temporarily removing bluemonster from all pages
Heather

Author Archives: Heather

The Top 30 Data Management & Security Blogs

Data management and security are an important part in the daily lives of most people these days. A lack of knowledge on how to keep your data under control and organized can mean your business suffers in productivity or a hacker halfway across the world can loot your bank accounts. Luckily, the number of mostly altruistic experts who want to share their wisdom on data management and security is impressively large, and many of these experts and the companies who employ them maintain blogs that can be easily browsed to keep yourself abreast on the current state of the IT and InfoSec world. This list contains links and quick glimpses into thirty of the best offerings on the web. Blogs are divided into data management blogs, security blogs, and those with content that bridges the gap between the two.

Data Security by Charlie Collis

Data Security by Charlie Collis

Well-Rounded Blogs

  1. Rational Survivability– Originality can make a sometimes-dry topic like technology more bearable for the masses. Rational Survivability makes no apologies that it is a personal blog that will do whatever it wants, whenever it wants to do it. Almost every post can pull a laugh from you while still imparting some knowledge. The posting rate seems to be on the decline over the past few months, but you can still expect a new post per month. The blog has been in existence since 2006, so it is likely going to stick around for a while. Throw it in your monthly blog checklist and you won’t regret it. Must Read: An Ode to Glasses, a somewhat clever and definitely hilarious poetic tribute to Google Glasses.
  2. Rud.is – This blog is a bit of a hard one to place. The subjects range from data security to shiny graphs to random IT subjects, and occasionally it even goes off the grid into something completely different. It does not have the best update rate, and the varying content makes it hard to suggest that you put it on your frequent reading list. That said, it is worth giving a quick look at some of the articles to determine if the blog is something that you might like. Must Read: Security Hobos, a discussion on truly small business owners who are blissfully ignorant that they are creating terrible security problems for their customers.
  3. From the Trenches – There is no substitute for experience, but reading about someone else’s experiences comes in at a close second. From the Trenches is a mix of stories from the owning company, Solera, and related posts on data security and management problems that have had an impact in the real world. The blog is fairly heavy on advertising posts for Solera, but considering that it is all but declared directly in the blog’s mission statement that this will happen, we can forgive it this time. Must Read: Topera, the Sneaky IPv6 Port Scanner, an article that provides an overview of one malicious tool and that serves as a good example of the sort of content you will find here.
  4. Attachmate: Data in Motion – The moment where any sort of information is at the highest risk of falling into the wrong hands is when that information is in transit. Attachmate provides solutions for information security for electronic devices during this vulnerable stage, and their blog provides useful tidbits of information on how to properly secure file transfers. As you would expect from the more pointed focus of the company, the blog is narrow in scope. Unfortunately, the blog does not take advantage of this to provide lengthy or detailed information, instead opting for more general updates on file transfer news and technologies once or twice a month. Even though we think this blog could be great with just a bit more effort, it is still a decent one to have on your monthly checking schedule. Must Read: User-driven File Transfers and You, a brief commentary on why email should not be used as a file transfer system.
  5. Verizon Terremark: Enterprise Cloud Blog – Terremark is a division of Verizon that delivers Cloud and enterprise level solutions to medium and large businesses. Their blog is a mixture of company news and informative articles on the Cloud, big data, and security. One of their more frequent topics is “News to Know,” which contains small excerpts and links to other articles. It isn’t a terrible blog, but with about 40% of the content being company advertising and reposts, it isn’t a great one either. A good amount of information and updates coming every day or so are its main redeeming qualities. Must Read: Encryption Solutions in the Cloud, a post on the encryption options that work best for Cloud technologies.
Weir Data - Photo by Acoustic Dimensions

Weir Data – Photo by Acoustic Dimensions

Data Management Blogs

  1. Obsessive-Compulsive Data Quality Blog – Focused on providing his readers with a very thorough review of the importance of data quality, management, and security, author Jim Harris creates well-written and informative posts on his blog. Posts range from analyzing the costs and issues that stem from poor quality management, new techniques to utilize and protect data, vender reviews and news presented in a neutral way, tools and resources, and much more. An excellent source for anyone involved in the data chain Must Read: Magic Elephants, Data Physics, and Invisible Gorillas – glancing over the excitement surrounding Hadoop (the Magic Elephant), its potential use to predict customer data kept close to the chest (Data Physic), and a warning about getting too far ahead with data changes (the Invisible Gorilla).
  2. Data Quality Pro – Data Quality Pro is a community managed website built with the vision of collecting the insights and ideas of professionals in the world of data quality. The blog itself has a decent color scheme, but the layout and navigation can be more than a pain until you get the feel for it, and it will still likely irk you even then. They make up for the haphazard design with four to five posts a month that are unique and insightful for the world of data management and analysis. Must Read: How to Create a Data Quality Firewall and Data Quality SLA, a useful set of tips and advice for less tech savvy companies looking to hire a data quality company.
  3. Mike 2.0 – Mike 2.0 is an open source information management solution that features community blog project with useful posts from experienced and intelligent members of the data management field. Some of the contributing bloggers appear frequently on other sites or maintain blogs of their own. The layout makes it easy to navigate through the content, but the color scheme is a boring and somewhat irritating choice of primarily white with light blue backgrounds. As with other community blogs, the higher number of contributing authors means the blog is updated with original content fairly frequently. In addition to the blog, you can find a discussion board to communicate with other readers and the contributors.  Must Read: The Increasing Meaninglessness of the Data-Metadata Distinction, a short but thought-provoking post about how much information is really contained within metadata and what it can tell someone about the contents.
  4. Information Management – Information Management, despite the rather bland name, is a massive resource on just about any topic on which you could tack the words “data” or “information.” If you want to know about data encryption, data security, big data, data quality, data analytics, data storage, the Cloud and data, data on the network, or anything else, you can find it here. The layout is incredibly busy and can seem overwhelming, but they do fairly well considering the amount of material that is stored on the site. There are multiple blogs within the site, links to educational resources, a webinar repository, and more. This is a resource that will serve you above and beyond the fields of encryption and security, but it definitely fits in with them as well. Must Read: After a Data Breach It’s Often Business As Usual, a chastising look at companies who do not take data breaches to heart and implement better data management procedures.
  5. Midsize Insider – As the name suggests, Midsize Insider is a blog site and article repository geared towards imparting information management know-how to small and medium business owners, managers, and IT staff. With dozens of contributors and staff members, content on the site is always fresh and is released at least daily. The navigation is a bit jumbled and the main pages are a bit overwhelming with information from Twitter, infographics, trending articles, and article lists. Once you get into the articles, things clean up and do not interfere with reading. Midsize Insider is essentially a normal blog on steroids: a bit harder to keep up with, but it packs more punch. Must Read: PRISM and Encrypted Data Benefits, an article on the recent NSA domestic surveillance fiasco and the importance encryption plays in keeping sensitive data safe when anyone – even the government – may be watching.
  6. The Data Roundtable – The Roundtable is a moderated but open posting ground for experts on data management in all of its forms, including subjects like data analytics, management, encryption, and general security. The blog has a marked informal tone, with topics for the posts having some silly sounding titles like “On Lawnmowers and Data Management.” The levity belies the depth of information, experience, and the ease at which many of the contributors impart their knowledge to readers. The layout is sleek and crisp, and the content is updated on an almost daily basis. This is one of those blogs to keep on the top of your list. Must Read: What’s the Meta with Your Data?, a suave title for an intelligent discussion on the importance of metadata.
Juniper - InfoSec 2013 - Photo by David

Juniper – InfoSec 2013 – Photo by David

Security Blogs

  1. Schneier on Security –   Operating since October of 2004, blogger Bruce Schneier has developed a strong following and respect from other bloggers interested in cryptography and related studies. The layout of his blog is very reminiscent of the late ’04 web, but contains a wealth of well-written information relating to everything from computer crime, homeland security, privacy, malware, policy issues, and much more. Frequently updated and easy to navigate, Schneier on Security serves as an excellent resource for those looking to dig up gems from this blog’s archives. The blogger himself is an acclaimed expert in security technology, with recognition for his numerous academic and other published essays, dozen published books, assorted fellowships, media and Congressional appearances, all of which got him dubbed a ‘security guru’ by The Economist. Must Read: Intelligence Analysis and the Connect-the-Dots Metaphor,
  2. Security Bloggers Network – Not a blog in its own right, but rather a collecting house of related blogs, this is a great resource for those looking to take a peek at what is new and exciting in the security blogosphere. They host a blogger hall of fame and annual security blogger award as well as an open feed of new posts to help users find quality blogs of interest. Worth checking out if you are a blogger or an avid consumer of such. Must Read: Security Blogger Awards, for a round-up of regularly updated and well-written security blogs.
  3. CSO– Expert advice on security from a range of experts. Posts cater to organizations and businesses concerned with protecting data.  Regularly updated and well-written, but unfortunately sponsored by intrusive ads that require you to click-through them to get to the content. This site also offers webcasts, white papers, and an emailed newsletter so readers never miss interesting news. Must Read: Are you sure you’re really in control of your servers? This article discusses some of the threats to even owned servers.
  4. Cognitive Dissidents – This security blog features a gorgeous site design with no nonsense commentary on security issues from the perspective of self-declared zombie killer, philosopher, and security strategist. While not frequently or regularly updated, the blog offers a fresh perspective and is well worth a gander. Must Read:  A Replaceability Continuum, an examination of the question, ‘How replaceable is an asset type.’
  5. Uncommon Sense Security – Blogger Jack Daniel, an Information Security Curmudgeon,  writes with a great deal of experience on the InfoSec industry with content that is unsponsored and uncensored. Expect to find no-nonsense posts on a whole range of related topics and the occasional helping of acerbic wit to raise a chuckle. Regularly updated since June of 2007, this site is clean and straightforward to navigate.  Must Read: Managing employees and expectations, for a rant on how to retain quality InfoSec personnel.
  6. Andy Ellis > Protecting a Better Internet –  Primarily targeting the clientele of the information security industry, this blog is an excellent resource to get a handle on trends, methods, terminology, related news, and events. Regularly updated since May of 2006, Andy Ellis has been providing readers with information that is incredibly easy to parse no matter a reader’s experience level. His focus is on internet security and steps that can be taken to tighten up sites to prevent leaks, scams, and other threads.  Must Read: Leveling up Security Awareness, for a solid article addressing one of the biggest weaknesses in security protocol – the human element.
  7. Threatpost – The Kaspersky-owned Threatpost blog is one of those selections that make you do a double-take when you find the tucked-away reference to the parent company. From all appearances, you would believe that Threatpost is run by InfoSec enthusiasts who do their job for the love of it. The update rate is astounding, and checking the blog every day for content is the bare minimum unless you want to fall drastically behind. Topics center on security related news such as malware, cryptography, and hacking. We are confident enough that the great design and implementation of the blog will speak better for itself than we can, so stop by Threatpost as soon as you can. Must Read: Royal Baby Spam Campaign Leads to Black-Hole Infected Site, because it is one article about the royal baby that won’t leave your brain melting out of your ears.
  8. LiquidMatrix – This refreshing InfoSec blog screams “educated and edgy” from the moment you pull up the home page. The layout is slick and beautiful while facilitating easy reading and the glimpsing of information. You will find ten or more posts per month that touch on InfoSec news from around the world. They are accompanied by the podcast which releases episodes every couple of weeks and are amusingly numbered in hexadecimal. In fact, the podcast could be considered the major draw of the site, and you will greatly miss out on the value of LiquidMatrix if you skip over the episodes. Two of the sections we like the most – a list of default passwords on almost 1000 devices and their critical security advisory page – do not get the navigational focus they deserve, so make sure to check the small content box for links to them. Must Read: What to Do If Your iPhone Gets Stolen, a handy read for the millions of users of the Apple smartphone.
  9. Krebs on Security – Krebs’ blog is one of the most popular and active personal sites in the InfoSec blogosphere. The author, Brian Krebs, has years of experience in professional writing, most notably a long stint with the Washington Post. Like many people today, he began in another field and gradually gained interest in the ins and outs of the IT world. His blog contains frequent updates with a focus towards malware, exploit kits, hacking news, and security in general. Most of the articles go above and beyond the brief articles found on other sites, and many of his technical reviews of malware and exploits can prove to be lifesavers. The popularity of Krebs is well-deserved due to the quality and frequency of its postings, and it should easily find a spot in most people’s roundup of InfoSec related readings. Must Read: Web Badness Knows No Bounds, because while you may think that avoiding sites that scream danger will protect you, browsing online always presents some level of risk.
  10. The Falcon’s View–  The Falcon’s View has all the qualities we like in a personal blog: most of the posts are original content authored by the owner, it keeps a good update frequency despite having quality content only created by a single author, and the writer is knowledgeable and legible while seeming approachable. The author is an employee at Gartner and a contributor to their blog, but he still cross-posts his own content to his personal blog. The only real negative that can really be attached to the blog is the background colors are not the best, but that does not detract from the enjoyable and unique content. Must Read: Arguing Against the Absurd, an article where Ben shows the proper way to comment and discuss on a post from another blog or source.

