Fahmida Y. Rashid
Contributor
Fahmida Y. Rashid is a freelance writer who wrote for CSO and focused on information security. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."
Google open-sources test suite to find crypto bugs
Developers can use Project Wycheproof to test cryptographic algorithms against a library of known attacks to uncover potential weaknesses
How Windows 10 data collection trades privacy for security
Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft
10 AWS security blunders and how to avoid them
Amazon Web Services is easy to work with -- but can easily compromise your environment with a single mistake
Stupid encryption mistakes criminals make
Blown cover: Malware authors show how easy it is to get encryption wrong and, in the process, help security pros crack their code
ICANN will generate new DNSSec key
The update is a serious and critical undertaking that will ensure greater DNS security
What’s in your code? Why you need a software bill of materials
When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates
Lockdown! Harden Windows 10 for maximum security
To make the most of Windows 10's security improvements, you must target the right edition and hardware for your needs
Rugged devops: Build security into software development
Devops improved software development and deployment. Rugged devops brings together security pros, developers, and operations to deliver better application security faster
New collision attacks against triple-DES, Blowfish break HTTPS sessions
Legacy ciphers such as triple-DES and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key
Automate, integrate, collaborate: Devops lessons for security
Devops is transforming application development; the same principles of automation, integration, and collaboration can vastly improve security as well
Keep using password managers -- bugs and all
A furor over bugs in password managers left users in a jam. Self-proclaimed security empress Jessy Irwin clears up the confusion
Respect: Windows 10 security impresses hackers
Windows is a popular attack target for criminals and researchers alike, but Microsoft has done a good job of making it harder to target security flaws in the OS
Want secure code? Give devs the right tools
With the appropriate tools and environments, developers can take the first step forward in safeguarding app security
The advanced security techniques of criminal hackers
InfoWorld talks with Digital Shadows' Rick Holland about the security tools hackers use to protect themselves while ripping you off
Do developers really care about security?
InfoWorld talks with GitHub's Jamesha Fisher about the cultural shifts necessary for baking security early into the devops process
The threat hunter's guide to securing the enterprise
You're already breached. Here's how to track down attackers on your network before they wreak havoc
Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints
The noted web security guru worries that the key web and application threats aren't getting the right level of focus
Hack the hackers: Eavesdrop for intel on emerging threats
Listening to online chatter in hacker forums can give you a jump on juicy vulnerabilities your vendor hasn't fixed
Do it now! From SHA-1 to SHA-2 in 8 steps
The clock is ticking for organizations to complete their SHA-1 migration. Here's what admins must do to ensure they aren't locked out