Articles from Apotheonic Labs

The cobbler's children go barefoot.

Please excuse the mess: as the old saw proclaims, the cobbler's children go barefoot. As an IT consultancy, Apotheonic Labs has somehow managed to neglect the necessity of creating a fancy Web presence for itself. Development is currently in progress.

Please use the temporary Contact Page to enquire about services and rates in the meantime. The menu items to the left that have been dimmed are currently broken or inaccessible, including the new permanent contact page.

Articles: TechRepublic IT Security Weblog

The following are articles Chad Perrin has written for the TechRepublic IT Security weblog, listed by title in chronological order. You may notice some variance in article titles between this list and the articles at TechRepublic. Chad has little or no control over editorial changes made after the article has been submitted there.

  1. Five steps to becoming the local security guru
  2. Check out the results of CNET's security vendor survey
  3. Myth: I'm not really at risk
  4. Reduce permissions to increase DNS security
  5. Unix/Linux rootkits 101
  6. Rootkits 201
  7. There's more to security than counting vulnerabilities
  8. Security specialists' salaries are up . . . so what?
  9. The three elements of access control
  10. 10 (+1) reasons to treat network security like home security
  11. Implement integrity auditing with basic utilities
  12. Use rsync for filesystem integrity auditing
  13. Rootkit redux: Sony doesn't learn from history
  14. Why there's no such thing as a trusted brand
  15. Use mtree for filesystem integrity auditing
  16. The truth about viruses
  17. Top 10 news items, September 15: What's interesting in IT security this week
  18. Work with end users -- not against them -- to improve security
  19. Use the Fire.rb library to write port knocking scripts in Ruby
  20. Privacy is security
  21. Happy birthday, OpenSSH
  22. Linux phishing botnet statistics can be deceptive
  23. Why there's no such thing as a zero-day vulnerability
  24. Network monitoring for fun and profit
  25. Protect your computer and your data with a UPS
  26. 10 security tips for all general-purpose OSes
  27. A little more about passwords
  28. Automating shutdown when your OS doesn't support your UPS
  29. Protect SSH from brute force password-cracking attacks
  30. 10 services to turn off in MS Windows XP
  31. Why encryption that doesn't trust the user isn't trustworthy
  32. Radiohead knows more than Microsoft about security
  33. 10 Wi-Fi security tips
  34. The politics of phishing
  35. Teach a man to fish
  36. What my grandmother taught me about IT security
  37. If you want something done right . . .
  38. Follow a university course in cryptography for free
  39. Use MD5 hashes to verify software downloads
  40. Bolted-on security features aren't secure
  41. Use the Blowfish cipher to improve password security
  42. The value of accidental security through obscurity
  43. Security TV: "Tiger Teams" showing this Christmas
  44. PGP Corp's "The 12 Threats of Christmas"
  45. The best security article of 2007 (isn't about security)
  46. SPAM and SPIT: what are the dangers?
  47. Deleting files isn't always enough
  48. Retrospective: 10 security blunders
  49. Interface design is security design
  50. Using pf and ALTQ for QoS management
  51. The truth about email spam
  52. How to spoof a MAC address
  53. How to avoid being a phishing Webserver admin
  54. Security is an ecosystem, not a product
  55. Five must-have security resources
  56. Using OpenPGP on Unix/Linux systems with GnuPG
  57. How private is your Web-based service?
  58. Use OpenSSH as a secure Web proxy
  59. Basic email security tips
  60. 10 tips for effective use of OpenPGP with GnuPG
  61. Using GnuPG with Mutt to sign or encrypt email
  62. Use PuTTY as an SSH client on MS Windows
  63. Use PuTTY as a secure proxy on MS Windows
  64. Ensure basic Web security with this checklist
  65. What is cross-site scripting?
  66. The Big Brother Awards
  67. Using GnuPG encryption tools with Gpg4win
  68. The importance of being encrypted
  69. Security 101, Remedial Edition: obscurity is not security
  70. DRM and unintended consequences
  71. Meet me at Penguicon
  72. Use getmail to get email simply and securely
  73. Use sSMTP to send email simply and securely
  74. List open ports and listening services
  75. Close unneeded ports on Unix/Linux systems
  76. Fighting fire with fire
  77. Fighting fire with water
  78. Five security tips from MediaWiki's lead developer
  79. There is no perimeter, kinda
  80. Has security grown beyond DIY?
  81. The "insecure memory" FAQ
  82. Detect and replace vulnerable SSH keys on Debian
  83. Not Invented Here has no place in open source development
  84. Making encryption popular
  85. Is PhoneFactor really better security?
  86. Security alarmism helps the bad guys win
  87. Why you can't get management on board
  88. How should we handle security notifications?
  89. What do you do if management won't get on board?
  90. Is Linux the most secure OS?
  91. Vulnerability counting revisited: a hypothetical example
  92. How FreeBSD makes vulnerability auditing easy: portaudit
  93. Knowing the superficial side of security is important, too
  94. The CIA Triad
  95. Google opens up RatProxy
  96. 5 easy ways to compromise your own security
  97. The reason I talk about security
  98. Five good security reads
  99. Who is really to blame for the San Fran network lockout?
  100. Bignum arithmetic and premature optimization
  101. Use tcpdump for traffic analysis
  102. How does bad password policy like this even happen?
  103. The meaning of "good enough"
  104. Perfect vs. Good Enough
  105. Keyczar: another open source security tool from Google
  106. 10 common security mistakes that should never be made
  107. 10 security challenges facing closed source software
  108. How do you interview security experts?
  109. Use complete session encryption with Gmail
  110. Functional programming techniques can improve software security
  111. Perspectives: better than CAs?
  112. What are the security implications for Google Chrome?
  113. The trouble with test versions
  114. Can you mitigate risk by replacing sensitive resources?
  115. Prioritize security concerns with a simple risk assessment
  116. Email security advice for politicians
  117. The so-called group called Anonymous
  118. Is suggesting improved security the same as blaming the victim?
  119. Choose the right licensing model for security software
  120. What to do about RFID chips in your wallet
  121. How closed policies hurt security development