Evan Schuman

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld and eWeek and his byline has appeared in titles ranging from BusinessWeek, VentureBeat and Fortune to The New York Times, USA Today, Reuters, The Philadelphia Inquirer, The Baltimore Sun, The Detroit News and The Atlanta Journal-Constitution. 
Posts by Evan Schuman

The Peril Of Confusing A Security Researcher With A Cyberthief

June 9, 2016  | Security News

The security researcher's lot is not an easy one. This player is an essential part of the security ecosystem, an experienced security person who tries and finds security holes in systems so that they can be flagged and fixed. The problem is that the good guy security researcher—at a glance—looks and acts an awful lot like a bad guy cyberthief. From the CISO's desk, how is one... READ MORE

It's Time To Rethink The Password. Yes, Again

June 6, 2016  | Security News

Every few months, another prominent person in software security suggests that the password needs to be done away with—and they invariably say it as though it's a new idea. In reality, the security community has effectively agreed for more than a decade that passwords are no longer sufficiently secure to protect the sensitive data it is tasked with protecting. And yet, just like the... READ MORE

If Government Data Threats Get Companies To Take Data Security Seriously, It May Be All Worthwhile

May 27, 2016  | Security News

Perceived security threats motivate IT people the same way they do everyone else. People react to how much a threat scares them, which sometimes has little relation to how truly threatening that threat is. Consider rank-and-file U.S. citizens and fears of terrorism. The potential damage by a terrorist is horrendous, but there are consumers who consider terrorist a far bigger threat then burglars... READ MORE

When US-CERT Issues an Alert, Does IT Listen?

May 18, 2016  | Security News

Last week, US-CERT (the U.S. Computer Emergency Readiness Team) issued an alert about an old SAP security hole after a vendor flagged that attackers were still using it. The initial problem was that SAP had apparently fixed the hole some six years ago, but gave users the choice whether to protect themselves or not. Candidly, that's an odd choice to offer IT execs, but it's easier to... READ MORE

Security Needs to Start Deep Within the OS: And It Needs to Start Now

May 12, 2016  | Security News

As strategic and essential as enterprise security is today, it is still, at its most fundamental level, an afterthought. We take the OS, apps, databases, network controls as they are given to us, and then we try and Band-Aid on top of it the best security we can. We use firewalls and filters and VPN tunnels and encryption to try and limit the damage software vulnerabilities can do. As a practical... READ MORE

One Problem With Perimeter Security: Today's Networks Shouldn't Even Have A Perimeter

May 6, 2016  | Managing AppSec

Saw an interesting column the other day from a security consultant arguing that healthcare enterprises need to re-envision security and pull information from the network perimeter and back into servers, where everything is easier to control. It's a compelling argument until you get realistic, practical and focus on the reason enterprise networks exist in the first place. Going back to a... READ MORE

Peripheral Security Issues Today Are Anything But Peripheral

April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack wireless mice and... READ MORE

Badlock Is A Serious Hole, But How It Was Preannounced Is A Disgrace

April 14, 2016  | Security News

There is something unnerving—and even a tad repugnant—about announcing that there's a massive security hole and that it won't be patched for weeks. Welcome to Badlock. What possible legitimate security goal is advanced by this publicity stunt? The bug, which marketers for Samba dubbed Badlock, is extremely serious and potentially disruptive, which is what makes the... READ MORE

The Apple-FBI Security Lesson: Redundant Protections Are Essential

April 7, 2016

If there's one security lesson that can taken from this FBI versus Apple surrealistic encounter, it's that security redundancy is truly important. We're talking multi-layered security, where any one or two layers can completely fail and security is still maintained. Why? Let's look at the latest in the FBI-Apple encryption dance. And if any of you bought into this "this Apple... READ MORE

Hospitals Are Security's Biggest Nightmare

March 31, 2016  | Security News

Cyberattacks on hospitals represent the true security nightmare scenario. It combines privacy risks far more severe than attacks on the largest banks or retailers with life-and-limb risks that rival remote takeovers of nuclear power plants and cars. An attacker could change the type and quantity of a prescribed drug, steal and sell intimate medical details and change test findings, which could... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu