Michael Cobb CISSP-ISSAP - SearchSecurity SearchSecurity How can a distributed guessing attack obtain payment card data? 02 May 2017 SearchSecurity Panasonic Avionics IFE systems: How serious are the vulnerabilities? 01 May 2017 SearchSecurity Identity and access management strategy: Time to modernize? 19 Apr 2017 SearchSecurity How have ARM TrustZone flaws affected Android encryption? 07 Apr 2017 SearchSecurity How serious is a malicious DLL file vulnerability for enterprises? 06 Apr 2017 SearchSecurity Insecure OAuth implementations: How are mobile app users at risk? 05 Apr 2017 SearchSecurity How does a WebKit framework flaw enable denial-of-service attacks? 04 Apr 2017 SearchSecurity How did firmware create an Android backdoor in budget devices? 03 Apr 2017 SearchSecurity 1024-bit encryption keys: How 'trapdoored' primes have caused insecurity 30 Mar 2017 SearchSecurity Attack by TIFF images: What are the vulnerabilities in LibTIFF? 10 Mar 2017 SearchSecurity CJIS Security Policy: How can companies ensure FIPS compliance? 09 Mar 2017 SearchSecurity How can attacks bypass ASLR protection on Intel chips? 08 Mar 2017 SearchSecurity How can the Dirty COW vulnerability be used to attack Android devices? 07 Mar 2017 SearchSecurity SHA-1 certificates: How will Mozilla's deprecation affect enterprises? 06 Mar 2017 SearchSecurity What caused the ClixSense privacy breach that exposed user data? 10 Feb 2017 SearchSecurity What global threat intelligence can and can't do for security programs 09 Feb 2017 SearchSecurity How did iOS 10 security checks open brute force risk on local backups? 09 Feb 2017 SearchSecurity HTTP public key pinning: Is the Firefox browser insecure without it? 08 Feb 2017 SearchSecurity How did a Signal app bug let attackers alter encrypted attachments? 07 Feb 2017 SearchSecurity How does Overseer spyware work on infected Android apps? 06 Feb 2017 SearchSecurity How are hackers using Twitter as C&C servers for malware? 06 Jan 2017 SearchSecurity How can two-factor authentication systems be used effectively? 04 Jan 2017 SearchSecurity How does a Linux vulnerability allow attacks on TCP communications? 04 Jan 2017 SearchSecurity FIDO authentication standard could signal the passing of passwords 03 Jan 2017 SearchSecurity How to buy digital certificates for your enterprise 03 Jan 2017 SearchSecurity What new NIST password recommendations should enterprises adopt? 02 Jan 2017 SearchSecurity SWIFT network communications: How can bank security be improved? 23 Dec 2016 SearchSecurity Test your privileged user management knowledge 01 Dec 2016 SearchSecurity Can an HTML5 document with a digital signature be authenticated? 25 Oct 2016 SearchSecurity Preventing privilege creep: How to keep access and roles aligned 24 Oct 2016 SearchSecurity Trusted? Certificate authority risks and how to manage them 21 Sep 2016 SearchSecurity Planning for an IPv6 attack: DDoS, neighbor discovery threats and more 02 Sep 2016 SearchSecurity How can the AirDroid app phone hijacking be prevented? 04 Jul 2016 SearchSecurity Why signature-based detection isn't enough for enterprises 18 May 2016 SearchSecurity How can Kerberos protocol vulnerabilities be mitigated? 06 May 2016 SearchSecurity Breaking down the DROWN attack and SSLv2 vulnerability 21 Apr 2016 SearchSecurity How does the M-Pesa service work and what are the risks? 13 Apr 2016 SearchSecurity What's the difference between two-step verification and 2FA? 22 Mar 2016 SearchSecurity Microsoft Device Guard tackles Windows 10 malware 11 Jan 2016 SearchSecurity Should the RC4 cipher still be used in enterprises? 30 Dec 2015 SearchSecurity How can software transplants fix bad code? 28 Dec 2015 SearchSecurity Can Google's Chrome extension policy improve Web security? 16 Nov 2015 SearchSecurity Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool 30 Oct 2015 SearchSecurity Getting to the bottom of the software vulnerability disclosure debate 12 Oct 2015 SearchSecurity Can a new encryption trick prevent reverse engineering? 17 Aug 2015 SearchSecurity How can I mitigate the risks of alternative Android browsers? 13 Aug 2015 SearchSecurity Is third-party access the next IAM frontier? 