Stories by Simson Garfinkel

White hats and black boxes

Jeremiah Grossman wants you to know that firewalls and SSL encryption won't prevent a hacker from breaking into your e-commerce website, compromising your customers' data and possibly stealing your money. That's because most website attacks these days exploit bugs in the Web application itself, rather than in the operating system on which the application is running.

Signed, sealed and delivered

Few organizations send confidential information on postcards. Credit card statements, medical records, job offers and personal correspondence are invariably sealed in envelopes before they are sent.

Opinion: How to secure Web services

Securing Web services is easy: All you have to do is secure your Web server, secure every message flowing in and out of your server, secure every application that has anything to do with SOAP and XML, and secure the business operations and practices driving the whole thing.