Image by IntelFreePress

  1. TaoSecurity – A growing number of malicious attacks on networks throughout the world are originating from one place: China. TaoSecurity brings all the information related to the threat of Chinese hackers into one spot. The author of TaoSecurity is Richard Betjlich, an experienced InfoSec specialist and author. The blog has been in existence since 2003, pointing to the alertness and awareness of the situation that noted the oncoming problem long before it became the subject of national attention. Due to the narrow scope of the blog, the posting frequency is understandably low and sits at about two per month. Must Read: President Obama Is Right On US-China Hacking, a post with commentary and a link to President Obama discussing some of the ongoing issues with Chinese hackers.
  2. Securosis – With a no-nonsense approach to InfoSec research and education, Securosis skips past the marketing and posturing that other company blogs include so well that we could not even include it in the InfoSec company blog section. Posts tend to come up once or twice a day, and they are typically unique articles with a purpose rather than reposts, links, or brief commentaries. If you finish the daily offerings and want more, the research library contains what they consider their key posts on a variety of security subjects. The library is not updated frequently, but it serves adequately as a secondary resource and a good place for those just getting started. We also love the coloring on the blog since the off-white post backgrounds makes extended reading easier on the eyes. Must Read: Endpoint Security Buyer’s Guide:  Buying Considerations, a post every business owner should read before they sign up for security services.
  3. Network Security Podcast – Sometimes, the medium your information is delivered in can play a big impact on how likely you are to go through it and the level of enjoyment you get out of it. This is where podcasts come into play, as they function essentially like audio blogs. The Network Security Podcast features a lively crew of InfoSec specialists who banter and discuss the most newsworthy topics in network security. While many blogs offer multiple viewpoints, it is difficult to get the same depth of discussion and debate that you do from having multiple people conversing. A new podcast is released around every two weeks, and they make for a great bit of listening while working on other tasks. Must Listen: Their June 18th, 2013 podcast that touches on everything but the immensely covered Snowden case.
  4. Network Security Blog – This blog is maintained by a sole contributor named Martin McKeay, a friendly fellow who works as a “Security Evangelist” in California and is also a regular figure in the podcast noted above. The posting schedule is a bit haphazard, but he does throw up somewhere near five notes a month on average. The articles range from analysis of network security news, tips and advice on proper security methods, and links and commentary to other useful resources. There is nothing noteworthy about the design and scheme of the blog, but there is nothing wrong with using what works. The blog has been in existence since 2003, providing over 1000 posts to rummage through if you want to get caught up. Must Read: Rage Against the Machine, a collection of informative links related to the NSA PRISM project.
  5. HiSoftware: Shooting from the Hip – HiSoftware is an information security company that provides a “Governance, Risk Management and Compliance (GRC)” platform to companies and organizations that want to keep their data safe. The blog for the company focuses on the issues of data management and security, most frequently featuring topics like data breaches, problem technologies, security standards compliance, and news related to data security. The look and feel of the blog has some nice touches, but it remains fairly standard overall. Posting occurs at a fairly nice rate with updates coming in every three or four days. Must Read: This article on the threat SharePoint can pose for data leaks is illuminating even while it highlights the role HiSoftware’s service can play in preventing the same thing from happening to your business.
  6. ThreatVision Labs– ThreatVision is the blog for Solera Networks, an information security company that focuses on providing solutions for Big Data.  The content focuses mostly on reports of malware and other security threats that can wreak havoc on your data, providing higher level overviews that give enough of the technical side of things to point you in the right direction if you want to learn. Articles are posted roughly four times a month. The blog’s design is simplistic and effective, garnering no complaints while not really astounding anyone. You should also hop over to ThreatVision’s sister blog that we mentioned above, From the Trenches, which contains more anecdotal looks at information security in the field. Must Read: Five Cybercrime Trends Likely to Continue in 2013, since it always pays to be up to date on the network attacks you are most likely to experience.
  7. Tenable: Network Security Blog – Tenable’s blog is one of the best company blogs on the list when it comes to the amount of content delivered. They offer a regular podcasts, webcasts, frequent posts, tutorials, white papers, RSS feeds, and newsletters. The blog does push the products of the company fairly hard, but it is relatively tolerable due to the sheer amount of other content. The content is updated almost every day, but you can probably get enough out of the blog by spending a few minutes on it every two or three days. Must Read: Prove You’re Watching 100% of Your Network, a post which points out that even the companies who keep an eye on their networks may not be doing so well enough.
  8. Hacker Academy Blog – The Hacker Academy adheres to the “know your enemy” strategy that has proven itself time and time again. They provide a look at security from the view of those who do their best to circumvent it, and you cannot protect against things you do not know about. The blog is updated roughly every month in a haphazard schedule, but the posts in the blog are less important than the library of information available on the site. The layout is basic with a soft grey background that makes it much easier on the eyes. They offer training modules on a variety of security topics and frequently hold webinars. The information is presented a clear and concise fashion that makes it accessible for newcomers and experts alike. Must Read: Hacking Fundamentals, one of their training modules and a good look at the basics of the hacker mindset and toolkit.
  9. VeraCode Blog – Veracode is a company that offers Security as a Service (SaaS) through their Cloud-based Application Risk Management Platform. They focus on security testing for applications, which is why their blog splits itself between general security news and tips for programmers on how to secure their applications. The layout of the blog is fairly bland, featuring a scheme that is mostly just a white background. Updates come along every two or three days, and they do a good job of keeping obvious plugs for the company to the bare minimum. The blog is minimally useful for security programming tips with a pointed focus towards security news. Must Read: 4 Things You Should Know Before Writing Another Line of Code, a quick list of useful tips to keep in mind for security while programming.
7

The 45 Best Forensic Tech Blogs

Forensic technology encompasses a wide range of fields and technologies and is often used, with some controversy, in criminal trials. The blogs below examine forensic tech from all angles, from professionals active in the field, to journalists covering the impact and evolution of forensic technology, to skeptics concerned about the ramifications of junk science being labeled as forensic science being used to convict in trials.

Forensic Science

West Midlands Police Forensic Science Lab - Photo by West Midlands Police

West Midlands Police Forensic Science Lab – Photo by West Midlands Police

  1. Anti-Polygraph BlogOpened: April 2006 with regular updates in the last few years. Style and Focus: Detailed and supported articles about the ways in which polygraph tests are used and abused, information about the deficiencies of the technology, and news. Also very active on Twitter. What to Read: Polygraph Countermeasures: What Polygraph Operators Say Behind Closed Doors, for a glimpse at the concerns even polygraph operators have with the reliability of the technology.
  2. Zeno’s MonthOpened: July 2004, with biweekly or monthly posts since then. Style and Focus:   Much more of a personal blog than an informative one, this blog, run by a forensic scientist, touches a bit on his work and life. Expect vacation adventures to be mixed in with news and conference details related to the forensics industry. What to Read: October 2012: Some Challenges in Digital Evidence, for a glimpse at what forensic science was concerned with and preparing for in late 2012.
  3. FSN: Forensic Science NewsOpened: April 2008 with post frequency varying but highly active since then. Style and Focus: This frequently updated blog provides opinionated responses to news and events related to forensics from the point of view of a professional forensic scientist. Well written and timely responses to criminal cases and forensic news and advances. What to Read: Institutional Bias Examined, for a great introduction to how insidious institutional bias can be and some thoughts on how it plays out.
  4. All About Forensic ScienceOpened: May 2012 with fairly regular posts each month. Style and Focus: Despite the busy look of this site, it contains a wealth of information for individuals looking at entering the field of forensics. Regular posts focus on information relevant to potential forensic students or those with a casual interest. Posts are short and sweet but informative. What to Read: Mathieu Orfila, for a wonderful brief bio on one of the forefathers of forensic medicine.
  5. UF Forensic Science BlogOpened: March 2012, fairly consistent with bimonthly posts. Style and Focus: This blog provides its readers with reasonably fascinating posts covering different types of forensic science along with forensic analysis in the news. Not the most frequently updated and the author is not a native English speaker (and it shows in the writing), but it is worth a gander. What to Read: Untying the Knots, for a quick and dirty overview of the importance of forensic knot analysis and the rarity of such expects (with a link for more information).
  6. Forensic Odontology: Bitemark EvidenceOpened: January 2011 with regular updates about once a week since. Style and Focus: With a minimalist look and easy to navigate interface, this blog welcomes readers to explore the world of bite mark evidence, with a focus on educating readers to the potential negative legal ramifications of relying on it as evidence. The author is a highly experienced professional forensic odontologist, with plenty of background to provide invaluable expertise to the posts. What to Read: Ted Bundy Bitemarks and Richard Milone: How DNA, bitemark research and failed cases have changed bitemark analysis, for an examination of how these high profile cases used bitemark evidence questionably and how it is used today.
  7. Forensic DNA Testing Blog Opened: December 2007 with irregular posts since then. Style and Focus: This blog allows posts from both DNA Diagnostic Center staff and clients that concern forensic DNA testing. While DDC moderates the posts, the authors can vary and thus the style of writing as well. The blog is easy to navigate and contains a wealth of information for readers interested in keeping up news, advancements, and case studies involving forensic DNA. What to Read: New DNA Test Predicts Eye Color, for a quick article introducing a new advancement in forensic DNA analysis – the ability to predict eye color from samples left at crime scenes. Not strong enough as a sole source of information, but an asset to an investigative team.
  8. Forensic AstrologyOpened: July 2007 with irregular posts that appear at least once a month since. Style and Focus: Admittedly, this site is a bit of an outlier amidst genuine scientific research blogs and companies and the site reinforces this general feel with its dark background and starry banner, but the information presented makes for an interesting read. The author has a 30 year background in utilizing astrology to analyze case files with an eye for forensics and provides detailed case file information, often sent in by readers, as well as the process by which astrology is used to hunt for new details in the case. Even if you do not buy into the premise of astrology, the blog is worth a look. What to Read: Shemika Cosey – Young Lady Leaves Her Aunts Home and Disappears, for a typical case study that details the process of forensic astrology and paints a narrative of what might have happened in this disappearance.
  9. GunSim Ballistics Blog Opened: March of 2009 with irregular but generally biweekly posts since then. It has slowed a bit recently. Style and Focus: No-nonsense style reminiscent of the early days of the internet, this blog’s pared down appearance suits the straight forward information it provides to readers. It focuses specifically on technology and software used in ballistics testing with helpful tips on getting the most out of it, news, and more.  What to Read: Zero in the warm, shoot in the cold, for a quick look at how ballistics information can help improve cold weather sharpshooting.
  10. Empirical Legal Studies Opened: February 2006 with regular and frequent posts ever since.  Style and Focus: Another early internet era styled site, this collaborative effort was founded by a group of professors from a few different Law Schools with the intent to bring together empirical methodologies and legal theory. Posts can greatly vary in length, but are usually well-written and informative. They bring commentary to news, changes in legal policy, useful resources, and more. What to Read: Kahan on National Research Council critique of multivariate regression, for review of one professor’s concerns about the potential problems in research and how they influence policy view.

Forensic Medicine

Medical evidence collection - Photo by Army Medicine

Medical evidence collection – Photo by Army Medicine

  1. Forensic Science for NursesOpened: February 2011 with consistent weekly posts. Style and Focus: RN Patricia Bemis provides her readers with straightforward, to the point blog posts that give other nurses tips on how to preserve potential evidence, information on forensic nursing, and news related to the field. She also discusses the importance of keeping forensics in mind as a nurse of any stripe. What to Read: Evidence Collection in the ED, for a quick review of simple steps ED nurses can take to preserve potential evidence.
  2. Digital Pathology BlogOpened: Active since 2007. Style and Focus: More like an information hub than a typical blog, this site features regular posts from experts in digital pathology on news, advancements, cast studies, and educational information. The site is a bit busy, but easy to navigate and features a lot of resources for those with an interest in the field. What to Read: The Anxiety of the Biopsy from NY Times Health Blog, for Dr. Kaplan’s response to a NY Times article on the mental health effects biopsies can have on patients.
  3. Forensic Medicine with Dr. Cox Opened: Started September of 2009 with semi-sporadic posts, generally once a month. Style and Focus: While sporadically updated, this blog is nevertheless a wonderful resource for those with an interest in forensics, particularly with a medical bent. Written by professional forensic pathologist and neuropathologist, Dr. Cox, each post is designed to inform and instruct readers on an aspect of forensics. Often, the blog posts are short introductions to longer papers linked in the post. What to Read: Human Skeletal Remains – An Introduction to Forensic Anthropology, for an introduction to a well-written and informative article introducing readers to the important concepts in forensic anthropology.

Forensic Museums and Historians

Forensic Anthropology Lab - National Museum of Natural History - Photo by Leticia  (Tech Savvy Mama)

Forensic Anthropology Lab – National Museum of Natural History – Photo by Leticia (Tech Savvy Mama)

  1. Crime Museum’s Criminal Convictions BlogOpened: February 2009 with consistent weekly posts since. Style and Focus: This blog is run by a museum and readers can expect highly entertaining, detailed, and well-written posts covering crime, criminals, and forensics. Recently, they posted the story of a potential real-life inspiration for the American mythical hero the Lone Ranger. The site itself is well designed and easy to navigate and offers readers more than just a lively and engaging blog. What to Read: The Vidocq Society: ‘The Heirs of Sherlock Holmes’? A glimpse into first real life French undercover detective agency and the fascinating character who helped found it, former criminal reformed into detective, Eugene Vidocq.
  2. The Writer’s Forensics BlogOpened: May 2009 with regular posts since. Style and Focus: This blog’s intended audience is writers who want realistic, informative advice and information on forensics. It includes general writing advice, like how to make your first few pages shine, and detailed information on a whole range of forensic science. A fascinating read if you have an interest in forensics at all. The design is clean and easy to navigate, with lots of resources and great organizational tools. What to Read: Connecticut Massacre Not New, Just Disturbing, for a quick and dirty guide to the assorted classifications of multiple murderers and real-life examples of such.
  3. Jen J. Danna ~ Forensic Crime WriterOpened: April 2011 with regular posts since, generally updated Tuesday evenings. Style and Focus: Another writer’s blog, this one expands beyond simply advice for authors, it chronicles this author’s journey in writing, provides information on research, writing processes, and the path to publication. She also does an excellent job in covering forensic science and how it can be effectively used in writing. She has a particular focus on forensic anthropology. What to Read: Forensic Case Files: Cannibalism in Jamestown in the Early 17th Century, for a gruesome look, figuratively and literally, at some of the evidence illuminating the meal-times at Jamestown colony, courtesy one 14 year old immigrant.

Computer Forensics

Digital Recovery Storage for Child Online Safeguarding Team in the West Midlands Police Dept.

Photo by West Midlands Police

  1. Computer Forensics BlogOpened: August 2008 with very frequent posts ever since, generally more than twice a week. Style and Focus: This highly active blog is a fantastic resource for any computer forensics professional or individual interested. They keep readers informed of product information, news, and events while also providing lots of tips and guides to improve one’s computer forensic tool bag. What to Read: Four Focus Areas of Malware Analysis, for an informative post briefly explaining one method of analyzing malware.
  2. Digital Forensics BlogOpened: November 2010 with sporadic updates, generally once a month. Style and Focus: While this blog isn’t frequently updated, it does provide excellent information and tips targeting other computer forensic personnel. The author provides advice born from practice, events relevant to the field, news, advancements, and more. What to Read: No Partition Table? No Problem, for a helpful post targeting newer computer forensic professionals who need a way around disks lacking partitions they need to mount.
  3. Random Thoughts of ForensicsOpened: February 2010 with posts generally updated once a month. Style and Focus: More of a personal blog than one designed to provide a great deal of professional advice and resources, it provides a glimpse into the journey of one student of computer forensics and includes his experiences with different forensics techniques and triumphs along with personal and professional experiences alike.What to Read: Tools in the Toolbox Mandiant Red Curtain, a quick and dirty overview of a free software for Incident Responders analyzing malware.
  4. Didier StevensOpened: June 2006 with regular posts from that point forward. Style and Focus: This is not a blog for those with a casual interest, it is full of technical details and step-by-step instructions designed to share ideas, tactics, and resources with other professionals.  Regularly updated and  on a wide variety of related topics, this is a highly useful tool for any computer professional interested in forensics. What to Read: Quickpost: TeamViewer and Proxies, a quick and dirty how-to post.
  5. Windows Incident Response BlogOpened: December 2004 with very active and regular posts, at least one a week, frequently more. Style and Focus: This long running blog is focused on providing resources to professionals involved in computer and digital forensics with Windows systems. Most posts are focused on explaining different analysis approaches or techniques, but it also informs readers of news updates, products, and events. What to Read: There Are Four Lights: The Analysis Matrix, for an explanation of analysis matrix and how it can be used to more effectively analyze data.
  6. Forensic Focus Blog Opened: November 2007, generally updates often. Style and Focus: Focused on providing news and tools for other computer forensic professionals, this blog features well written and tool-packed articles, interviews with folks in the industry, news, reviews, and more. The site itself is slightly busy, but well organized and easy to navigate. What to Read: Generating computer forensic supertimelines under Linux: A comprehensive guide for Windows-based disk images, for a guide to the assorted solutions available to assist with creating digital forensic timelines with code files.
  7. Forensic 4:castOpened: January 2008 with regular and fairly consistent weekly updates. Style and Focus: This sleek and well-designed site offers its visitors a wealth of information related to digital forensics delivered in podcast format with discussions from a range of industry experts. They also run a regular newsletter that supplements the information provided in the podcasts. They also host the 4:cast awards to acknowledge great forensic tools, resources, and individuals in the field.   What to Read: How to do the worst job possible, presenting a very poorly written forensic report.
  8. Mobile & Technology eDiscoveryOpened: November 2006, with somewhat sporadic posts, but generally at least one a week since open. Style and Focus: While it doesn’t present the most elegant design ever, the blog delivers excellent content for readers involved or interested in digital forensics. It features regular articles on tools, best practices, resources, case studies, and more.  What to Read: Signal Strength and Distance, for a discussion on what cellular signal strength and distance is and how to discuss it in court.
  9. CSItechOpened: May of 2008, with bimonthly posts since. Style and Focus: The clean layout allows readers to focus on the content, which is focused on informing readers about newly developed tools and tactics designed to improve the computer forensics industry. Expect lots of reviews and guides on using new tech and practices. What to Read: Password extraction fun, for a good review of a program that can help uncover passwords on devices first responders need to access quickly.

