Michael Cobb CISSP-ISSAP Security WordPress REST API flaw: How did it lead to widespread attacks? 10 Jul 2017 Security How the use of invalid certificates undermines cybersecurity 22 Jun 2017 Security How can a NULL pointer dereference flaw create a DoS attack? 09 Jun 2017 Security The Apple Notify flaw: How does it allow malicious script injection? 08 Jun 2017 Security How does Facebook's Delegated Recovery enable account verification? 07 Jun 2017 Security Adobe Acrobat Chrome extension: What are the risks? 06 Jun 2017 Security Cisco WebEx extension flaw: How does the patch fall short? 05 Jun 2017 Security How SSH key management and security can be improved 25 May 2017 Security Avoid privilege creep from the software development team 10 May 2017 Security How effective is geofencing technology as a security method? 05 May 2017 Security Why did the PHPMailer library vulnerability have to be patched twice? 04 May 2017 Security Same-origin policy: How did Adobe Flash Player's implementation fail? 03 May 2017 Security How can a distributed guessing attack obtain payment card data? 02 May 2017 Security Panasonic Avionics IFE systems: How serious are the vulnerabilities? 01 May 2017 Security Identity and access management strategy: Time to modernize? 19 Apr 2017 Security How have ARM TrustZone flaws affected Android encryption? 07 Apr 2017 Security How serious is a malicious DLL file vulnerability for enterprises? 06 Apr 2017 Security Insecure OAuth implementations: How are mobile app users at risk? 05 Apr 2017 Security How does a WebKit framework flaw enable denial-of-service attacks? 04 Apr 2017 Security How did firmware create an Android backdoor in budget devices? 03 Apr 2017 Security 1024-bit encryption keys: How 'trapdoored' primes have caused insecurity 30 Mar 2017 Security Attack by TIFF images: What are the vulnerabilities in LibTIFF? 10 Mar 2017 Security CJIS Security Policy: How can companies ensure FIPS compliance? 09 Mar 2017 Security How can attacks bypass ASLR protection on Intel chips? 08 Mar 2017 Security How can the Dirty COW vulnerability be used to attack Android devices? 07 Mar 2017 Security SHA-1 certificates: How will Mozilla's deprecation affect enterprises? 06 Mar 2017 Security What caused the ClixSense privacy breach that exposed user data? 10 Feb 2017 Security What global threat intelligence can and can't do for security programs 09 Feb 2017 Security How did iOS 10 security checks open brute force risk on local backups? 09 Feb 2017 Security HTTP public key pinning: Is the Firefox browser insecure without it? 08 Feb 2017 Security How did a Signal app bug let attackers alter encrypted attachments? 07 Feb 2017 Security How does Overseer spyware work on infected Android apps? 06 Feb 2017 Security How are hackers using Twitter as C&C servers for malware? 06 Jan 2017 Security How can two-factor authentication systems be used effectively? 04 Jan 2017 Security How does a Linux vulnerability allow attacks on TCP communications? 04 Jan 2017 Security How to buy digital certificates for your enterprise 03 Jan 2017 Security What new NIST password recommendations should enterprises adopt? 02 Jan 2017 Security SWIFT network communications: How can bank security be improved? 23 Dec 2016 Security Test your privileged user management knowledge 01 Dec 2016 Security Can an HTML5 document with a digital signature be authenticated? 25 Oct 2016 Security Preventing privilege creep: How to keep access and roles aligned 24 Oct 2016 Security Trusted? Certificate authority risks and how to manage them 21 Sep 2016 Security Planning for an IPv6 attack: DDoS, neighbor discovery threats and more 02 Sep 2016 Security How can the AirDroid app phone hijacking be prevented? 04 Jul 2016 Security Why signature-based detection isn't enough for enterprises 18 May 2016 Security How can Kerberos protocol vulnerabilities be mitigated? 06 May 2016 Security Breaking down the DROWN attack and SSLv2 vulnerability 21 Apr 2016 Security How does the M-Pesa service work and what are the risks? 