Security

As a corporate developer in a major financial corporation, I am very conscious of security issues. Security must be considered at the design phase of any project. It cannot be added later as an afterthought.

Microsoft TechNet: The Ten Immutable Laws of Security

Law #1: If a bad guy can persuade you to run his program on your computer, its not your computer anymore.

Law #2: If a bad guy can alter the operating system on your computer, its not your computer anymore.

Law #3: If a bad guy has unrestricted physical access to your computer, its not your computer anymore.

Law #4: If you allow a bad guy to upload programs to your web site, its not your web site any more.

Law #5: Weak passwords trump strong security.

Law #6: A machine is only as secure as the administrator is trustworthy.

Law #7: Encrypted data is only as secure as the decryption key.

Law #8: An out of date virus scanner is only marginally better than no virus scanner at all

Law #9: Absolute anonymity isn't practical, in real life or on the web.

Law #10: Technology is not a panacea.

I wrote some articles on adding cryptography to your programming skills. It is fairly easy to connect to the Windows Crypto API in your programs and add professional-strength cryptography to your apps.

My article "Add security to your data with the Crypto API" from CoDe Magazine March 2002 has been posted to this site.

I also wrote an article in the March 2003 issue of FoxTalk magazine titled: "Building a Tool to Secure Messages". This article shows how to build a tool in Visual FoxPro 8.0 to Encrypt and Decrypt text or binary files to send to clients or colleagues, using Triple-DES through the Windows CryptoAPI.

Here's my presentation "Data Security and Cryptography" (Powerpoint)

Security-related links:

SANS Institute The SANS (System Administration, Networking and Security) Institute is a cooperative research and education organization specializing in computer security issues. It is home to Incidents.org and the Internet Storm Center and the renowned Global Information Assurance Certification Program (GIAC)
SANS.Org Security mistakes people make
Microsoft's TechNet Security Information
Network Associates
CERT Coordination Center
Crypto-Gram is a free monthly e-mail newsletter on computer security and cryptography from Bruce Schneier
Security Pitfalls in Cryptography: A great article by Bruce Schneier
Securityfocus.com is a company that specializes in computer security issues. It has a good collection of whitepapers and security-related news.
Security Focus - Software Licensing: The Hidden Threat to Information Security by Richard Forno
Software licensing agreements may contain stipulations that could jeopardize your network's security.
Security Focus - Results, Not Resolutions: A guide to judging Microsoft's security progress by Bruce Schneier and Adam Shostack.
Microsoft Network Security Hotfix Checker Tool: A command-line tool that administrators can use to centrally assess a computer or group of computers for the absence of security patches
Symantec Security Response: Offers security advisories, information on the latest threats and virus removal information.
SamSpade.Org: An excellent site with security tools and where you can check addresses, reverse DNS lookups, etc.
Avoiding Identity Theft: A Primer by David McGuire washingtonpost.com. Your identity is arguably your most valuable possession. A clean legal record and credit history open the door for work, mortgage loans and other day-to-day privileges that most people take for granted.
Wireless Hackers Leave No Tracks Unprotected WLANs give hackers an untraceable way to launch attacks across the Internet.
Four-fifths of networks bleeding Wi-Fi data. Wireless networks are insecure.