Commentary

Content posted in January 2011
Data Leak Vulnerability In Android Gingerbread
Commentary  |  1/31/2011  | 
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Backup Deduplication 2.0 Needs Better RAID
Commentary  |  1/31/2011  | 
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Is Apple (Finally) Stepping Up Its Security Game?
Commentary  |  1/29/2011  | 
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
Russia To NATO: Investigate Stuxnet
Commentary  |  1/27/2011  | 
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Deduplication 2.0 - Recovery Performance
Commentary  |  1/25/2011  | 
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
Commentary  |  1/24/2011  | 
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
WikiLeaks Targeting P2P Networks?
Commentary  |  1/23/2011  | 
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
How Careful Do You Need To Be With Cloud Storage? - Security
Commentary  |  1/21/2011  | 
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Backup Deduplication 2.0 - Density
Commentary  |  1/19/2011  | 
As we continue our requirements for the next era of backup deduplication, the next important area for improvement is in the denseness of systems. This means more raw capacity in less physical space. While getting sufficient power to the data center is a problem for some data centers, the lack of available data center floor space is becoming a problem for even more of them. Backup deduplication systems need to help address that pain by increasing density.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
Backup Deduplication 2.0 - Power Savings
Commentary  |  1/17/2011  | 
In our last entry we opened a discussion of what is needed as we move into the next era of backup deduplication and focused on integration to backup software. Another area that is becoming increasingly important is to be able to lower the power requirements that disk backup deduplication hardware requires. Power is a pressing issue in the data center and disk backup systems need to address those concerns
Report: Stuxnet Joint Israeli-U.S. Operation
Commentary  |  1/16/2011  | 
A story published this weekend adds evidence to what many have suspected all along: that the Stuxnet worm was nation-state designed and developed to set-back Iran's nuclear ambitions.
Kudos To Tucson University Medical Center For Firing Alleged Snoops
Commentary  |  1/13/2011  | 
The Tucson University Medical Center reportedly has let go three employees for accessing the medical records of those involved in the Tuscon shooting tragedy without authorization.
Security Researcher Targets SCADA, Releases Exploit
Commentary  |  1/13/2011  | 
Another exploit for SCADA software emphasizes the need for organizations to review their network design and device exposure before they become a victim.
Backup Deduplication 2.0 - Integration
Commentary  |  1/13/2011  | 
Deduplication has moved from a risky hard to explain technology to one that is almost expected by customers from a disk backup device. Next generation backup deduplication systems are going to require a new set of capabilities to make them more than just disk backup. They will have to integrate with the backup software, begin to provide power management, and there needs to be a greater focus on recovery performance.
Password Reset
Commentary  |  1/13/2011  | 
The downside of crafting a strong password is that while it's harder to guess or crack, it's also harder to remember and then use
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
A Textbook Case For Monitoring
Commentary  |  1/11/2011  | 
Vodafone's customer database leak demonstrates dangers of not properly monitoring database activity
Security Doesn't Matter To Brands: A Counter Point
Commentary  |  1/10/2011  | 
A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.
Desktop Virtualization And Local Storage - Just Say No
Commentary  |  1/10/2011  | 
There is an ongoing debate about what type of storage is best to use to support desktop virtualization solutions, especially in small to medium sized implementations. Storage is one of the most expensive parts of a desktop virtualization project and as a result anything you can do to drive cost out of the storage purchase is going to make desktop virtualization economics work better. This leads some to advocate local storage.
AT&T Mocks Verizon iPhone, Unlimited Data Plans Possible
Commentary  |  1/10/2011  | 
An AT&T executive is talking trash about the Verizon iPhone, and reports indicate that Verizon may bring back unlimited data plans for the iPhone.
Anonymity And Nonversations
Commentary  |  1/9/2011  | 
One sure result of the whole Wikileaks thing is security researchers, whistleblowers, and government officials talking past each other.
Virtual WAN Optimization
Commentary  |  1/6/2011  | 
Returning to our discussion on virtual appliances one of the areas where we are seeing a lot of use of virtual appliance technology is in the WAN optimization market. WAN optimization has been atop the project list whiteboard for many data center managers. WAN connectivity is expensive. By optimizing utilization of the WAN you can either lower your WAN connectivity bill or at least delay the need to upgr
Schwartz On Security: First, Know You've Been Breached
Commentary  |  1/5/2011  | 
Spain's national aeronautics institute found three Mariposa botnet infections on internal PCs, thanks to constant testing. But when it comes to breaches, many organizations still have their heads in the sand.
Japan To Ban Virus Creation? Bad Idea
Commentary  |  1/5/2011  | 
The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.
Going Out With A Bang
Commentary  |  1/4/2011  | 
We like to think that most firms have 'gotten the memo' that hackers hack databases, yet the flurry of breaches at years end suggests otherwise
Dell Adds Security To Its Acquisition Binge
Commentary  |  1/4/2011  | 
Dell today entered an agreement to acquire managed security services provider SecureWorks for an undisclosed sum. I didn't see this one coming, but I should have.
Mixing Tiers And Mixing Vendors In A Virtualized Environment
Commentary  |  1/4/2011  | 
VMware's Storage VMotion is a tool that brings the capabilities of virtual server migration to storage. Without interrupting users virtual machine data can be moved from one storage platform to another. It allows you to mix storage tiers and vendors more easily than in a non-virtualized environment. The missing link with this capability is all it can do is move data you need to know where to put that virtual machine.
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
Mining Web Proxy Logs For Interesting, Actionable Data
Commentary  |  1/4/2011  | 
Simple statistical analysis of Web proxy logs provides wealth of information and incidents missed by AV


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.