 |
|
|
|
|
| 1. |
What are polymorphic viruses? |
| Polymorphic viruses are built to dodge signature-based detection technologies. In this expert Q&A, Ed Skoudis examines the morphing malware and reveals which defenses are keeping up with the threat. |
| URL: |
|
| 2. |
Can a certificate authority be trusted? |
| It's important to verifiy a root certificate's legitimacy, but with hundreds of issued certificates, the task can be overwhelming. In this expert Q&A, Ed Skoudis reveals what research needs to be done before importing a certificate into your browser. |
| URL: |
|
| 3. |
Are attackers using malware to exploit service oriented architectures? |
| Malware writers aren't taking advantage of service-oriented architectures. Not yet, anyways. In this expert Q&A, Ed Skoudis explains the vulnerabilities of an SOA, and why it's a potential target for malicious hackers. |
| URL: |
|
| 4. |
Are iPhone security risks different than those of other mobile devices? |
| The security risks of an iPhone are comparable to other wireless devices, but the iPhone does bring some special issues that are a cause for concern. |
| URL: |
|
| 5. |
Can threat modeling help enterprises? |
| In this expert response, Ed Skoudis explains how threat modeling can determine an organization's greatest threats and associated risks. |
| URL: |
|
| 6. |
Best practices for using restriction policy whitelists |
| Ed Skoudis discusses which systems should be considered for software restriction policy whitelists, and unveils how whitelisting can improve security. |
| URL: |
|
| 7. |
Are social networking sites an easy target for malicious hackers? |
| With the rise of social networking giants like MySpace and Facebook, it makes sense that there would also be a rise in malware to attack them. |
| URL: |
|
| 8. |
Are there antivirus suites that pick up more than just run-of-the-mill viruses? |
| There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware. |
| URL: |
|
| 9. |
Does the iPhone SDK effectively increase the risk iPhones pose? |
| As the iPhone user base grows, it will become a greater and greater target for malware. Learn best practices to mitigate iPhone risk from information security threats expert John Strand. |
| URL: |
|
| 10. |
Does widget malware on social networking sites threaten enterprises? |
| Protecting enterprise networks from the malware on popular social networking sites is a complicated issue. Information security threats expert John Strand gives advice. |
| URL: |
|
| 11. |
Will the CERT security incident-response project benefit infosec pros? |
| Many security professionals lack a management-level understanding of incident response. Expert John Strand gives advice on how CERT security incident-response project can help. |
| URL: |
|
| 12. |
How can an enterprise-wide network prevent denial-of-service attacks? |
| Denial-of-service (DoS) attacks are often associated only with one type of flood attack, but there are many to look out for. Information security threats expert John Strand weighs in. |
| URL: |
|
| 13. |
Can "good" botnets fight bad botnets? |
| Is a battle of the botnets security brilliance or destined to backfire? Information security threats expert John Strand gives advice. |
| URL: |
|
| 14. |
What is the best way to manually test for buffer overflows? |
| There are two ways of reviewing a program for buffer overflows. Michael Cobb explains how to examine a program's source code and file code. |
| URL: |
|
| 15. |
Can virtualized applications interact without permission? |
| If a guest OS in a virtualized system is compromised, it could theoretically go through the hypervisor layer and compromise the rest of the guest operating systems. But what about an environment with virtualized applications? |
| URL: |
|
| 16. |
What is the best way to conduct a rootkit-specific risk assessment? |
| When dealing with rootkits, many security professionals focus on tools and technology. John Strand explains why developing a security team's ability to deal with rootkits is a much more effective technique. |
| URL: |
|
| 17. |
What are the basics of a Web browser exploit? |
| John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. |
| URL: |
|
| 18. |
Are daily antivirus scans in XP Normal Mode effective? |
| For detection, it is great to have antivirus in an enterprise environment running at regularly scheduled times, but it is not the only vector that should be used to identify malware. John Strand reveals some of the others. |
| URL: |
|
| 19. |
What can encoded syntax attacks do to Web applications? |