Forensic Technology & Techniques

Fingerprint - Image by CPOA

Fingerprint – Image by CPOA

  1. Crime Scene TrainingOpened: December 2010 with fairly consistent, frequent posts. Style and Focus: This very well organized blog has been regularly providing advice, insight, product reviews, and more targeting any investigators who do any part of their work directly at the crime scene. Articles are informative and practically useful. What to Read: Avoiding Hazards at the Crime Scene, for a well-written, thorough, and extremely handy article for any forensic tech who goes on scene.
  2. The Truth about Forensic ScienceOpened: February 2010, with frequent and regular updates. Style and Focus: This blog targets DUI lawyers and criminal defense attorneys and helps educate its readers on the different types of forensic evidence that can be brought to a trial, with a focus on weaknesses and defenses against them. The blog is authored by a highly respected criminal defense and DUI attorney. What to Read: Limitations of Forensic Odontology, for an overview of the problems with forensic odontology.
  3. The Hacker Factor BlogOpened: November of 2006, with fairly regular posts at least once a month since then. In the last two years, it has trended towards weekly updates. Style and Focus: This blog is a treasure, with entertaining and informative posts that are often designed to generate discussion amidst the readers. The primary focus is on the tools and techniques designed to help computer techs of all sorts, but it occasionally drifts into completely unrelated but often fascinating territory.  What to Read: Chasing Rainbows, for a really fascinating article discussing super-senses.
  4. Forensic MethodsOpened: August 2009 with sporadic but fairly regular posts since then. Style and Focus: The layout of this blog makes it feel more like a digital magazine than a traditional blog, and its posts take a non-traditional spin too. Some are simply quick Twitter updates; others are snippets of a great article found elsewhere with a shortened link to the primary article. Still, the original content here is not to be missed; the articles are well-written and informative and often offer a behind the scenes glance at the writing process. What to Read: Digital Forensics Magazine: Big Brother Forensics, for an article on an article, also a brief introduction to the potential ramifications of geo-location technologies.
  5. Forensic ResourcesOpened: July 2011 with frequent posts, often more than once a week, since then. Style and Focus: A sleek and well-written blog providing detailed information about forensic science, including techniques, news, legal issues, and advancements. It caters primarily to attorneys based in North Carolina, but is a worthy read for anyone who needs to increase their armchair knowledge of the science. What to Read: Improving Arson Investigations, a resource-filled article pointing readers towards new developments in science that shook up fire investigation.

Cold Cases & Wrongful Convictions

  1. Defrosting Cold CasesOpened: November of 2009 with prolific posting habits, though slightly slower in recent months. Style and Focus: The blogger clearly cares about justice for victims who have been left behind by time. Posts are frequently focused on bringing light to cold cases that may have been gathering dust, telling the stories of the victims, and sharing information about the crimes. The author also focuses on wrongful convictions and forensic information that may help solve some of these cases. The site is beautifully designed, easy to navigate, and the articles are well-written. What to Read: In Loving Memory: Jimmy Stanaway, for a heartfelt memorial to a cold-case victim, providing a personal face to a dusty file.
  2. The Wrongful Convictions BlogOpened: It’s hard to pinpoint the open date of this blog, but it is currently highly prolific, with often multiple posts in a day. Style and Focus: Informative, well-written, and prolific, this blog features a panel of expert authors from a variety of backgrounds to bring readers the latest in news about wrongful convictions, including forensic analysis changes, case studies, legal changes, and more. The site is a little difficult to navigate, as it lacks a proper archive; users can search, or sort through categories to find what they are after. What to Read: Calculating Bad Math’s Contribution to Wrongful Convictions, for an interesting analysis of how a judge or jury’s failure to comprehend mathematics might lead to miscarriages of justice.

Fraud & Crime Blogs

Fraud Tech on a $20 - Image by Jack Spades

Fraud Tech on a $20 – Image by Jack Spades

  1. The Fraud Files BlogOpened: November 2005, with prolific and regular posts since. Style and Focus: This blog is focused on fraud of all kinds, from small to massive, on a national scale. Expect lots of links to related information, quality writing, and informative posts. What to Read: MckMama House Fire is Not Suspicious In the Least, for a tale of a bloggess gone bad.
  2. Expert Witness BlogOpened: March of 2007, with near daily posts. Style and Focus: Most posts are very brief and present readers with information about what expert witnesses are testifying about in trials around the nation. Some posts focus on preparing witnesses for trial, news, or other relevant information. What to Read: Environmental Health Expert Witnesses & Hanford Nuclear Reservation, for a typical post example.
  3. Grits for BreakfastOpened: January 2004, with highly prolific and regular posts since then. Style and Focus: A very well-respected blog focused on Texas criminal justice. The author has been recognized for his excellence from a number of Texas newspapers, organizations, and other criminal justice bloggers and even won a handful of awards over the years. Except quality writing, well-researched content, and no-nonsense (and often contrary) opinion delivered near daily. What to Read: A forensic science ‘blockbuster’ and limits of accreditation, taking a glance at several forensic science news articles and points to the shaky ground some forensic data is built upon.

Forensic Anthropology & Psychology

Bones in the Monasterio de San Francisco, Lime, Peru. Photo by Phil Whitehouse.

Bones in the Monasterio de San Francisco, Lime, Peru. Photo by Phil Whitehouse.

  1. Forensic PsychologistOpened: April of 2007, with at least a post a week consistently since then. Style and Focus: The site itself is a little aged, but that has no impact on the quality of its contents. Blogger Karen Franklin, Ph.D. is an experienced forensic psychologist and adjunct professor who has served as a criminal investigator and legal journalist. She has the chops and the ability to write effectively about what she knows. Her posts cover news, resources, case studies, methodologies, and more in the fields of criminology, forensic psychology, and psychology law. What to Read: Beware “voodoo” brain science, for an examination of some of the controversial claims made by proponents of brain imaging as a way to distinguish potentially dangerous traits in an individual.
  2. Mind HacksOpened: November 2004 with consistent and prolific posts since. Style and Focus: Clean design with easy navigation introduces readers to a site loaded with information presented from very prolific bloggers. Posts focus on the fascinating world of neuroscience and psychology. Well-written responses to news articles, explanations of weird brain quirks, neuroscience history and notable figures, and much more can be found here. What to Read: A brief history of narcoanalysis, for a fascinating introduction to the use and history of the administering of ‘truth drugs’ to elicit supposedly truthful confessions.
  3. Smith ForensicOpened: September of 2004 with consistent and prolific posts since. Style and Focus: This blog offers a simple, clean style and easy navigation with a focus on forensic pathology as presented by blogger Harold Levy, a Toronto Star investigative journalist who gained an interest through his reporting on once famed doctor Charles Smith. His blog examines flawed pathology and delves into the cases they impact around the world. He also examines junk science and its impact in criminology broadly.  What to Read: Marvin Wilson: How Texas is using literature rather than scientific methodology to kill a clearly retarded man – to circumvent the U.S. Supreme Court. – For a heart-rending examination of an abuse of the justice system, forensic science, and one man’s life.
  4. Bones Don’t LieOpened: Style and Focus: Written by mortuary archaeology and bioarchaeology graduate student Katy, this blog shares her discoveries, like a recent dig in Oakington containing the burials of over 100 Saxons. She also writes about forensic techniques, archeological history, news, and more on a blog that is beautiful and easy to navigate. What to Read: Displaying the Famous Political Dead, for an interesting glimpse into the practice of preserving the notable dead for public display.

Forensic Companies

  1. Forensic Technology NewswireOpened: April 2009 with frequent but irregular posts. Style and Focus: Their style is much more like a newsfeed than a personal blog, they keep readers up to date on how their products are being used and received around the world, as expected from a company blog, but they do so with solid and informative writing.  What to Read: CSI: Miami & Real Forensics: We Won’t Get Fooled Again, for a post examining the relationship between CSI and real life crime solving.
  2. Forensics Blog (BCIT)Opened: July 2010 with consistent weekly posts since. Style and Focus: A simple interface greets visitors in this Forensic Institute’s blog focused on forensic education, Canadian forensics, news, events, and advancements in forensic science. Most posts are short and sweet. Those local to the area will also find timely related job postings and course updates. What to Read: Forensics’ Grad Bringing Backpacks to the Homeless, for a lovely quick bio on a recent BCIT graduate doing good for her community.
  3. The Forensic GroupOpened: Style and Focus: Clean and straightforward writing designed to inform and educate readers on the methods and developments in computer forensics tactics and technology. Some news and events are introduced as well as case studies. Clean interface but somewhat difficult to navigate. What to Read: Computer Forensic Artifacts: Windows 7 Shellbags, for an informative introduction to how Win7 Shellbags can be used to trace activity and contents in computer forensics.

Forensic Imagery & Artists

1940 Mugshot - Image by Lisa Bailey

1940 Mugshot – Image by Lisa Bailey

  1. Four And SixOpened: June 2011 with regular posts, about one a week, consistently since day one. Style and Focus: Four and Six offers its readers a clean style with useful posts ranging from image forensics techniques to thoughtful posts on ethical treatment of imaging tools and news and information related to image tampering.   What to Read: The Case of the Pole in the Middle of the Road, for a nifty inside glimpse into what photographic forensic investigation.
  2. Forensic Video and Image AnalysisOpened: September 2007 with consistent and prolific posts ever since. Style and Focus: An absolutely fantastic resource for anyone who is involved or interested in image forensics, this highly active blog provides readers with information or resources on tools, software, product reviews, technique basics, image forensic cases, educational opportunities, and a mix of personal insight. Very informative, well-written, and easy to navigate. What to Read: Learn new Photoshop features in a click, for an introduction to a free and handy tool available to improve your Photoshop CS6 experience.
  3. Ask a Forensic ArtistOpened: January 2010 with regular and prolific posts since. Style and Focus: This well-designed blog is a great tool for other forensic artists, those who want to be, and those who are just simply fascinated by the process. It includes techniques, news, educational opportunities, fascinating interviews from other forensic artists, and more. What to Read: The “Pencil Trick” for Edentulous Skulls… Debunked, for a great breakdown of what the pencil trick is, and why it doesn’t at all work as it is supposed to, with photographic evidence.

 

Top 30 Privacy Blogs

With the recent unveiling of the intense Internet surveillance operation being carried out by the NSA, more people than ever are interested in keeping up to date on the latest laws, news, software, and other information related to maintaining privacy online. There is an immense number of blogs related to information security in all of its incarnations, so we have picked through the offerings to find you the best blogs that deal specifically with personal privacy law and technologies. These are listed mostly without any indication of which is better than any other and are instead separated into categories based on their focus. The focus of the blogs includes hacking methods, ways to protect yourself from identity theft, news on information security topics, and discussion about censorship and identity law.

 Privacy image by Sean MacEntee

Cream of the Crop

  1. The Privacy Blog – In a list of privacy blogs, one named The Privacy Blog would clearly seem to fit the criteria. Luckily, it is also one of the best in the genre for details on privacy in the technological world. Updates are posted weekly, and most of the content is original. This includes a podcast for those who would rather listen to news on the latest security threats. Content covers security technologies, opinions on privacy and hacking litigation, and news related to privacy threats and tools. Check out their latest podcast to get a taste of the monthly episodes.
  2. Electronic Frontier Foundation – The EFF is an organization dedicated to the defense of the right to privacy in a world where everyone from the hacker kid down the street to the government can snoop on you. Their Deeplinks blog includes almost everything related to privacy and personal rights with an impressive amount of content delivered daily. If there is news that remotely touches on electronic privacy – whether its copyright laws, government surveillance, hacker tricks, or even just swag – you can find it here, but the blog does have a marked legal focus. Check out this article on the issue of warrantless DNA acquisition.

Privacy on the Net

  1. The Online Privacy Blog – This blog is run by the company Abine, an Internet privacy software developer with products like DeleteMe and DoNotTrackMe. The content is a mix of news about online privacy laws, security breaches, tips for keeping yourself secure while using social media and other common online services, and press releases for the company. Two articles a week is the rough release schedule. Check out a report on the surveillance capabilities of Microsoft’s next console, the Xbox One.
  2. EPIC: Electronic Privacy Information Center – EPIC is an organization that provides information with a focus on online privacy, though they do branch out into related technological fields such as biometric data, drones, and other hot button issues. The majority of the site content is in their static information, but their news feed does provide short updates on current news and events. If you want to get a quick synopsis of privacy related news without excess analysis or reading, then their blog should come in handy. The rest of the site is also extremely valuable for its large amount of educational material. Check out their news report on a Supreme Court ruling on DNA privacy.
  3. WIRED: Threat Level Blog – WIRED is a site renowned for its news and insights into the world of technology, and their Threat Level blog applies the same quality of content to the dedicated topic of privacy and the law within the context of technology. Thanks to WIRED being a news organization, the tone of the articles stays more subjective than personal or company blogs, though opinion always bleeds through in writing. Check out this opinion article on email privacy law and the lack of protection that electronic communications receive legally.
  4. Freedom to Tinker – FtT posts focus on news related to technological privacy and law alongside a large amount of insightful commentary and opinion pieces. The number of writers is smaller than you will find on some bigger websites, while still being large enough to provide more variety of opinion than a single user blog and a decent update schedule. Check out this article from 2006 on wiretapping abuse and the NSA that foretells some of the recent privacy related news.
  5. ACLU on Technology and Liberty – The ACLU is a well-known American organization dedicated to the preservation of civil liberties in every form they take. Their blog is a robust and well-developed collection of useful and informational content on a variety of topics, and because of the volume of information they cover, the blog has several subsections to help those looking for information on a specific topic. For online privacy related news, the Technology and Liberty section is where you want to go. Check out this article on metadata to see just how important it can be in light of the NSA surveillance issue.
  6. Center for Democracy & Technology Blog – The CDT is an organization similar to the ACLU but with a focus on influencing policy related to the freedom to privacy and expression on the Internet. Unlike most of the above blogs, the CDT has a broad, worldwide view and will often discuss online privacy policy from nations other than the US. There is still more focus on American and EU news, but it is refreshing to get a glimpse of the world at large. Check out one of their weekly looks at global policy for news from Syria, Japan, China, Taiwan, and Australia.
'Eyeing John Marshall Law School' photo by Seth Anderson.

