Articles from Apotheonic Labs

The cobbler's children go barefoot.

Please excuse the mess: as the old saw proclaims, the cobbler's children go barefoot. As an IT consultancy, Apotheonic Labs has somehow managed to neglect the necessity of creating a fancy Web presence for itself. Development is currently in progress.

Articles: TechRepublic IT Security Weblog

The following are articles Chad Perrin has written for the TechRepublic IT Security weblog, listed by title in roughly chronological order. You may notice some variance in article titles between this list and the articles at TechRepublic. Chad has little or no control over editorial changes made after the article has been submitted there.

1. Five steps to becoming the local security guru
2. Check out the results of CNET's security vendor survey
3. Myth: I'm not really at risk
4. Reduce permissions to increase DNS security
5. Unix/Linux rootkits 101
6. Rootkits 201
7. There's more to security than counting vulnerabilities
8. Security specialists' salaries are up . . . so what?
9. The three elements of access control
10. 10 (+1) reasons to treat network security like home security
11. Implement integrity auditing with basic utilities
12. Use rsync for filesystem integrity auditing
13. Rootkit redux: Sony doesn't learn from history
14. Why there's no such thing as a trusted brand
15. Use mtree for filesystem integrity auditing
16. The truth about viruses
17. Top 10 news items, September 15: What's interesting in IT security this week
18. Work with end users -- not against them -- to improve security
19. Use the Fire.rb library to write port knocking scripts in Ruby
20. Privacy is security
21. Happy birthday, OpenSSH
22. Linux phishing botnet statistics can be deceptive
23. Why there's no such thing as a zero-day vulnerability
24. Network monitoring for fun and profit
25. Protect your computer and your data with a UPS
26. 10 security tips for all general-purpose OSes
27. A little more about passwords
28. Automating shutdown when your OS doesn't support your UPS
29. Protect SSH from brute force password-cracking attacks
30. 10 services to turn off in MS Windows XP
31. Why encryption that doesn't trust the user isn't trustworthy
32. Radiohead knows more than Microsoft about security
33. 10 Wi-Fi security tips
34. The politics of phishing
35. Teach a man to fish
36. What my grandmother taught me about IT security
37. If you want something done right . . .
38. Follow a university course in cryptography for free
39. Use MD5 hashes to verify software downloads
40. Bolted-on security features aren't secure
41. Use the Blowfish cipher to improve password security
42. The value of accidental security through obscurity
43. Security TV: "Tiger Teams" showing this Christmas
44. PGP Corp's "The 12 Threats of Christmas"
45. The best security article of 2007 (isn't about security)
46. SPAM and SPIT: what are the dangers?
47. Deleting files isn't always enough
48. Retrospective: 10 security blunders
49. Interface design is security design
50. Using pf and ALTQ for QoS management
51. The truth about email spam
52. How to spoof a MAC address
53. How to avoid being a phishing Webserver admin
54. Security is an ecosystem, not a product
55. Five must-have security resources
56. Using OpenPGP on Unix/Linux systems with GnuPG
57. How private is your Web-based service?
58. Use OpenSSH as a secure Web proxy
59. Basic email security tips
60. 10 tips for effective use of OpenPGP with GnuPG
61. Using GnuPG with Mutt to sign or encrypt email
62. Use PuTTY as an SSH client on MS Windows
63. Use PuTTY as a secure proxy on MS Windows
64. Ensure basic Web security with this checklist
65. What is cross-site scripting?
66. The Big Brother Awards
67. Using GnuPG encryption tools with Gpg4win
68. The importance of being encrypted
69. Security 101, Remedial Edition: obscurity is not security
70. DRM and unintended consequences
71. Meet me at Penguicon
72. Use getmail to get email simply and securely
73. Use sSMTP to send email simply and securely
74. List open ports and listening services
75. Close unneeded ports on Unix/Linux systems
76. Fighting fire with fire
77. Fighting fire with water
78. Five security tips from MediaWiki's lead developer
79. There is no perimeter, kinda
80. Has security grown beyond DIY?
81. The "insecure memory" FAQ
82. Detect and replace vulnerable SSH keys on Debian
83. Not Invented Here has no place in open source development
84. Making encryption popular
85. Is PhoneFactor really better security?
86. Security alarmism helps the bad guys win
87. Why you can't get management on board
88. How should we handle security notifications?
89. What do you do if management won't get on board?
90. Is Linux the most secure OS?
91. Vulnerability counting revisited: a hypothetical example
92. How FreeBSD makes vulnerability auditing easy: portaudit
