Roger A. Grimes
CSOonline
Contact Roger
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by Roger:
Lack of trust will doom crytpocurrency
Loss of crypto coins through hacks, fake trading and volatility destroy trust in cryptocurrency, but those aren't its only problems. → Read More
What should your company’s change password policy be?
Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords. → Read More
The best password advice right now (Hint: It's not the NIST guidelines)
Short and crackable vs. long, complex and prone to reuse? The password debate rages on, but this columnist has a change of mind. → Read More
Are zero-day exploits the new norm?
Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape. → Read More
Beware of phony or misleading malware rescue web pages
A search on an unfamiliar executable file brings you to a malware rescue page that says it's bad and you should download their software to remove. Here's how to tell if it's real. → Read More
Power LogOn offers 2FA and networked password management for the enterprise
This authentication tool is simple to set up and use, but the biggest selling point might be workable password management across the enterprise. → Read More
SQL Slammer 16 years later: Four modern-day scenarios that could be worse
Nothing has ever come close to the speed at which the SQL Slammer worm took down networks. These very possible scenarios might beat it in terms of speed and damage. → Read More
I can get and crack your password hashes from email
Malicious hackers can use a simple trick to get your Windows computer to authenticate to a remote server that captures your password hash — just by sending you an email. Take these steps to test for the vulnerability. → Read More
2 critical ways regulations and frameworks weaken cybersecurity
Security regulations and frameworks are good and necessary, but they can be inflexible and draw focus away from the most significant security risks. → Read More
6 reasons biometrics are bad authenticators (and 1 acceptable use)
Biometrics-only authentication is inaccurate, hackable and far from foolproof. → Read More
The most interesting and important hacks of 2018
The hacks, exploits and data breaches security researcher need to most pay attention to are those that do something new or suddenly increase in volume. → Read More
Maybe we have the cybersecurity we deserve
Companies have focused more on making the consumer recovery process from fraud and data breaches easier than on better security. Most people seem OK with that. → Read More
How to end a romance scam
Use this two-part test to convince romance scam victims that their “true love” is a fraud. → Read More
Using a password manager: 7 pros and cons
This veteran security pro feels more secure now that he's using a password manager, but there are still risks. → Read More
Google makes good on promise to remove some Symantec PKI certificates
If you get this digital certificate error using Chrome, then Google now considers that website's Symantec PKI certificate untrustworthy. → Read More
Career advice: Good enough security trumps best security
The realization that most of the world doesn’t want the best security will help you advance in your security career. → Read More
How to reach that person who will click on anything
There's always that one person who falls for every phishing scam. This is how you break them of that habit. → Read More
Experience an RDP attack? It’s your fault, not Microsoft’s
Follow Microsoft's basic security guidelines for Remote Desktop Protocol and you'll shut down hackers who try to exploit it. → Read More
Is your security operations center TTP0?
The new TTP0 community wants to do for SOCs what OWASP has done for web security. It will help CISOs improve their threat intelligence and threat hunting capabilities as well. → Read More
How Microsoft's Controlled Folder Access can help stop ransomware
Part of Windows Defender in recent updates of Windows 10 and Windows Server, Controlled Folder Access can prevent malware from accessing or changing designated files. → Read More