I've read anecdotally that Wordpress is pretty flawed from a security standpoint, and I'm wondering if any of the issues in this article have been patched in the four years since it was published (there have been a lot of updates since then). And if so, what are the current concerns about WP security? Anything a site owner like me should be concerned about, or watching for?
I need to put the fear of God into some foolish, negligent users. I'm looking for examples of organizations that were hit with some kind of horrible malware (like CryptoLocker) or had sensitive data stolen -- all because of a really stupid action by an employee. [more inside]
I'm looking for resources/explanations of how to tell if someone is intercepting my SSL traffic. [more inside]
I have a new role where I will soon have to speak to IT Directors about Information Security. Good general primers out there to get me started on Infosec? [more inside]
I started a new job last week, which involved registering for a bunch of different tools and services (email, internal tools, ticket tracking system, project management stuff, etc.). Since I needed access to those before I got a chance to set up a password manager, I used a couple duplicate passwords so I could remember them (they were strong passwords, but they fit a pattern that I can remember). Shortly after I signed into a site with one of the passwords I was also using on another site, I got an email from IT saying they'd noticed I'd used duplicate passwords and to change them ASAP. How did they know? [more inside]
Trying to understand what IT is doing with my workstation right now. Near-constant prompts to log in to Outlook (I am already logged in) and suddenly, for the first time, most websites (but oddly, not social media) are being blocked with EdgeWave iPrism. What's going on, and should I worry? Details inside. [more inside]
My boss has asked me to help him find some introduction-level resources to understand modern IT industry fundamentals (cloud computing, modern storage technologies, security, system architecture, etc.) from a management standpoint. I have a good handle on the technical side, but I'm not sure where to look for the basics. What resources would be a good introduction? Web sites are most helpful, free or paywalled okay.
I've only worked in a small business (15-20 employees) since I got out of school, and I've handled the technological necessities since I started because nobody else could. I've handled things on an as-needed basis: troubleshooting problems, setting up new computers, maintaining an iron grip on software installations, setting up the network and administering simple network devices, etc. However, I'm completely self-taught, and I have no idea if my hacked-together system looks anything like a properly-implemented corporate IT system. So I want to know what one looks like. Specifically, I'd like to know if there are any resources I can check out on my own that paint the picture of what I should be trying to achieve. NOTE: I'm NOT averse to hiring an outside IT firm or consultant to help with specification and implementation. However, I don't want to be at the mercy of a firm's "knowledge" and my own ignorance; you can waste a lot of money that way, regardless of scenario. [more inside]
I've been tasked with figuring out what firms charge to perform IT Security tests, penetration tests, etc, for commercial clients? What kind of metrics do they base their charges on? Is there a standard rate for this kind of work? Alternately, do you have any tips for getting this kind of info from the companies that do this kind of stuff? [more inside]
What is the best way for someone with plenty of sysadmin and programming experience but no actual professional IT experience to begin a career in IT?
What is the best way for someone with plenty of sysadmin and programming experience but no actual professional IT experience to begin a career in IT? [more inside]
Will installing a Linux Operating System onto an old Windows laptop fully erase the contents of the hard drive? [more inside]
Looking for recommendations of hosting/IT solutions companies specializing in above-average security precautions, especially those who have experience with federal standards compliance and/or who can assist with security policy development and implementations. [more inside]
I have a CISSP and 6 years experience in the IT Security field. Problem is, most of my experience is with policy, not technology. Where can I go from here? [more inside]
This is a 2 pronged question: Are degrees earned online ever worth it? If they are, are they worth it relative to IT? [more inside]
Plot my IT computer certification schedule. [more inside]
I have found a major security hole / bug in a mid-market erp/accounting program we use. I alerted support, explained the problem and how we fixed it. More than a week later and no follow up, bulletin or acknowledgment of the problem. [more inside]
IT Tech guy seeking more information on how to get deep into network security. [more inside]
Is there a directory or directories of C-Level contacts, e.g., the Director of IT, Director of Security or and other high level managers with security for major companies within Electric Utilities, Gas Utilities, Oil & Gas Pipelines, Oil and Gas Refining, and Oil and Gas Drilling and Exploration? Would prefer something free, but would be willing to consider proprietary sources.
What did I do to gain Administrator privileges to install software and how can I do it again? [more inside]
Should we attempt to hire out for a mailserver or let the seemingly incompetent corporate IT department run our mail, with all the restrictions they want to impose? [more inside]
Am I qualified to do this IT job, and/or is it something I could pick up as I go? [more inside]