www.PenandCamera.com: Writing Samples: Security About | Clips | Photography | Photo/Visual | Writing | Updates
Writing Archive: 2003 and before

Writing Archives: 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003

Fortune Magazine:

Uncovering the Secrets of Data Storage (PDF)
A Fortune special section on data storage.
Fortune (March 31, 2003)


Creating the Single-Image Client Build
White paper for Intel recounting how Intel reduced the number of its client builds -- the process of installing the standard corporate software bundle and moving data to an employee's new PC -- from 14 to one, and how Intel's information technology department thus reduced the expense, complexity, and time required to roll out new machines to its employees.
Intel Corp. (April 2003)

Enterprise Systems:

Q&A: Arresting Bugs Earlier in Development Cycle Cuts Security Costs
How integrating security code testing into the development cycle saves time and dollars (12/17/2003)

Alerts: Linux Vulnerabilities, Security Spending, Symantec's List of Top Threats in November
From Linux synchronization and denial of service attacks to some good news about spending on security—a quick look at this week's other security news. (12/17/2003)

Q&A: Protecting Web Applications from Unknown Attacks
Protect against the vulnerabilities in Web applications or risk the consequences. (12/10/2003)

Security Budgets Will Rise Rapidly, Researchers Predict
Good news for security managers' budgets: thanks to the threat of hacking, more companies are getting on the security bandwagon. (12/10/2003)

Oracle Patch; Top Viruses for November; Yahoo Messenger Vulnerability. (12/10/2003)

Case in Point: Law Firm Battles Spam
Installing a spam filter helped one Atlanta firm eliminate 95% of unsolicited e-mail. (12/3/2003)

Best Practices: Avoiding Computer Worms
F-Secure releases a dozen tips to help users avoid common worm problems (12/3/2003)

Security Attacks More Varied and Aggressive, ISS Report Shows
Security incidents are up 15 percent, and the gap between vulnerability disclosure and exploit shrinks (12/3/2003)

Quantum Cryptography Offers Uncrackable Keys
Using the laws of physics, not mathematical difficulty, to secure data, MagiQ Technologies' Navajo Security Gateway offers "future-proof, unbreakable" security devices. (11/19/2003)

How to Stop Bluetooth Insecurities
Bluetooth can be found in newer versions of everything from PDAs to cell phones, laptops to computer peripherals, but the technology is far from secure. Companies can, however, employ a number of def (11/19/2003)

Alert: Microsoft Issues "Critical" Patches
Vulnerabilities found in IE, Word, Excel, FrontPage Server Extensions, and Windows Workstation Service. (11/19/2003)

Best Practices: Audit Without Getting Overwhelmed
How to create and maintain an effective security program through auditing. (11/12/2003)

Tips for Gramm-Leach-Bliley Compliance
Security vendor Symantec offers best practices for staying in compliance with the Gramm-Leach-Bliley Act. (11/12/2003)

Alert: WPA Vulnerable to Dictionary Attack
Wireless networking has a new weakness, according to a new research paper. The problem is with Wi-Fi Protected Access (part of the 802.11i standard) and the way it uses pre-shared keys. (11/12/2003)

Case Study: Hurricane Stress Tests Firewall at Weather.com
The company's VP of technology weighs in on integrating security able to scale rapidly and fail well. (11/05/2003)

Management's Holy Grail: Integrating Identity and Access Control
Six modules in Computer Associates' new eTrust Identity and Access Management Suite, used in any combination, provide an integrated solution to managing identities, from provisioning to enforcement. (11/05/2003)

Alert: British Security Suffers; Macintosh Patches 14 Vulnerabilities
A new report from McAfee examines European companies' vulnerabilities. (11/05/2003)

XML: A Growing Security Threat?
The data-swapping standard, now incorporated into Microsoft's Office 2003, may be the next big route for malicious attacks. (10/29/2003)

Security Managers Fear Next Generation of Attacks Says Survey
NetScreen survey also reports a widespread belief that current security set-ups are inadequate to defend against these threats (10/29/2003)

Alert: Novell Patches Multiple iChain
Novell beta support pack fixes multiple “highly critical” vulnerabilities. We explain the problem and what you can do about it. (10/29/2003)

