Lisa Phifer Avatar
  • Top 5 PDF Risks and How to Avoid Them

    In early 2010, PDF exploits were by far the most common malware tactic, representing more than 47 percent of all Q1 infections tracked by Kaspersky Labs. By mid-year, PDF exploits had fallen to 30 percent, overtaken by Java. However, PDF remains the world’s second most popular target. For those running PDF software – lead by […]

  • Top 10 Android Security Risks

    Last year, Android became the world’s second favorite mobile OS, racing past BlackBerry and Apple. 67 million of the nearly 300 million smartphones sold in 2010 were Android-powered devices like the Samsung Galaxy S, Motorola Droid X, and HTC EVO. New Android 3.0 (“Honeycomb”) tablets will spur even more growth this year. As a result, […]

  • Top 10 Data Breaches of 2010

    No organization wants to make breach headlines; many have spent considerable sums to avoid them. And yet, huge data breaches are still being reported. The Identity Theft Resource Center catalogued 662 breaches in 2010, exposing more than 16 million records. Back in 2009, Heartland took first place by losing 130 million records to one SQL […]

  • 10 Ways to Protect Yourself from Firesheep Attacks

    Learn how to surf websites vulnerable to Firesheep without getting fleeced. Years after BlackHat sidejacking demos, far too many websites remain vulnerable to this session cookie hijack attack. Frustrated by apathy and inaction, web developer Eric Butler and colleague Ian Gallagher decided to raise awareness with Firesheep – a Firefox plug-in that makes sidejacking as […]

  • Top Ten Ways to Avoid an Evil Twin Attack

    Wireless security concerns don’t seem to be slowing hotspot growth. In 3Q09, AT&T hotspots serviced over 25 million Wi-Fi sessions – 66 percent more than in 2Q09. Aircell now offers in-flight Wi-Fi service on over 4,000 flights per day. In my hometown (Philadelphia), Comcast just launched over 2000 new Xfinity hotspots. Yet, few public hotspots […]

  • Network Security Review: CACE Pilot

    Protocol analyzers are often used to capture, decode, and evaluate traffic flows and packets for network debugging, troubleshooting, and optimization. But did you know that a protocol analyzer can also be indispensable for security incident investigation? Perhaps the best-known open source protocol analyzer is Wireshark (nee Ethereal), capable of decoding scads of protocols, captured from […]

  • Top Ten Free Wi-Fi Security Test Tools

    All new Wi-Fi CERTIFIED products support WPA2 (AES-CCMP) security, but that’s not enough to harden a WLAN against attack. Breaches can still be caused by policy, configuration, and coding mistakes, overly-friendly clients, or unauthorized APs. Continuous surveillance and periodic assessments are important to spot (and then patch!) these and other WLAN vulnerabilities. You can’t conduct […]

  • Top Ten Phishing Facts

    Every e-mail user has experienced phishing first-hand. Phishing refers to fraudulent communications that use social engineering and technical subterfuge to bait victims into disclosing personal identities and credentials. Phishing is big business: Criminals reel in billions from fraudulent financial transactions, executed with phished data. With so much at stake, can you recognize a phish when […]

  • Top Ten Wi-Fi Security Threats

    Gone are the early days of Wi-Fi, when CSOs lost sleep over threats like WEP cracking and war driving. 802.11n products have matured to the point where many enterprises are investing in larger, faster WLANs to support mission-critical applications. And yet, pros know that security is never to be taken for granted. Here, we offer […]

  • The Caffe Latte Attack: How It Works — and How to Block It

    The flaws that make WEP vulnerable were documented back in 2001, prompting development of dozens of cracking tools. Until recently, those attacks focused on traffic captured from active networks, requiring proximity to the targeted business. But lately, focus has shifted to off-site clients that are not connected to any network. By exploiting driver flaws, exposed […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis