Hopes for better privacy protection in CISA depend on conference committee reconciliation

Privacy advocates and industry groups oppose the new legislation for many of the same reasons that led to the demise of the Cyber Intelligence Sharing and Protection Act (CISPA), but in the wake of a seemingly unending string of major data breaches and cyber intrusions, it appears likely that Congress will get a bill to the the president for signature.

Want to reduce unauthorized login attempts? Use Google Authenticator

If you have a public website, you should know that your site is regularly scanned and otherwise accessed, both by web “crawlers” from Google, Bing, and similar search engines and by individuals or agents with less…

It’s (past) time for two-factor authentication

While 2FA is by no means foolproof, for most users adding some form of two-step verification in the authentication process makes their accounts much less susceptible to compromise by unauthorized users.

Threat of phishing attacks shows no signs of diminishing


A small but troubling minority of users click on links embedded in phishing emails and an even smaller number recognize and report the suspicious emails to an IT group or incident response team.

WordPress security essentials

The good news for WordPress users is that there are multiple security plugins available that enhance site security, provide routine (even continuous) monitoring, and help administrators remove and repair whatever changes or damage an intrusion has caused.

No upside to OPM data breaches

Subsequent disclosures and updates about the OPM incident paint a troubling picture of the poor security practices that facilitated the attack and delayed its discovery.

Is Clinton’s use of a private email server a big deal or not?

There are two broad questions that may turn out to be more relevant than whether Clinton was, intentionally or inadvertently, keeping from public scrutiny any details about her work as Secretary of State.