Commentary
Content posted in October 2008
Page 1 / 2   >   >>
Preventing USB Drives From Biting Back
Commentary  |  10/31/2008  | 
This week, the Florida Free Culture student club hosted a three-day event in which they helped secure student-owned computers at the University of Florida campus by cleaning up malware infections and installing the university site-licensed antivirus software. The event was designed not only to help secure student computers, but to also promote free and open source software by providing educational handouts and installing a variety of applications, including Firefox, Thunderbird, the Gimp, OpenOf
Recycled Storage Media Includes Confidential Data
Commentary  |  10/31/2008  | 
We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.
SSDs Are Not Confusing
Commentary  |  10/31/2008  | 
Seems like every vendor I speak with is laying out its solid-state disk (SSD) strategy, and almost all say they're trying to help the customer through this confusing platform change. It's not confusing.
Cyber Attacks Targeting UK National Infrastructure
Commentary  |  10/30/2008  | 
A key U.K. IT security defense leader says that continuous cyberattacks are targeting U.K. businesses that work in the nation's critical infrastructure.
IBM Fined $900,000 For Failing To Backup
Commentary  |  10/30/2008  | 
The Dallas Morning News reported that the state of Texas is fining IBM $900,000 for failing to make timely backups as part of an $863 million outsourcing contract. Gov. Rick Perry also suspended the transfer of additional state records into the IBM system, claiming the new system puts state agency data at risk.
Halloween Treats: Ghouls, Goblins And -- Backups!
Commentary  |  10/30/2008  | 
Maxell has a good, timely suggestion:in addition to traditional Halloween activities (whether allowed in your workplace or not) use Halloween as the day you begin (or re-commmit to) regular backups of your data.
What Horror Movies Can Teach Us About Disaster Recovery
Commentary  |  10/30/2008  | 
Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?
Memoryze This
Commentary  |  10/29/2008  | 
At the Hack in the Box security conference in Malaysia Wednesday, Mandiant's Peter Silberman announced the release of Mandiant's newest free tool for incident response and forensic investigations. The tool, Memoryze, is the latest memory analysis tool for first responders to consider adding to their toolkit for acquiring physical memory from running Windows systems. This summer, we saw the rele
Green Storage Is More Than Just Green Drives
Commentary  |  10/29/2008  | 
Most, if not all, the hard drive manufacturers have come out with green drives; drives that spin down or turn off. There are two problems with counting on green drives to reduce your power consumption; first, they are only one component in the storage solution, and second, there has to be intelligence for them to be used optimally.
SocNets May Boost Insecurity
Commentary  |  10/28/2008  | 
A new survey of IT managers shows that heavy use of social networks, such as Facebook, LinkedIn, and instant messaging may be strongly correlated to a higher number of security incidents.
Social Networking Growth Grows Business Risks Too
Commentary  |  10/28/2008  | 
We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.
Dark Reading's New Look
Commentary  |  10/28/2008  | 
Take a close look at today's edition of Dark Reading. Notice anything different? Take a closer look. We think you'll like what you see. After nearly three years of bringing you the best -- and the scariest -- of security news and information, Dark Reading has undergone a bit of a makeover. The changes we're making aren't drastic, and, as with most new releases, we're not guaranteeing they'll all work perfectly right out of the box. But we
Microsoft Issues Emergency Advisory
Commentary  |  10/27/2008  | 
Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.
Cutting Through E-Voting Debate Semantics
Commentary  |  10/27/2008  | 
The United Kingdom's government said unequivocably that the U.K. will not now, nor in the foreseeable future, adopt electronic voting.
Microsoft's 'Black Screen of Death' Patched...By Hackers
Commentary  |  10/27/2008  | 
Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death
Waiting On A Worm
Commentary  |  10/27/2008  | 
Waiting for the other shoe to drop: That's what I've been doing since last Thursday when Microsoft released the out-of-cycle MS08-067 bulletin and accompanying patches. It's more than a little nerve-wracking knowing that there is this vulnerability in machines within networks that you're responsible for but know that they can't all be patched right now due to various reasons and there is active exploitation of this vu
Economy Declines: Zombies Multiply And Spam Soars!
