Expert analysis
Security for Websites – Breaking Sessions to Hack Into a Machine
Security on websites is based on session management. When a user connects to a secure website, they present credentials that testify to their identity, usually in the form of …
Microsoft Patch Tuesday Brings Eight Critical Vulnerabilities
Microsoft alerted us this time about 12 vulnerabilities of which eight were rated critical, three important and one moderate. Here comes another cumulative security update for …
Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London
The Information Security Group at Royal Holloway is one of the world’s largest academic research groups in information security, with about 15 permanent academic staff, …
How To Win Friends And Influence People With IT Security Certifications
“If you do not see the way, you do not see it even as you walk on it.” (Zen Koan) Huddled over a drink at the Appelmans Brasserie (and Absinthe Bar – plus, …
Understanding Technical vs. Logical Vulnerabilities
On Nov, 11, 2003, the chess-playing machine X3D Fritz tied grandmaster and former world champion Garry Kasparov in a four-game match. In this classic contest of Man vs. …
HNS Podcast: Nortel’s Approach To Security
Welcome to the first Help Net Security Podcast. We are going to be focusing on the enterprise and informing you on new products and technologies. While at the Infosecurity …
How Companies Can Manage Strong Authentication Intelligently
According to the latest figures from the Department of Trade & Industry, eight out of ten UK firms offer its employees the option of working from home for at least part …
Cross-Site Scripting Worms and Viruses: The Impending Threat and the Best Defense
On October 4, 2005, the “Samy Worm1” became the first major worm to use Cross-Site Scripting2 (“XSS”) for infection propagation. Overnight, the worm …
Identity Theft – Should You Be Worried?
Pick up any magazine or newspaper, surf to any Internet technology or news site, turn on the TV and listen to the news and it becomes apparent that identity theft is a major …
Automated Patch Management
It’s nearly impossible to escape computer-based information in today’s high-tech society. From doctors’ offices to hardware stores, organizations and …
A Modular Approach to Data Validation in Web Applications
Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach …
Intelligence as the Basis for Proactive Security Risk Management
There has been a significant shift recently in the sophistication of network attacks as these morph from unstructured to structured threats. Users not only face a broader …