Commentary
Content posted in October 2008
Page 1 / 2   >   >>
Preventing USB Drives From Biting Back
Commentary  |  10/31/2008  | 
This week, the Florida Free Culture student club hosted a three-day event in which they helped secure student-owned computers at the University of Florida campus by cleaning up malware infections and installing the university site-licensed antivirus software. The event was designed not only to help secure student computers, but to also promote free and open source software by providing educational handouts and installing a variety of applications, including Firefox, Thunderbird, the Gimp, OpenOf
Recycled Storage Media Includes Confidential Data
Commentary  |  10/31/2008  | 
We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.
SSDs Are Not Confusing
Commentary  |  10/31/2008  | 
Seems like every vendor I speak with is laying out its solid-state disk (SSD) strategy, and almost all say they're trying to help the customer through this confusing platform change. It's not confusing.
Cyber Attacks Targeting UK National Infrastructure
Commentary  |  10/30/2008  | 
A key U.K. IT security defense leader says that continuous cyberattacks are targeting U.K. businesses that work in the nation's critical infrastructure.
IBM Fined $900,000 For Failing To Backup
Commentary  |  10/30/2008  | 
The Dallas Morning News reported that the state of Texas is fining IBM $900,000 for failing to make timely backups as part of an $863 million outsourcing contract. Gov. Rick Perry also suspended the transfer of additional state records into the IBM system, claiming the new system puts state agency data at risk.
Halloween Treats: Ghouls, Goblins And -- Backups!
Commentary  |  10/30/2008  | 
Maxell has a good, timely suggestion:in addition to traditional Halloween activities (whether allowed in your workplace or not) use Halloween as the day you begin (or re-commmit to) regular backups of your data.
What Horror Movies Can Teach Us About Disaster Recovery
Commentary  |  10/30/2008  | 
Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?
Memoryze This
Commentary  |  10/29/2008  | 
At the Hack in the Box security conference in Malaysia Wednesday, Mandiant's Peter Silberman announced the release of Mandiant's newest free tool for incident response and forensic investigations. The tool, Memoryze, is the latest memory analysis tool for first responders to consider adding to their toolkit for acquiring physical memory from running Windows systems. This summer, we saw the rele
Green Storage Is More Than Just Green Drives
Commentary  |  10/29/2008  | 
Most, if not all, the hard drive manufacturers have come out with green drives; drives that spin down or turn off. There are two problems with counting on green drives to reduce your power consumption; first, they are only one component in the storage solution, and second, there has to be intelligence for them to be used optimally.
SocNets May Boost Insecurity
Commentary  |  10/28/2008  | 
A new survey of IT managers shows that heavy use of social networks, such as Facebook, LinkedIn, and instant messaging may be strongly correlated to a higher number of security incidents.
Social Networking Growth Grows Business Risks Too
Commentary  |  10/28/2008  | 
We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.
Dark Reading's New Look
Commentary  |  10/28/2008  | 
Take a close look at today's edition of Dark Reading. Notice anything different? Take a closer look. We think you'll like what you see. After nearly three years of bringing you the best -- and the scariest -- of security news and information, Dark Reading has undergone a bit of a makeover. The changes we're making aren't drastic, and, as with most new releases, we're not guaranteeing they'll all work perfectly right out of the box. But we
Microsoft Issues Emergency Advisory
Commentary  |  10/27/2008  | 
Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.
Cutting Through E-Voting Debate Semantics
Commentary  |  10/27/2008  | 
The United Kingdom's government said unequivocably that the U.K. will not now, nor in the foreseeable future, adopt electronic voting.
Microsoft's 'Black Screen of Death' Patched...By Hackers
Commentary  |  10/27/2008  | 
Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death
Waiting On A Worm
Commentary  |  10/27/2008  | 
Waiting for the other shoe to drop: That's what I've been doing since last Thursday when Microsoft released the out-of-cycle MS08-067 bulletin and accompanying patches. It's more than a little nerve-wracking knowing that there is this vulnerability in machines within networks that you're responsible for but know that they can't all be patched right now due to various reasons and there is active exploitation of this vu
Economy Declines: Zombies Multiply And Spam Soars!
Commentary  |  10/27/2008  | 
Even as the economy plummets and economic projections tumble, quarterly threat reports show rapidly rising threats and another outright explosion in spam, according to Secure Computing's quarterly Internet threat report.
Are 'Green' Drives Really Green?
Commentary  |  10/27/2008  | 
The storage industry is often guilty of jumping on the bandwagon without giving the architecture much thought. We see this in solid state disk, data deduplication, and green drives. Are users really going to see decreased power consumption by deploying green drives? If so, is it going to be worth the effort of replacing your current systems?
Sandboxes and Surfing With Google Chrome
Commentary  |  10/27/2008  | 
Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today's web application users. As more businesses venture into the cloud, it's becoming increasingly important that your browser doesn't crash when you're creating reports in Google Docs or when you're video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each
T-Mobile G1 'Android' Smartphone Has Serious Security Flaw
Commentary  |  10/26/2008  | 
As if headlines haven't been bad enough lately, reading the New York Times' story on Saturday about the security flaw in Google's Android software didn't help cheer me up very much.
