Ask the Experts

Ask the Experts

• Canvas fingerprinting: How does it compromise security?

  Mozilla recently decided to pull the HTML canvas element from the Firefox browser. Learn from expert Matt Pascucci what this means for the security and privacy of users.  Continue Reading

• What went wrong with the Dirty COW vulnerability patch?

  A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what went wrong.  Continue Reading

• How should enterprise firewall settings be reviewed?

  Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses how to review firewall policies.  Continue Reading

• How is IP theft possible despite cryptographic protections?

  Expert Judith Myerson explains how IP theft can happen despite the cryptographic protections in IEEE standard P1735, as well as what can be done to protect intellectual property.  Continue Reading

• How can a BGP vulnerability in Cisco products be fixed?

  A BGP vulnerability in some Cisco products enabled denial-of-service attacks. Expert Judith Myerson explains the vulnerability and how Cisco fixed the problem.  Continue Reading

• Unknown apps: How does Android Oreo control installation?

  Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver explains what this change means.  Continue Reading

• Vulnerability scans: How effective are they for web apps?

  Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can be missed by security teams.  Continue Reading

• Android bootloader: How does it work and what is the risk?

  Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present.  Continue Reading

• How should undocumented features in software be addressed?

  Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.  Continue Reading

• Broadpwn flaw: How does the new iOS exploit compare?

  An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works.  Continue Reading

• Can a decentralized open source community properly address security?

  SearchSecurity talks with UC Berkeley Professor Steven Weber about the open source community, the security challenges facing it and the prospect of software liability.  Continue Reading

• What is emotional data and what are the related privacy risks?

  SearchSecurity talks with UC Berkeley professor Steven Weber about the concept of emotional data, where it comes from and how it can potentially be used -- and abused.  Continue Reading

• Brutal Kangaroo: How does it hop to air-gapped computers?

  The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis.  Continue Reading

• Antimalware software: How can Windows 10 disable it?

  Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being blocked and how this can be fixed.  Continue Reading

• QakBot malware: How did it trigger Microsoft AD lockouts?

  QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks are being carried out.  Continue Reading