Skip Links

Network World

Winn Schwartau

On Security

By Winn Schwartau

Winn Schwartau is the president of Interpact, Inc., a security awareness consulting firm, and the author of many books including " Information Warfare," " CyberShock," " Time Based Security" and " Internet and Computer Ethics for Kids." His popular speeches entertain government and commercial audiences on three continents. E-mail him.

Beware of tera theft
06/12/07
We now cling to our USB thumb drives — or as I have always called them — dip sticks (or something more colorful from time to time.) Four gigabytes of storage in a 1-ounce device that easily defies a cursory security scan or can be hidden in the most obscene places. What can an enterprise lose if 4GB of data gets out? Four million personnel records? Gobs of drawing and patents? You do the math.
Schwartau: Defending against global information war
02/20/07
The recent attack on the Internet’s root servers (see www.nwdocfinder.com/7526) was more than just a few hackers having fits and giggles with the DNS. In fact, the incident could be the first volley in global information warfare between the private sector of the United States and the government of China.
The U.S. Department of FUD?
12/15/06
The U.S. government recently warned financial firms and services of an al-Qaida call for a cyberattack against online stock trading and banking Web sites. The Islamic militant group wants to "penetrate and destroy the databases of the U.S. financial sites," Reuters reported.
On the road to operating-system glasnost
10/23/06
What if they wrote an operating system, and nobody logged on? Are there alternatives to Vista?
From Russia, with luck
09/04/06
Your global business partners may not have the same network security concerns you have - if they have any at all. On a recent 10-day sojourn in Eastern Europe, I learned a great deal about that region's take on security. It is definitely not the same as ours.
Big bank goes phishing
05/15/06
AmSouth is the current poster child for how to do security wrong, encourage phishing by illegal entities and offer no alternative to this lame attempt at identity verification.
Would you hire Dubai to run your network?
03/20/06
In the debate about the ports issue, not enough people reduced the question to its basics: How does this or any other action affect national or network security? Let's look at the details of what outsourcing really means. Let's manage our organizations with security, not irrational fear, as the prime motivation behind our questions and answers.
Terrorist support or mere fraud?
01/23/06
One of the last vestiges of critical infrastructure protection is apparently being scaled and destroyed. Companies are violating every common-sense security premise I have ever known, cracking (illegally or not) the people component of security, in ways that heretofore have only been in the hands of law enforcement and judicial overview.
With VoIP, it's déjà vu all over again
11/14/05
If your company is planning to exploit the incredible power, flexibility and cost savings offered by VoIP, there are two things you need to know: VoIP people don't think like IP people; security is going to be a nightmare.
When management sets the wrong security culture
07/11/05
To see two major remote banking systems designed with such holes suggests that the application development folks are using weak security as a trade-off for a simpler customer experience.
Mad as hell, switching to Mac
05/23/05
In the coming weeks I'm going to keep a diary of an experiment my company began at 6 p.m. April 29, 2005 - an experiment predicated on the hypothesis that the WinTel platform represents the greatest violation of the basic tenets of information security and has become a national economic security risk.
It's time to redefine identity
03/28/05
The BBB Identity Fraud Survey shows that only 11.6% of ID theft cases occur online. The rest comes from traditional offline physical means: lost ID, checks, credit cards, stolen mail and dumpster diving. Yet we still rely on static data as ID proof positive. What to do?
Different vendors, better security
01/31/05
Microsoft is getting into the security game. Some folks say, "It's about time." Others say, "Haven't they had security for years?" I look it at it quite differently.
We are not divided
11/22/04
Despite the endless portrayals of embittered foes in politics and business, we are not divided. Despite our healthy disagreements on details, we are in agreement about the goals of computer security.
Make security personal
09/27/04
A significant percentage of cybercrime is actually the fault of the very companies that want to protect themselves. Many companies make timid, awkward and ineffective attempts at teaching their staff about company security policies. This occurs because most corporate security policies are boring, unintelligible tomes. Ergo: No one pays attention to them.
Spam cure: Nail the vendors
08/02/04
Get the phone numbers of the vendors of Viagra, penis enlargers and other multilevel marketers. Distribute the numbers and have all 10,000 of your close personal friends call the vendors' toll-free numbers every hour for a few days. That will help put these vendors out of business, and it's legal denial of service.
A tale of stupidity and liability
06/07/04
While viruses and worms relentlessly pound away at our perimeters, the latest challenge to corporate and small office/home office users is phishing. This is where you, the user, are the fish, susceptible to the enticements of the phisherman, and you break down your own security defenses through sheer gullibility.
Let's end pass-the-buck security
04/12/04
None of us have it all right. None of us have it all wrong. But we all have to take and teach the same responsibility we were taught as children: It's your own damn fault if you touch a hot stove again and again.
MyDoom makes it past execs
02/23/04
Too many corporate executives set down edicts, contract out the security awareness services and then ignore their own advice. They expect everyone else to do the dirty work. This is a patently unacceptable approach to security and just goes to show how much we in the security world depend on the average IT user to help protect networks.
Another case of security by denial
12/08/03
Large consultancies are paid a lot of money to provide companies with information to help them run their businesses. But sometimes the statements issuing forth from these consultancies has me questioning their value to users.
Achieving secure unwired bliss
10/20/03
I am a really happy camper. I submitted this article to Network World from a high-speed train somewhere in the nether-reaches of the Carolinas. I had uninterrupted video streaming and consistent e-mail. The truly unwired experience is really that cool. Add a few doses of common-sense security, and you'll have the closest thing to bliss legally allowed when you're on the road.
DefCon: All in good fun
08/25/03
The lack of rules at DefCon includes massive violations of dozens of federal felonies: password theft, telecom interception, system penetration. If you go to DefCon, caveat emptor: Your mere presence makes you a target - all in good fun. The last thing you want is to see your name and passwords projected onto "The Wall of Shame."
Get smart about intelligence
06/30/03
What information on your corporate home page, while nice for marketing and image, has the potential to damage your firm if used by the wrong people? Can technical staff use their work e-mail addresses when conducting Internet research, or should they have aliases? How much Internet travel should be done anonymously to hide any trails that could give away valuable information to a competitor or adversary?
Plugging corporate data leaks
05/12/03
Have you ever forwarded an e-mail to someone, then realized you left in original comments that the recipient wasn't supposed to see? Or maybe you accidentally forwarded a private company memo to a journalist or client? Company information should be guarded at all times, and accidentally sending private information can be just as bad as doing it on purpose.
Who's in charge of crypto backup?
03/10/03
My friend Stan was evaluating how to add security at the desktop with crypto, add crypto to his consultant's laptops to protect data from subway hackers, and crypto-protect his servers. Smart move, or not?

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Whitepapers

Advancing the Economics of Networking

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...

Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices

This paper reviews the problem of creating a network where the dynamic availability of services is...

Enterprise Data Center Network Reference Architecture

Using a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

View more SECURITY whitepapers

Webcasts

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Harnessing the power of communications to increase workplace performance

Due to the convergence of IT and telecommunications technologies, the business workplace has been...

Stay out of the headlines: Detecting and preventing network intrusions

How do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

View more SECURITY webcasts

Special Reports

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

IP address management in 2008 - six things to know

Read this Network World Special Brief to learn how Enterprise IT managers must update their...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...

View more SECURITY special reports
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.