Machine Shop

Printed in IDG's CSO Magazine and appearing online at http://www.csoonline.com/, "Machine Shop" was the winner of the 2004 and the 2005 Jesse H. Neal National Business Journalism Award for Best Regularly Featured Department or Column, awarded by American Business Media. The column also won the 2004 award for Best Regular Column, Contributed, awarded by the American Association of Business Publishers and Editors.

February 2007, "The Book on Amazon" Can you trust the giant retailer—or any Web-based service—with your information storage and computing tasks?
November 2006, "Watch Yourself" Monitoring your employees' data and network activities is no longer a technical challenge. But there are critical ethical questions to answer first.
October 2006, "The Evil Side of Automatic Software Updates" Automatic software updates are supposed to make your life easier. But vulnerable updating mechanisms can help your enemies instead.
September 2006, "Safe Storage, Mac Style" Disk-level encryption provides a safety net without a hassle
August 2006, "A Powerful Grasp of the Nonobvious" Entity resolution can help ferret out fraud by identifying hidden links and relationships in your databases.
July 2006, "Searching for Mr. Wrong" Trying to trace Internet attacks backward to find the perp is an interesting exercise—but potentially fruitless.
June 2006, "Drive-By Spyware" An academic study finds that Internet Explorer needs to take a note from Firefox to help stop spyware.
May 2006, "Attack of the iPods!" MP3 players and USB drives can be used for more nefarious purposes than just carrying data out the door.
April 2006, "Who's Who in Cambridge" Harvard and MIT have similar identity management challenges but very different solutions. Comparing the two is a good exercise for any CSO looking at ID management.
March 2006, "Digital Rights and Restrictions" Sony, Apple and especially Microsoft illustrate differing approaches to Digital Rights Management.
February 2006, "Signed and Sealed? Might Get Delivered!" While two-factor authentication schemes face various snags, S/MIME is ready to help secure e-mail today
January 2006, "Keeping Secrets Secret" New approaches to protecting data at rest (and avoiding the wrath of your customers)
December 2005, "How to Filter with Finesse" How do you keep legitimate messages from getting swept into the spam box?
October 2005, "A Field Guide to Spotting Bad Cryptography" It takes an expert to determine whether a cryptographic system is truly secure, but CSOs can learn to spot red flags.
August 2005, "Password Palooza" Passwords are more secure than you think. And you can make them even better using intelligent password management.
July 2005, "Battle of the Sources" Open source, as used today, is not necessarily more or less secure than proprietary closed-source solutions. However, with automated program analysis tools, open source has the potential to be dramatically more secure than its commercial alternatives.
June 2005, "Antiforensic Tools" It's important to protect your company's data. But how do you know whether what you think you've erased is actually unrecoverable?
May 2005, "Quantum Physics to the Rescue" Cryptographic systems can be cracked. And people make mistakes. Take those two factors out of the equation, and you have quantum cryptography and a new way to protect your data.
April 2005, "Another Look at Log Files" These long-standing logs can help you monitor your networks and employees. So before you invest in a new kind of data collection system, review your log files. The information you want might already be in there.
March 2005, "Can 9 Million Skype Users Be Wrong?" Skype is a great way to communicate. But CSOs should know that it also brings auditing and monitoring challenges.
February 2005, "Unencumbered and Insecure" You can wirelessly sync your cell phone with your laptop. You can use the cell phone's built-in modem to put your laptop on the Internet. With speed. Without cables. But be aware, even with security built in from the get-go, Bluetooth has problems.
January 2005, "Beyond Passport Vulnerabilities" Security flaws in high-profile products like Microsoft's Passport led experts and vendors to find new ways to disclose bugs
December 2004, "Go with the Flow" Packet flows can help you monitor your network, trace a hacker's footsteps and see how your VPN is used
November 2004, "Ain’t No Flyswatter Big Enough" What do you do when somebody breaks into one of your organization’s servers? When waving your hands wildly doesn’t help, you’ll need an intrusion detection plan.
October 2004, "Sweep Time for Rogue Access Points" Left unguarded, wireless networks will expose your company secrets to the outside. Luckily, there are tools to root out unauthorized access points.
September 2004, "Practice What You Preach" It's time to move the security pulpit from the workplace to your living room
August 2004, "Drives and Ambition" USB drives are great for exchanging sensitive documents, but how safe are they?
July 2004, "What Hides Within" No longer just distinctive designs in paper, watermarks now are also patterns of bits embedded in digital content
June 2004, "Keep It Simple" If you're not thoughtful about your approach to balancing computer security with computer usability, you may end up with neither
May 2004, "What's Your Frequency" As RFID technology gets more widely deployed, will security and privacy suffer?
April 2004, "Machine Shop" Signed, Sealed and Delivered Coping with insecure e-mail
March 2004, "Calling for Backup" Backing up your data might not seem important—until you need to retrieve it
February 2004, "Unlocking Our Future" A look at the challenges ahead for computer security
January 2004, "Information Without Borders" When it comes to outsourcing, out-of-site shouldn't mean out-of-mind
November 2003, "How to Secure Web Services" The next new (vulnerable) thing
October 2003, "Under Attack" Can your systems really benefit from penetration testing?
September 2003, "Ruling over unruly programs." And why theoretical security is theoretically impossible
August 2003, "Technologies, Tools and Tactics" What Every CSO Needs to Know About PKI**But was afraid to ask
July 2003, "Achy, Breaky Code" What every CSO needs to know about encryption
June 2003, "Information Warfare:What Is It Good For?" In this case, the best offense is a good defense
May 2003, "You Can Catch More Spies with Honey" Honeypots and honeynets can take the sting out of hacker attacks
April 2003, "Hard-Disk Risk" Are all those old hard drives you're getting rid of free of important company data? Don't be so sure.
March 2003, "Tools of Evidence" Computer forensic tools now make it possible to more easily search for--and find--evidence on hard drives
February 2003, "Inbox Patrol" Is there a white knight solution to spam?
January 2003, "On the Same Wavelength" Wireless networks are all the rage. But do you know how to protect your data from eavesdropping hackers?
December 2002, "Next Year's Hot Security Tools" Today's pain points are tomorrow's vendor opportunities
November 2002, "Antivirus: Great Business, Lost Cause" Signature-based scanning software ultimately can't keep up with the high-speed proliferation of viruses and worms
October 2002, "Anti-Social Engineering" Lessons from reading Mitnick
September 2002, "Biometrics Slouches Toward the Mainstream" The systems are getting cheaper, but accuracy and acceptance kinks remain