Stories by Ian Paul

Chrome OS may kill the password with Easy Unlock smartphone option

By Ian Paul | 18 April, 2014 23:41

Google may be opening a new front on the war against the password with a smartphone-enabled unlock option for Chrome OS PCs. Dubbed Easy Unlock, the new test feature would "instantly unlock your Chromebook when you and your phone are nearby, no password necessary."

VPN provider proves OpenVPN private keys at risk from Heartbleed bug

By Ian Paul | 18 April, 2014 01:42

The fallout from the OpenSSL Heartbleed bug continues. Recently, personal virtual private network provider Mullvad said it was able to extract private encryption keys for OpenVPN from a test server.

LaCie warns hackers may have customer info, credit cards after year-long breach

By Ian Paul | 17 April, 2014 00:16

Seagate-owned LaCie fessed up to a major security breach that put sensitive customer information at risk for nearly a year. The hard drive and peripheral storage maker isn't sure what information has been compromised; however, the company says the list may include customer names, email addresses, credit card numbers, and card expiration dates.

TrueCrypt for Windows: No major flaws found in first phase of security audit

By Ian Paul | 16 April, 2014 00:59

The first round of results are in, and so far TrueCrypt, the popular open-source encryption program, has a relatively clean bill of health. Security firm iSec Partners recently carried out the first phase of the TrueCrypt audit on behalf of the Open Crypto Audit Project (OCAP).

Healing Heartbleed: LastPass outs automated checker, major sites admit vulnerability

By Ian Paul | 11 April, 2014 00:32

LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.

Windows XP is still running thousands of websites worldwide

By Ian Paul | 10 April, 2014 02:39 | 1 Comment

It's not just desktop users who refuse to move on from Windows XP. Thousands of websites are still enamored with the now-unsupported OS, too.

The critical, widespread Heartbleed bug and you: How to keep your private info safe

By Ian Paul | 10 April, 2014 01:46 | 1 Comment

No matter how hard you try to stay safe, some aspects of securing your online data are completely out of your hands. That fact was made painfully obvious on Monday, when the Internet got caught with its collective pants down thanks to a critical vulnerability affecting a fundamental tool for secure online communications.

Windows XP still going strong despite looming end of support deadline

By Ian Paul | 03 April, 2014 03:10

With less than a week to go until Microsoft officially ends support for Windows XP the number of users sticking with the aging OS is still significant. The latest numbers from NetMarketShare show Windows XP is going strong, powering 27.69 percent of all worldwide PC usage during the month of March.

How to disable Windows 8's deep cloud integration, piece by piece

By Ian Paul | 25 March, 2014 19:49

You can accuse Windows 8.1 of a lot of things, but one thing you can't say about Microsoft's latest OS is that it lacks web integration. Thanks to deep integration with Bing, OneDrive, and other Microsoft online services, Windows 8.1 is most definitely where the desktop meets the cloud.

How to use Tumblr's new two-factor authentication

By Ian Paul | 25 March, 2014 15:43

Another major online service is making your login more secure. Yahoo-owned Tumblr announced on Monday that two-factor authentication is finally available for the microblogging site.

Basecamp falls to blackmail-fueled denial of service attack

By Ian Paul | 24 March, 2014 18:58

Users of the popular web-based project management app Basecamp may have a hard time loggoing on the service Monday morning. The company behind the app, also named Basecamp (formerly 37Signals), says it is under a distributed denial of service (DDoS) attack from extortionists hoping to make a quick buck.

Microsoft tweaks privacy policies after email spying backlash

By Ian Paul | 21 March, 2014 14:49

Outlook.com email should be private, Microsoft said in a recent blog post that then went on to explain why it violated that belief in privacy for at least one user.

Three practical reasons to use your browser's private mode

By Ian Paul | 11 March, 2014 20:20

Modern browsers are chock full of powerful hidden features, but one of the most overlooked features is incognito or private mode. If you've heard of this feature, chances are you know it, rather infamously, as "porn mode."

HTTPS Everywhere makes Firefox for Android more secure

By Ian Paul | 05 February, 2014 16:37

The Electronic Frontier Foundation wants to make web browsing on mobile as secure as it is on the desktop--at least for Android users. The digital rights group recently released a mobile version of its stellar HTTPS Everywhere add-on for Firefox for Android.

NSA whistleblower Edward Snowden to hold live chat on Thursday

By Ian Paul | 22 January, 2014 16:58

If you've ever wanted to ask NSA whistleblower Edward Snowden a question, you might get your chance on Thursday, January 23 at 3 PM ET/12 PM Pacific. The man who revealed the startling revelations about the NSA's Prism program and cell phone metadata collection--and inspired a slew of security-focused apps and services--is lining up for his second official question and answer session tomorrow.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.