Photo by Seth Anderson

Privacy Law & Policy

  1. FCC Blog – The Federal Communications Commission is an organization with which most American are familiar due to its role in radio and television broadcasts as well as the Internet. As it is a government website, you can expect a lot of dry content and not so much in the way of unique viewpoints, but it is a good idea for Americans to stay abreast of an organization that influences their online privacy to a large degree. Check out this article detailing some of the consumer protection services the FCC offers.
  2. Privacy Law Blog – The Privacy Law Blog is managed by the Proskauer law firm, a group with a focus on international privacy law. The blog content does trend to US and EU policy and law. The topics covered are usually about informing about laws concerning privacy, patents, and security and updates to them. Though the release schedule is low compared to some of the others on the list, they still tend to release an article every week. Check out this report on the conundrum of when European privacy law applies to American companies.
  3. Privacy & Security Law Blog – The editors and contributors of this blog belong to the Davis Wright Tremaine law firm, a nationwide entity with over 500 associates. Their firm handles cases covering a wide variety of subjects, but the privacy and security blog is managed by their resident expert associates on the topic. Articles range from discussion on cybersecurity, discussion of data standards like HIPAA, and news related to changing laws regarding privacy and technology. Check out their report on a recently introduced federal data breach law.
  4. Law and Terrorism – Gregory S McNeal is a security specialist and university professor who has received national recognition by news corporations, Congress, the military, and other notable organizations. His blog only features content he writes himself, leading to a low update rate with articles that trend towards his focus and activities at the time, but this does mean the content covers topics that might not be the focus of other privacy blogs at the time. Check out his article on drones and due process to see the focus of his latest work.
  5. CERIAS Blog – The Center for Education and Research in Information Assurance and Security is an organization ran by several Perdue university professors and contributors. They broach topics ranging from the technical aspects of ensuring privacy in a digital world to the ethical, moral, and legal guidelines that govern the behavior of individuals and organizations when it comes to information privacy. The blogs content is updated one or two times a month, but every article is unique, lengthy, and full of useful information on security and privacy topics. Check out their objective look at NSA’s PRISM program.
  6. beSpacific – Most of the content on beSpacific is collected news and information about privacy, law, technology, copyrights, and finance. Rather than a blog to go to for original content, beSpacific is an amazing resource and repository for documents, press releases, and other articles in the topics it covers. Content is added daily, and on many days you will find up to ten new posts. Check out the main page. There is no better way to get an idea of the bevy of information hosted on the blog.
See ID - Photo by Bryan Rosengrant

See ID – Photo by Bryan Rosengrant

Privacy & Identity

  1. Privacy Rights Clearinghouse – The PRC is a nonprofit organization based out of California whose mission is to “engage, educate and empower individuals to protect their privacy.” The blog itself is not updated frequently, but the amount of information available regarding privacy concerns on the site in general is staggering. Check out this article for a few simple tips on keeping your privacy private.
  2. Bruce Schneier’s Blog – Bruche Schneier is an internationally reknowned security specialist, a member of the board of directors of the EFF, and has published multiple books concerning security and cryptography. His blog content includes recordings of his speaking events, articles and opinions written by him, links to interesting security and cryptography articles, and important news on the same. All of his articles are well-cited and in a format that makes them both look professional and easily understood. His insights are great, and if you like his blog then you should definitely check out his published work. Check out his comparison of the privacy abuse of online companies to the Game of Thrones.
  3. Identity Theft Blog – The entire purpose of this blog and the other portions of its site is to educate people on the dangers of identity theft and how to protect themselves from those who would steal their information and put it to nefarious use. The updates are a bit slow, averaging two posts to the blog per month, but the extra content value in the rest of the site more than makes up for it. If you want to get educated on identity law, identity theft tactics, and how to protect yourself from identity theft, stop by this site. Check out this article showing how something as simple as filling in the information necessary for an insurance quote can give up compromising data.
  4. Spaf Blog – The Spaf Blog contains content written or reposted by Professor Eugene H. Spafford, an educator who specializes in digital forensics, privacy, and information security. He is also the founder and director of the CERIAS web blog listed in the above section. The original content is published roughly on a monthly schedule, but reposting occurs daily. There are over 5,000 article links on the over 500 pages of the blog. Check out the very first page for links to over a dozen high quality privacy articles.
  5. IdentityWoman – The alter ego of Kaliya Hamlin, IdentityWoman, is an intensely active force in the field of privacy information security. Her grammar and punctuation may not be perfect – meaning grammar nuts should avoid the blog – but it is to be expected given the busy schedule the super-heroine keeps. The content on the blog ranges from videos of her talks at various conferences (and “un”conferences), updates on notable privacy events, and her work in an astounding number of IT groups, consortiums, and organizations. Check out the collection of her speaking appearances for some good audio on user-centric identity.

Safety Awareness Week 2011 – NASA Goddard Space flight Center

Security

  1. Krebs on Security – Brian Krebs got into information security for the same reasons many people do these days: thanks to the attacks of hackers on his personal computer network. This sparked a long career of security writing for the Bachelor of Arts, including a long stint as a major security author for the Washington Post with several front page appearances. As far as the blog goes, it is one of the best for quality, the amount of information presented, and originality. The frequency is also very good for the general quality and being a personal blog. Check out his article on the Styx exploit package and the article detailing the story behind its creation and marketing for a look at the brazen offering of script-kiddie tools.
  2. 1 Raindrop – This blog, written and maintained by Gunner Peterson, focuses on security more from a business standpoint than it does on individual privacy and identity. The posts are long and informative, but they assume some familiarity with security issues and the technologies from which they derive. This makes it not so friendly to newcomers to the world of security, but it is more useful to those who want high level information. The blog is updated roughly three to four times a month with mostly original articles of notable length. Check out this article on mobile APIs and security, a useful and important consideration for any business.
  3. CERT – The US government’s Computer Emergency Readiness Team’s site does not officially call itself a blog, but the main page is comprised of time-ordered updates that keep you posted on the latest patches for notable applications like WordPress, Adobe, Java, and Google apps. The site should be on every CEO’s and CISO’s short list to check frequently to see if they happened to miss any important updates. They also occasionally post security bulletins and information from themselves and large IT companies. In addition to their tracking of security updates, the site features a number of resources on protecting yourself from online threats and general security information. Check out the National Cyber Awareness System, a springboard for links to information on security.
  4. Bleeping Computer – While the main page does feature a blog roll of updates and articles, Bleeping Computer is far more than just a security blog. The blog updates themselves are standard fare for a security focused blog, though the focus is clearly on education and teaching for people who might not be as tech savvy as some professionals or enthusiasts.  Once you have gotten your daily update, swing over to the forums and other information resources to get help on understanding and fixing computer problems ranging from security issues to day to day malfunctions. A great overall resource for computer users of all skill levels. Check out their guide on how to remove a tricky bit of disguised malware that disguises itself as antivirus software.
  5. Malware Don’t Need Coffee – While the writing style is haphazard and points to someone using English as a second language, there is no better blog out there if you want to know everything there is to know about the latest malware and exploit kits on the streets. The posts are extremely tech heavy, so less savvy readers will likely need to do additional research when reading. Posts come roughly every two weeks, but they are loaded with content and worth the wait. Check out this detailed and lengthy article on the ransomware called Urausy.
  6. InfoWorld’s Security Articles – InfoWorld is a news site, similar to Wired, which focuses on everything technology. Just like Wired, they also feature a dedicated section for security related articles. As with other news sites, you can expect frequent updates and original content with a more neutral tone overall. You can also branch out from security related articles into general technology news when you finish getting updated. This is a great resource to keep on hand and check daily. Check out this article on bug bounties, the new method larger IT companies are using to hunt down security vulnerabilities in their applications.

Company Blogs

Most of these companies function in the Information Security world in some form or fashion. They usually maintain fairly decent blogs as a way to generate site traffic, keep their users informed, and to increase their appearance as “leaders” in the field. You do have to watch out for product placement in some of them, but they are self-motivated to provide good and reliable information that keeps people coming back.

  1. Fortinet Blog – Fortinet is a company that produces physical and virtual firewalls alongside other network security equipment and applications. The blog sees regular contributions from five different writers, keeping things both fresh and current. Article topics are typically educational pieces on malicious IT attack forms, patch updates for major IT organizations, and security and privacy related news.Check out this post on how to determine if a seemingly innocuous email in your inbox might just be a phishing attempt or other scam.
  2. FireEye Blog – FireEye is an Information Security company with a focus on antimalware applications, penetration testing, and overall system protection. Their blog focuses on the latest trends and tools in malicious cyber activity, and there is a definitive slant towards tech-heavy articles. A great resource, but those less inundated in the world of IT may have to spend some time with Google to get the full value that the articles represent. The speed of their updates is a bit slow for a company blog, averaging two to three posts a month. Check out this informative post concerning a Trojan that recently swept across Asia.
  3. Kaspersky Blog – Kaspersky is most widely known for their antivirus and antimalware applications. There is a bit more “Yay Kaspersky products!” in this blog compared to some of the other companies, but it still manages to get balanced out by the actual information. Check out their article detailing the dangers and costs of employees misusing networked devices while on the job.
  4. SANS Securing the Human – SANS is a company that works to increase security on what is most often the biggest weak point in a network, the human user. On their blog, you will usually find articles relating to attacks that attempt to take advantage of the user, such as phishing attempts and other social engineering scams. They also have a monthly newsletter full of extra material. Check out their look at passwords, one of the biggest mistreated tools in keeping things secure.
  5. TrendMicro Blog – Like Kaspersky, TrendMicro focuses on malware detection, prevention, and removal software. The blog itself tends to focus on preventative measures against malware and other security related issues. The update schedule is fairly slow for having multiple writers, but there is no rehashed content. Check out a post on the dangers of media overflow when it comes to your pictures and other digital information that ends up stored on the Internet, forever.
21

30 Best Fictional Detectives

Introduction

 

A good mystery should be a treasured find. Accompanying an investigator on their adventures as they try to undercover the truth or track down a criminal is an experience like no other, no matter what style of detective they are. Nothing works up adrenaline like accompanying a hard-hitting detective tracking down a murderer.  Nothing excites the logical parts of the mind like seeing a skill sleuth unravel the convoluted trappings of a mastermind’s schemes. And nothing is quite as hilarious as watching a bumbling detective stumble through an investigation, cause mayhem, and still somehow end up solving the enigma. While it is hard to whittle off many of the great detectives that have been created for humanity by the minds of writers throughout the years, we have undertaken that difficult task and came up with 30 of the best fictional detectives in history.

In No Particular Order…

 

Picture courtesy of Flickr user dynamosquito

Sherlock Holmes – No list about the best fictional detectives will ever be complete without this infamous gentleman detective from the mind of Sir Author Conan Doyle.  Detective Holmes has been the inspiration for many, many investigative characters since his birth in the late 1800s. He has been reimagined on stage, in radio shows, and quite a few movies.  As a detective, he is known for his logical reasoning, early use of forensic science, and penchant for costume.  Quote: “Elementary, my dear Watson” In truth, this was never uttered by our esteemed Holmes but it is nevertheless representative of the character and his attitude.

The Hardy Boys – Inspiring the adventures of young boys since 1927, Frank and Joe Hardy, the teenage brother detectives, have appeared continuously in print, have starred in computer games, television shows, and even been parodied in South Park. The earliest books were praised for the excellent writing of a caliber not normally found in children’s books of the era. Surrounded in a rather felonious small American town, they play perfectly bonded intelligent young men with free access to cash as they weave their way through the mystery and action that lands in their path.  Quote:  “A secret door!” Joe said. “We haven’t’ seen one of these in, oh, several months,” Frank said.

Nancy Drew – Much like theHardy Boys, Nancy Drew has been inspiring girls since the 30s. The character was even the brainchild of the Stratemeyer Syndicate, the same group responsible for the Hardy Boys. Nancy was an immediate hit and has seen continued popularity ever since. My like the Boys, she’s appeared in television, movies, and video games. She has been an inspiration for a number of other girl detectives, and kick started a genre all its own. She is well known for having a can-do attitude, especially noticeable in her ability to drive and fix up her own car. Despite attempts to keep her domesticated by generations of ghost writers, Nancy has managed to maintain her independent quality. Quote: “If a guy’s hunch results in a dead-end, don’t flaunt your better judgment and intuition in front of him. Smirk secretly to yourself.” – The Phantom of Pine Hill

Miss Marple  – The brainchild of Agatha Christie, Jane Marple appeared in 12 novels and 20 short stories as an elderly spinster who fills up her free time resolving the assorted mysteries in her home of St. Mary Mead. She is the counterpart to the gentlemen detective genre, a well-bred, well-educated older woman applying her keen wit, experience, and knowledge to the challenges of solving crime. The character evolved markedly over 40 years, starting off as a shrill and nasty gossip and growing to a more dynamic and well-rounded genteel lady. She had a remarkable tendency to connect every case to a story of her past and casual comments to key details of her current case. Quote: “People with a grudge against the world are always dangerous. They seem to think life owes them something. I’ve known many an invalid who has suffered worse and been cut off from life much more… and they’ve managed to lead happy contented lives. It’s what’s in yourself that makes you happy or unhappy.” – A Murder is Announced

Dirk Gently– This fictional detective created by Douglas Adams was introduced in the books Dirk Gently’s Holisitc Detective Agency and the Long Dark Tea-Time of the Soul. His real name is Svlad Cjelli which, as Dirk puts it, has a ‘Scottish dagger feel’ to it. Known for his ‘holistic’ approach to investigations, Dirk uses this to justify his extensive bills which include things like tropical vacations. Surprisingly, none of his clients ever manage to actually pay him. He is also a psychic in denial, believing himself to have a ‘depressingly accurate knack for making wild assumptions.’ He was supposed to appear in a third book, The Salmon of Doubt: Hitchhiking the Galaxy One Last Time, but it was never completed. Quote: “Don’t you understand that we need to be childish in order to understand? Only a child sees things with perfect clarity, because it hasn’t developed all those filters which prevent us from seeing things that we don’t expect to see.” – Dirk Gently’s Holistic Detective Agency

