 |
|
|
|
|
| 1. |
Michael Cobb, Application and Platform Security |
| Michael is a contributor to SearchSecurity.com, and he answers your questions about application and platform security. |
| URL: |
|
| 2. |
Securing public key transport |
| Learn how a client uses the HTTPS protocol to request a secure Web page and initiate a secure Web site session. |
| URL: |
|
| 3. |
Storing hashed, encrypted values in a database |
| Expert advice on storing hashed and encrypted values in a database. |
| URL: |
|
| 4. |
How to block an unwanted IM |
| Application security expert Michael Cobb provides step-by-step procedures designed to show you how to block unwanted instant messages. |
| URL: |
|
| 5. |
How to configure an FTP server with SSL |
| In this expert response, security expert Michael Cobb explains how to securely configure an FTP server with Secure Socket Layering (SSL). |
| URL: |
|
| 6. |
Authenticating Web applications to SQL |
| Learn how to securely authenticate Web applications to various databases. |
| URL: |
|
| 7. |
Web site accessibility requirements |
| Platform security expert, Michael Cobb explains what it means to log in, and why it is critical to have a controlled log in process when accessing some Web sites. |
| URL: |
|
| 8. |
Using Spybot Search & Destroy in a corporate setting |
| Learn more about this Windows-based tool and how this freeware program can help organizations protect their network from spyware. |
| URL: |
|
| 9. |
The pros and cons of application firewalls |
| In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some organizations. |
| URL: |
|
| 10. |
Digital certificates and webmail |
| In this Ask the expert Q&A, our application security expert analyzes whether or not you can use digital IDs and certificates with webmail. He also discusses how and where to secure these devices to ensure your e-mail system is secure. |
| URL: |
|
| 11. |
Encryption detection |
| In the Ask the Expert Q&A, Michael Cobb, our application security expert discusses if it is possible to detect encryption. He also takes a closer look at steganography, explains what it is and how it is used to secure e-mail communications. |
| URL: |
|
| 12. |
The rise of Windows-based rootkits |
| In this Ask the Expert Q&A our application security expert discusses how and why rootkits have become more sophisticated in the Windows environment. He also provides a variety of resources to help you protect your system from this security threat. |
| URL: |
|
| 13. |
Cracking smaller messages |
| Learn whether or not a smaller message is easier to crack and how encryption makes plaintext plausible. Also learn how to encrypt a message and why you should consider using a smaller key. |
| URL: |
|
| 14. |
How hybrid cryptosystems secure e-mail exchange |
| In this Ask the Expert Q&A, our application security expert discusses how hybrid cryptosystems are used to secure an e-mail exchange. |
| URL: |
|
| 15. |
The effects of spyware |
| In this Ask the Expert Q&A, Michael Cobb discusses various methods spyware uses to compromise a PC. He also suggests tools and tactics to use to rid your PC of an infection. |
| URL: |
|
| 16. |
The future of Telnet and FTP |
| In this Ask the Expert Q&A, our application security expert discusses what he believes what will happen to the Telnet and FTP application layer protocols as the industry prepares for the future. |
| URL: |
|
| 17. |
Using OS Security's OSsurance |
| In this Ask the Expert Q&A, our application security expert takes an in-depth look at OS Security's OSsurance tool and discusses how it can help protect against a variety of application-based attacks. |
| URL: |
|
| 18. |
How to remove TrueActive software from your system |
| In this Ask the Expert Q&A, our application security expert reviews the strengths and weaknesses of TrueActive, a commercially available keylogging tool. He also discusses what methods you should take if you want to remove this program from your system. |
| URL: |
|
| 19. |
How to develop an effective application security strategy |
| In this Ask the Expert Q&A, our application security expert discusses tools and tactics to consider when developing a secure and effective application security strategy. |
| URL: |
|
| 20. |
How to prevent application attacks and reduce network vulnerabilities |
| In this Ask the Expert Q&A, our application security guru discusses how hackers exploit network vulnerabilities to attack your applications and what you can do to mitigate this risk. |
| URL: |
|
| 21. |
How RSA keys differ from DH/DSS keys |
| In this Ask the Expert Q&A, Michael Cobb, our application security expert explains how RSA and DH/DSS differ, examines the strengths and weaknesses of each, and, explains how to use the compression library Zlib. |
