Ask the Expert - Honeypots can provide a great deal of insight into an environment's attack activity. However, before implementing them, there are some significant issues that require careful consideration and planning. 04 January 2008
Ask the Expert - Keystroke loggers can provide a great deal of insight into what a perpetrator may be up to inside an enterprise. But not so fast. Ed Skoudis reveals what needs to be done before gathering your first keystroke. 04 January 2008
Ask the Expert - Spycar, still available for free, tests a machine against 17 daggressive spyware-like behaviors. Information security threat expert Ed Skoudis explains the tool and gives a preview of Spycar 2. 19 December 2007
Ask the Expert - Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities. 23 October 2007
Ask the Expert - Today, antimalware tools can detect hundreds of different bot variants using signature and heuristic techniques, but they aren't perfect. Ed Skoudis reveals some other options. 23 October 2007
Ask the Expert - The latest group of browser updates allow for the detection of bogus Web sites, but what other features can be expected? Ed Skoudis explains how a Web browser's complexity may hinder its future malware defense capabilities. 23 October 2007
Ask the Expert - If software is exploitable in a real operating system, it will also be exploitable in a virtual machine. In this expert Q&A, Ed Skoudis sets the record straight and explains what virtualization technology can and can't do. 23 October 2007
Ask the Expert - It's astounding what is being done with browser scripts these days. In this expert Q&A, Ed Skoudis explains how today's cross-site scripting attacks are a far cry from those of a decade ago. 02 October 2007
21 - 30 of 91 in Expert Archive: Information Security Threats
Amazon EBS encryption is now offered by AWS. Expert Dave Shackleford explains how it works, why companies might struggle with it and whether it brings the industry one step closer to default cloud data encryption.
Arguably the most important task of any endpoint security system is to protect against malware. However, these products are less effective as attackers develop increasingly novel ways of sidelining device security.