Philip Marlowe – Arguably one of the most significant figures in the ‘hardboiled crime fiction’ genre, Marlowe was first created by Raymond Chandler in 1939 for The Big Sleep. He also appeared in Farewell, My Lovely, and The Long Goodbye. This was followed by a number of films, radio shows, television adaptations, and one videogame. Philip is the hard drinking, gruff yet oddly charming PI. His rough personality is rounded out with a thoughtful mind well versed in poetry, philosophy, and a fair hand at chess. He drinks whiskey and is finicky over his coffee. The femme fatales common to the genre aren’t nearly as adept at distracting him.  Quote: “I don’t mind your showing me your legs. They’re very swell legs and it’s a pleasure to make their acquaintance. I don’t mind if you don’t like my manners. They’re pretty bad. I grieve over them during the long winter nights.”  – The Big Sleep

Picture courtesy of Flickr user California Cthulhu (Will Hart)

Sam Spade – Though not as widely appearing as some of his peers on this list, Sam Spade nevertheless left an indeliable mark upon the detective genre. Famously portrayed by Humphrey Bogart in one of the movie adaptations of his book, The Maltese Falcon, Sam Spade is not at all a gentlemen detective. He’s a shifty character capable of getting himself in and out of fixes with equal skill. Despite disliking his partner, even sleeping with the man’s wife, he goes all out when the man is murdered to bring his killers to justice. Quote: “The cheaper the crook, the gaudier the patter.” – The Maltese Falcon

Lord Peter Wimsey – Lord Wimsey is an archtypical representative of the British gentleman detective as conceived by Dorothy L. Sayers. He appeared first in Whose Body? In 1923 and subsequently solved murder mysteries in another 13 novels, 5 short stories, and assorted stage, television, film, and radio adaptations. In addition to solving assorted murders in his spare time, the great Lord Wimsey authors his own books, including ‘Notes on the Collecting of Incanabula’, his other genteel hobby. He is also a wine, fashion, and classical music aficionado. The character was in part a light satire on the British upper class.  Quote: “It’s all right, Helen. That’s not swearing, that’s an adjective of quality.” – Clouds of Witness

Hercule Poirot– Around for a remarkable 55 years and appearing in 33 novels and over 50 short stories, Mr. Poirot has been a fixture in the detective genre for many years. Created by Agatha Christie alongside Miss Marple, this dignified Belgian detective solves crimes with the use of logical reasoning, or as he puts it ‘order and method’. Mr. Poirot also appeared on stage, in a number of film adaptations, several television shows, an animated series, and a number of radio dramas. Quote: “Chief Inspector, you have been thinking again. I have warned you of this before.” – Hercule Poirot’s Christmas (#6.1)

The Scooby Gang – The gang of animated teenaged friends (and one oversized dog) solve mysteries much to the dismay of the perpetrators whose plots they foil. These meddling kids include an unlikely array of friends, the All-American teen couple Daphne and Fred, the intelligent and shy Velma, the fumbling and perpetually starving Shaggy and his trusted sidekick and trouble-maker Scooby. These teens have a knack for shattering attempts to use fear of the supernatural to conceal criminal activity. Their antics inspired many television series, a number of films, video games, and stage performances. Quote: “Velma, here’s the only thing you ever need to know about boys. They are stupid. If you give a boy two choices, a smart one and a stupid one, he will always make the stupid one every time. That’s why you never give them a choice.” – Daphne Blake in Scooby-Do! Mystery Incorporated

Picture courtesy of Flickr user ostromentsky

Columbo – A homicide detective for the LAPD, Peter Falk is a gregarious, slightly rumpled detective who manages to get the job done in part because most of his targets underestimate him. He tends to talk too much and often seems to be a bit of an airhead, though in reality he has a keen attention to detail and a quick wit that helps him piece together the events of the crimes he investigates. The series ran for 10 seasons from 1972 till 1990 and continued in special runs as recently as 2003. Quote: “Perfect murder, sir? Oh, I’m sorry. There is no such thing as a perfect murder. That’s just an illusion.” – Columbo: Now You See Him (#5.5)

V.I. Warshawski  – Warshawski is a woman in charge: sexy, smart, and packing heat. After earning a law degree and serving as a public defender, she decides to go the route of the one pursuing justice on the streets, particularly in the case of white-collar crimes that might not get as much attention from the police in the gritty world of Chicago politics. The fierce detective is not afraid to get into the melee, making it quite amusing that her best friend is the one who treats the war wounds from her escapades. Due to her ferocity and strength, Washawski is considered by many to be a strong, feminist detective. Quote: “Never underestimate a man’s ability to underestimate a woman.” – V.I. Warshawski

Dr. Temperance “Bones” Brennan – Based loosely on real life real life anthropologist and author, Kathy Reichs, Dr. Brennan represents a very unique sort of detective on this list. She solves crimes current and ancient with her companion FBI agent, Seeley Booth and a crew of brilliant and eccentric scientists housed at the Jeffersonian Institute on the TV show Bones. Her top-of-field expertise in forensic anthropology allows her to unravel clues from the bones of the victims. Her no-nonsense attitude and adherence to an absolutely logical worldview both aides in her field investigations, generating a lot of unintentional hilarity along the way. The character also applies her professional knowledge to her writing career, becoming a bestselling author of crime novels during the course of her show. Quote:  “I’ve noticed that very few people are scary once they’ve been poked in the eye.” [to murderer who is trying to put a voodoo curse on her, so she pokes him in the eye to shut him up] – “Bones: The Man in the Morgue (#1.9)

Perry Mason – Mason is one of the most famous and prolific figures in recent detective fiction. Featured in close to 100 novels, a radio series, two television series, and over 30 made-for-TV movies. As a defense attorney, he was known for not shying away from the most difficult and hopeless cases and always fighting to the end for his clients. He does engage in some questionable actions early on in his history, but for the majority of his existence, Mason is an ethical idealist who sticks to the books and wins his cases by his wits and the evidence. The Mason stories do conform to a predictable pattern, but the enjoyment is in the details. Quote: “She’s more of a legitimate fake than I thought she was.” – The Case of the Curious Bride

Elijah Baley– Though he does not appear in a large number of works, Baley’s impact on the world Isaac Asimov created is profound. There are only four stories that feature Baley: The Caves of Steel, The Naked Sun, Robots of Dawn, and a short story titled Mirror Image. He operates in a world far different from ours, where robots are commonplace and Earth is filled with humans who live in enclosed cities. The mysteries Baley investigates are worthwhile for their whodunit quality, but they also investigate questions of a sci-fi nature and connect to the greater works of Asimov. Quote: ““The work of each individual contributes to a totality and so becomes an undying part of the totality. That totality of human lives–past and present and to come–forms a tapestry that has been in existence now for many tens of thousands of years and has been growing more elaborate and, on the whole, more beautiful in all that time. Even the Spacers are an offshoot of the tapestry and they, too, add to the elaborateness and beauty of the pattern. An individual life is one thread in the tapestry and what is one thread compared to the whole?” – Robots and Empire

Harry Dresden – Part detective, part fireball-throwing wizard, Harry Dresden has the unenviable task of solving mysteries in a world where things do not always conform to the rules of nature and science. The Dresden Files, the name for the book series and the short-lived television series, follows Harry through a world of vampires, werewolves, spirits, and crimes both mystical and mundane. Harry himself is a tough, stubborn young man with a sharp wit he used for detective work and pithy remarks against antagonists. Did we mention he can shoot fireballs? Quote: “Laugh whenever you can. Keeps you from killing yourself when things are bad. That and vodka.” – Changes

Kinsey Millhone – The main character in Sue Grafton’s alphabetically named series of detective stories, Kinsey Millhone is a feisty woman who has never quite played by anyone’s rules but her own. She was a delinquent as a teenager, dropped out of academics to pursue police work for more action, became an insurance investigator after that proved boring, and finally went on to become a private detective. The books are well-written murder mysteries that pit Millhone into tough situations only to prove she is tougher and smarter than anything that comes her way. Quote: “You can’t save others from themselves because those who make a perpetual muddle of their lives don’t appreciate your interfering with the drama they’ve created. They want your poor-sweet-baby sympathy, but they don’t want to change.” – T is for Trespass

Photo courtesy of Flickr user cdrummbks

Dave Robicheaux – James Lee Burke’s bad boy detective patrols the swamps of New Iberia, Louisiana, managing to break most of the rules, fight off his inner demons, and still catches the criminals at the end of the day. Some readers may find Robicheaux an overly cynical and irritable antihero, but the character is rounded underneath the wooden exterior. The murder and mayhem in the books is as gritty and dark as Dave, setting the stage for an enjoyably gruesome world of murder mystery. Quote:  “When people make a contract with the devil and give him an air-conditioned office to work in, he doesn’t go back home easily.” — In the Electric Mist With Confederate Dead

Photo courtesy of Flickr user Jeffrey Beall.

Charlie Parker – It is difficult enough to be a detective, and dealing with supernatural horrors at the same time makes it a true challenge. John Connolly’s underappreciated work is a wonderful world to dive into for those looking for a more obscure detective series. Parker himself is a bad boy in a bad world, and Connolly masterfully blends the touch of supernatural horror alongside the shadow of mystery. The horror and supernatural elements do come to take on a greater focus as the series progresses, so if you are looking for a realistic detective series, the Charlie Parker series may not be the best bet. Quote: “Why did you shoot him?” “You weren’t around,” I replied, my teeth gritted in pain. “If you’d been here I’d have shot you instead.” – Every Dead Thing

Image courteys of Flickr user scampion

Harry Bosch – Hieronymus Bosch, called Harry by most, had a rough time as he grew up. He was born to a prostitute, did not know his father until much later, his mother died when he was 11, he bounced between foster homes, and ended up in Vietnam while still a teenager. Despite the fires Michael Connelly put his detective through, Bosch turns out to be an all-around good guy who believes in doing the right thing, even if it means going against the norm or the boss. If you find yourself making it through all 16 Bosch novels and still wanting more, check out Connelly’s Mickey Haller series. Quote: “Everybody counts or nobody counts.” – Personal motto of Harry Bosch.

Bobby Goren – A main character in the Law and Order spinoff Criminal Intent, Goren is a dogged investigator with an attitude and a sometimes violent temper. His passion for justice is the main cause of his occasional rages, but there is no questioning that he gets the job done, even if criminals have to be wary of him for more than just the high likelihood of him putting them in chains. Law and Order stories are always gripping, and Bobby Goren is one of our favorite lead investigators throughout all of the spinoffs for blending humor and skill while being vulnerable enough in his emotional issues to be relatable. Quote:  “The only medical condition you have is denial.” – Law & Order: Criminal Intent: Jones (#1.5)

Batman – The Dark Kinght might seem to be a poor example of a detective if you were to base your opinion off just the recent movies starring Christian Bale, but the real Batman does just as much investigation as he does bad-guy stomping. Armed with the latest in technology  for whatever era he is in at the time, photographic memory, and sharp analytical skills, Bruce Wayne is the only one who can root out the hidden plots of the nefarious super criminals in Gotham City. Of course, once he does find out what they are up to, he puts the fear of the bat into them. Between multiple comic book series, cartoons, live action shows, movies, and games, you will have trouble getting through all of the available material on Batman without devoting time to him every day. Quote: ­­­­“He thinks he can scare me. He thinks he can stop me. There’s nothing wrong with him a bullet in the head won’t fix.” – Batman Detective Comics Vol 1 734, Mark of Cain:2

Dick Tracy – The world of Dick Tracy is a dark one inspired by the feel of Chicago in the 1930s, full of grotesque and cruel villains, backstabbing, and the hopelessness of the fight against crime. You can draw many parallels between Batman and Dick Tracy: both are detectives, fancy gadgetry becomes important later on in the Tracy series, and both have cities plagued by demented criminals. Tracy is the less skilled detective, though that could be due to his cases being relatively simple, but he has the everyman spirit that billionaire Wayne can never have. Quote: Breathless Mahoney: “Thanks for calling. I was beginning to wonder what a girl had to do to get arrested.” Dick Tracy: “Wearing that dress is a step in the right direction.” – Dick Tracy (1990)

Dr. R. Quincy, M.E. – One of the first shows to include hard forensic science, Quincy M.E. follows the work of forensic pathologist R. Quincy, whose first name was never clearly given. A gentleman and a scholar, Quincy uses his position as a medical examiner to probe into their deaths and root out the real killer. Later on in the series, he even finds himself in the middle of deep social issues of the time. If you want a taste of the original version of CSI, check out Quincy M.E. Quote:  “Gentlemen, you are about to enter the most important and fascinating sphere of police work: the world of forensic medicine, where untold victims of many homicides will reach back from the grave and point back a finger accusingly at their assailant.” – Quincy M.E.: Go Fight City Hall… to the Death (#1.1)

Lennie Briscoe – A major character in the Law and Order universe, Briscoe was the head detective in the original series and had appearances in both the Trial by Jury and Special Victims Unit spinoffs. His quips at the crime scene, sharp one-liners, cool demeanor, and dry wit belie his dedication to his work and getting to the truth. The best part about getting to know Briscoe is that you have almost 300 episodes in which to do it. You will also likely come to enjoy Briscoe’s interactions with his two partners: the stodgy and moral Curtis, and the brash rule-bender Green. Quote: “Love: a devastating disease instantly cured by marriage.” – Law & Order: Couples (#13.23)

Inspector Gadget – Another on our list who began as a cartoon, Inspector Gadget could be considered a defective detective, reminiscent of other simpleton detectives like our next one. Luckily, being a cyborg full of interesting tools like a helicopter, spring-loaded feet, and other crime-fighting tools keeps him going in the crazy situations in which he puts himself, and the crimes always end up being solved thanks to the work of his daughter, Penny, and their intelligent and aptly named dog, Brain. Quote: “It’s like I always say, Penny: If you can’t lick ’em, join ’em. Then lick ’em.” – Inspector Gadget, Down on the Farm

Inspector Clouseau– Proving that you do not have to be smart to be a successful detective, at least in the world of fiction, Clouseau is the epitome of the bumbling detective archetype. Even the above detective’s outfit was based on Clouseau’s typical attire, as homage to the older compatriot. Despite Clouseau failing at even the most basic investigative tasks in dramatic fashion, he always seems to come out ahead and solve the case. His unlikely successes are so far beyond the realm of reason that they even drive other characters in the story insane. To catch the first appearance of Inspector Clouseau, watch the original The Pink Panther from 1963. Quote: ”There is a time to laugh and a time not to laugh, and this is not one of them.” – Inspector Clouseau (1968)

Adrian Monk – Portrayed by actor Tony Shalhoub, Adrian Monk is a neurotic mess. Once a successful detective, the death of his wife due to a car bomb possibly intended for him exacerbated his obsessive compulsive disorder and various phobias to the point that he could no longer function on the force. Eventually, his keen powers of observation and great detective work get him pulled back in as a consultant, though his issues make every adventure even more challenging than it is for a saner person. The show and Shalhoub have won multiple awards, and there are several connected books if you finish the series and crave more. Quote: Sharona Fleming: “Are you sure you’re not getting your hopes up?” Adrian Monk: “That’s what hopes are for.” – Monk: Mr. Monk Goes to the Carnival (#1.5)

Spencer is pictured sitting in the front and center.

