Commentary
Content posted in October 2007
Security Threats Meet Business Treats
Commentary  |  10/31/2007  | 
Having written so much about the horrors small and midsized businesses face for our two-part Halloween business terrors feature, I couldn't resist the temptation to give some thought to technology treats.
Free Security Tech Support: Treat Yourself (And Your Computer) On Halloween
Commentary  |  10/30/2007  | 
Security Company CyberDefender's offering free phone-in technical support for one day only -- and that day's tomorrow, October 31. How's that for a Halloween treat?
How Dumb Is Too Dumb To Operate a Computer?
Commentary  |  10/26/2007  | 
Over at GnuCitizen.org, Petko D. Petkov makes it clear that computer users are the weak link in Internet security. In a blog post, Petkov points out that the term "drive-by download," as defined by Wikipedia, doesn't quite work.
Net Security Woes Grows
Commentary  |  10/25/2007  | 
A new report that focuses on the security challenges facing small and midsized businesses shines a light on just how big those challenges are -- and which ones you may be overlooking.
Interop Winners: Desktop Conferencing, Deep Security
Commentary  |  10/25/2007  | 
It's a purely unscientific and anecdotal perspective, but here are my picks for most interesting and most needed technologies from Interop this week, plus the most startling stat I heard in my New York City travels.
Shallow Victory for the Federal Government
Commentary  |  10/25/2007  | 
Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.
World Series Ticketing System Crashes, Rebounds
Commentary  |  10/24/2007  | 
The Colorado Rockies were felled by "an external malicious attack" that crashed its online system Monday.
Internet Security Hall Of Shame
Commentary  |  10/22/2007  | 
What are the ten biggest -- and, alas, most common -- Internet security mistakes made by small and midisized businesses, their employees, vendors, family and friends?
Security Threats Rise -- And So Do Security Budgets
Commentary  |  10/19/2007  | 
Is your security budget increasing? Most small and midsized businesses are growing theirs.
Can The RIAA Close Down Usenet?
Commentary  |  10/18/2007  | 
Those of us who remember the Internet before the Web -- and yes, Virginia, there was an Internet before the Web -- will remember when Usenet was one of the major destinations for discussion and file-sharing. It's still there, in a quiet corner where the cognizanti hoped it would go unnoticed by the great unwashed. No more.
Personal Data Protection Legislation: Readers Have Their Say
Commentary  |  10/17/2007  | 
Reader comments on my post about the California governor's veto of a bill that would increase the state's data protection standards included some points warranting further discussion and some intriguing ideas. A related poll shows readers share my skepticism about businesses' will and capacity to fix the data loss problem.
Schwarzenegger Trusts Businesses To Protect Your Data; Do You?
Commentary  |  10/16/2007  | 
Gov. Arnold Schwarzenegger's veto of a California bill aimed at increasing the state's data protection standards, in part based on his view that the marketplace is handling consumer data protection, raises a troubling question: What planet is this guy living on?
Symantec To Buy Vontu?
Commentary  |  10/15/2007  | 
Symantec may be close to announcing the acquisition of Vontu, a company that helps businesses control information on their networks. Given that Symentec already licenses Vontu's data loss prevention technology, the rumored deal isn't entirely unexpected.
Mobile Security: The Data, Not The Notebook Is The Asset
Commentary  |  10/15/2007  | 
Stolen laptops and notebooks continue to get a lot of attention when a lot of confidential data gets stolen along with the device.
Employee Security: Don't Let Layoffs Go From Bad To Worse
Commentary  |  10/12/2007  | 
Layoffs, terminations and firings are never easy -- but they also shouldn't expose your company, network and equipment to more risk than they have to.
Microsoft Security Patches: 4 Critical, 2 Important
Commentary  |  10/10/2007  | 
Yesterday was Patch Day at Microsoft and a Big Day it was, with both Vista and Internet Explorer getting some fixes.
Security Costs: Are You Spending Enough? Too Much?
Commentary  |  10/9/2007  | 
The average company spends 20 percent of its technology budget on security. Does that finding match your security outlay?
Websense Emerging as Viable Security Supplier
Commentary  |  10/9/2007  | 
Are you a bit insecure about your security supplier? In this highly volatile marketplace, Websense is emerging as a vendor that medium and small businesses may want to take a closer look at.
Business Security Requires Network Security Requires Employee Security Requires Job Security
Commentary  |  10/8/2007  | 
The employee security I'm talking about here is your technical team's -- and your ability to hold onto them.
Network Security Problems? Blame The Boss!
Commentary  |  10/4/2007  | 
A recent pre-prison interview with a convicted hacker offers some surprising and important lessons in network and computer security.
Consumers May "Get" Cyber Security -- But That Doesn't Mean They've Got It
Commentary  |  10/3/2007  | 
More than 90 percent of consumers think their PCs -- and their computing habits -- are safe. Half of them are wrong.
Laptop Security: Mind The Gap
Commentary  |  10/1/2007  | 
More big retailer cyber security lessons for small to midsize businesses: This time a security gap hit The Gap.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.