Expert analysis
Surf Jacking: HTTPS Will Not Save You
In this paper we will describe a security issue that affects major web sites and their customers. Attackers exploiting this vulnerability are able to hijack an HTTP session …
Q&A: E-mail spam and Software as a Service (SaaS) solutions
David Vella is the Director of Product Management at GFI with experience in quality assurance, network administration and software development. In this Q&A he provides …
Cybercrime and Politics
As citizens of the United States prepare to cast their votes in the upcoming presidential election, the time is right to consider what implications, if any, Internet-borne …
Traditional vs. Non-Traditional Database Auditing
Traditional native audit tools and methods are useful for diagnosing problems at a given point in time, but they typically do not scale across the enterprise. The auditing …
Q&A: SSL VPN Security
Max Huang is the founder and Executive Vice President of O2Micro and President for O2Security, a subsidiary company of O2Micro. In this interview he discusses the importance …
Security Policy Considerations for Virtual Worlds
Virtual worlds increasingly offer significant outreach and business development opportunities to companies, governments, and the world at large. These virtual worlds – …
Q&A: Web 2.0 Security
Sam Masiello oversees the MX Logic Threat Operations Center. Masiello has more than 18 years of email systems and IT management experience, including nearly 10 years network …
The Vulnerability Economy
Jeff Moss, the founder of DEFCON and Black Hat, discusses the unfolding of the vulnerability economy. Nowadays, instead of exposing high profile zero-day vulnerabilities at …
DNS Vulnerability Overview and Suggested Mitigations
On July 9th, 2008 a massive effort was made among software and hardware vendors to release a simultaneous patch to their products. This patch was created to mitigate or …
Q&A: Insider Threat
Bob Farber is the CEO of Symark. Prior to joining Symark, Mr. Farber was the Manager of Technical Support Operations for Candle Corporation. In this interview he discusses the …
The Extended HTML Form Attack Revisited
HTML forms are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has …
Q&A: Software-as-a-Service and Threat Management
Misha Govshteyn is the CTO and responsible for security strategy, security research and operations at Alert Logic. In this interview he discusses Software-as-a-Service (SaaS), …