Shawn Spencer – Spencer is the lead character in the television series Psych. A child at heart, Shawn never professionally studied how to be a detective, instead learning the powers of observation – to the level of an almost photographic memory – and deduction from his detective father. After a string of failed jobs as an adult and with no credibility to his name, he does what any would-be detective would do: pass off his heightened awareness as extra sensory perception. Accompanied by his best friend, a pharmaceutical salesman named Burton Guster, Shawn begins to solve cases for the Santa Barbara PD while maintaining a façade of supernatural power, delivering pithy humor, childish antics, and daredevil actions. While his appearance is limited to the show, he is still one of the best and most entertaining detectives you will find. Quote – “Oh, you mean my pilot’s license? That’s out back in the Cessna. Or perhaps you’re referring to my license to kill. Revoked. Trouble at the Kazakhstan border. I could give you the details but then I’d have to kill you, which I can’t do because my license to kill has been revoked.” – Psyched: Poker? I Barely Know Her!

Magnum P.I. – Despite being somehow down and out regardless of a string of private cases, Magnum lives one of the most lavish lifestyles of any detective on the list. Set in the scenic Hawaii and in the same fictional universe as Hawaii Five-0, Thomas Magnum is equipped with a number of useful tools: a helicopter pilot friend, an amazing sports car, a glorious mustache, and the best Hawaiian shirts available.  He is also notable for being one of the first depictions of a Vietnam veteran. With beautiful women, interesting cases, and tons of action, Magnum P.I. should be on the short list for anyone looking for a detective series to watch. Quote:  ”I’m not really sure which kind of private investigator I am. The Holmesian-type with the constant deductive mind, or one with a Marlowe-type intuitive sense of the darker side of human nature? Hopefully a combination of both. At any rate, it doesn’t matter. Not when you have a “little voice”. I don’t know, maybe a gently nagging “little voice” is just another way of adding what you know, to what you feel, but right now mine wasn’t “gently nagging”. It was screaming.” (Narration) Magnum P.I., Round and Around (#6.6)

 

25 Best Privacy Apps

Looking for the best apps to protect yourself and your family on your mobile devices? Check out this list, which brings you the best in anti-spyware, anti-virus, phone trackers, data lockdown, and more.

Educate

  1. Clueful – Applications aren’t often clear about what information they are accessing, nor how they intend to use and distribute it once obtained. Clueful helps illuminate this process by running audits on all your existing applications and providing you with clear cut, no-nonsense reports on what applications are leaking about you. It gives you a quick-look at your app’s security with a score, and alerts you promptly when an app is abusing privacy standards. For a subscription fee, you can upgrade the service to include a constant monitor that will lock, locate, and wipe your phone in the event it gets stolen. Also available for iOS. Price: Free.
  2. Protect My Privacy – This application is being developed by UC San Diego as a way of helping them examine privacy on mobile devices. To that end, they collect anonymous data transmitted securely over SSL. Users can choose to not provide data to the study. For users with cracked iPhones, any application attempting to acces your data must first get approval. A message pops up informing users of what data the app is attempting to access, and allows you to fake credentials in some cases, deny access, or allow it. Some data is scrambled to provide an additional layer of protection. Only available for iOS. Price: Free.

Eraser

  1. History Eraser – This simple application makes it easy to wipe sensitive information from your phone, including browser history, call logs, text messages, market searches, clipboard data, and more. Useful for those interested in protecting privacy, but also for those who want to free up storage on their phone. One quick tap will clear your data. Also available for Chrome. Price: Free.
  2. Last Pass – This application has demonstrated its effectiveness for browsers, its mobile version is equally powerful. It automatically fills in forms for every saved site, generates powerful passwords, allows users to add and alter notes and sites easily. Audio and images can be attached to secure notes as well. Also available for iOS, Windows 8, Mac, Linux, BlackBerry, and most other mobile OS. Price: Free 14 day trial, $1 per month pass afterwards.
  3. Delete Me – While not quite a mobile application, this exceptional service can completely remove your sensitive and personal data from the hands of data brokers online, ensuring that private photographs and personal data stay secured. Price: $129 annually for one person, $229 for two people annually.

Photo courtesy of Flickr user Robbert van der Steeg

AntiVirus

  1. McAfee WaveSecure – Recognized in 2010 for excellence from CNET, The NY Times, PC World, Lifehacker, and others WaveSecure offers a solid mobile security package for a good price. It includes lock and wipe features that give you control over a lost or stolen phone, backup and restore to allow you to store important data on the cloud, even after the phone has gone missing, and recover it when necessary from a web-based application.  Locate and track features help you pinpoint the lost phone on a map, set it screaming to make it easy to snag, and allows you to track calls being made on the phone.  Also available for BlackBerry, Symbian OS, Windows Phone, iOS, and Java. Price: 7 day free trial, after which it costs $19.99 annually.
  2. Lookout Security & Antivirus – This application gained recognition from PC Mag Editor’s Choice for being excellent, from TechCrunch as one of the top 10 best free apps, and PCWorld ranked it 5 out of 5 stars. It offers excellent antivirus and malware protection in apps, email attachments, or files. It scans number for dangers and alerts users to potential hazards, blocks  websites that could potentially be harmful, and offers a Privacy Advisor to alert users to what information their apps are attempting to access. It also features a web-based phone finder that utilizes Google Maps to pintpoint your lost phone, lets you make your phone scream to identify it, snap photos of users who attempt to access it while lost, and even remotely lock or wipe your phone. Users also can backup vital phone data and restore it in the event of a wipe. Also available for iOS. Price: A free two-week trial, users can continue using a pared down version for as long as they like after. Premium has a monthly fee.
  3. Webroot Security & Antivirus – Webroot was recognized as one of the best free android apps of 2011 by PCWorld, recognized for its unique features from PC Magazine, for being one fo the best security applications by Tech of Web, and Uberphones said it was ‘a must for Android users.’ It features a powerful antivirus that automatically scans and blocks malware, viruses, spyware, and Trojans and alerts users to settings that put the device at risk. It offers remote access to lock, wipe, scream, or locate your phone when it is lost or stolen. Premier grants the use of App Inspector, which alerts users to apps that access private info, drain money, track location, or drain the battery. It helps maximize battery usage and network access. The program itself is lightweight and not a drain on battery life. Available for iOS and Android devices. Price: $19.99 per device in a year.
  4. NQ Mobile Security & Antivirus – This app offers a powerful antivirus that scans and protects users from all the typical threats, as well as keeping users up to date with security databases. It protects while web browsing against phishing, fraud, and other dangers. A real-time app scanner alerts users to potential problems, and it includes anti-eavesdropping protection designed to detect spyware programs installed on the phone. It features a remote phone locator and offers backup of sensitive data as well as a call and SMS blocker to protect against harassing calls and messages. A system optimizer keeps your device operating smoothly. Only available for Android devices. Price:  Free trial for blah weeks, $19.99 per device, per year after for access to Premium features after.
  5. Norton Mobile Security Lite – As with its competitors, Norton Mobile Security offers a powerful antivirus that keeps users safe when browsing the web, accepting files, or downloading apps. It also offers remote wipe, tracking, and locking capability and SD card scanning.  It continuously scans and alerts users to potentially dangerous apps. Also available for iOS. Price: Free pared down version, and Premium access costs $29.99 for one year on one device (currently on sale for $17.99)

 

Photo courtesy of Flickr user briggz5d

  1. Avast! – This top-rated security app offers both anti-virus and anti-theft capabilities to ensure your phone is well protected against most eventualities.  The software developer has been around for 20 years and the app has been recognized for its excellence by PCAdvisor, Droid-Life, AndroidPolice, AndroidAuthority, and Android and Me. Lost your phone? Use a web-based interface to control your phone remotely, locate it on a map, and lock the device till you can snag it. You can even activate a siren and wipe its memory. Only available for Android devices. Price: Free.
  2. Kaspersky – A fairly straightforward anti-virus and security application that offers its users a powerful defense against viruses, Trojans, malware, and spyware which runs over-the-air to keep the program lightweight. It offers GPS location services to locate the phone if it goes missing or stolen, and remote access to lock and wipe your phone, take a ‘Mugshot’ of anyone who uses it, and remotely activate an alarm. Users can filter incoming calls and text messages to screen unwanted contacts.  In addition, users can conceal calls, contacts, and other data from casual snoopers. Available for Android only. Price: One year subscription costs $14.95.
  3. F-Secure – A European based application that protects mobile devices with a combination of antivirus, anti-theft, and screening tools. Users can filter out adult and other unsuitable content from web content and applications, block unwanted calls and text messages, remote locking and wiping, and remote location detecting. Available for Android and Symbian. Price: 14,95€ for a one year subscription with a free 30 day trial.
  4. Virus Barrier – This Gizmodo app of the day offers iOS users a solid and intuitive antivirus to protect them against intrusions from files, web browsing, and applications. It automatically updates to keep on top of new threats, repairs infected files, and keeps logs of scans, detected threats, and repairs. Only available for iOS. Price:  $0.99

App & Data Lockers

Photo courtesy of Flickr user flakeparadigm

  1. Smart AppLock – Smart Lock is a lightweight application designed to give you greater control over privacy on your mobile device. Set a list of protected applications, then create a lock pattern or password, and your friends and family can no longer access apps you don’t want them in, including SMS, mail, photos, and contacts. Only available for Android devices. Price: Free.
  2. Gallery Lock – Named app of the year by Times Magazine, this handy application makes it easy to keep your private photos away from the eyes of phone snoops. The intuitive program makes it easy to create your own folders and conceal your photos and videos in a beautiful and feature rich application. It has the capacity to run in stealth mode to keep others from being aware of your hidden images. Use a PIN pattern to access your data. Only available on Android. Price:  Lite version is free, Premium unlocks additional features.
  3. App Defender – This straightforward app prevents access to applications. Users can set a unique password for each individual app. After three failed attempts to access an application, it displays the number of failed attempts to alert the owner to the access attempts. Only available for Android. Price:  Free trial, after which it costs $3.13.
  4. Picture Safe –   This application offers advanced protection for your mobile device’s private information. It allows you to create custom folders to organize your data how you wish, decoy icons and screenshots to fool snoopers, a fake calculator entry screen with 8 digit PINs for highly secure access, dual passwords to allow access to ‘safe’ and protected photos, and much more. Hide everything from phone records, photos, and web access. Only available for iOS, including iPhone, iPod Touch, and iPod. iOS 5.0 or later editions, optimized for iPhone 5. Price: $1.99 (currently on sale for $0.99)
  5. Snap Secure – This application offers a range of unique and helpful features designed to make your mobile device a powerful security tool. It features real-time tracking of members that can be viewed on a map from a related mobile device or the web, helpful for keeping track of children or partners. Have teenagers? The motion-activated driver safety feature stops users from texting, calling, or web surfing while on the road. Footprints allows you to track the movement of the device using GPS, giving a clear picture of the movement history for any attached device. It also allows you to create safety zones and sends alerts when a device moves out of that defined territory. Finally, if a user finds themselves in dire circumstances, it offers a panic button that promptly calls 911 or alerts an emergency contact with location information via email, phone, or text. Available for Android, iOS, Windows, or Blackberry. Price: Free basic account, after which it costs $499 a month for a single user and $9.99 a month for a family plan.

 

Other Nifty Apps

Photo courtesy of Flickr user geoffeg

  1. Gibberbot – Recognized by PC Mag as one of the 100 best Android Apps of 2013, this application allows you to securely chat with friends across a range of platforms in one streamlined place, with powerful off-the-record encryption. No ads, easy to use, and available in many languages. Plus the chat program has fun built-in features like custom icons and wallpapers. Also available for iOS, Mac, Linux, and PC. Price: Free.
  2. Anti-Spy Mobile – Homebrewed spies are being blessed with a wide variety of tools to dig into your private and personal information. One growing method is to conceal an application on your mobile device to intercept communication, application use, and web browsing habits.  Stop that in its tracks with this application, which scans for and automatically removes any of these applications. Also available for iOS. Free: This version is completely free, a premium version offers a few additional features.

Locate Lost Phones

Photo courtesy of Flickr user gorbould

  1. SeekDroid: Find My Phone – While many of the antivirus programs offer a basic phone finder program, this one goes above and beyond. In addition to remote location, locking, and wiping, it allows users to create GPS breadcrumbs to track the movement of the lost or stolen phone, access recent calls, retrieve important data, and remotely wipe SD cards. The program itself can be hidden from display and made impossible to remove. It has almost no battery drain. Only available for Android devices. Price: $4.99
  2. Plan B – Many of these applications are focused on preventing loss and damage to your phone. Plan B is for follks who were not quite as proactive. If your phone gets lost or stolen, Plan B helps you locate it after the fact. You can install it remotely and it will start utilizing cell towers and your phone’s GPS to track its location every ten minutes. Users will get an email or text message with the current location of the phone each time it is located. Once the phone is recommended, you can revert back to the preferred ‘plan A’ and download any of the other excellent security apps that include tracking and other security features. Only available for Android devices. Price: $1.99
  3. iHound Software – Utilzing GPS, Wifi, 3G, or Edge signals built into your mobile device, iHound tracks its location every 10 minutes and reports it to a web application. Users can remotely lock and wipe their phone and directly instant message their phone to communicate with anyone who picks it up. Further, users can set it up to automatically alert opted-in programs like Facebook, Foursquare, and Twitter to keep friends up to date on their location. Also available for Android and iOS. Price: They offer a free 7 day trial, after which the program costs $3.99 for an annual subscription.
  4. GadgetTrak – This iOS-focused app will help you keep your phone secure in the unfortunate event it gets lost or stolen. It uses a combination of GPS and WiFi  alongside cell tower triangulation to keep accurate tracking of the phone’s location. Each time the phone is tracked, it will send users a detailed account of its location. Automatic camera captures will let you know who has the phone. Once the tracking has been activated, no software settings can be modified, and all collected data is sent through a secure SSL connection. Only available for iOS. Price: $3.99

 

 

 

Working with People: An Introduction to Social Engineering

Humans are inherently social creatures who have developed a world strongly based on interacting with others. Just like the world of information technology, the human social protocols are a complex series of rules and guidelines for how people behave when interacting with each other, and just like any other system, there are methods to use and abuse it once you understand the rules that govern it. Social engineering is a broad subject, but in this article we will focus mostly on social engineering as it is used to gain access to social groups and sensitive information.

Social Engineer is one of the few blogs dedicated to the topic.

Photo by OUTography.com

 

What Is Social Engineering?

Social engineering is using the common tendencies of how people interact with others in order to gain information or a benefit of some kind. Effectively, social engineering can be referred to as the hacking of people. Before the Internet age, social engineering would more likely be referred to as conning, but the scope of social engineering’s applications goes beyond tricking people out of money. It is about causing people to act according to your wishes. Getting someone to say yes to a date is social engineering. So is getting your company a contract from a tough client. In regards to information security, social engineering is getting people to give up protected information.

