Ask the Experts

Ask the Experts

• Same-origin policy: How did Adobe Flash Player's implementation fail?

  The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.  Continue Reading

• How can a distributed guessing attack obtain payment card data?

  Attackers can gather payment card data by carrying out distributed guessing with a minimal amount of existing information. Expert Michael Cobb explains how this attack works.  Continue Reading

• Panasonic Avionics IFE systems: How serious are the vulnerabilities?

  Panasonic Avionics' in-flight entertainment system vulnerabilities allow attackers to tamper with passenger seat displays. Expert Michael Cobb explains the impact of these flaws.  Continue Reading

• How does an active defense system benefit enterprise security?

  Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.  Continue Reading

• How does IP hijacking work and how can it be prevented?

  IP hijacking incidents are on the rise because IP addresses can be easily targeted. Expert Judith Myerson explains how these attacks work and how they can be prevented.  Continue Reading

• How does the boot mode vulnerability in Android work?

  A boot mode vulnerability allowed attackers to eavesdrop on calls made on certain Android devices. Expert Judith Myerson explains how the complex exploit works.  Continue Reading

• How can enterprises stop the Flip Feng Shui exploit from hijacking VMs?

  The Flip Feng Shui attack can target virtual machines. Expert Judith Myerson explains the exploit and describes how to prevent it from hijacking enterprise VMs.  Continue Reading

• How does Ticketbleed affect session ID security?

  The Ticketbleed bug in some F5 Networks products caused session IDs and uninitialized memory to leak. Expert Judith Myerson explains what a session ID is and how attackers use it.  Continue Reading

• How does USB Killer v3 damage devices through their USB connections?

  USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and how to defend against this threat.  Continue Reading

• How does Exaspy spyware disguise itself on Android devices?

  Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection.  Continue Reading

• How does Nemucod malware get spread through Facebook Messenger?

  The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack.  Continue Reading

• What is the impact of the Siemens SCADA vulnerability?

  Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.  Continue Reading

• How does the PoisonTap exploit bypass password locks on computers?

  The PoisonTap exploit can bypass password locks on computers, enabling an attacker to remotely control systems. Expert Nick Lewis explains how the attack works.  Continue Reading

• What should be included in a social media security policy?

  A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media policies.  Continue Reading

• What are the possible benefits of a cybersecurity training center?

  A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises? Expert Mike O. Villegas explains.  Continue Reading