Articles from Apotheonic Labs

Article Notes

The articles published at TechRepublic may suffer from some issues. The first is that titles may vary slightly from the versions of titles listed here, due to editorial modification after they were submitted for publication. The second is that similar problems may apply to misuse of terms (UNIX vs. Unix). The third is that most of the articles listed were published before a major TechRepublic site overhaul in which the styles related to display of code samples was altered, and as a result the formatting of many articles is fundamentally broken.

Articles: TechRepublic IT Security Column

The following are articles Chad Perrin has written for the TechRepublic IT Security column, listed by title in roughly chronological order.

1. Five Steps To Becoming The Local Security Guru
2. Check Out The Results Of CNET's Security Vendor Survey
3. Myth: I'm Not Really At Risk
4. Reduce Permissions To Increase DNS Security
5. Unix/Linux Rootkits 101
6. Rootkits 201
7. There's More To Security Than Counting Vulnerabilities
8. Security Specialists' Salaries Are Up . . . So What?
9. The Three Elements Of Access Control
10. 10 (+1) Reasons To Treat Network Security Like Home Security
11. Implement Integrity Auditing With Basic Utilities
12. Use Rsync For Filesystem Integrity Auditing
13. Rootkit Redux: Sony Doesn't Learn From History
14. Why There's No Such Thing As A Trusted Brand
15. Use Mtree For Filesystem Integrity Auditing
16. The Truth About Viruses
17. Top 10 News Items, September 15: What's Interesting In IT Security This Week
18. Work With End Users -- Not Against Them -- To Improve Security
19. Use The Fire.Rb Library To Write Port Knocking Scripts In Ruby
20. Privacy Is Security
21. Happy Birthday, OpenSSH
22. Linux Phishing Botnet Statistics Can Be Deceptive
23. Why There's No Such Thing As A Zero-Day Vulnerability
24. Network Monitoring For Fun And Profit
25. Protect Your Computer And Your Data With A UPS
26. 10 Security Tips For All General-Purpose OSes
27. A Little More About Passwords
28. Automating Shutdown When Your OS Doesn't Support Your UPS
29. Protect SSH From Brute Force Password-Cracking Attacks
30. 10 Services To Turn Off In MS Windows XP
31. Why Encryption That Doesn't Trust The User Isn't Trustworthy
32. Radiohead Knows More Than Microsoft About Security
33. 10 Wi-Fi Security Tips
34. The Politics Of Phishing
35. Teach A Man To Fish
36. What My Grandmother Taught Me About IT Security
37. If You Want Something Done Right . . .
38. Follow A University Course In Cryptography For Free
39. Use MD5 Hashes To Verify Software Downloads
40. Bolted-On Security Features Aren't Secure
41. Use The Blowfish Cipher To Improve Password Security
42. The Value Of Accidental Security Through Obscurity
43. Security TV: "Tiger Teams" Showing This Christmas
44. PGP Corps "The 12 Threats Of Christmas"
45. The Best Security Article Of 2007 (Isn't About Security)
46. SPAM And SPIT: What Are The Dangers?
47. Deleting Files Isn't Always Enough
48. Retrospective: 10 Security Blunders
49. Interface Design Is Security Design
50. Using Pf And ALTQ For QoS Management
51. The Truth About Email Spam
52. How To Spoof A MAC Address
53. How To Avoid Being A Phishing Webserver Admin
54. Security Is An Ecosystem, Not A Product
55. Five Must-Have Security Resources
56. Using OpenPGP On Unix/Linux Systems With GnuPG
57. How Private Is Your Web-Based Service?
58. Use OpenSSH As A Secure Web Proxy
59. Basic Email Security Tips
60. 10 Tips For Effective Use Of OpenPGP With GnuPG
61. Using GnuPG With Mutt To Sign Or Encrypt Email
62. Use PuTTY As An SSH Client On MS Windows
63. Use PuTTY As A Secure Proxy On MS Windows
64. Ensure Basic Web Security With This Checklist
65. What Is Cross-Site Scripting?
66. The Big Brother Awards
67. Using GnuPG Encryption Tools With Gpg4win
68. The Importance Of Being Encrypted
69. Security 101, Remedial Edition: Obscurity Is Not Security
70. DRM And Unintended Consequences
71. Meet Me At Penguicon
72. Use Getmail To Get Email Simply And Securely
73. Use SSMTP To Send Email Simply And Securely
74. List Open Ports And Listening Services
75. Close Unneeded Ports On Unix/Linux Systems
76. Fighting Fire With Fire
77. Fighting Fire With Water
78. Five Security Tips From MediaWiki's Lead Developer
79. There Is No Perimeter, Kinda
80. Has Security Grown Beyond DIY?
81. The "Insecure Memory" FAQ
82. Detect And Replace Vulnerable SSH Keys On Debian
83. Not Invented Here Has No Place In Open Source Development
84. Making Encryption Popular
85. Is PhoneFactor Really Better Security?