93. Knowing the superficial side of security is important, too
94. The CIA Triad
95. Google opens up RatProxy
96. 5 easy ways to compromise your own security
97. The reason I talk about security
98. Five good security reads
99. Who is really to blame for the San Fran network lockout?
100. Bignum arithmetic and premature optimization
101. Use tcpdump for traffic analysis
102. How does bad password policy like this even happen?
103. The meaning of "good enough"
104. Perfect vs. Good Enough
105. Keyczar: another open source security tool from Google
106. 10 common security mistakes that should never be made
107. 10 security challenges facing closed source software
108. How do you interview security experts?
109. Use complete session encryption with Gmail
110. Functional programming techniques can improve software security
111. Perspectives: better than CAs?
112. What are the security implications for Google Chrome?
113. The trouble with test versions
114. Can you mitigate risk by replacing sensitive resources?
115. Prioritize security concerns with a simple risk assessment
116. Email security advice for politicians
117. The so-called group called Anonymous
118. Is suggesting improved security the same as blaming the victim?
119. Choose the right licensing model for security software
120. What to do about RFID chips in your wallet
121. How closed policies hurt security development
122. TSA Communication may get your bag searched
123. 12 security suites tested and 12 security suites fail
124. 5 characteristics of security policy I can trust
125. Wim van Eck's legacy
126. MS Windows 7 pre-beta gets a security patch 13 days early
127. 10 security tips for Microsoft Windows XP
128. Security, complexity, and the GUI environment
129. More email security tips
130. Microsoft finally catches the eight year bug
131. No such thing as effective license enforcement
132. The safest way to sanitize input: avoid having to do it at all
133. 5 tips to improve physical access security
134. Use cryptographic hashes for validation
135. 5 things Microsoft should do to secure Windows 7
136. Use cryptographic hashes with Ruby
137. Will Google's Native Client project change the game?
138. Practical paranoia: trust, but verify
139. Distributed security cracking
140. Understanding layered security and defense in depth
141. 5 precautions to take for the holiday break
142. Internal defenses are part of layered security strategy
143. The smallest threat to open source in 2009
144. REAL ID in a nutshell
145. 25 most dangerous programming errors
146. Managers and technologists live in different worlds
147. How should you handle software updates?
148. Options for OpenPGP
149. Don't try to control what you don't understand
150. Filesystem fragmentation: security threat
151. Is this what they call a feature?
152. 10 important categories of employment transition security
153. 10 tips for personal security when you leave an employer
154. A practical example of why HTML email is a bad idea
155. Lenovo provides an excellent example of how not to handle user data
156. Emails needs safe rendering
157. 5 tips for choosing a registrar for sites you care about
158. 5 interesting security links for February 2009
159. More about what my grandmother taught me
160. Advice for reading about security
161. Recession: a chance to deploy open source security solutions
162. How likely is your software to survive the recession?
163. Never use buzzwords to justify decisions without understanding them
164. Security 101, Remedial Edition: use strong passwords
165. 10 tips for secure computer disposal
166. Airport behavior detection and security theater
167. Sometimes, no encryption is better
168. 10 questions to ask yourself before collecting security data
169. How secure is your bank card?
170. Hacker vs. Cracker
171. Principles vs. Magic
172. Why do people write viruses?
173. There is no legal solution to malware
174. Mydoom.FUD: a lesson in Fear, Uncertainty, and Doubt
175. 5 IT security pet peeves
176. The real solution to malware
177. Why REAL ID is not secure ID
178. 5 ideas for secure invoicing
179. Linux and Windows compromised at boot
180. The case for national security
181. China chooses FreeBSD as basis for secure OS
182. The cyber czar: hope or fear?
183. Microsoft may be Firefox's worst vulnerability
184. Pentagon has bold plan for digital warfare
185. The broken Windows fallacy
186. Stainless steel wallet review
187. Six principles of practical ciphers
188. Public officials and private lives
189. The basics of secure admin privilege use with Unix
190. Stay out of Bozeman
191. Understanding risk, threat, and vulnerability
192. Protect Webserver directories from unwanted browsing
193. How anti-sec is Anti-sec?
194. Why are crime rates dropping?
195. Open source crimebusting