Companies Miss Strategic Security Focus, PricewaterhouseCoopers Says
The problem: how to support an "always on" environment. (10/22/2003)

Sharing Hardware Cryptography No Longer Enough
It's no longer enough just to use encryption. Now what's important is how well you've used encryption, how well you administer it, and how well you can prove to auditors what you're doing. (10/22/2003)

Alert: Windows Messenger Service Vulnerability
Buffer overflow attack could give the attacker administrative privileges (10/22/2003)

Q&A: Mitigating the Denial of Service Threat
Security consultant details ways to protect yourself (10/15/2003)

Dangerous Blended Attacks Increase, Symantec Says
Payload and speed make them especially dangerous; eight best practices for resisting their impact (10/15/2003)

Best Practices: Five Tips for Managed Security Outsourcing
Yankee Group’s recommendations for getting the most from managed security outsourcing (10/15/2003)

Q&A: Securing the Door as Important as Securing the Data
Organizations regard the intersection of physical and electronic security—holistic security, if you will—as the end goal (10/8/2003)

Best Practices: Minimizing the Risk of Forgotten Modems
Nearly one-fourth of all organizations have unauthorized modems connected to their network, providing easy network access for computer attackers that firewalls won't stop. (10/8/2003)

Alerts: New IE Exploit Hacks DNS; Kaspersky Labs' Top Ten Viruses for September
Anti-virus vendors report MS patch does not protect against Trojan Qhosts; September's list of top ten viruses (10/8/2003)

Coping with the Gramm-Leach-Bliley Act
We speak with one of the GLBA's five authors to discuss the challenges organizations face as they struggle to stay GLBA-compliant. (10/1/2003)

Security Spending Will Top All IT Investments
IDC predicts security and business continuity spending will increase twice as fast as overall IT budgets between now and 2007. (10/1/2003)

Alert: Virus Masquerades as Microsoft Security Update
New worm targets old IE vulnerability. (10/1/2003)

Best Practices: Staying Ahead of International Regulations
From carrots to sticks, a variety of recent regulations challenge security managers. (9/24/2003)

CERT: Best Practices for Beating Worms
CERToutlines the top steps businesses, vendors, and the government can take to arrest the onerous cycle of constant patching. (9/24/2003)

Alert: Vulnerability in SSH
Versions of OpenSSH prior to 3.7.1 are vulnerable to denial of service attacks via a buffer management problem. (9/24/2003)

Finding Security Holes in Your Web Applications
The dot-com boom’s legacy: buggy code. How do you find those bugs? Instead of trying to do code reviews with tools that were meant for developers, it's time to do them with tools meant for security (9/17/2003)

Accelerating Security Certification
Can information security professionals really get certified in half the ordinary time? (9/17/2003)

Authentication: Three Critical Steps for Every Organization
Yankee Group predicts large growth in the authentication market. Here are three things every organization needs to do to ensure users are who they say they are. (9/17/2003)

Best Practices: Handheld Security
Handheld security expert suggests best practices for organizations that support the devices 

Dirty Dozen Viruses: August was a Banner Month
Central Command shows a single virus accounted for over three-quarters of all activity last month. 

Alert: “Critical” Flaw in Office, Other Microsoft Applications
Vulnerability in Microsoft applications occurs thanks to Visual Basic for Applications 

Seeking the Perfect Patch Process
To avoid the patch-and-pray cycle, IT organizations need to examine how to make vulnerabilities such as Sobig seem so small. 

Spammers Increasing Methods to Avoid Detection
Techniques for challenging and defeating spam filters continue to grow 

Alerts: CiscoWorks, P2P Software Vulnerable
Cisco details vulnerabilities in CiscoWorks; eMule code hiding in P2P software 

Sobig Lives Up to Its Name
It's been a banner month for viruses, as new vulnerabilities were unleashed and others lingered 

Best Practices in Security Training
Worms and legislation dictate the need for security-savvy employees; here's how to train them and reinforce human nature. 

Vulnerabilities: IE Cross-Domain Security Flaw, Database Component Exposure
Microsoft releases a patch for IE 5.01 and above; company's Data Access Components could run hacker's code 

Worm Continues Blast Across Internet
Worm exploits RPC/DOM vulnerability; denial-of-service attacks still likely 

Passwords and Identity: Seeking Synergy
Do password management software and identity synchronization software naturally go together? One thing's for sure: the ROI for both categories is attractive. 