86. Security Alarmism Helps The Bad Guys Win
87. Why You Can't Get Management On Board
88. How Should We Handle Security Notifications?
89. What Do You Do If Management Won't Get On Board?
90. Is Linux The Most Secure OS?
91. Vulnerability Counting Revisited: A Hypothetical Example
92. How FreeBSD Makes Vulnerability Auditing Easy: Portaudit
93. Knowing The Superficial Side Of Security Is Important, Too
94. The CIA Triad
95. Google Opens Up RatProxy
96. 5 Easy Ways To Compromise Your Own Security
97. The Reason I Talk About Security
98. Five Good Security Reads
99. Who Is Really To Blame For The San Fran Network Lockout?
100. Bignum Arithmetic And Premature Optimization
101. Use Tcpdump For Traffic Analysis
102. How Does Bad Password Policy Like This Even Happen?
103. The Meaning Of "Good Enough"
104. Perfect Vs. Good Enough
105. Keyczar: Another Open Source Security Tool From Google
106. 10 Common Security Mistakes That Should Never Be Made
107. 10 Security Challenges Facing Closed Source Software
108. How Do You Interview Security Experts?
109. Use Complete Session Encryption With Gmail
110. Functional Programming Techniques Can Improve Software Security
111. Perspectives: Better Than CAs?
112. What Are The Security Implications For Google Chrome?
113. The Trouble With Test Versions
114. Can You Mitigate Risk By Replacing Sensitive Resources?
115. Prioritize Security Concerns With A Simple Risk Assessment
116. Email Security Advice For Politicians
117. The So-Called Group Called Anonymous
118. Is Suggesting Improved Security The Same As Blaming The Victim?
119. Choose The Right Licensing Model For Security Software
120. What To Do About RFID Chips In Your Wallet
121. How Closed Policies Hurt Security Development
122. TSA Communication May Get Your Bag Searched
123. 12 Security Suites Tested And 12 Security Suites Fail
124. 5 Characteristics Of Security Policy I Can Trust
125. Wim Van Eck's Legacy
126. MS Windows 7 Pre-Beta Gets A Security Patch 13 Days Early
127. 10 Security Tips For Microsoft Windows XP
128. Security, Complexity, And The GUI Environment
129. More Email Security Tips
130. Microsoft Finally Catches The Eight Year Bug
131. No Such Thing As Effective License Enforcement
132. The Safest Way To Sanitize Input: Avoid Having To Do It At All
133. 5 Tips To Improve Physical Access Security
134. Use Cryptographic Hashes For Validation
135. 5 Things Microsoft Should Do To Secure Windows 7
136. Use Cryptographic Hashes With Ruby
137. Will Google's Native Client Project Change The Game?
138. Practical Paranoia: Trust, But Verify
139. Distributed Security Cracking
140. Understanding Layered Security And Defense In Depth
141. 5 Precautions To Take For The Holiday Break
142. Internal Defenses Are Part Of Layered Security Strategy
143. The Smallest Threat To Open Source In 2009
144. REAL ID In A Nutshell
145. 25 Most Dangerous Programming Errors
146. Managers And Technologists Live In Different Worlds
147. How Should You Handle Software Updates?
148. Options For OpenPGP
149. Don't Try To Control What You Don't Understand
150. Filesystem Fragmentation: Security Threat
151. Is This What They Call A Feature?
152. 10 Important Categories Of Employment Transition Security
153. 10 Tips For Personal Security When You Leave An Employer
154. A Practical Example Of Why HTML Email Is A Bad Idea
155. Lenovo Provides An Excellent Example Of How Not To Handle User Data
156. Email Needs Safe Rendering
157. 5 Tips For Choosing A Registrar For Sites You Care About
158. 5 Interesting Security Links For February 2009
159. More About What My Grandmother Taught Me
160. Advice For Reading About Security
161. Recession: A Chance To Deploy Open Source Security Solutions
162. How Likely Is Your Software To Survive The Recession?
163. Never Use Buzzwords To Justify Decisions Without Understanding Them
164. Security 101, Remedial Edition: Use Strong Passwords
165. 10 Tips For Secure Computer Disposal
166. Airport Behavior Detection And Security Theater
167. Sometimes, No Encryption Is Better
168. 10 Questions To Ask Yourself Before Collecting Security Data
169. How Secure Is Your Bank Card?
170. Hacker Vs. Cracker
171. Principles Vs. Magic
172. Why Do People Write Viruses?
173. There Is No Legal Solution To Malware
174. Mydoom.FUD: A Lesson In Fear, Uncertainty, And Doubt
175. 5 IT Security Pet Peeves
176. The Real Solution To Malware
177. Why REAL ID Is Not Secure ID
178. 5 Ideas For Secure Invoicing
179. Linux And Windows Compromised At Boot
180. The Case For National Security
181. China Chooses FreeBSD As Basis For Secure OS
182. The Cyber Czar: Hope Or Fear?