| In this Q&A, expert Michael Cobb explains how to test Web servers so that they are not vulnerable to encoded syntax attacks |
| URL: |
|
| 20. |
To prevent cross-site scripting, should specific words and characters be rejected? |
| In this expert Q&A, John Strand explains which application development best practices can stop cross-site scripting attacks. |
| URL: |
|
| 21. |
How easily can spyware be placed on a mobile phone? |
| John Strand reveals just how easy it is for malware and spyware to be placed on your mobile devices. |
| URL: |
|
| 22. |
Does cloud-based antivirus provide better malware detection? |
| Expert John Strand explains some of the drawbacks of a cloud-based antivirus system. |
| URL: |
|
| 23. |
How to secure a website containing badware (banner82) |
| In an expert Q&A, John Strand reviews how SQL injection attacks can lead to banner82 attacks and a "badware" label for your website. |
| URL: |
|
| 24. |
How can 419 scam emails and backscatter spam be stopped? |
| A 419 scam is just one example of backscatter spam. John Strand explains which long-term solutions can help combat these particular kinds of unwanted messages. |
| URL: |
|
| 25. |
How to prevent SSH brute force attacks |
| Brute force attacks on the Secure Shell (SSH) service have been used more frequently to compromise accounts and passwords. Expert John Strand explains how to defend against these brute-force threats. |
| URL: |
|
| 26. |
How are companies removing malware from blogs? |
| What are most companies doing today to protect against malware picked up from blog sites? Not much at all, says information security threat expert John Strand. |
| URL: |
|
| 27. |
How to detect keyloggers |
| In this expert response, Michael Cobb explains how to detect the many rootkits available to today's attackers. |
| URL: |
|
| 28. |
Is there a spy on my mobile device? |
| This is a growing area of concern, as many people are trying to get more and more "hands-free" with their phones. John Strand explains how some hackers can eavesdrop on mobile phone conversations. |
| URL: |
|
| 29. |
When should new browsers be adopted in an enterprise? |
| It's helpful for organizations to look into alternative technologies and browsers, says expert John Strand, but you must always be aware of complexity and its effect on your security architecture. |
| URL: |
|
| 30. |
What are today's antivirus software trends? |
| Expert John Strand reveals two exciting trends in antivirus software. |
| URL: |
|
| 31. |
How to detect input validation errors and vulnerabilities |
| Expert John Strand reviews how to spot input validation flaws on your websites. |
| URL: |
|
| 32. |
How to prevent and build protection against online identity theft |
| In this expert response, John Strand explains what to do when your personal identity is impersonated online. |
| URL: |
|
| 33. |
Can secure USB devices prevent man-in-the middle attacks |
| Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks. |
| URL: |
|
| 34. |
Sherri Davidoff |
| Sherri Davidoff, SearchSecurity.com's resident information security threat expert, is the co-author of the new SANS course "Sec558: Network Forensics" and author of Philosecurity. |
| URL: |
|
| 35. |
How to get rid of malware, botnets on a hospital IT network |
| Hospital networks are among the most challenging environments to manage. New information security threat expert Sherri Davidoff explains how healthcare facilities can deal with botnet threats. |
| URL: |
|
| 36. |
Should a national cybersecurity strategy include offensive botnets? |
| Government entities are subject to the same information security problems as any other. New information security threats expert Sherri Davidoff, however, explains why introducing an offensive botnet into a national cybersecurity strategy would be a foolish idea. |
| URL: |
|
| 37. |
How can search results lead to malware? |
| Search engines aren't fundamentally designed to find trustworthy sites, just popular and relevant ones. Expert Sherri Davidoff explains how attackers are injecting malicious pages into search results. |
| URL: |
|
| 38. |
How to prevent brute force webmail attacks |
| Expert Sherri Davidoff explains why brute-force attacks on webmail accounts are such a popular hacking technique. |
| URL: |
|
| 39. |
How to prevent mobile phone spying |
| Your cell phone conversations and wireless activity are not private, says resident threat expert Sherri Davidoff, and it's important to remember that mobile phone spying is far too easy. |
| URL: |
|