Alerts: BSD and Postfix Vulnerabilities; File-Sharing Dangers
New vulnerabilities in BSD operating system and Postfix, a popular mail transfer agent; the FTC warns about the dangers of file-sharing 

How To Protect Yourself from Fibre Channel Insecurity
Vendor and end-user ignorance perpetuate security holes, security architect warns 

Case in Point: Protecting the Network Edge
Japanese university finds easy way to control network access 

Alerts: Vulnerabilities in IE, Windows Desktops
MiMail.A exploits IE flaw; Autorooter targets windows hole to run its own code 

Identity Management: Untangling Meta and Virtual Directories
We discuss how organizations use virtual directories to interface enterprise applications and identity data with Clayton Donley, CEO of OctetString, a virtual directory provider. (8/6/2003)

Boosting IM Security
Management key to enterprise rollout; financial services advised to retain messages (8/6/2003)

Microsoft offers patch to a critical Windows problem; survey shows few companies are in regulatory compliance (8/6/2003)

The Perils of Identity Mismanagement
eProvision Role-Out normalizes, reconciles, and cleans user identities (7/30/2003)

Integrating Security into Software Development
AppScan Developer Edition provides fully automated application security testing for major development environments (7/30/2003)

California Privacy Law: Goodbye Good Intentions
New law mandates information theft disclosure no matter what (7/23/2003)

Teaming Identity Management with Auditing
Novell's Nsure Audit helps you comply with government regulations, organizational policies (7/23/2003)

Briefs: Brand spoofing on the rise; e-Security update
SurfControl reports brand spoofing is on the rise; e-Security updates Enterprise Security Management software (7/23/2003)

CA, SteelCloud Enter Crowded Appliance Market
Companies announce launch of antivirus, IDS boxes (7/16/2003)

Wireless LAN Monitoring Reveals Risks and Risky Behavior
An activity-monitoring experiment in a confined, high-usage WLAN environment shows surprisingly few users take security precautions when accessing e-mail. (7/16/2003)

Briefs: Microsoft Flaw, nCircle Update
Microsoft warns of critical security flaw, nCircle updates IP360 vulnerability management (7/16/2003)

Careers: Getting and Keeping an Information Security Job
Tips for starting out, furthering your information security career (7/9/2003)

Unsolicited E-mail Tops List of Intrusions
Spam edges out viruses; legal threat rises (7/9/2003)

Briefs: Bytware's Native iSeries Antivirus; Symantec Updates IDS Software
Bytware introduces native IBM iSeries virus detection; Symantec updates three intrusion detection system products (7/9/2003)

Overcoming Wi-Fi Security Fears
iPass improves interface and connectivity for global, virtual network (7/2/2003)

Combating Identify Theft and Fraud in Real Time
New Unisys software ARMS financial institutions in their fight against fraud (7/2/2003)

Briefs: Tripwire compliance monitoring; security appliance sales up, prices down
Tripwire introduces its Professional Audit Preparedness Services; what's behind falling appliance prices? (7/2/2003)

Unsolicited E-mail: No Problem Come 2006?
An analyst's road map to a (mostly) spam-free existence (6/25/2003)

CA Announces Integrated Content Security Management
Product offers single console for viewing security policy compliance and enterprise-wide content-related security trends. (6/25/2003)

Briefs: Resetting passwords, antivirus deal
Getting colleagues' permission to reset passwords; Central Command offers jilted Linux users antivirus discount (6/25/2003)

Microsoft Entering Antivirus Market
Company may use assets of takeover target assets improve Windows (6/18/2003)

Protecting Data From Events Firewalls Can't Catch
TippingPoint releases Peer-to-Peer control, intrusion prevention devices (6/18/2003)

Briefs: IPv6 attacks, updated iQ.Suite (6/18/2003)

CSI/FBI Report: Losses Down, Vulnerabilities Up
Ex-FBI agent discusses Computer Security Institute report (6/11/2003)

Updated Tivoli Risk Manager Locks Down Databases
Software can scout for risks "autonomically” (6/11/2003)