183. Microsoft May Be Firefox's Worst Vulnerability
184. Pentagon Has Bold Plan For Digital Warfare
185. The Broken Windows Fallacy
186. Stainless Steel Wallet Review
187. Six Principles Of Practical Ciphers
188. Public Officials And Private Lives
189. The Basics Of Secure Admin Privilege Use With Unix
190. Stay Out Of Bozeman
191. Understanding Risk, Threat, And Vulnerability
192. Protect Webserver Directories From Unwanted Browsing
193. How Anti-Sec Is Anti-Sec?
194. Why Are Crime Rates Dropping?
195. Open Source Crimebusting
196. How To Deal With Adobe Flash And Reader Vulnerability
197. Redundant Rules, Rushed Votes, And Bad Policy
198. ZF05 Gives Us One More Reason To Use Unique Passwords
199. Use The Firefox Password Manager
200. Use RFC 2606 Example Domains For Example Emails
201. Unmask Your Passwords
202. The Microsoft OWC Two-Year Vulnerability Patch
203. Interview Coding Tests Should Measure More
204. The Pirate Bay Is Back With A Vengeance
205. Provide More Than A Feeling Of Security
206. Guns Can Keep Computers In Your Luggage Safe
207. Paranoid Cookie Management
208. Help Reddit Crack The Treasure Master Password
209. Fine-Grained Cookie Management In Firefox
210. The Bobby Tables Guide To SQL Injection
211. The Chinese Domain Scam
212. The Key Exchange Puzzle
213. Create Great Employees
214. Solving The Key Exchange Problem
215. Never Get Complacent About Security, Even In Fiction
216. Is Firefox + Perspectives The Most Secure Browser For TLS/SSL Encryption?
217. Perspectives Provides Out Of Band Verification For SSH
218. Microsoft Makes Firefox Vulnerable; Mozilla Responds
219. Never Use Dynamic Variables
220. The TLS/SSL Certifying Authority System Is A Scam
221. Use The SSH Filesystem For Secure Network Filesystem Access
222. Use SCP For Quick, Secure File Transfers
223. Update Your FreeBSD Software With Care
224. How To Use Antivirus Software With MS Windows
225. Understand Basic Unix File Permissions
226. Managing Default Unix File Permissions With Adduser And Umask
227. Five Security News Items For Late 2009
228. Five Guidelines For Secure Customer Communication
229. Use Google Wave Carefully During The Testing Period
230. Basics Of Stack-Smashing Attacks And Defenses Against Them
231. Should We Be Afraid Of Google Public DNS?
232. Understand The Setuid And Setgid Permissions
233. FreeBSD File Flags Enhance Unix Filesystem Security
234. Principles Of Basic Filesystem Integrity Auditing
235. Google: Being Evil
236. Major Security Myths Of 2009
237. Why Security Gets No Love
238. Use The Find Utility To Scan For Writable Directories
239. China Cracks Google Security; Google Defies Chinese Censors
240. How China Exposed Google's Hypocrisy
241. The Reverse Quine: Making Web Services Transparent
242. Are TSA Policies A Bad Joke?
243. The Enduring Cipher
244. The Use And The Misuse Of The XOR Stream Cipher
245. The Danger Of Complexity: SLOC
246. Cryptography's Running Gag: ROT13
247. American Express Password Policy Takes The Cake
248. Coloring Outside The Lines
249. Get The Security Buzz About Google Buzz
250. Fight Back Against Bad Password Policy
251. What Defaults Should Random Password Generators Use?
252. Avoid Ambiguity When Referring To Account Names
253. Five Features Of A Good Password Manager
254. A User Name Is Not A Password
255. Microsoft Warns: Don't Press F1
256. The Microsoft Internet Driving License
257. Use QuickProxy For A Simple Proxy Switch In Firefox
258. Simplicity Is Security
259. Organizations And Conflicts Of Interest
260. Present Security Advice As Convenience Advice
261. Google News Follow-Up
262. Are Self-Signed Certificates Safer?
263. The Future Of Security
264. Five Characteristics Of Secure Online Services
265. Mitigating The Privilege Escalation Threat
266. Mitigating The Social Engineering Threat
267. Does The Chrome OS LiveCD Threaten Your Installed OS?
268. 10 Security Books For The Future
269. A Simple Email Filter: Getlessmail
270. The Classic Man-In-The-Middle Attack, In Fantasy TV
271. Secure Mercurial And BitBucket Quickstart
272. The NTIA Wants Cell Phone Jamming Solutions
273. Google Book Search And Our Privacy
274. Microsoft Windows Activation Work-Around
275. Corporate Ethics Versus Security Ethics
276. Google Offers Encrypted Sessions For Web Search
277. What Are The Prospects For Smartphone Security Threats?
278. Why You Really Should Care About Privacy
279. Will Google's Move Spur Others To Drop Microsoft?
280. Responsible Disclosure And Its Irresponsible Advocates
281. HTTPS Everywhere Makes SSL/TLS Easier
282. Stainless Steel Wallet Review: One Year Later
