With millions of passwords stolen from LinkedIn, eHarmony and Lastfm.com in the past few weeks, it is a good idea to re-think your password strategy.  It should certainly make it clear that re-using one or even several passwords across many web sites can be dangerous.  But creating and remembering individual passwords for the ever-growing collection of web sites that comprise our digital lives can be daunting.  What should you do? (more…)


The use of data encryption is quickly becoming a mandated component of corporate security policies, and especially so for mobile devices.  It is difficult to get exact figures for the number of lost or stolen laptops, much less USB drives, but no one wants to be in the position of having to disclose the loss of important information. (more…)

Many sites enable access to SSH through their firewalls, but this exposes them to password probing. This is usually an automated process of trying to authenticate with commonly-used username/password pairs. SSH supports public-key authentication and it greatly reduces the risk of remote exploits due to weak credentials. Let’s further explore why you would consider this approach, and how to implement it.


Once in a while I remind myself that I should create a list of some of my favorite freeware or open-source tools. Perhaps this will be a running list, but here it is, in no particular order! (more…)

TrueCrypt is one of the nicest open-source encryption products I’ve tried in the last couple of years. If you have not heard of it or tried it, you should take a serious look at it! This past week, version 5.0 was released. While promising marked performance improvements and adding a Mac OSX version and GUI support for Linux, this version now supports full encryption for system partitions on Windows with pre-boot authentication! (more…)