Ask the Experts

Ask the Experts

Web security tools and best practices

• How can domain generation algorithms be used to bypass ad blockers?

  An ad network used domain generation algorithms to bypass ad blockers and launch cryptomining malware. Expert Michael Cobb explains how and the best way to prevent these attacks.  Continue Reading

• What risks do untrusted certificates pose to enterprises?

  Researchers found that untrusted certificates are still used on many major websites. Expert Michael Cobb discusses the security risks of sticking with these certificates.  Continue Reading

• How did an Electron framework flaw put Slack at risk?

  An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it.  Continue Reading

• How can a Moxa MXview vulnerability be exploited by hackers?

  A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation.  Continue Reading

• Internet Explorer bug: How does it expose address bar info?

  A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL tracking with Nick Lewis.  Continue Reading

• How can improper certificate pinning be stopped by the Spinner tool?

  Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the Spinner tool.  Continue Reading

• The Keeper browser extension flaw: How can users stay secure?

  The Keeper browser extension had a vulnerability that highlighted security issues with password managers. Expert Michael Cobb looks at how to avoid security flaws in these tools.  Continue Reading

• Uber breach: How did a private GitHub repository fail Uber?

  The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred.  Continue Reading

• How did OurMine hackers use DNS poisoning to attack WikiLeaks?

  The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.  Continue Reading

• Typosquatting: How did threat actors access NPM libraries?

  Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it means for users.  Continue Reading

• Antivirus tools: Are two programs better than one?

  Antivirus software is crucial to your device's security. However, less is often more, especially when considering a secondary free antivirus program. Nick Lewis explains why.  Continue Reading

• Katyusha Scanner: How does it work via a Telegram account?

  The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works.  Continue Reading

• Public key pinning: Why is Google switching to a new approach?

  After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch.  Continue Reading

• Advanced Protection Program: How has Google improved security?

  Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors.  Continue Reading

• Canvas fingerprinting: How does it compromise security?

  Mozilla recently decided to pull the HTML canvas element from the Firefox browser. Learn from expert Matt Pascucci what this means for the security and privacy of users.  Continue Reading