03 Aug 2015 SearchSecurity Certificate authorities are limited but new TLS versions can help 15 Jul 2015 SearchSecurity From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan 13 Jul 2015 SearchSecurity SSL/TLS security: Addressing WinShock, the Schannel vulnerability 06 Feb 2015 SearchSecurity The POODLE vulnerability and its effect on SSL/TLS security 16 Jan 2015 SearchSecurity Detecting backdoors: The Apple backdoor that never was? 07 Jan 2015 SearchSecurity Can setting a cache-control header improve application data security? 01 Dec 2014 SearchSecurity Are LibreSSL and BoringSSL safe OpenSSL alternatives? 01 Dec 2014 SearchSecurity SHA-2 algorithm: The how and why of the transition 17 Oct 2014 SearchSecurity Security School: Distributed denial-of-service attack defense 29 Aug 2014 SearchSecurity Are malicious mobile apps a mere inconvenience or a real threat? 11 Jun 2014 SearchSecurity Authentication caching: How it reduces enterprise network congestion 28 Mar 2014 SearchSecurity Preventing plaintext password problems in Google Chrome 30 Jan 2014 SearchSecurity The value of 2,048-bit encryption: Why encryption key length matters 07 Oct 2013 SearchSecurity Can an unqualified domain name cause man-in-the-middle attacks? 10 Sep 2013 SearchSecurity Quiz: Database security issues 30 May 2013 SearchSecurity Bing security: Is search engine poisoning a problem for Bing users? 12 Mar 2013 SearchSecurity Quiz: Targeted attacks 07 Mar 2013 SearchSecurity What risk does the Apple UDID security leak pose to iOS users? 12 Feb 2013 SearchSecurity Windows Server 2012 security: Is it time to upgrade? 08 Jan 2013 SearchSecurity Examining Kindle Fire security, Silk browser security in the enterprise 07 May 2012 ComputerWeekly.com Segregation of duties: Small business best practices 19 Dec 2011 SearchSecurity OAuth 2.0: Pros and cons of using the federation protocol 09 Nov 2011 SearchSecurity Comparing relational database security and NoSQL security 17 Oct 2011 SearchSecurity How to mitigate the risk of a TOCTTOU attack 31 Aug 2011 SearchSecurity How MAC and HMAC use hash function encryption for authentication 30 Aug 2011 ComputerWeekly.com Best practices for audit, log review for IT security investigations 08 Aug 2011 ComputerWeekly.com Website secure login: Alternatives to out-of-wallet questions 27 Jul 2011 ComputerWeekly.com What is OpenID? How to use OpenID SSO in your organisation 22 Mar 2011 SearchMobileComputing Can smartphones get viruses and spread them to the network? 28 Feb 2011 ComputerWeekly.com How to detect hacking with a Microsoft file integrity checker 24 Nov 2010 ComputerWeekly.com How to use the Microsoft FCIV command-line checksum tool 17 Nov 2010 ComputerWeekly.com Microsoft security tools: MBSA and MSAT explained 01 Sep 2010 SearchSecurity Why it's important to turn on DEP and ASLR Windows security features 05 Jul 2010 ComputerWeekly.com Prevent data leakage with secure media reuse policies 16 Jun 2010 SearchSecurity Enterprise PDF attack prevention best practices 07 Jun 2010 SearchSecurity MD5 security: Time to migrate to SHA-1 hash algorithm? 19 May 2010 SearchSecurity Performing a security risk analysis to assess acceptable level of risk 16 Apr 2010 ComputerWeekly.com Using resource allocation management to prevent DoS and other attacks 05 Apr 2010 ComputerWeekly.com Single sign-on (SSO) authentication can help prevent password fatigue 28 Jan 2010 ComputerWeekly.com Increasing information security awareness in the enterprise 27 Jan 2010 ComputerWeekly.com SQL injection detection tools and prevention strategies 25 Nov 2009 ComputerWeekly.com Cross-site scripting explained: How to prevent XSS attacks 18 Nov 2009 SearchSecurity What is an encryption collision? 23 Oct 2009 SearchSecurity How to prevent ActiveX security risks 22 Sep 2009 ComputerWeekly.com How to use a netstat command in Windows to watch open ports 09 Sep 2009 SearchSecurity What are new and commonly used public-key cryptography algorithms? 28 Aug 2009 SearchSecurity What are the export limitations for AES data encryption? 25 Aug 2009 ComputerWeekly.com How to create a data classification policy 28 May 2009 ComputerWeekly.com How to apply government data classification standards to your company 06 May 2009 ComputerWeekly.com How to deploy a Web application firewall (WAF) 08 Apr 2009 SearchSecurity How does a Web server model differ from an application server model? 11 Feb 2009 SearchMidmarketSecurity How to ensure the validity of Microsoft Windows updates 05 Feb 2009 SearchMidmarketSecurity Windows Update attacks: Ensuring malware-free downloads 05 Feb 2009 1 2 3 4