A social engineering definition can be found here.

 

How Effective Is Social Engineering?

 

Even companies that place a high focus on securing their information networks can prove extremely vulnerable to social engineering attacks. DefCon, one of the largest hacking conferences in the world, routinely features a social engineering competition that has demonstrated over and over again that simple tactics can be used to get enough information to potentially do harm to a company. Position in the company also seems to have almost no effect on how susceptible a person is to social engineering; a big wig is just as likely to give up information as a cashier, but the big wig also usually has access to more pertinent info.

Social engineering is gaining attention for its insidious effectiveness, and is starting to get recognized in the media and the corporate world. Check out these news articles for an idea of how it is being perceived:

Smooth-Talking Hackers Test Hi-Tech Titan’s Skills – A look at DefCon hacking competitions, utilizing social engineering within legal boundaries to ferret out intelligence designed to weaken a company’s security.

Social engineering to blame in Syrian Electronic Army hijack of the Onion – The targets of these sorts of attacks aren’t always the ones you might expect, the Onion was a recent victim of a phishing scheme.

Facebook Social Engineering Attack Strikes NATO – Often, the targets are important, such as this attack against NATO. Every organization contains a human element, the target of savvy social engineers.

How a lying ‘social engineer’ hacked Wal-Mart – Many people are naturally biased to trust based on a set of subtle criteria; a tone of voice, a style of dress, even word choices can lead people to give credence to otherwise nonsensical ideas or situations, like this Wal-Mart store manager being duped into giving away company data in exchange for a non-existent contract possibility.

 

General Tips for Social Engineering

These are common guidelines and methods used by social engineers before and during any assignment on which they are working. These focus more on the preparation and mindset of the social engineer than the actual attack methods that are used.

Do Your Research

Take a look at this seminar on social engineering strategies.

Information is everywhere. If there is a topic you want to know about, you usually only need to glance at the Internet. Reading the news and press releases from a company can give you a firm background history from which to work. A social media site may give you insights into the temperament of a person or give you an idea of the social scene in which they operate. If you are trying to infiltrate a group or become closer to a person with any notable focus, then the Internet can be used to familiarize yourself with the topic.

Hackers may go above and beyond in this regard. If they manage to gain access to someone’s email account or messaging service, there may be records of conversations that can be used to mimic the person in electronic communications or learn about key topics that anyone on the inside should know about.

Look the Part

Photo by Viktor1558

Imagine for a moment that you are watching a movie set in modern times and focused on the happenings in a government or business office.  If there was someone dressed in jeans and a hoodie in the middle of a meeting of executives or elected officials, you would likely immediately feel the character was out of place or at least question why they were there. The same holds true whenever you want to interface with another social group, whether it is a company or a club.

Also worth noting is that looking professional – wearing a nicely tailored and well-kept business suit – can generate an obscene level of trust in your social interactions. The suit conveys a lot of subtle messages: this person is a successful member of society, they likely have money, and you can trust then a bit more than the average person. You may not gain complete trust and unlimited access, but the difference between the trust levels shown to someone in a suit and someone in casual clothing is palpable.

Learn to Read People

This article gives you a glimpse into the advancement of research into the integration of robotics and emotions.

If computers are getting to the point that they can recognize and react to the emotional displays of people, then there is no reason that a person should not be able to better do the same task. Taking the time to read on facial expression theory and other psychological articles can help point you in the right direction, but the only way to really learn is to go out and talk with people. Doing this with new people consistently will also give you practice on learning how to pick up the subtleties in a new person’s expression and tone.

Backup Your Backup Plans

Just having an idea of how to work a plan does not mean you should ignore contingency plans. Even if a failure in one portion of a plan only leaves breaking off the attempt, you should be prepared for the possibility and have a clear idea of how you will break it off. This is not going to eliminate having to think on your feet, but having a guideline for your actions can mean the difference between a smooth response and something haphazard that sends the wrong signal.

Strength in Numbers

Unlike the world of open conflict, more numbers on the side of the target can be a firm advantage. Working your way into a small firm can be a dogged task, but it can be easy to turn into “just another suit” at larger offices. It is almost always easier to work your way into social situations when the target has a larger number of people involved.

Take the Time to Do It Right

If you were to take movies and shows as fact, you would think social engineers waltz into a business with a suit and savvy and somehow manage to make their way into the confidence of the boss or gain access to sensitive areas within a few minutes. A real social engineering effort may take weeks or months to accomplish properly.

 

The Social Engineer’s Toolkit

Photo by _sarchi

A number of techniques have become common practice for social engineers. The list here is not exhaustive, and the variations on these techniques makes covering them all a task better suited for a textbook.

Phishing, Vishing, and SMiShing

This rainbow of techniques is typically meant to refer to scenarios where the attacker poses as a person or service the target already knows via electronic communications. One of the most common phishing emails is one that mimics the company’s style and email address while telling the target that their account has been locked out due to potentially malicious activity. A link is supplied to the target to reset their password. The site looks like the company’s to the smallest degree, but the reset instead sends your old and new passwords to the phisher.

The delineation between the terms is based on the attack vector. Phishing is done through the computer, vishing is done through the phone, and SMiShing is done through text messaging.

Pretexting

Pretexting is the art of constructing a scenario in which the target is more inclined to go along with the wishes of the attacker. The most common example of this in action might be taken from the ways people try to convince traffic cops to not give them tickets: “My friend is in the hospital”, “My wife is delivering our baby”, or “I’m on my way to stop the love of my life from getting on a plane and never coming back.” In the movie Live Free or Die Hard, a character uses the pretext of his grandfather in the hospital to get an OnStar agent to activate a car he wants to steal.

There is always a host of information for any company that is not considered protected, but social engineers can piece these bits together to create the façade that they are a member of the company or an associate. For example, instead of just sending an email to the tech support desk for a password reset, a social engineer might send it directly to one of the IT staff members with a message stating that there is a vital report wanted immediately by a big name at the company on that computer, and you need your password reset immediately.

Sex Appeal

When dealing with a pretty face, a person can become distracted and lose focus on the things that matter. Not every social engineer will be a model, but you can expect the ones that have been favored with good looks and charm to use the advantage.

Tech Support

Most people simply have no idea what is going on with their computers beyond interfacing with the applications they use to work. Computers also have an unfortunate tendency to break down due to misuse or just over time. In larger companies, it may not be uncommon for the IT department to be behind on fixing all the computer issues that are active. By masquerading as tech support, savvy social engineers can troubleshoot for the employee while also placing themselves in a trusted position to ask for personal information like passwords.

The Indirect Approach

Coming up to a person directly and asking them about secure, private topics may immediately trigger warning signals. If the social engineer instead approaches a person via a secondary topic and befriends them, then later probing for the information has a higher chance of success due to the longer time for which trust has developed. As an example, if the target is an avid golfer, then a social engineer might find a way to arrange for them to end up playing together. This would let the engineer strike up a conversation naturally due to the common event.

 

Spy Versus Spy: Counteracting Social Engineering

Photo by tr.robinson

It is nigh on impossible to stamp out the threat that social engineering represents even when utilizing proper security methods at a business or simply trying to avoid falling victim to it yourself. Much of the research and the supported methods for handling the threat of social engineering are to educate people on the dangers of it, develop security policies based on what needs to be protected, install Data Leak Prevention (DLP) software, and do penetration testing to get a real idea of the level of security in place.

Enforce Strict Information Release Policies

Both in your personal life and in the business world, sensitive information should be treated with respect and controlled properly. That does not mean you have to give someone trouble every time they ask  for personal information, but taking the time to double check that the person is who they say they are and that you can feel comfortable handing over sensitive information can be done with a high degree of trust.

Education

To use an analogy, the human minds that reside within a social group can be thought of as computers on that social network. Where you would patch a computer, you would educate a mind. The ways in which you can be educated are numerous: you could have an article on social engineering (like this one) made mandatory reading, make social engineering news part of your company newsletter, or hold a class every couple of months. At the very least, people should be aware of the information policy on which you decide. The patch may not take on every person, but you should at least try.

Data Leak Prevention Software

An up and coming type of software is joining the ranks of applications like antivirus and firewalls on the list of things any network trying to be secure should have: Data Leak Prevention (DLP) tools. The software can monitor data in storage, in use, or going over the network, and it can perform tasks like preventing the data from sending or triggering an alert if something is sent. This is limited to just helping to prevent social engineering mishaps on computer networks, but social engineers are likely to use a combination of methods to try and gain access to the most valuable information.

Penetration Testing

Just like your hardware and software, your people can benefit from penetration testing in order to ascertain their awareness of social engineering as a threat and the information security policies that protect from it. This usually requires the aid of an outside entity to get a proper simulation of an attack from someone currently outside the company.

Social Engineering Fundamentals: Part II: Combat Strategies – An article on preventative measures against social engineering from Symantec, a notable information security software company.

 

How Can You Use Social Engineering in Your Everyday Life?

You  may not want to con someone out of their account passwords or savings fund, but that does not mean that the methods of social engineering cannot find their place in your life. They can even be used effectively for altruistic purposes. For example, making new friends can benefit from the inclusion of social engineering information.

Social engineering as a way to gain access to secure information is a threat of which everyone should be aware. Like almost any form of science or technology, it can be used for good and for evil. Taking the time to learn social engineering methods is the best way to use them to your benefit and know how to defend against them. Unless you move to a deserted island with no technology, you are going to be subject to the designs of social engineering, so you may as well stay informed on the subject.

The Top 40(+) Private Eye Blogs

A great number of excellent PI and related blogs have fallen in the last few years, but there are still quite a few worthy of perusing. They are pretty evenly divided between a focus on other PI’s and educated potential clientele. Most of the quality PI blogs come from professional investigative firms, but some are from individual PIs. This list also includes interesting criminal justice blogs from the perspective of police investigators as well as detective and murder mystery oriented writing blogs, as they often pull heavily from real investigation and often contain interesting or useful information.

Photo by It'sGreg

Professional PI’s

  1. G.E. Investigations – This Arizona based private investigation firm run a blog that responds to news related to the industry, posts about wanted criminals and persons-of-interest, investigative tactics, announcements, hacking, and more. The blog is easy to navigate and well organized. Must Read: West Virginia Private Investigator Arrested for Illegal Wiretapping!
  2. The Marriage Detective – A newly utilized blog for a professional detective agency, this blog focuses on partner investigations and the topics they post about reflect information that would be useful to a potential client. They offer national reference servicing and are sales oriented, but there is some good information in the posts. Must Read: 5 Myths About Private Investigators – What They Cannot Legally Do
  3. Diligentia Group Blog – This professional agency provides some excellent advice in this well designed blog, both for other private investigators and for potential customers considering hiring one. Frequently updated and easy to navigate. Must Read: 101 Things a Private Investigator Can Do
  4. AFX Search Blog – This Florida based investigative firm provides regular blog posts on of use to both potential clientele and other investigators ranging from different research strategies, to legal issues, and more. Must Read:  Asset Recovery – Dangers of delaying civil action until criminal cases are completed
  5. ICORP Investigations Blog – A newer blog run by a Florida-based investigative firm, they have started off strong with quality articles focused on informative articles on investigative methods and responses to relevant news. Must Read: Is Someone Recording This? It’s Harder to Find Out
  6. Orange County Private Investigator Blog – Full of useful information for people interested in doing their own investigation, including product reviews, practical skills, information about PI services, and general information. Must Read: Social Media: Your Private Life Made Public!
  7. JFA Brisbane Blog – Updates, advice, and stories from the trenches, this blog is written from the perspective of an Aussie licensed private detective firm.  A great resource for the prospective client or wanna-be investigator alike. Must Read: So You Think You Might Like To Be A Private Investigator? 
  8. Jan B. Tucker: The Detective Diary – Long-lived and frequently updated, The Detective’s Diary has been recognized for its quality before. Jan Tucker focuses on more than just PI topics; he’s also a progressive political activist and keeps tabs on topics important to hislocal area and national issues. You may even find a review of local venues or notices of interesting events tucked away here and there. Must Read: The Small Freaky World of White Collar Crime
  9. Private Eye Confidential – This California-based investigator keeps us updated on local news, personal stories, and fascinating history related to his area alongside practical tips for other investigators. Must Read: My First Domestic Success
  10. Handcuffed to the Ocean – Repeatedly noted as one of the best PI blogs around, this fantastic combination of well-told stories from real investigations and beautiful introductions to the beaches and dive sites he’s explored. Must Read: Spearman’s Barge
  11. Mass Private I – This blog’s focus is on issues of criminal justice and civil rights, and takes a watchdog stance on issues of state and federal government stepping over the boundaries of ethics and the spirit of law in their own investigations. Must Read:  NYPD’s rationale for stop & frisk quotas: some of their police officers are lazy.

