Stories by By J.F. Rice

  • Discovering a blind eye to vulnerabilities

    Last week, I was horrified to discover a problem with my <a href="http://www.computerworld.com/article/2569669/security0/two-sides-of-vulnerability-scanning.html">vulnerability scanner</a>. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for vulnerable versions of software, and that user account had never been configured properly. As a result, the scanner has been blind to a lot of vulnerabilities. And this has been going on for a long time.

  • Sony and Chase: Don't blame the CISO

    Over the last couple of weeks, I have read numerous news stories about the widely publicized security breaches at <a href="http://www.computerworld.com/article/2860745/it-security-in-2015-were-now-at-war.html">Sony</a> and <a href="http://www.computerworld.com/article/2691246/jpmorgan-chase-says-breach-affected-83m-customers.html">JPMorgan Chase</a>. It seems as if everybody is a Monday-morning quarterback, with every other reporter voicing an opinion on how these breaches should have been prevented. In particular, I read two articles that specifically blamed the information security organizations at those companies for failing to properly stop the attackers. That's not fair.

  • Making a hash of passwords

    Last week, I went to a project meeting so I could provide security insights as some consulting software developers updated us on the customer-facing application they're building for us. But I was dumbfounded when they asked me, "How should we encrypt the passwords?" Will developers never learn? 

  • Election Day was just another chance to worry about security

    At the moment I'm a bit of a security grouch. I keep seeing product after product that has significant vulnerabilities. And this isn't just happening with the things I deal with at work. Even Election Day had me grousing about the state of our software security.