13 Apr 2016 Security What's the difference between two-step verification and 2FA? 22 Mar 2016 Security Microsoft Device Guard tackles Windows 10 malware 11 Jan 2016 Security Should the RC4 cipher still be used in enterprises? 30 Dec 2015 Security How can software transplants fix bad code? 28 Dec 2015 Security Can Google's Chrome extension policy improve Web security? 16 Nov 2015 Security Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool 30 Oct 2015 Security Getting to the bottom of the software vulnerability disclosure debate 12 Oct 2015 Security Can a new encryption trick prevent reverse engineering? 17 Aug 2015 Security How can I mitigate the risks of alternative Android browsers? 13 Aug 2015 Security Is third-party access the next IAM frontier? 03 Aug 2015 Security Certificate authorities are limited but new TLS versions can help 15 Jul 2015 Security From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan 13 Jul 2015 Security SSL/TLS security: Addressing WinShock, the Schannel vulnerability 06 Feb 2015 Security The POODLE vulnerability and its effect on SSL/TLS security 16 Jan 2015 Security Detecting backdoors: The Apple backdoor that never was? 07 Jan 2015 Security Can setting a cache-control header improve application data security? 01 Dec 2014 Security Are LibreSSL and BoringSSL safe OpenSSL alternatives? 01 Dec 2014 Security SHA-2 algorithm: The how and why of the transition 17 Oct 2014 Security Security School: Distributed denial-of-service attack defense 29 Aug 2014 Security Are malicious mobile apps a mere inconvenience or a real threat? 11 Jun 2014 Security Authentication caching: How it reduces enterprise network congestion 28 Mar 2014 Security Preventing plaintext password problems in Google Chrome 30 Jan 2014 Security The value of 2,048-bit encryption: Why encryption key length matters 07 Oct 2013 Security Can an unqualified domain name cause man-in-the-middle attacks? 10 Sep 2013 Security Quiz: Database security issues 30 May 2013 Security Bing security: Is search engine poisoning a problem for Bing users? 12 Mar 2013 Security Quiz: Targeted attacks 07 Mar 2013 Security What risk does the Apple UDID security leak pose to iOS users? 12 Feb 2013 Security Windows Server 2012 security: Is it time to upgrade? 08 Jan 2013 Security Examining Kindle Fire security, Silk browser security in the enterprise 07 May 2012 ComputerWeekly.com Segregation of duties: Small business best practices 19 Dec 2011 Security OAuth 2.0: Pros and cons of using the federation protocol 09 Nov 2011 Security Comparing relational database security and NoSQL security 17 Oct 2011 Security How to mitigate the risk of a TOCTTOU attack 31 Aug 2011 Security How MAC and HMAC use hash function encryption for authentication 30 Aug 2011 ComputerWeekly.com Best practices for audit, log review for IT security investigations 08 Aug 2011 ComputerWeekly.com Website secure login: Alternatives to out-of-wallet questions 27 Jul 2011 ComputerWeekly.com What is OpenID? How to use OpenID SSO in your organisation 22 Mar 2011 Mobile Computing Can smartphones get viruses and spread them to the network? 28 Feb 2011 ComputerWeekly.com How to use the Microsoft FCIV command-line checksum tool 17 Nov 2010 Security Why it's important to turn on DEP and ASLR Windows security features 05 Jul 2010 Security Enterprise PDF attack prevention best practices 07 Jun 2010 Security MD5 security: Time to migrate to SHA-1 hash algorithm? 19 May 2010 Security Performing a security risk analysis to assess acceptable level of risk 16 Apr 2010 ComputerWeekly.com Using resource allocation management to prevent DoS and other attacks 05 Apr 2010 Security What is an encryption collision? 23 Oct 2009 Security How to prevent ActiveX security risks 22 Sep 2009 ComputerWeekly.com How to use a netstat command in Windows to watch open ports 09 Sep 2009 Security What are new and commonly used public-key cryptography algorithms? 28 Aug 2009 Security What are the export limitations for AES data encryption? 25 Aug 2009 Security How does a Web server model differ from an application server model? 11 Feb 2009 Security Is it impossible to successfully remove a rootkit? 21 Oct 2008 1 2 3 4