Photo from Conner395

The Criminal Justice World

  1. Criminal Justice USA – This site illuminates its readers on a wide array of criminal justice topics with playful design and accessible writing. It regularly features infographs meant to quickly provide statistics in an easy to comprehend manner. Must Read: A Timeline of Police in the U.S.
  2. Tickle The Wire – This blog keeps its readers updated on the news and issues relating to federal law enforcement. Updated frequently and featuring a number of experienced columnists, it is a worthy addition to anyone who wants to get a feel for the national crime beat. Must Read: Column: The Justice Department’s Seizing of Associated Press Phone Records is Disgusting!
  3. Murder by Gaslight – A fascinating look into the crime of 19th Century America. It includes profiles, histories, stories, photographs, and resources for researchers. A great read for those who are interested in the history of investigation, crime writers, or historical crime aficionados. Must Read: The Legend of Lavinia Fisher
  4. Crime Magazine – All the stories about crime, historical and modern, that you could wish to read. Organized by type of crime, regularly updated, and very much worth reading. Helpful for investigators in studying case files to gain a greater understanding of how criminals operate. Useful for crime writers for inspiring the imagination. Must Read: Nixon, Sinatra and the Mafia
  5. Crime Library – This regularly updated blog shares interesting crime stories from all around the world, including the notorious and mundane, with insight into the criminal mind. An excellent resource for investigators learning more about criminal methodology or fictional crime writers looking for new ideas. Must Read:  The Definitive Rodney Alcala
  6. The True Crime Report – Keeping readers up to date on the latest unsolved crimes, homocides, sex crimes, missing persons, and my personal favorite category – douchebags. Regularly updated with quick and dirty updates on real crime, with links back to the original sources. Must Read: Carmen Wysong, Girl Scout Troop Leader, Steals Thousands in Cookie Money
  7. The Crime Scene – Updates on crime from the southwest Missouri region. Murders, missing persons, and your typical medley of hooligans and mischief. Regularly updated with fairly detailed accounts of each crime and links to further information on each case. Must Read: Oklahoma Cold Case Heats Up With Discovery of Three Sets of Human Remains
  8. My Life of Crime – Despite a rather busy format, this blog does an excellent job of keeping its readers up to date on criminal investigations, upcoming executions and trials, and notable sentencing. It features monthly themes and historical tidbits as well. Regularly updated with lots of linked resources relating to each crime. Not much in the way of personal perspective on each case, but lots of data.  Must Read:  Deadly Wives: Nancy Mancuso Gelber, true crime writer, tried to hire a hitman to kill her husband
  9. The Thin Blue Line – A UK based blog focused on issues relating to crime and criminal justice matters in the region. Regularly updated, well written and researched, with excellent analysis from professionals with experience in the field. Must Read: Contempt of Cops – The Thing End of the Wedge
  10. Constable Chaos – This UK policeman’s blog contains both criminal justice insights and some playful steaming off from a man behind that thin blue line. A recent post includes a picture and lyrics to a lively tune about policemen rounding up drunks on a Friday night. Another details the unexpected rescue of a Norwegian Blue parrot. Must Read: #GangnamPoliceman
  11. The Thinking Policeman – Opinion and updates about criminal justice matters and behind the scenes accounts from his peers still on the job are frequently seen on this retired UK police inspector’s blog. Issues are primarily relevant to his side of the pond. Must Read: Gadget Lives On – The iPhone Resolution
  12. Tales of a Public Defender Investigator – This blog is a fascinating look at investigative work done on the part of a public defender. Lots of useful tidbits in here, plus legal updates and events relevant to the industry. The color scheme leaves something to be desired, however. Must Read:  GANGS 101
  13. LAPD Blog – Any investigator in the LA area might want to keep up with the goings-on in the LAPD. This blog keeps readers informed about recent criminal cases, recruitment information, legal changes, and more. Must Read: Suspects Attempt to Lure Young Girls into Cars
  14. Bounty Hunter Discussion – All sorts of information useful for bounty hunters or private investigators found here, including product reviews and updates, news, tips and tactics, and practical business matters. Must Read: Judge in Favor of Private Bail
  15. Guns, Gams, and Gumshoes – This blog exists in a strange balance point between the writing world and the world of the working PI. It includes resources and information handy for PI’s and writers chronicling the adventures of literary private dicks. Must Read: Staying Legal in a Shady Business: When PIs Are Asked to Break the Law
  16. L.A. Noir – An enjoyable read, this blog is a combination of personal stories from a crime writer’s perspective and interesting tidbits from real-life crime stories in the LA area. Must Read:  The Dead Lady in the Water Tank Story Just Got Weirder
  17. Detectives Beyond Borders – Reviews of great literature, news about upcoming noir events, behind the scenes news about the writers in the genre, and more. Frequently updated, well written, and easy on the eyes. Must Read: “Ah refuse tae be victimized”: William McIlvanney and Glasgow patter

Photo by mark Coggins

Great Detective Story Blogs

  1. Guns, Gams, and Gumshoes – This blog exists in a strange balance point between the writing world and the world of the working PI. It includes resources and information handy for PI’s and writers chronicling the adventures of literary private dicks. Must Read: Staying Legal in a Shady Business: When PIs Are Asked to Break the Law
  2. L.A. Noir – An enjoyable read, this blog is a combination of personal stories from a crime writer’s perspective and interesting tidbits from real-life crime stories in the LA area. Must Read:  The Dead Lady in the Water Tank Story Just Got Weirder
  3. Detectives Beyond Borders – Reviews of great literature, news about upcoming noir events, behind the scenes news about the writers in the genre, and more. Frequently updated, well written, and easy on the eyes. Must Read: “Ah refuse tae be victimized”: William McIlvanney and Glasgow patter

 

International Private Investigators

  1. Crown Intelligence PI & Intelligence Services Blog – This is a company blog, so it is primarily focused on articles geared for potential customers. It discusses various tactics used by private investigators, how to pick a PI suitable to your needs, the role of investigators, and news related to the industry. Written in an accessible style with an easy to navigate format. Must Read: Things to Consider Before Hiring a Private Investigator
  2. PI Telegraph – This e-zine based out of the UK targets investigative professionals who are interested in free resources, relevant news, product reviews, and other tidbits that can help hone skills.  The design is elegant and the site is well-organized, making it easy to locate topics of interest. Must Read: How Much Should I Charge? Pricing For Profit
  3. Keynorth Blog – A professionally oriented blog from Canada reporting on changes to laws, professional development, and information that can be applied in the field. Must Read:  Primer on the Federal Administration Act, Asset Recovery, Reporting and Deterrence
  4. Bali Eye Private Investigation – This blog provides useful information on how to protect oneself and avoid scams as a potential client, and offers advice and tactics to other investigators. Based in Indonesia, it provides a unique perspective on private investigations in other parts of the world. Must Read: Dating Cons Games in Indonesia

E-zines, News, and Community Blogs for PI’s

  1. PIbuzz.com – This hub of information is made for and by private investigators. It features news important to the industry, product reviews, tips and tricks, and useful research links. The design is pretty clean and the site is easy to navigate and offers a newsletter. Must Read: Dynamic Internet Searching with Google Products
  2. PI Stories – Covering a wide range of stories of interest to the PI industry, including personal perspectives, responses to news, case studies, examinations of technology, and more. Long running and easy to navigate. Must Read: Parents Find Out About Their Daughter’s Death Through Facebook
  3. Fraud Magazine – Technological updates, headline responses, regular columns, professional development tips, product and book reviews, and much more are featured in this bimonthly magazine focused on white-collar crime and fraud examination techniques. Their articles are focused on providing actionable, practical information.  Must Read: Cyber-attack vector? Who, me?
  4. The Background Investigator – This is essentially an aggregate source of news relating to information gathering. It covers popular stories, national, and international news. The news is primarily focused on background screening but covers related topics as well. Must Read: Washington State Courts Office Suffers Data Breach

 

Advice, Tactics, and Resource Oriented Blogs

  1. PI Advice – A comprehensive blog designed to aid new and veteran P.I.’s interested in honing their craft. The blog features a minimalist style and includes podcasts, apps, and an online store with tools for investigators. The posts range from advice, to real-life stories, to product reviews, and more. Must Read:#58: Investigation Stories – The Lessons I Learned with a Bit of Luck – Part 1
  2. The Confidential Resource  – As the title suggests, the focus of this blog is on providing useful sources and methodology for investigators and researchers.  It is well designed with a clean and modern look, easy to navigate, and searchable. Must Read:  The Cost of Investigative Internet Research
  3. BPI Security Blog – This blog is full of excellent advice from the field, practical skills development, and great information about the business of running an investigative services firm from the perspective of a successful firm. Must Read: Slight of Hand(lers)
  4. Title Search Blog – This blog is focused on real-estate oriented investigative work and news. It includes up to date legal information, news reports related to the industry, practical advice, and even videos with step-by-step instructions. Must Read: Case Law on Invalid Mortgages

Small Business Owner’s Guide to PCI Compliance

Information theft and the damage it can cause to consumers and businesses have been featured extensively in the news for most of the past decade as we move to an almost entirely online way of doing business. The usage of the Internet for business has changed the landscape of the commercial world for the better, but it does provide an avenue of attack that allows malicious entities to acquire sensitive data without ever stepping foot inside an office. For this reason, the PCI DSS was created.

Chances are high that, as a modern business owner, you at least have a passing knowledge of the need for PCI compliance. For those less technologically savvy or who do not have the time to read through extensive regulations, this need can seem like an unnecessary burden, both to your budget and your time. To help you at least become more familiar with the PCI DSS, this guide will give a high level overview of the purpose and requirements of the regulations and provide advice and resources for becoming PCI compliant.

Photo by eliazar

What Is the PCI DSS?

PCI stands for “Payment Card Information,” and the appended DSS often seen accompanying it stands for “Data Security Standards.” The PCI DSS was created by the PCI Security Standards Council, which consists of the five largest credit card companies: MasterCard, Visa, JCB, American Express, and Discover. Its intent was to establish a system for protecting payment card data which can be used for malicious purposes easily once it is in the hands of unauthorized persons. It details the baseline security procedures that companies who interact with payment card information should follow, assists in providing information so the companies can do so, and establishes penalties for noncompliance.

To Whom Do PCI Regulations Apply?

The PCI security guidelines apply to anyone who stores, processes, or transmits consumer payment card data. It does not matter if you run a restaurant, work from home, or have a small chain of stores. If you directly interact with payment card data in any fashion, even by just processing one payment, you are almost assuredly under the purview of PCI DSS. Even if you utilize a payment gateway or merchant account service, your business is responsible for adhering to the regulations as long as it interacts with the payment data in any fashion.

Steps to Adhering to PCI Guidelines

This is a general, step-by-step guide to becoming compliant with the PCI DSS. The PCI regulations themselves outline this process, though the sections are broken down a bit further. These steps do not address every action you need to take through the process. For the exact details on how to follow these steps, consult the PCI DSS version 2.0, available on the PCI security standards site. This especially applies to the more technical sections of firewall and encryption usage.

Photo by: Aman Deshmukh

Step 1: Install a secure firewall and establish good system passwords.

Firewalls are used to monitor and manage the network traffic running through a system. There are a number of free software firewalls available online, but a high quality, commercial firewall is typically going to be more secure. You can also opt for a hardware firewall for increased security.

Password policy is a simple security procedure that many people fail on regularly. A complex password system may be inconvenient, but when people use generic passwords such as “firstnamelastnamenumber,” “password1,” “qwerty,” or “abc123,” it becomes easier for rudimentary cracking programs to bypass this first level of defense and even makes it so an account could be accessed by an unauthorized user without the use of such a program. Passwords should be case sensitive and use a mixture of upper case letters, lower case letters, and numbers. They should also avoid common dictionary words and should not be recycled.

Step 2: Protect consumer data with encryption.

Data encryption renders a file virtually unreadable without a proper decryption key. Encryption technology has evolved to the point where, even if a hacker somehow accesses the encrypted data, decrypting the data is still a difficult task. The method is not foolproof, and you cannot store certain pieces of information even if you encrypt it.

Step 3: Consistently run and update anti-virus and anti-malware software.

Viruses and malware can find their way onto a computer through a number of seemingly harmless methods, such as installing a new program or browsing a website. Once compromised, an infected system may be more easily subjected to hacker attacks or the activity on that system, including network traffic that contains payment data, can be monitored remotely. The capabilities of these malicious programs are extensive, making the use of software to detect and remove them essential for information security.

Step 4: Maintain proper access control over sensitive systems.

Limiting the ability of unauthorized personnel to gain access to sensitive information is aided intuitively by limiting who can access it, both electronically and physically. With more people who can access the data through normal operations, the risk of a security breach increases. Payment data access should be restricted to specific user accounts based on need, and you should not utilize any group or public access accounts on sensitive systems. The physical access to the data should be limited as well and be situated in a secure and monitored area. Additional levels of access control such as managing user accounts, password cycling, secondary login verification methods like biometric data or access cards, and lockouts on repeated login attempts are also required.

Photo by: JermJus

Step 5: Monitor and test network security regularly

Keeping track of the systems which interact with sensitive data can be useful in determining intrusion attempts or discovering the source of a data breach. All activities should ideally be monitored, but the PCI DSS specifically calls for keeping logs of access attempts, creation of system-level objects, the activities of root and administrator accounts, any accessing of payment card data, and audit trails with specific attention paid to recording the time, outcome, origin, type, and effected components of the event.

Once all the security measures are in place, the PCI DSS necessitates a variety of regular testing procedures. Quarterly procedures include penetration testing performed by an Approved Scanning Vendor (ASV), scanning for unauthorized access points, and vulnerability scans. Extensive penetration testing is required at least once per year, and additional testing should be performed after any significant changes to your systems.

Step 6: Establish an information security policy

This is one of the more detailed and overarching requirements of the DSS. Put simply, it requires that your business has established operating procedures relating to information security. Obviously, part one of this policy is to ensure that your systems remain PCI DSS compliant. Other considerations include maintaining a list of approved electronic devices for your systems and clear information as to who and what the devices are intended. The responsibilities of “information security manager” should be assigned to an individual or group, which can be an outside security provider. These responsibilities include account management, educating personnel on information security procedures, and monitoring the company’s networks. Security procedures should be discussed with any third-party vendors the company uses, and a formal, written agreement should be composed. The plan should also specify when testing procedures should take place, and the plan itself should be subject to testing and scrutiny.

Also, bear in mind that the individual payment card companies may place extra requirements onto merchants. For example, this is a list of Visa’s requirements. While not too far off from the main PCI DSS, it is important to be aware of these requirements to avoid issues.

Penalties for Failure to Comply

While the PCI regulations are not enforced by law, the major credit card companies and banks level fines that are tiered to the volume of transactions a company processes. The exact amount of the penalty also varies based on a case by case basis, but they can range from $5,000 to $500,000. They may also continue fines on a monthly basis if non-compliance is not rectified.

Help for Becoming PCI Compliant

While the overall concept of becoming PCI compliant is fairly straightforward, the intricacies of actually adhering to all the various guidelines and regulations can be difficult for small business owners to handle, and it can often eat up the limited time of the fewer employees that the smaller companies possess. Enlisting the help of companies certified to validate and assist with PCI compliance is recommended by the PCI regulatory body and is required in some cases, such as the regular testing by an ASV made necessary in the regulations. QSAs (Qualified Security Assessors) can be used to verify that you are adhering to the PCI DSS.

Aside from the companies directly related to PCI compliance, the help of a Managed Security Service Provider (MSSP) is good practice for enhancing your general security and thus helping your systems to comply with PCI guidelines. These organizations are experienced in setting up information security functions for businesses and individuals, and utilizing them is often more inexpensive for small businesses who cannot afford to bring on several IT staff members just to handle information security. Many MSSPs can also function as QSAs, but it is better practice to use different companies for these services, even if it is not required to do so.

A report detailing some of the best MSSPs based on various criteria can be found here and the lists of PCI Security Standards Council approved QSAs and ASFs are located in the resource section at the bottom of this guide.

You can also engage in further reading with tools like this free PCI for Dummies ebook, courtesy of Qualys.

Photo by: kchbrown

Is PCI Compliance Enough?

PCI represents a baseline level of security that should be adhered to by companies that handle sensitive data. While it may seem to be an unnecessary burden, information security breaches have been responsible for trillions of dollars lost through fraud and secondary expenses. Even if your business does not handle high volumes of transactions from a number of different customers, neglecting to properly secure your information systems can result in data breaches that put you and your customers at risk and do extensive monetary damage. It is in your best interest to take information security extremely serious and even go beyond the security standards set by the PCI DSS.

Helpful Resources

PCI Security Standards – The main PCI DSS site. It contains the regulations, supplemental information, links to certified assistant companies, and more.

Approved Scanning Vendors –  The official list of ASVs certified by the PCI regulatory body.

QSA List – A searchable database of QSAs certified by the PCI regulatory body.

PCI Compliance Guide –  A helpful reference for PCI compliance questions and information.

Emerging Managed Security Service Providers, Q1 2013 – A detailed analsys provided by Forrester of the most promising MSSPs.

Becoming ‘PCI Compliant’ If You Accept Credit Cards – A checklist of tasks for becoming PCI compliant from the BBB.