Windows Server 2003 patch, worm aimed at financial institutions, more (6/11/2003)

The Push for Policy Compliance
BindView launches tool to help with government regulations

Web Services: Protecting Yourself from Partners' Security Problems
OASIS unveils XML schema to provide initial threat, impact, and risk ratings guidance in consistent manner (6/4/2003)

Intrusion detection, dynamic threat protection, and Windows
Media Services patch

Tackling the File-Swapping Threat
Akonix releases tools to identify and block file trading

Security Captures Attention of Data Center Managers
What keeps data center managers awake at night (5/28/2003)

Briefs: Symantec Vulnerability Assessment, Windows Server 2003 Backup, Another E-Mail Threat

Q&A: Securing Sensitive Networks
Connecting open and closed networks with security intact (5/21/2003)

Fighting Fizzer
Blocking and detecting Trojan code (5/21/2003)

News in Brief
Security toolkit for developers; MailFoundry appliance filters e-mail (5/21/2003)

Improving Oracle Security
Logical Apps offers granular security for Oracle databases (May 14, 2003)

Mobile Forensics: Network Analysis on the Go
SilentRunner analysis tool takes baseline, analyzes network usage (May 14, 2003)

News in Brief
Passport and Cisco vulnerabilities; improving MS Server protection (May 14, 2003)

Protecting Physical Assets from Physical Threats
NetBotz's new IP-based threat-monitoring hardware (May 7, 2003)

F-Secure Talks Government Security
The top SSH vendor explains what its government customers need (May 7, 2003)

News in Brief
Cisco Secure Access Control Server; more on Snort (May 7, 2003)

Locking Down Digital Documents
A solution for companies to secure paper trails in the information age. (April 30, 2003)

Firewall Drag Race
Watchguard's new top-of-the-line firewall, gigabit speeds, and one question -- is it overkill? (April 30, 2003)

News in Brief
Snort vulnerable. An XP patch slows computers; patch anyway, says Microsoft. (April 30, 2003)


Surmounting Corporate Boundaries
Pharmeceutical giant GlaxoSmithKline PLC uses P2P software to share data with its partners.
Enterprise Systems (November 2002)

Time for a Makeover!
Web site makeovers need not be complete overhauls. Here are some simple, low-cost ways to freshen up a stale site. (Also includes these two sidebars: Helping Online Users Stay on Course, and Persona Grata.)
Computerworld (August 19, 2002)

Getting IT Out of the Loop
Office Depot needed to massage sales data for employee bonuses, with minimal IT involvement.
Enterprise Systems (July 2002)

Cambridge College: Report on the Year 2001-2002
I profiled seven graduates from the college working in a variety of fields. Graduates include a Deputy Superintendent for the Boston Public Schools, the principal of Boston Arts Academy, and the principal of San Diego's High Tech High. In addition, I provided photographs of each participant, often in their workplace. These written and visual profiles constitute one-third of the annual report.

Let's make a deal
Amid the holiday 2001 season of uncertainty, consumers and retailers play the waiting versus discounting game.
Boston Globe (Nov. 2001)

Corporate Peer-to-Peer Gets a Closer Look
Like all grassroots technologies, instant messaging makes IT departments mighty nervous. But it's catching on quick, and it's a clear window to the coming world of peer-to-peer computing.
CIO Insight (March 2002)

Harvard Nails Sendmail
At Harvard University's Electrical Engineering and Computer Science (EECS) and Robotics department, users don't just use computers, they try to break them -- professionally. It's up to the IT department to keep up, and the first place they started was with their choice of e-mail server.
Enterprise Systems (February 2002)

Profile: Richard Fishburn, Corning CIO and Vice President
Corning turned the standard ERP model upside down by first listening to its operations people and then picking a technology. Profile for the Computerworld Premier 100 Conference in March 2002.
Computerworld (March 11, 2002)

The Instant Messaging Debate
Technology users are divided over the role of instant messaging in the workplace. Some see it as a quick communication tool, but to others, it's only a distraction.
Computerworld (Jan. 2002)