| URL: |
|
| 22. |
What is required to deploy Web server application in MS Application Center |
| In this Ask the Expert Q&A, our application security expert examines whether or not it's possible to exclude X.509 certificates and private keys if you use MS Application Center to deploy a Web server application. |
| URL: |
|
| 23. |
How to keep your data and database secure |
| In this Ask the Expert Q&A, Michael Cobb discusses why having a Web-based application that resides on the same server as the database can be problematic, and, what you can do to keep your data safe. |
| URL: |
|
| 24. |
Securing e-mail exchanges |
| In this Ask the Expert Q&A, Michael Cobb examines how using S/MIME and various encryption methods can help solve your confidentiality, authenticity, non-repudiation, unsecured backup and other e-mail issues. |
| URL: |
|
| 25. |
Binary over JPEG |
| In this Ask the Expert Q&A, Michael Cobb explains what "binary over JPEG" is and how hackers use this mechanism to exploit system vulnerabilites. |
| URL: |
|
| 26. |
How different DBMSes implement Internet database security |
| Learn what it takes to achieve comprehensive DBMS security, in this application security Ask the Expert Q&A. |
| URL: |
|
| 27. |
MD5 vs. RC4 |
| In this Ask the Expert Q&A our application security expert compares the MD5 encryption algorithm against its competitor RC4 and examines the security features of each. |
| URL: |
|
| 28. |
Web application variable manipulation |
| Learn what happens to a Web application that uses two certificates: a client-side SSL certificate and a server-side certificate, and whether this certificate combination prevents Web application manipulation. |
| URL: |
|
| 29. |
Best practices for password protection |
| Learn what a keyring is -- how it works in conjuction with passphrases to keep sensitive and personal messages secure. Also learn what practices help keep passwords protected from hackers and crackers. |
| URL: |
|
| 30. |
Java programming resources |
| Find Java-specific resources here. |
| URL: |
|
| 31. |
How to prevent poor e-mail practices |
| In this Ask the Expert Q&A, our application security expert examines why organizations should implement and enforce an enterprise-wide e-mail encryption security policy. |
| URL: |
|
| 32. |
How buffer-overflow vulnerabilities occur |
| Learn about buffer-overflow vulnerabilities; how they occur, types of buffer-overflow attacks, and how hackers exploit them to gain access to secure and sensitive files. |
| URL: |
|
| 33. |
How VPNs interact with instant-messaging applications |
| In this Ask the Expert, application security expert Michael Cobb reviews how an enterprise-wide VPN works and whether it encyrpts and protect instant-messaging communications. |
| URL: |
|
| 34. |
PKI system validation processes |
| Learn how an X.509 DN e-mail field is validated when you reply to a digitally signed message, and learn what to do when you want to encrypt it, in the application security Ask the Expert Q&A. |
| URL: |
|
| 35. |
Enterprise-level spam filters |
| Learn whether there a corporate spam filter that allows individual users to add specific e-mail addresses to block or whitelist as needed, in this application security Ask the Expert Q&A. |
| URL: |
|
| 36. |
The pros and cons of proxy firewalls |
| In this Ask the Expert Q&A, our application security expert reviews the pros and cons of proxy firewalls. |
| URL: |
|
| 37. |
Best practices and tools for non-MS IIS users |
| Learn what best practices and tools non-MS IIS users can use in this application security Ask the Expert Q&A. |
| URL: |
|
| 38. |
Application development best practices |
| Michael Cobb, SearchSecurity.com's application security expert, discusses best practices for specific application development procedures in this Ask the Expert Q&A. |
| URL: |
|
| 39. |
What is the best method to determine whether email messages are transmitted as clear text? |
| In this application security Ask the Expert Q&A, Michael Cobb disccuses how to use a network analyzer tool to determine whether email exchanges are transmitted as clear text. |
| URL: |
|
| 40. |
Is there a way to identify a spoofed user ID? |
| In this application security Ask the Expert Q&A, Michael Cobb explains how an organization can identify the employee who has used a spoofed user ID to intercept email exchanges. |
| URL: |
|
| 41. |
How can I determine whether a database is hosted on a secure platform? |
| Learn what critical issues need to be addressed when determining if a database is hosted on a secure platform. |
| URL: |
|
| 42. |
Use SHA to encrypt sensitive data |