Commentary  |  10/27/2008  | 
Even as the economy plummets and economic projections tumble, quarterly threat reports show rapidly rising threats and another outright explosion in spam, according to Secure Computing's quarterly Internet threat report.
Are 'Green' Drives Really Green?
Commentary  |  10/27/2008  | 
The storage industry is often guilty of jumping on the bandwagon without giving the architecture much thought. We see this in solid state disk, data deduplication, and green drives. Are users really going to see decreased power consumption by deploying green drives? If so, is it going to be worth the effort of replacing your current systems?
Sandboxes and Surfing With Google Chrome
Commentary  |  10/27/2008  | 
Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today's web application users. As more businesses venture into the cloud, it's becoming increasingly important that your browser doesn't crash when you're creating reports in Google Docs or when you're video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each
T-Mobile G1 'Android' Smartphone Has Serious Security Flaw
Commentary  |  10/26/2008  | 
As if headlines haven't been bad enough lately, reading the New York Times' story on Saturday about the security flaw in Google's Android software didn't help cheer me up very much.
11 Steps to Safe WiFi
Commentary  |  10/26/2008  | 
Earlier, I argued that wireless adoption in the enterprise, is, for the most part, a bad idea. I was pleased to get several interesting comments on my post, with a bunch of good critiques. In particular, "edyahoo" raised the point that it is far easier to complain about problems than to present constructive help for people living with the technology. So, thanks to edyahoo for that, and here's a list of my re
The Root of Online Evils
Commentary  |  10/24/2008  | 
What if you could boil all of the Internet's problems down to a few original issues -- what would you do with that information? Would it even be useful? What if it might help predict future Internet-shaking issues? I was at a malware conference last week, and I heard two interesting tidbits about the origins of some of the more social issues we currently face. The first is the concept of spam. Spam as a concept is actually accredited to Montgomery Ward. That's right, you can blame them --
NAS Clusters, How Should You Couple?
Commentary  |  10/24/2008  | 
A split decision surrounds the use of tightly coupled or loosely coupled solutions. There aren't enough implemented cases yet available to make a determination on the best approach; the deployments that have been made aren't stretching either method to the point a real determination can be made.
Click Frauding Botnets On The Rise
Commentary  |  10/24/2008  | 
Around 16 percent of all advertising clicks were fraudulent over the last three months, according to industry watch-firm Click Forensics. That's about the same percentage as the last two quarters -- but an upclick in the number of fraudclicks coming from botnets indicates that things may be changing.
Microsoft's Emergency Patch
Commentary  |  10/23/2008  | 
I've received a number of e-mails, and held a few conversations, today with admins upset with Microsoft's atypical out-of-cycle patch. Newsflash: This was the right thing for the company to do.
Microsoft Releases Critical Out-Of-Band Update
Commentary  |  10/23/2008  | 
Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."
A Can't-Miss Event You Can't Miss
Commentary  |  10/23/2008  | 
Usually, if you miss an industry event, you're out of luck. As Dark Reading winds up today's big virtual security event, though, I suddenly realize -- it's not over yet. "Risk, Protection, and Access: Mastering Today's Security Threats," originally held on Oct. 23, was the first-ever virtual conference co-produced by Dark Reading and our big sister publication,
New FTC Rules Governing Health Providers Go Into Effect Nov. 1
Commentary  |  10/23/2008  | 
Are you ready? In about a week, new so-called "Red Flag Rules" from the FTC go into effect, aimed at curbing medical identity theft.
Radio Daze: Are Your Keyboards Sending Signals To Cybercrooks?
Commentary  |  10/22/2008  | 
Some new research confirms that even wired keyboards may be sending detectable keystrokes as much as twenty meters. Detectable signals means signals that can be captured, and that twenty meters includes penetrating walls. Great.
Clustered NAS In The Cloud
Commentary  |  10/22/2008  | 
It seems that nowhere is the use of clustered NAS going to be more prevalent than in the cloud. They seem tailor made for each other because cloud-based services have the need for massive scaling and moderate performance while being very cost effective. Clustered NAS solutions seem to fill that bill.