283. Use Chroot To Restrict Services
284. Use Rssh To Limit User Access
285. Understanding The Market For Buggy Software
286. Have You Heard The One About The 21st Century Russian Spy Ring?
287. Security Hyenas And The Abuse Of The Word "Terrorist"
288. Welcome To The Future: Cloud-Based WPA Cracking Is Here
289. Knowledgeable Humans Are Still The Best Spam Filters
290. Jailbreaking Smartphones Is Finally Legal, For Now
291. Point Release Vs. Rolling Release
292. Use Pwsafe As A Keyboard Shortcut Driven X Tool
293. Bypass A $200 Biometric Lock With A Paperclip
294. Hackers And Crackers: A Lesson In Etymology And Clear Communication
295. Smartphone Jailbreaking, And What Vendors Are Doing About It
296. U.S. Military Compromised By Removable Media Malware: Five Ways To Avoid The Same Fate
297. How To Disable Vulnerability Checking For FreeBSD Ports
298. Are Multiple Overwrites Really Necessary For Secure Deletion?
299. Quantum Hacking Cracks Quantum Crypto
300. Are Microkernels The Future Of Secure OS Design?
301. Security Vs. Popularity
302. Security Consciousness, And Its Opposite
303. Should Intel Decide What Software We Can Run?
304. Should BCC Be The Default Email Address Field?
305. Turn Off Modeline Support In Vim
306. Five Security Lessons To Learn From The Twitter Worm
307. Lock Your Screen While Away From The Computer
308. How To Escape SSH Sessions Without Ending Them
309. Security Tools Should Be Designed For Security
310. Recover FreeBSD Root Access When You Forgot The Password
311. Unix Vs. Microsoft Windows: How System Designs Reflect Security Philosophy
312. No Autorun Can Help Protect Microsoft Windows From Malware
313. Why You Should Never Trust Facebook
314. If Facebook Will Not Protect Your Privacy, Maybe Someone Else Will
315. The Many Eyes That Matter For Security Are The Friendly Eyes
316. Create A Simple, Simulated Network With The Honeyd Tool
317. Are Bad Guys Using Honeypots To Catch Security Researchers?
318. Don't Be Fooled By The Argument Against Unique Passwords
319. New Developments In OpenPGP Encryption Tools
320. Shadow DNS In The Works: Do We Need A Second Internet?
321. Use Firewall Software Like PF To Protect Your Desktop Systems
322. The Meaning Of Cryptographic Trust
323. What Can The OpenBSD IPsec Backdoor Allegations Teach Us?
324. Vim Offers Strong File Encryption With Blowfish
325. How One-Time Passwords Fit In With Multifactor Authentication
326. Key Open Source Security Benefits
327. Design Simplicity Is An Important Element Of Open Source Security
328. Set Up A Secure File Transfer Account With Rssh
329. Use Sysctl Security Settings To Lock Down A FreeBSD System
330. The Difference Between Secrecy And Privacy As Security Concepts
331. Imagination Is More Important Than Knowledge
332. The Book Of PF Is The Canonical Reference For The PF Firewall
333. Filtering PF Firewall Logs
334. Why Not Use OpenPGP For Web Authentication?
335. Captured Images Of Your Physical Keys Can Be Used To Make Copies
336. Protect Yourself From Closed Source SSH
337. The Security Limitations Of Solid-State Drives
338. Rulings In PS3 Jailbreaking Suit Should Worry You
339. Electronic Voting Can Be Better Than Paper
340. How To Use WinSCP With Public Key Authentication
341. How To Use Password Safe On Microsoft Windows 7
342. PuTTY Toolset Offers More Than Just An SSH Terminal
343. IP Is For Intellectual Property (And Invading Privacy)
344. Encrypt Calls On Your Android Device With RedPhone
345. SSL/TLS Encryption And The Vacant Lot Scam: Too Big To Fail
346. The Privacy Covenant Is An Illusion
347. Maybe Your Random CAPTCHA String Generator Should Be Less Random
348. There May Be A Better Way To Weed Out Spammers Than CAPTCHA
349. Facebook Is Not The Real Privacy Threat
350. How To Get People To Use Strong Passwords
351. IPhone Tracking Only Part Of Apple's Security And Privacy Shortcomings
352. What To Do About The PlayStation Network Breach
353. Like Passwords For Chocolate, Coming Soon To A Security Theater Near You
354. Sony's Scapegoat For The PSN Compromise Fights Back
355. From A To Z: Whistleblowing Versus Social Networking
356. Is The IP Address The New SSN?
357. DRM Is Counterproductive
358. Why Strict Copyright Enforcement Is Becoming Obsolete
359. 10 Highlights Of The FBI IT Security Record
360. How Your Emails Can Become Public Record: The Enron Dataset
361. Has The Mozilla Foundation Lost Its Collective Mind?
362. How Do You Protect Yourself From Hacktivist Groups?
363. Cryptographer And Computer Scientist Robert Morris Dies At 78
364. Stainless Steel Wallet Review: Two Years Later