| Complying with the PCI Data Security Standard is now on the forefront of many security practitioner's minds. Learn how using the Secure Hashing Algorithm can help you encrypt sensitive data and help you meet the PCI Data Security Standard requirements. |
| URL: |
|
| 43. |
How to perform an email scan to protect against viruses |
| Scanning your email for viruses before it reaches your Exchange Server can prevent the spread of viruses. In this applicaton security Ask the Expert Q&A, SearchSecurity's resident expert explains how to perform and effective email scan. |
| URL: |
|
| 44. |
How to create an optional login for the same application |
| In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to create optional logins for your applications. |
| URL: |
|
| 45. |
Can email header information be used to track down spoofers? |
| Expert Mike Cobb explains how to use your received headers to trace unwanted emails. |
| URL: |
|
| 46. |
The strengths and weaknesses of PKI and PGP systems |
| PKI and OpenPGP can enhance the security of your data, but these services differ in how they manage digital certificates. SearchSecurity.com expert Michael Cobb explains the distinct strengths and weaknesses of each program. |
| URL: |
|
| 47. |
How to selectively block instant messages |
| Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods for taking on the challenging task of monitoring and controlling IM traffic. |
| URL: |
|
| 48. |
How should I deploy applications to over 100 desktops in my Windows 2003 environment? |
| SearchSecurity.com application security expert Michael Cobb reviews the tools you need to install and deploy applications over a network and onto the desktops of 100+ users. |
| URL: |
|
| 49. |
If email attachments are sent via SSL will they be encrypted? |
| This application security Ask the Expert Q&A explains what happens to traffic that travels over an SSL connection and details how to keep email messages and attachments secure as they travel to and from email clients and SMTP servers. |
| URL: |
|
| 50. |
What is the average cost of an MSSP? |
| Looking to find the startup and maintenance costs of an MSSP? In this Ask the Expert Q&A, application security expert, Michael Cobb outlines the key issues for businesses to consider when examining managed security arrangements. |
| URL: |
|
| 51. |
How to secure an e-commerce Web site |
| If you need to secure an e-commerce Web site, application security expert, Michael Cobb, has a place to start. In this expert Q&A, Cobb recommends the equipment that will secure your online business. |
| URL: |
|
| 52. |
Will using an SSL digital certificate prevent a Web browser from caching sensitive data? |
| In our expert Q&A, application security expert, Michael Cobb, discusses Web caches and how to control their handling of Web pages and sensitive data. |
| URL: |
|
| 53. |
Which Internet protocol is more secure: FTPS or SCP? |
| In this expert Q&A, Michael Cobb reviews the strengths and weaknesses of various Internet protocols. Learn the pros and cons of FTPS, SCP and SFTP. |
| URL: |
|
| 54. |
Do any freeware tools scan for Ajax vulnerabilities? |
| Securing Ajax applications is a new challenge for anyone developing Web services. In our expert Q&A, Michael Cobb reviews tools that can assess the vulnerabilities of Ajax Web applications. |
| URL: |
|
| 55. |
When choosing a digital certificate, how important is the expiration period? |
| In this expert Q&A, application security pro Michael Cobb helps you plan your digital certificate policy. Cobb emphasizes the importance of keeping your Web server certificates up-to-date. |
| URL: |
|
| 56. |
Will using whitelists and blacklists effectively stop spam? |
| Blacklists and whitelists are two instruments that can fight spam, but are they your best option? Application security expert Michael Cobb provides the antispam answers. |
| URL: |
|
| 57. |
Do XPath injection attacks require the same response as SQL injections? |
| XPath injection attacks are slightly different (and more dangerous) than SQL injections. In this SearchSecurity.com Q&A, application expert Michael Cobb reveals the preventative steps that can protect your systems from either type of assault. |
| URL: |
|
| 58. |
Is Sender ID an effective email authentication tool? |
| Sender ID, used by five million domains, can significantly counter spammers and phishers, but is it the best antispam technology? In this expert Q&A, Michael Cobb reveals the pros and cons of the email authentication framework. |
| URL: |
|
| 59. |
What are application logic attacks? |
| In 2005, application logic flaws allowed alert, Web-savvy gamblers the chance to win a lot of money. In this SearchSecurity.com tip, application security expert Michael Cobb examines these types of vulnerabilities and how they can lead to application attacks. |
| URL: |
|
| 60. |
