Stories by Roger A. Grimes

10 security mistakes that will get you fired

Getting fired from an IT security job is a rare event, but there are certainly ways to ensure or accelerate your own unemployment. I'm not talking about garden-variety mistakes here. After all, most IT workers create or live with lots of little mistakes every day. That's the nature of complex, rewarding work.

The BadUSB exploit is deadly, but few may be hit

Nine years ago, I created what I believe was the world's first USB worm. By playing around with a USB thumb drive and placing a hidden file on it, I was able to make any computer in which the "infected" USB drive was plugged into automatically spread the file to the host computer, then back again when a new USB device was plugged in.

Security-vendor snake oil: 7 promises that don't deliver

Beware bold promises from a multibillion-dollar industry that can't prevent your IT systems from being routinely hacked

6 lessons learned about the scariest security threats

Advanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.

1

11 sure signs you've been hacked

In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.

7 sneak attacks used by today's most devious hackers

Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users

11 sure signs you've been hacked

In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.

7 sneak attacks used by today's most devious hackers

Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users

True tales of (mostly) white-hat hacking

Stings, penetration pwns, spy games -- it's all in a day's work along the thin gray line of IT security

14 dirty IT tricks, security pros edition

The IT security world is full of charlatans and wannabes. And all of us have been "advised" by at least one of them.

IT's 9 biggest security threats

Hacking has evolved from one-person crime of opportunity to an open market of sophisticated malware backed by crime syndicates and money launders

9 popular IT security practices that just don't work

The security products and techniques you rely on most aren't keeping you as secure as you think

10 crazy IT security tricks that actually work

IT security threats are constantly evolving. It's time for IT security pros to get ingenious

HoneyPoint: Honeypot for Windows, Linux or Mac

After over 10 years of active participation in the honeypot community, I was surprised not to have heard of MicroSolved's HoneyPoint Security Server before I started planning this roundup. HoneyPoint runs on Windows, Linux, and Mac OS X, and offers some useful features -- such as "defensive fuzzing" and the ability to track alert status -- that KFSensor and Honeyd don't. But HoneyPoint is neither as easy and complete as KFSensor, nor as flexible and scalable as Honeyd.

An expert guide to Windows 7 security

Windows 7 has been warmly received and swiftly adopted by businesses, with the result that many IT admins are now struggling with the platform's new security features. In addition to changes to User Account Control, BitLocker, and other features inherited from Windows Vista, Windows 7 introduces a slew of new security capabilities that businesses will want to take advantage of.