196. How to deal with Adobe Flash and Reader vulnerability
197. Redundant rules, rushed votes, and bad policy
198. ZF05 gives us one more reason to use unique passwords
199. Use the Firefox password manager
200. Use RFC 2606 example domains for example emails
201. Unmask your passwords
202. The Microsoft OWC two-year vulnerability patch
203. Interview coding tests should measure more
204. The Pirate Bay is back with a vengeance
205. Provide more than a feeling of security
206. Guns can keep computers in your luggage safe
207. Paranoid cookie management
208. Help reddit crack the Treasure Master password
209. Fine-grained cookie management in Firefox
210. The Bobby Tables guide to SQL injection
211. The Chinese Domain Scam
212. The key exchange puzzle
213. Create great employees
214. Solving the key exchange problem
215. Never get complacent about security, even in fiction
216. Is Firefox + Perspectives the most secure browser for TLS/SSL encryption?
217. Perspectives provides out of band verification for SSH
218. Microsoft makes Firefox vulnerable; Mozilla responds
219. Never use dynamic variables
220. The TLS/SSL Certifying Authority system is a scam
221. Use the SSH Filesystem for secure network filesystem access
222. Use SCP for quick, secure file transfers
223. Update your FreeBSD software with care
224. How to use antivirus software with MS Windows
225. Understand basic Unix file permissions
226. Managing default Unix file permissions with adduser and umask
227. Five security news items for late 2009
228. Five guidelines for secure customer communication
229. Use Google Wave carefully during the testing period
230. Basics of stack-smashing attacks and defenses against them
231. Should we be afraid of Google Public DNS?
232. Understand the setuid and setgid permissions
233. FreeBSD file flags enhance Unix filesystem security
234. Principles of basic filesystem integrity auditing
235. Why security gets no love
236. Use the find utility to scan for writable directories
237. Google: being evil
238. Major security myths of 2009
239. China cracks Google security; Google defies Chinese censors
240. The Reverse Quine: Making Web services transparent
241. How China exposed Google's hypocrisy
242. Are TSA policies a bad joke?
243. The enduring cipher
244. The use and the misuse of the XOR stream cipher
245. The danger of complexity: SLOC
246. Cryptography's running gag: ROT13
247. American Express password policy takes the cake
248. Coloring outside the lines
249. Get the security buzz about Google Buzz
250. Fight back against bad password policy
251. What defaults should random password generators use?
252. Avoid ambiguity when referring to account names
253. A user name is not a password
254. Five features of a good password manager
255. Microsoft warns: Don't press F1
256. Use QuickProxy for a simple proxy switch in Firefox
257. The Microsoft Internet Driving License
258. Simplicity is security
259. Organizations and conflicts of interest
260. Present security advice as convenience advice
261. Google news follow-up
262. Are self-signed certificates safer?
263. The future of security
264. Five characteristics of secure online services
265. Mitigating the social engineering threat
266. Mitigating the privilege escalation threat
267. Does the Chrome OS LiveCD threaten your installed OS?
268. 10 security books for the future
269. A simple email filter: getlessmail
270. The classic man-in-the-middle attack, in fantasy TV
271. Secure Mercurial and BitBucket quickstart
272. The NTIA wants cell phone jamming solutions
273. Google Book Search and our privacy
274. Microsoft Windows activation work-around
275. Corporate ethics versus security ethics
276. Google offers encrypted sessions for Web search
277. What are the prospects for smartphone security threats?
278. Will Google's move spur others to drop Microsoft?
279. Why you really should care about privacy
280. Responsible disclosure and its irresponsible advocates
281. HTTPS Everywhere makes SSL/TLS easier
282. Stainless steel wallet review: One year later
283. Use chroot to restrict services
284. Use rssh to limit user access
285. Understanding the market for buggy software
286. Have you heard the one about the 21st century Russian spy ring?
287. Security hyenas and the abuse of the word "terrorist"
288. Welcome to the future: cloud-based WPA cracking is here
289. Knowledgeable humans are still the best spam filters
290. Jailbreaking smartphones is finally legal, for now
291. Point release vs. rolling release
292. Use pwsafe as a keyboard shortcut driven X tool
293. Bypass a $200 biometric lock with a paperclip
294. Hackers and crackers: a lesson in etymology and clear communication
295. Smartphone jailbreaking, and what vendors are doing about it
296. U.S. military compromised by removable media malware: Five ways to avoid the same fate