Controlling U3 smart drive use in the enterprise |
| Many users have loaded Skype on U3 smart drives to get around their company's security policy. In this expert Q&A, application security pro Michael Cobb explains the best ways to control the use of mobile storage devices and protect the confidentiality of your data. |
| URL: |
|
| 61. |
Which Web services provide the best remote help desk support? |
| More and more workers are telecommuting these days, forcing enterprises to search for quality, cost-effective remote help desk support. In this SearchSecurity.com Q&A, application security expert Michael Cobb lays out some of your remote assistance options. |
| URL: |
|
| 62. |
What causes buffer overflows and memory leaks in a Web application? |
| Buffer overflows and memory leaks can cause serious harm to Web applications. In this SearchSecurity.com Q&A, application security expert Michael Cobb reveals how both can lead to security breaches and system compromises. |
| URL: |
|
| 63. |
Will using virtualization software put an enterprise at risk? |
| A virtualized IT infrastructure can simplify operations and save a company money, but is such an environment secure? In this SearchSecurity.com Q&A, application security expert Michael Cobb explains what can go wrong when making the move to virtualization. |
| URL: |
|
| 64. |
Are USB storage devices a serious enterprise risk? |
| USB drives are common gifts at conferences and trade shows, but how much of a danger are they to your enterprise's network security? In this expert Q&A, Michael Cobb explains the risks of these storage devices and how to control their use. |
| URL: |
|
| 65. |
How to ensure that an SSL connection protects sensitive Web data |
| In this expert Q&A, application security pro Michael Cobb explains how to secure sensitive Web site data that is sent across the Internet. |
| URL: |
|
| 66. |
What are the security risks of using an alternative browser? |
| A product like Internet Explorer may be the market leader, but that doesn't mean a thing when it comes to security. In this expert Q&A, application security expert Michael Cobb examines the vulnerabilities in IE and other browser contenders. |
| URL: |
|
| 67. |
Can keyloggers monitor mouse clicks and keyboard entries? |
| Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb. |
| URL: |
|
| 68. |
How can header information track down an email spoofer? |
| Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from. |
| URL: |
|
| 69. |
Are desktop gadgets a target for hackers? |
| Yahoo Widgets, Google Gadgets and other client-side Web applications are currently all the rage. These mini-applications, however, are built like small desktop programs, and they have become a particularly tempting target for hackers. Application security expert Michael Cobb explains. |
| URL: |
|
| 70. |
How secure are document scanners and other 'scan to email' appliances? |
| Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. |
| URL: |
|
| 71. |
What are the drawbacks to application firewalls? |
| Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance issues. |
| URL: |
|
| 72. |
Can DHCP be used to selectively block instant messaging clients? |
| Restricting instant messaging use has been a significant security challenge for organizations, but will DHCP help solidfy an IM policy? In this SearchSecurity.com Q&A, Michael Cobb explains which access control mechanisms are the most effective. |
| URL: |
|
| 73. |
Which email encryption products can be released internationally? |
| In this SearchSecurity.com Q&A, application security expert Michael Cobb explains the email encryption products that can be used outside of the United States. |
| URL: |
|
| 74. |
What are the pros and cons of outsourcing email security services? |
| In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider. |
| URL: |
|
| 75. |
Will log-in form data posted to an SSL page always be encrypted? |
| If a Web page login form is not SSL-protected, but the login data is posted to an SSL page, is the information encrypted and safe? Not at all, says Michael Cobb in this SearchSecurity.com Q&A. |
| URL: |
|
| 76. |
Should third-party software tools be used to customize applications? |
| Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains. |
| URL: |
|
| 77. |
How does SSL 'sit' between the network layer and application layer? |
| SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers. |
| URL: |
|
| 78. |
How to keep personally identifiable information out of access logs |
| Are there products available that can hide the internal IP addresses recorded in log files? Maybe not, but in this expert Q&A, Michael Cobb reveals which tools can prevent the transfer of personally identifiable information to third parties. |