Tracking the Carrot Chase
A new sales incentive management system should help medical supplies maker Welch Allyn save up to $1 million each year in personnel and labor costs.
Computerworld (Nov. 2001)

eBay: Grow Your Site, Keep Your Users
Online auctioneer eBay Inc. shares lessons learned from designing a Web site that has grown tremendously in a relatively short amount of time. EBay says to always plan for massive growth, manage user expectations and keep design simple.
Computerworld (June 2001)

Technology Visionaries Scope the Future
IT watchers Jakob Nielsen, Michael Dertouzos, Jef Raskin, John Thackara and others
look ahead five to 10 years and tell us what we can expect, what we may not see and most importantly, what researchers are neglecting.
Computerworld (2001)

Know Who You Know
AT&T Labs researchers are working on new software that aims to use the human face to help you track your "social network" -- the people who really help you do your job.
Computerworld (2001)

The Interface Revolutionary
In the future, predicts the creator of the Apple Macintosh project, computer desktops will be replaced by zooming interfaces that give users only what they need.
Computerworld (2001)


Battling for Web Investors
Charles Schwab and Fidelity Investments are the two titans of online investing. To determine which one rules, features writer Mathew Schwartz compared notes with executives from both companies and several analysts on everything from executive leadership to customer satisfaction.
Computerworld (Oct. 2000)

Building a Better Laser
They're the basic parts of your CD player, the supermarket checkout scanner and the writing head of your laser printer. But when most people think of lasers, it's in terms of the frontiers of medicine - if not as the weapon of choice for extraterrestrial evil geniuses. American Society of Business Publication Editors (ASBPE) award winner.
Computerworld (2000)

Ameritrade: Test Case
Online brokerage Ameritrade simply couldn't afford Web downtime. It implemented a three-step plan to improve its site reliability: It did more predictive testing, did a more rigorous job of tweaking software to run on advanced hardware and created a separate testing group with more power.
Computerworld (Aug. 2000)

Feds warn hackers, then ask them for help
Las Vegas: At the opening of the annual Def Con hackers convention here today, the Pentagon's CIO pleaded with attendees to leave government systems alone and outlined proposed new laws aimed at prosecuting computer crimes more expeditiously. News piece also featured on CNN.com.
Computerworld (July 2000)

Hacker/Fed Tensions Abound at Def Con
Hacker news. Co-authored with security reporter Ann Harrison. Computerworld (July 2000)

Sharper Staples
Web site makeover: Office-supplies superstore Staples aims to boost Web sales by adding information to some parts of its site, simplifying other parts and creating some new shopping tools.
Computerworld (June 2000)

Quicken: Tweak This!
After three years in operation, leading e-mortgage site QuickenLoans.com (owned by Intuit Inc.) has learned three things: Test ruthlessly, tweak constantly and tell customers what they need.
Computerworld (Jan. 2000)


Surviving E-Christmas
Going on-site to find out how well online retailers learned from last year's mistakes. (Note: click down to end of article for a "24-hours in the life" sidebar.)
Computerworld (Dec. 1999)

Ten tools that will pump up your Palm
Personal information management: Maybe you've heard the phrase before. It's one of the hallmarks of Palm Computing Inc. devices, which give you a place to aggregate everything from your address book to your checkbook, from travel expenses to random ideas you have in a meeting or on the subway.
CNN.com/Computerworld (November 1999)

The Knowledge Paradox
Cambridge Information Network (CIN) Think Tank Report: The Knowledge Paradox--How to Manage Your Most Strategic Asset. To assess the state of the New Economy, in which intangible assets are fleeting yet valued by the market, new economy, CIN turned to its members to talk about knowledge management. CIOs told CIN about the business and technology pressures their companies face, and how far along they are -- or want to be -- in their knowledge management efforts.
Cambridge Information Network (1999)

The Transformation of ERP: From Money Pit to Money Pot
Cambridge Information Network (CIN) Think Tank Report on the changing nature of ERP installations and moving from ERP to eXtended Resource Planning, or XRP. (No link to report currently available; contact me, I might be able to turn up a PDF version.)
Cambridge Information Network (1999)


Management--Collaborative Style
Too much of today's media coverage reinforces the myth of that god-like, solitary genius — the CEO who drives a company to greatness by virtue of his ego
Boston Software News (1998)

Mathew Schwartz