Fahmida Y. Rashid

Contributor

Fahmida Y. Rashid is a freelance writer who wrote for CSO and focused on information security. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."

Encryption in 2016: Small victories add up

Encryption in 2016: Small victories add up

The move from SHA-1 to SHA-2, a Congressional victory over backdoors, and the rise of encrypted communications are leading us toward a more secure world

Nmap security scanner gets new scripts, performance boosts

Nmap security scanner gets new scripts, performance boosts

Nmap 7.40 has new scripts that give IT administrators improved network mapping and port scanning capabilities

Google open-sources test suite to find crypto bugs

Google open-sources test suite to find crypto bugs

Developers can use Project Wycheproof to test cryptographic algorithms against a library of known attacks to uncover potential weaknesses

10 essential PowerShell security scripts for Windows administrators

10 essential PowerShell security scripts for Windows administrators

PowerShell is a valuable tool for automating Windows administration tasks, including laborious security chores

How Windows 10 data collection trades privacy for security

How Windows 10 data collection trades privacy for security

Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft

NTP fixes denial-of-service flaws

NTP fixes denial-of-service flaws

Attackers can exploit NTP to generate large volumes of junk traffic for distributed denial-of-service attacks. Update NTP to keep your servers out of the DDoS botnet

10 AWS security blunders and how to avoid them

10 AWS security blunders and how to avoid them

Amazon Web Services is easy to work with -- but can easily compromise your environment with a single mistake

Windows GDI flaw leads to PowerShell attacks

Windows GDI flaw leads to PowerShell attacks

APT group FruityArmor exploited Windows GDI memory handling to break out of browser sandboxes and launch PowerShell in targeted attacks

Stupid encryption mistakes criminals make

Stupid encryption mistakes criminals make

Blown cover: Malware authors show how easy it is to get encryption wrong and, in the process, help security pros crack their code

ICANN will generate new DNSSec key

ICANN will generate new DNSSec key

The update is a serious and critical undertaking that will ensure greater DNS security

What’s in your code? Why you need a software bill of materials

What’s in your code? Why you need a software bill of materials

When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates

Lockdown! Harden Windows 10 for maximum security

Lockdown! Harden Windows 10 for maximum security

To make the most of Windows 10's security improvements, you must target the right edition and hardware for your needs

Tenable brings network visibility into Google Cloud Platform

Tenable brings network visibility into Google Cloud Platform

Tenable SecurityCenter Continuous View gives IT administrators visibility over their applications hosted in Google Cloud Platform.

Rugged devops: Build security into software development

Rugged devops: Build security into software development

Devops improved software development and deployment. Rugged devops brings together security pros, developers, and operations to deliver better application security faster

Google patches critical bug on Android Nexus 5X devices

Google patches critical bug on Android Nexus 5X devices

The vulnerability, which Google has patched, could let attackers obtain the password for locked Nexus 5X devices and access device contents

New collision attacks against triple-DES, Blowfish break HTTPS sessions

New collision attacks against triple-DES, Blowfish break HTTPS sessions

Legacy ciphers such as triple-DES and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key

Automate, integrate, collaborate: Devops lessons for security

Automate, integrate, collaborate: Devops lessons for security

Devops is transforming application development; the same principles of automation, integration, and collaboration can vastly improve security as well

Keep using password managers -- bugs and all

Keep using password managers -- bugs and all

A furor over bugs in password managers left users in a jam. Self-proclaimed security empress Jessy Irwin clears up the confusion

Respect: Windows 10 security impresses hackers

Respect: Windows 10 security impresses hackers

Windows is a popular attack target for criminals and researchers alike, but Microsoft has done a good job of making it harder to target security flaws in the OS

Want secure code? Give devs the right tools

Want secure code? Give devs the right tools

With the appropriate tools and environments, developers can take the first step forward in safeguarding app security

Load More