Expert analysis
Microsoft puts vulnerability exploitation into context
Recently Microsoft released the 11th volume of the Microsoft Security Intelligence Report, the most comprehensive version of this report to date. In this podcast, Tim Rains, …
Mitigating the BEAST attack on TLS
During the summer rumours about a new attack against SSL started circulating. Then Opera released a patch, but made no comment about what it was patching. Eventually enough …
Testing web applications for security flaws
David Hoelzer is the Director of Research, Enclave Forensics and a SANS Trainer. In this interview he discusses web application testing, offers advice for those on the hunt …
SANS London 2011 training
Andrew Smith is the Managing Director, EMEA, for the SANS Institute. In this interview he discusses the SANS London 2011 training event and offers insight into what exactly …
Demystifying cloud computing security
Phil Neray is the VP, Data Security Strategy, InfoSphere Guardium & Optim at IBM. In this interview Phil talks about the complex issues surrounding cloud computing …
How well do you know SSL?
Ivan Ristic, the Director or Engineering at Qualys, talks about the research done by SSL Labs. SSL Labs is a collection of documents, tools and thoughts related to SSL. …
Back to the future: Why IT managers should care about firewall management
A number of classic scenes in film and literature involved a group approaching a walled city or castle only to be stopped by a gatekeeper and asked, “Halt, who goes …
Verizon Business data breach investigations report 2011: 8 days a week
What can be learned from the investigation into successful data breaches? What are the latest trends and techniques used by attackers? Get a front row seat at the breach cases …
Patching strategies
Cybercriminals have initiated an arms race by refining the malware manufacturing and development process to systematically bypass defense mechanisms. There are many …
Using online advertising to find out if your data is valuable to a criminal
As it becomes harder for criminals to steal and exploit credit card data, will they give up their carefully crafted tools and stock of zero-day vulnerabilities, or will they …
SSL Labs launches two Convergence notaries
Convergence is Moxie Marlinspike‘s attempt to introduce fresh thinking into the debate about PKI, certificate authorities, and trust. A hint of what was in the works was …
Towards secure tokenization algorithms and architectures
Tokenization – the use of surrogate values for sensitive data – is all the rage. Although it is often sold as an alternative to encryption, it is at the core a …
Featured news
Resources
Don't miss
- ClickFix campaign delivers Mac malware via fake Apple page
- Poisoned “Office 365” search results lead to stolen paychecks
- What vibe hunting gets right about AI threat hunting, and where it breaks down
- Health insurance lead sites sell personal data within seconds of form submission
- Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)