision 3.0 of the Open Source Security Testing Methodology Manual. He discusses why we need a testing methodology, why use open source, the value of certifications, and plans for a new vulnerability scanner developed with a different approach than Nessus.
In this column Scott Granneman takes the role of dictator of the security world and presents his ideas about mandatory reforms that would improve security for millions of people.
Encryption for the masses
File and disk encryption needs to be simple and easy if it's going to be used. This article looks at Apple's FileVault and takes a sneak peak at what's coming in Windows Vista.
Human rights and wrongs online
A government's position on censorship used to protect its citizenry is dictated by who they are. The well-popularized censorship of Internet content in China by Google and other big players, and criticism of this by the U.S. government, is really just the tip of the iceburg.
The value of vulnerabilities
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?
The big DRM mistake
Digital Rights Managements hurts paying customers, destroys Fair Use rights, renders customers' investments worthless, and can always be defeated. Why are consumers and publishers being forced to use DRM?
Spreading security awareness for OS X
Robert Lemos interviews Kevin Finisterre, founder of security startup Digital Munition, who created the three recent versions of the InqTana worm to raise awareness of security in Apple's OS X. Finisterre discusses his reasons for creating the worms, the problems with Mac OS X security, and why he does not fear prosecution.
John the Ripper 1.7, by Solar Designer
Federico Biancuzzi interviews Solar Designer, creator of the popular John the Ripper password cracker. Solar Designer discusses what's new in version 1.7, the advantages of popular cryptographic hashes, the relative speed at which many passwords can now be cracked, and how one can choose strong passphrases (forget passwords) that are harder to break.
Strict liability for data breaches?
A recent case involving a stolen laptop containing 550,000 people's full credit information sheds new night on what "reasonable" protections a company must make to secure its customer data - and what customers need to prove in order to sue for damages.
Privacy and anonymity
Privacy and anonymity on the Internet are as important as they are difficult to achieve. Here are some of the current issues we face, along with a few suggestions on how we can become a little more anonymous on the Web.