Get expert insights on the latest developments in cybersecurity to stay ahead of the curve.
It’s a familiar scene played out in waiting lines, airport gates, and restaurants every day. Someone scrolls through their handheld device, scans some text, shakes their head worriedly or angrily then rushes to make a call to the office or a business colleague. While the finer points of whether or not checking messages in… Read more
Cross-site scripting (XSS) and SQL injection flaws are among the most common and lethal types of security vulnerabilities. Both sets of flaws often stem from the same root cause, which is typically some form of an input validation issue. Ensuring that input validation is done correctly is no easy task, which is where the new… Read more
Learn how to surf websites vulnerable to Firesheep without getting fleeced. Years after BlackHat sidejacking demos, far too many websites remain vulnerable to this session cookie hijack attack. Frustrated by apathy and inaction, web developer Eric Butler and colleague Ian Gallagher decided to raise awareness with Firesheep – a Firefox plug-in that makes sidejacking as… Read more
Email has long been described as the “killer app” that attracted masses to the Internet starting in the mid-90’s. By one estimate, as of May 2009 some 247 billion emails are sent per day. Despite its massive and widespread use, the vast majority of these emails are relatively insecure. A conventional email message is vulnerable… Read more
Wireless security concerns don’t seem to be slowing hotspot growth. In 3Q09, AT&T hotspots serviced over 25 million Wi-Fi sessions – 66 percent more than in 2Q09. Aircell now offers in-flight Wi-Fi service on over 4,000 flights per day. In my hometown (Philadelphia), Comcast just launched over 2000 new Xfinity hotspots. Yet, few public hotspots… Read more
The Enterprise mode of Wi-Fi Protected Access (WPA or WPA2) encryption uses 802.1X authentication to provide better security for wireless networks. This mode should be used by all businesses and organizations (no matter how small) rather than the Personal or Pre-Shared Key (PSK) mode. There are myriad reasons why your business’s Wi-Fi network should be… Read more
If your employees carry sensitive company data on unencrypted laptops, portable hard drives or USB flash drives, your job and theirs may be in jeopardy. We report cases almost weekly in these pages of lost or stolen computers and drives with unencrypted data, and the havoc that ensues. Sometimes you shake your head in wonder… Read more