| URL: |
|
| 79. |
Can the symmetric encryption algorithm for S/MIME messages be changed? |
| Encryption algorithm requirements ensure a base level of interoperability among all S/MIME implementations. Email clients, however, can add additional algorithms, provided they correctly identify which algorithms a particular message uses. Expert Michael Cobb explains how. |
| URL: |
|
| 80. |
Will only allowing whitelist email messages stop image spam? |
| Some organizations automatically delete email messages that contain images that are not from whitelist senders. That technique can combat image spam to a certain degree, says Michael Cobb. In this AtE, the application security expert explains what else needs to be done. |
| URL: |
|
| 81. |
Can Snort stop application-layer attacks? |
| Even though Snort can add an important layer of defense for applications, it won't fix the underlying problem of poorly written ones. Michael Cobb reveals a more efficient technique for patching up XSS and SQL injection vulnerabilities. |
| URL: |
|
| 82. |
Will Web application security vendor mergers help buyers? |
| To meet the growing sophistication of Internet threats, security solution providers are feeling pressured to expand their application infrastructures. Michael Cobb explains how an overcrowded Web application security sector means better deals for customers. |
| URL: |
|
| 83. |
How to test an e-commerce Web site's security and privacy defenses |
| Assessing the security of e-commerce sites means checking up on their associated servers, databases and applications. In this expert response, Michael Cobb explains where to start. |
| URL: |
|
| 84. |
Are challenge-response technologies the best way to stop spam? |
| Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity. Though the antispam mechanism has gained popularity, there may be more secure alternatives, says expert Michael Cobb. |
| URL: |
|
| 85. |
Can data anonymization ensure privacy of Web application user data? |
| There are many regulations requiring an organization to protect the personally identifiable information (PII) that it may collect. In this tip, Michael Cobb explains why it may not be too early for data anonymization techniques to help protect Web application user data. |
| URL: |
|
| 86. |
What is the relationship between shellcode and exploit code? |
| Is shellcode always considered exploit code? In this expert response, Michael Cobb breaks down the two malware terms. |
| URL: |
|
| 87. |
Should CS2 applications be downloaded to a removable drive? |
| Even though U3 smart drives can execute Windows-based applications directly, the devices can introduce security risks into the enterprise. Michael Cobb lays out the pros and cons of the technology. |
| URL: |
|
| 88. |
Have vendors secretly placed rootkits on USB thumb drives? |
| You can get rootkits from malicious Web sites and emails, but what about reputable vendors? Application security expert Michael Cobb explains how sneaky malware installation cost one organization a million dollars. |
| URL: |
|
| 89. |
Are encrypted Microsoft Word files safer in transit than PDF files? |
| In this expert Q&A, Michael Cobb demonstrates how a misconfigured firewall makes it easy for some Microsft Word and PDF files to be sniffed in transit. |
| URL: |
|
| 90. |
How secure is online banking today? |
| Most banks take the security of their online services seriously. In this expert Q&A, Michael Cobb explains why online banking is relatively safe -- with the exception of one particular mistake. |
| URL: |
|
| 91. |
Should enterprises use open source productivity suites? |
| Many IT administrators remain wary of open source software, often citing its lack of any warranty protection. Expert Michael Cobb explains why enterprise pros shouldn't worry too much about giving the free tools a try. |
| URL: |
|
| 92. |
What ports should be opened and closed when IPsec filters are used? |
| In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to set up separate branch IPsec filters that connect with a head office. |
| URL: |
|
| 93. |
Will firewalls have to adapt to applications that use port 80? |
| The Web browser is now the most commonly used application user interface, and port 80 is used for the majority of these browser-application communications. App expert Michael Cobb explains how firewall makers have had to adapt their technology accordingly. |
| URL: |
|
| 94. |
How secure is a mobile phone platform with an open source framework? |
| Google's open source approach to mobile platform development has the potential to open up what has been until now a closed industry. Application expert Michael Cobb gives his early thoughts on Google's Android mobile phone. |
| URL: |
|
| 95. |
Which operating system can best secure an FTP site? |
| In this expert Q&A, platform security expert Michael Cobb explains how a secure FTP protocol can improve websites and Web services. |
| URL: |
|
| 96. |
Is security improved when the number of Internet gateways is reduced? |
| A single entry point has often been thought easier to defend than multiple entry points. There are some caveats to reducing the number of Internet gateways, though, as expert Michael Cobb explains. |
| URL: |
|
| 97. |
Are Internet cafe users' email credentials at risk? |
| Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands. |
| URL: |
|
| 98. |
How to test the security of personal details submitted to a website |
| Before offering up personal details to a site, expert Michael Cobb reveals what you can look for to help you perform a quick risk assessment. |
| URL: |
|
| 99. |
Which automated quality assurance tools can be used to test software? |
| If your application development process is not yet addressing security at all six phases of the lifecycle, now is the time to start. Application security expert Michael Cobb explains which quality assurance tools can help. |
| URL: |
|
| 100. |
Has proof-of-concept mobile device malware led to real attacks? |
| Because of the popularity of mobile devices like the iPhone, it's fair to expect real attacks, says expert Michael Cobb. The hard part is knowing when they'll occur. |
| URL: |
|
| 101. |
Protecting exposed servers from Google hacks (and Google 'dorks') |
| Search engines are now routinely used to find ways of gaining unauthorized access to servers. Michael Cobb explains how to avoid exposing your important data to 'Google dorks.' |
| URL: |
|
| 102. |
Can IBM's SMash technology secure Web applications? |
| The idea of mashups -- browser-based applications built by non-technical users cutting and pasting snippets of code pulled from multiple sources -- is bound to seem very frightening. Michael Cobb explores IBM's recent initiative: SMash. |
| URL: |
|
| 103. |
Why is backscatter spam so difficult to block? |
| When an email address is comandeered by a malicious hacker to send spam, the backscatter can quickly fill an inbox and clog bandwidth. Is there any way to prevent this? Expert Michael Cobb gives advice. |
| URL: |
|
| 104. |
Is it possible to ban chat programs on an enterprise LAN? |
| Chat programs can undermine enterprise security, but what's the best way to get rid of them? Application security expert Michael Cobb gives his suggestions. |
| URL: |
|
| 105. |
The risks of disabling User Account Control (UAC) on Windows Vista |
| It may upgrade the user experience to disabe the User Account Control (UAC) feature, but there are some serious security risks. Application security expert Michael Cobb gives advice. |
| URL: |
|
| 106. |
Is the iPhone amenable to any method of email encryption? |
| When it comes to sending and receiving email, the iPhone offers some security benefits. Michael Cobb reviews the mobile devices' current email features and what messaging security mechanisms are on the way. |
| URL: |
|
| 107. |
What are effective ways to stop instant messaging (IM) spam? |
| In this expert Q&A, Michael Cobb reveals what techniques and tools can be used to stop instant messaing spam, or spim, in the enterprise. |
| URL: |
|
| 108. |
Is it impossible to successfully remove a rootkit? |
| In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove. |
| URL: |
|
| 109. |
How can quality assurance tools aid software development? |
| There are an increasing number of tools aimed at improving software quality control and assurance, and they can certainly play a role in producing higher quality software. In this expert Q&A, Michael Cobb explains why the QA products may not be worth the effort. |
| URL: |
|
| 110. |
What risks do application virtualization products pose? |
| Phrases that continue to be used to describe application virtualization are "isolation" or "bubble," but Michael Cobb examines the possible threats entering or escaping those 'isolated' environments. |
| URL: |
|
| 111. |
Do mobile devices put sensitive data at risk when used overseas? |
| Any wireless electronic device is subject to eavesdropping or infection, but the risk increases dramatically when traveling to countries where a device connects to a local service provider which may be government-controlled. |
| URL: |
|
| 112. |
How to prevent cross-site scripting (XSS) session hijacking |
| Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses. |
| URL: |
|
| 113. |
Can USB compromise the security of an embedded mobile device? |
| USB is only a standard to interface devices to a host computer. Expert Michael Cobb explains why it doesn't provide any security features to protect data that passes through the connection. |