11 Steps to Safe WiFi
Commentary  |  10/26/2008  | 
Earlier, I argued that wireless adoption in the enterprise, is, for the most part, a bad idea. I was pleased to get several interesting comments on my post, with a bunch of good critiques. In particular, "edyahoo" raised the point that it is far easier to complain about problems than to present constructive help for people living with the technology. So, thanks to edyahoo for that, and here's a list of my re
The Root of Online Evils
Commentary  |  10/24/2008  | 
What if you could boil all of the Internet's problems down to a few original issues -- what would you do with that information? Would it even be useful? What if it might help predict future Internet-shaking issues? I was at a malware conference last week, and I heard two interesting tidbits about the origins of some of the more social issues we currently face. The first is the concept of spam. Spam as a concept is actually accredited to Montgomery Ward. That's right, you can blame them --
NAS Clusters, How Should You Couple?
Commentary  |  10/24/2008  | 
A split decision surrounds the use of tightly coupled or loosely coupled solutions. There aren't enough implemented cases yet available to make a determination on the best approach; the deployments that have been made aren't stretching either method to the point a real determination can be made.
Click Frauding Botnets On The Rise
Commentary  |  10/24/2008  | 
Around 16 percent of all advertising clicks were fraudulent over the last three months, according to industry watch-firm Click Forensics. That's about the same percentage as the last two quarters -- but an upclick in the number of fraudclicks coming from botnets indicates that things may be changing.
Microsoft's Emergency Patch
Commentary  |  10/23/2008  | 
I've received a number of e-mails, and held a few conversations, today with admins upset with Microsoft's atypical out-of-cycle patch. Newsflash: This was the right thing for the company to do.
Microsoft Releases Critical Out-Of-Band Update
Commentary  |  10/23/2008  | 
Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."
A Can't-Miss Event You Can't Miss
Commentary  |  10/23/2008  | 
Usually, if you miss an industry event, you're out of luck. As Dark Reading winds up today's big virtual security event, though, I suddenly realize -- it's not over yet. "Risk, Protection, and Access: Mastering Today's Security Threats," originally held on Oct. 23, was the first-ever virtual conference co-produced by Dark Reading and our big sister publication,
New FTC Rules Governing Health Providers Go Into Effect Nov. 1
Commentary  |  10/23/2008  | 
Are you ready? In about a week, new so-called "Red Flag Rules" from the FTC go into effect, aimed at curbing medical identity theft.
Radio Daze: Are Your Keyboards Sending Signals To Cybercrooks?
Commentary  |  10/22/2008  | 
Some new research confirms that even wired keyboards may be sending detectable keystrokes as much as twenty meters. Detectable signals means signals that can be captured, and that twenty meters includes penetrating walls. Great.
Clustered NAS In The Cloud
Commentary  |  10/22/2008  | 
It seems that nowhere is the use of clustered NAS going to be more prevalent than in the cloud. They seem tailor made for each other because cloud-based services have the need for massive scaling and moderate performance while being very cost effective. Clustered NAS solutions seem to fill that bill.
Protecting Your Identity: It's About Much More Than Tech
Commentary  |  10/21/2008  | 
When thinking about identity theft, we often get caught up in the big retail hacks, the lost and unencrypted backup tapes, and how we interact with Web sites. But that's often the wrong focus. Here's why.
Counting The Costs Of Cybercrime
Commentary  |  10/21/2008  | 
Have we been underestimating the financial costs of cybercrime? Maybe so says a new guidebook from the American National Standards Institute (ANSI) and The Internet Security Alliance (ISA.) And it may well be maybe so and then some.
SensorNets To Help Curb Retail Theft
Commentary  |  10/20/2008  | 
One of the biggest wastes retailers must endure is inventory items that mysteriously disappear. Goods all too commonly vanish from the warehouses where they're stored, during their shipment, and from within the store itself. The German Fraunhofer Institute for Integrated Circuits IIS has some ideas on how tech can be used to slow the shrinkage.
Clustered NAS, Part One
Commentary  |  10/20/2008  | 
It seems as though every manufacturer is now offering clustered NAS. There are so many variants that I can't cover everything about them in one entry, but basically each solution tends to focus on a particular capability; some are built for scale, others are built for performance, and, of course, there are solutions that try to deliver a happy medium. Over the next several entries we will do some exploration of these systems and where they might make sense for you.
Anti-Social Network: Criminal Web Data Brokerage Busted
Commentary  |  10/20/2008  | 
An online members-only marketplace trading in stolen credit card and other financial and confidential information got shut down by the FBI, resulting in dozens of arrests and a renewed law enforcement commitment to chasing economic crimes. Maybe large-scale cycbercrimes and crime networks are going to start getting the sort of concerted and concentrated attention their spread and influence demands.