Articles: TechRepublic Linux and Open Source Column

The following are articles Chad Perrin has written for the TechRepublic Linux and Open Source column, listed by title in roughly chronological order.

1. Is Oracle Poised To Effectively End Open Source Software?
2. Is This The End Of Buying Software?
3. Why Your College Uses Microsoft Windows For Everything
4. Use Msmtp With Mutt To Send Email
5. GNU Is Not Unix
6. Is Tmux The GNU Screen Killer?
7. Chromium Browser On FreeBSD
8. Contribute Your Expertise To An Open Source Textbook
9. Try The Uzbl Browser If You're Tired Of Feature Bloat
10. Apache Vs. Oracle: A New Front In The Java War
11. A Simple User Primer For Init
12. Oracle Wins The 2010 Open Source Enemies Prize
13. Linux And FreeBSD Hardware Info Command Guide
14. A Simple Rsync Script To Back Up Your Home Directory
15. What Is Open Source Software?
16. Preparing Installation Media At The FreeBSD Command Line
17. Don't Fear The Fork
18. Use Logwatch To Make Log Watching A Little Easier
19. Promote Openness: Custom Applications And Standardized Formats
20. What Is Android Missing?
21. Three Features You May Not Know XTerm Has
22. Use Xsel To Copy Text Between CLI And GUI
23. Review: The Best Linux Book Available
24. NetworkManager, The Fifth Horseman Of The Apocalinux
25. Save Your Money: Three Bad Linux Books
26. Five Benefits Of Command Line Tools
27. Open Source Software Users Voluntarily Pay More
28. Use i3 For Tiling Window Manager N00bs
29. If You Thought Uzbl Was A Minimal WebKit Browser, You Should See Surf
30. Pentadactyl: Firefox For Vim Junkies
31. The Scrapbook Extension: Better Bookmarks For Firefox
32. Why We Should Allow DRM On Open Source Platforms

Articles: TechRepublic Programming and Development Column

The following are articles Chad Perrin has written for the TechRepublic Programming and Development column, listed by title in roughly chronological order.

1. Five Ruby Greetings
2. A Development Workflow For Mercurial
3. Learn By Doing: Seven Ideas For Learning How To Program
4. A Skeptics History Of C++
5. Simple Filters In Perl, Ruby, And Bourne Shell
6. Introducing Io, A Prototype-Based Language
7. Memoize Recursive Functions To Conserve Resources
8. Let Isaac Help You Build IRC Bots
9. 10 Great Books And Other Resources For Learning Ruby
10. Try The SL4A Scripting Environment For Your Android Device
11. TortoiseHg Integrates Mercurial With Windows Explorer
12. Contribute To Bitbucket Projects Using Forks And Pull Requests
13. Variable Names Should Usually Be Descriptive
14. Use interactive_editor With irb For An Inside-Out Ruby IDE
15. Steven Levy's Hackers Is A Classic Of The Information Age
16. Simple Data Storage With Ruby
17. Why Clean Code Is More Important Than Efficient Code
18. Understanding Ruby Blocks