| URL: |
|
| 114. |
Can Google Earth and other mash-up applications threaten enterprise security? |
| In an expert Q&A, Michael Cobb explores the security issues that occur when an emerging mash-up application like Google Earth is used in the enterprise. |
| URL: |
|
| 115. |
Do European laws prevent a U.S. company from blocking spam? |
| Michael Cobb explores how the Internet -- and the ability to send messages quickly and easily to other countries --has complicated matters of jurisdiction. |
| URL: |
|
| 116. |
Are message stubs a secure part of email retention policies? |
| Because deleting older emails is not an option for many companies, email "stubs" have been an alternative for organizations looking to archive their messages. Michael Cobb reviews email stubbing and its possible security limitations. |
| URL: |
|
| 117. |
How secure are iPhone App Store mobile applications? |
| Expert Michael Cobb reviews the steps that Apple has taken to ensure the quality and safety of any applications developed for the iPhone. |
| URL: |
|
| 118. |
What security software should be installed on Internet café computers? |
| The security provided by many Internet cafes and other similar public access points has greatly improved over the last few years. But that's no substitute for due diligence on the part of users, says expert Michael Cobb. |
| URL: |
|
| 119. |
What does 'invoked by uid 78' mean? |
| Are you seeing a 'uid 78' in your emails? In this expert response, Michael Cobb explains what the message means. |
| URL: |
|
| 120. |
Are Web application penetration tests still important? |
| Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and coding errors. |
| URL: |
|
| 121. |
Can one antivirus program be used to get rid of spyware? |
| Now that users have come to better understand the dangers of spyware and vendors have developed more efficient ways to tackle security problems, it is safe to trust one antispyware program to get rid of spyware. |
| URL: |
|
| 122. |
How does a Web server model differ from an application server model? |
| A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers. |
| URL: |
|
| 123. |
How to ensure the security of a shopping cart application |
| In this expert response, Michael Cobb explains how threat modeling can help you secure your shopping cart application. |
| URL: |
|
| 124. |
When to use the service features of the Metasploit hacking tool |
| In this expert response, Michael Cobb explains why offloading resource-intensive penetration testing tasks to Metasploit may be an attractive option. |
| URL: |
|
| 125. |
How to manage patches for Adobe |
| If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain. |
| URL: |
|
| 126. |
Preventing cross-site request forgery attacks |
| Application security expert Michael Cobb explains how to stop cross-site request forgery attacks. |
| URL: |
|
| 127. |
When is it suitable to remove Java updates? |
| In this expert response, Michael Cobb explains when older Java updates should be removed from client systems. |
| URL: |
|
| 128. |
How can URL-shortening services be manipulated? |
| Expert Michael Cobb explains why URL-shortening services are another avenue of attack. |
| URL: |
|
| 129. |
Is my security program ready for Web application firewall deployment? |
| Expert Michael Cobb reviews how to make sure that a Web application firewall deployment will provide a real benefit. |
| URL: |
|
| 130. |
Is there a way to block iPhone widgets that bypass Web filters? |
| If students are using your Wi-Fi to reach unapproved websites, you have the ability to take greater control of your network. Michael Cobb reviews the important aspects of a Web usage policy. |
| URL: |
|
| 131. |
Should enterprises be concerned with Twitter in the workplace? |
| Expert Michael Cobb explains how concerned you should be with Twitter use inside the company. |
| URL: |
|
| 132. |
Are there still Google Desktop security problems? |
| Expert Michael Cobb explains why Google Desktop's "search across computers" feature has been so controversial. |
| URL: |
|
| 133. |
Will an application usage policy best control network bandwidth? |
| When it comes to speeding up the network, what works best: policy or technology? Both are important and should be used together, says expert Michael Cobb. |
| URL: |
|
| 134. |
Can an IP spoofing tool be used to spam SPF servers? |
| Michael Cobb explains what the Sender Policy Framework can and cannot protect against, including IP spoofing attacks. |
| URL: |
|
| 135. |
Do Facebook URL security concerns justify blocking social networks? |
| Michael Cobb explains why the privacy concerns with Facebook URLs are not a serious threat to the enterprise. |
| URL: |
|