New Calif. State Legislation Threatens Stiff Medical Privacy Penalties
Commentary  |  10/18/2008  | 
Two new state medical privacy laws, AB211 and SB541, make it possible for institutions and individuals to be fined up to $250,000 for being lax when it comes to the medical privacy of California residents. It's about time.
Anti-Malware Ain't Effective If It's Fake (And Plenty Of It Is!)
Commentary  |  10/17/2008  | 
30 million anti-virus users can be wrong, very wrong. That's the number estimated to have installed fake anti-malware programs. Not just ineffective against malware, but malware itself!
NASing Around
Commentary  |  10/17/2008  | 
Primary storage needs a break from the capacity optimization drumbeat ... at least mine. Let's focus on one of the other top subjects at SNW: network-attached storage (NAS). It's certainly not a new technology, but NAS has remained near the top of everyone's mind and now with the growing interest in NFS and VMware, there's additional wind in the sails of NAS adoption.
Adobe (Somewhat) Fixes ClickJacking Vulnerability
Commentary  |  10/16/2008  | 
With the release of Flash Player 10, Adobe fixes a critical security vulnerability known as "clickjacking." But for those users who can't or don't want to update to the latest version -- well, they're out of luck for a while.
Primary Storage Under Siege
Commentary  |  10/16/2008  | 
It seemed like Storage Networking World was all set to make solid-state disks the big theme at this year's event, and then the economy went in the tank. Primary storage suddenly became an evil, expensive power-hungry monster that needed to be eradicated. To the rescue came solutions that would compress, dedupe, thin, and migrate this villain down to size.
Georgia Tech Security Report Scarier Than Its Football Team
Commentary  |  10/16/2008  | 
Ready for your cellphone to get grabbed by a botnet? What happens if your VOIP system is targeted by blackmailers? Those are just a couple of the cybercrime concerns raised by a new report from Georgia Tech's computer security watchers and researchers.
Cell Phone New Cybercrime Frontline
Commentary  |  10/15/2008  | 
Whether it's your iPhone, Windows Mobile device, Android, or BlackBerry -- you're probably using your smartphone more like a computer more and more. That's great, but the more your phone acts like a PC -- the more likely all of the problems associated with PCs will follow, researchers said today. Should you care?
Demise Of Storm Botnet Clears Way For More Nimble Botnets
Commentary  |  10/14/2008  | 
A number of security researchers now say the infamous Storm botnet, which has been quiet for about a month, could very well be dead. Some are saying the era of big botnets may be over.
My (Tentative) Wish List For A Better Secure Browser
Commentary  |  10/14/2008  | 
Web browsers are where the client machine rubber meets the Web server road. So it stands to reason that strong Web browser security is paramount -- far more effective than relying on thousands of Web application/plug-in developers to write more secure code. There are definitely some browser developers that are making strides in the right directions, but none of them are quite there yet. I'm still thinking through this, but if I were writing my wish list for a more secure Web browser today (and,
McAfee Offers One-Stop Business Security: In 15 Minutes!
Commentary  |  10/13/2008  | 
McAfee's new Total Protection for Secure Business aims to address the top small and midsized business security concerns and give you the tools to deal with them in 15 minutes a day.
Microsoft Readies For Likelihood Of Attacks
Commentary  |  10/13/2008  | 
We provided you the heads up about the Microsoft "Exploitability Index" a couple of months ago when the software company announced the new index, designed to predict the likelihood its security vulnerabilities would be attacked. It's an interesting idea, but will it have much value for practitioners?
Saving Storage Dollars -- Manual Moves
Commentary  |  10/13/2008  | 
With the current financial news, IT professionals are looking for ways to keep budgets flat. There is a common misconception in storage that there is only so much you can do. Over the next several entries, we'll explore a host of options that you can implement to curb storage costs. Today, it's manual moves.
World Bank (Allegedly) Hacked
Commentary  |  10/11/2008  | 
It seems, based on a FoxNews.com report that broke Friday that the World Bank Group suffered a series of cyberattacks during the past few months. The claims of the level of access gained by the attackers are troubling -- but the real extent of the breach remains in dispute, and unknown.
Stop #1, Munich. Made It
Commentary  |  10/11/2008  | 
I rolled into Munich this morning on the S1 train from the airport, looking forward to public transportation but instead ran smack dab into the Munich Marathon, which means that streets were blocked off and the trams shut down. Oh well, I could have rented a bicycle, but I'm too lazy for that, even though Munich is a bicycle kind of town. I would have rented a motor scooter, but Munich doesn't appear to be a motor scooter burg. Except for those three guys on Vespas who about took me ou
New Back Door Targeting Windows Users Surfaces
Commentary  |  10/10/2008  | 
Security firm Barracuda Networks says it spotted a new virus that attempts to install a back door on the systems of its victims. It's spread via an e-mail purporting to be a Microsoft security update.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.