Stories by Andrew Brandt

Stupid QA tricks: Colossal testing oversights

What do you get when you add the human propensity to screw stuff up to the building of large-scale IT systems? What the military calls the force-multiplier effect -- and the need for a cadre of top-notch QA engineers.

Worst Windows flaws of the past decade

June 25, 1998, and June 30, 2008, marked two important milestones in Microsoft's evolution of the Windows OS -- the passing of the torch from Windows 95 to Windows 98, and the less seemly transition from XP to Vista.

Stupid user tricks: IT admin follies

For those of us who make our living behind a keyboard in IT, it's hard to imagine a more time-tested vulnerability than the end-user. Armed with network access, these IT viruses wreak havoc nearly everywhere you look -- havoc borne of tech idiocy.

Stupid hacker tricks: The folly of youth

Ah, youth. Ready to take on the world, today's generation of dynamic, tech-immersed youngsters have grown up alongside the Internet. Firsthand, and sometimes single-handedly, they have advanced some of today's hottest technology trends, from peer-to-peer networking, to massively multiplayer online games, to social networks and instant messaging. And along the way, a small, sociopathic number of them have behaved very, very badly.

True crime: The botnet barons

When federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II.

How to think like an online con man

Con job, pretexting, social engineering -- the art and science of manipulating human beings for nefarious ends -- goes back as far as the origin of the species. The techniques have been practiced and perfected by a rogue's gallery of flimflam artists, from legendary carnival operator P. T. Barnum to infamous FBI mole Robert Hanssen.

PGP, SecurStar disk encryption products

You may not always be able to protect your laptop from a thief, but you can keep the data it contains safe. Two new products--PGP Whole Disk Encryption 9.5 and DriveCrypt Plus Pack 3.5--promise to protect your data, so that even if your computer falls into the wrong hands, its contents will remain unreadable. Both applications are easy to use and offer an impressive suite of tools, but most users will appreciate the more practical features and lower price tag of PGP's product.

Privacy Watch: Exploiting legitimate sites

You've heard so many warnings about phishing that you've become wary of any e-mail message purporting to come from your bank or favorite Web store. But if the link in it uses a legitimate Web domain and your phishing filter doesn't complain, the message must be okay, right?

Patent overload hampers tech innovation

Much has been made of recent patent applications--such as one involving emoticons on cell phones--that seem a far cry from real breakthroughs like the lightbulb. And while many of the weakest patent applications are eventually rejected, some experts believe that an overworked and underfunded U.S. Patent and Trademark Office is issuing more and more patents that never should have passed their first review.

Another form of encryption goes down for the count

News that a nine-year-old encryption method -- one that underlies the protection of virtually all secure online communications -- appears to have been cracked by a team of three Chinese researchers has spurred encryption experts around the world to issue a call to action.

PDA viruses could get nasty

Viruses that target handhelds can be even more dangerous than their cousins that attack PCs, spawning self-replicating programs that hide easily, a security researcher told an audience of security professionals at the Black Hat Briefings conference in Las Vegas last week.

Security Flaws Under the Microscope

A study unveiled at the Black Hat Briefings conference in Las Vegas last week paints a grim picture of network security problems.

Class on virus creation draws industry ire

When the University of Calgary announced plans last week to offer a course that includes instruction on writing computer viruses, officials expected the antivirus industry to support the move--designed to help educate future virus fighters. Instead, industry leaders have roundly criticized the plan.

It's open season on spammers

The problem of spam--how to get rid of it, how to track down the senders, and whether to prosecute those spammers--has dominated many discussions at the third annual Privacy and Data Security Summit held last week.

Privacy watch: Medical records privacy law threatened

If you don't think the issue of medical privacy hits close to home, consider the following US examples: In 1994, a loan officer for a bank who also served on his county's health board discovered that he had free access to the patient records of people who lived in his county. He cross-referenced the names from his customer databases with the names of people who had been diagnosed with terminal illnesses. The banker called due the loans of dozens of people who had been diagnosed with cancer.