Protecting Your Identity: It's About Much More Than Tech
Commentary  |  10/21/2008  | 
When thinking about identity theft, we often get caught up in the big retail hacks, the lost and unencrypted backup tapes, and how we interact with Web sites. But that's often the wrong focus. Here's why.
Counting The Costs Of Cybercrime
Commentary  |  10/21/2008  | 
Have we been underestimating the financial costs of cybercrime? Maybe so says a new guidebook from the American National Standards Institute (ANSI) and The Internet Security Alliance (ISA.) And it may well be maybe so and then some.
SensorNets To Help Curb Retail Theft
Commentary  |  10/20/2008  | 
One of the biggest wastes retailers must endure is inventory items that mysteriously disappear. Goods all too commonly vanish from the warehouses where they're stored, during their shipment, and from within the store itself. The German Fraunhofer Institute for Integrated Circuits IIS has some ideas on how tech can be used to slow the shrinkage.
Clustered NAS, Part One
Commentary  |  10/20/2008  | 
It seems as though every manufacturer is now offering clustered NAS. There are so many variants that I can't cover everything about them in one entry, but basically each solution tends to focus on a particular capability; some are built for scale, others are built for performance, and, of course, there are solutions that try to deliver a happy medium. Over the next several entries we will do some exploration of these systems and where they might make sense for you.
Anti-Social Network: Criminal Web Data Brokerage Busted
Commentary  |  10/20/2008  | 
An online members-only marketplace trading in stolen credit card and other financial and confidential information got shut down by the FBI, resulting in dozens of arrests and a renewed law enforcement commitment to chasing economic crimes. Maybe large-scale cycbercrimes and crime networks are going to start getting the sort of concerted and concentrated attention their spread and influence demands.
New Calif. State Legislation Threatens Stiff Medical Privacy Penalties
Commentary  |  10/18/2008  | 
Two new state medical privacy laws, AB211 and SB541, make it possible for institutions and individuals to be fined up to $250,000 for being lax when it comes to the medical privacy of California residents. It's about time.
Anti-Malware Ain't Effective If It's Fake (And Plenty Of It Is!)
Commentary  |  10/17/2008  | 
30 million anti-virus users can be wrong, very wrong. That's the number estimated to have installed fake anti-malware programs. Not just ineffective against malware, but malware itself!
NASing Around
Commentary  |  10/17/2008  | 
Primary storage needs a break from the capacity optimization drumbeat ... at least mine. Let's focus on one of the other top subjects at SNW: network-attached storage (NAS). It's certainly not a new technology, but NAS has remained near the top of everyone's mind and now with the growing interest in NFS and VMware, there's additional wind in the sails of NAS adoption.
Adobe (Somewhat) Fixes ClickJacking Vulnerability
Commentary  |  10/16/2008  | 
With the release of Flash Player 10, Adobe fixes a critical security vulnerability known as "clickjacking." But for those users who can't or don't want to update to the latest version -- well, they're out of luck for a while.
Primary Storage Under Siege
Commentary  |  10/16/2008  | 
It seemed like Storage Networking World was all set to make solid-state disks the big theme at this year's event, and then the economy went in the tank. Primary storage suddenly became an evil, expensive power-hungry monster that needed to be eradicated. To the rescue came solutions that would compress, dedupe, thin, and migrate this villain down to size.
Georgia Tech Security Report Scarier Than Its Football Team
Commentary  |  10/16/2008  | 
Ready for your cellphone to get grabbed by a botnet? What happens if your VOIP system is targeted by blackmailers? Those are just a couple of the cybercrime concerns raised by a new report from Georgia Tech's computer security watchers and researchers.
Cell Phone New Cybercrime Frontline
Commentary  |  10/15/2008  | 
Whether it's your iPhone, Windows Mobile device, Android, or BlackBerry -- you're probably using your smartphone more like a computer more and more. That's great, but the more your phone acts like a PC -- the more likely all of the problems associated with PCs will follow, researchers said today. Should you care?
Demise Of Storm Botnet Clears Way For More Nimble Botnets
Commentary  |  10/14/2008  | 
A number of security researchers now say the infamous Storm botnet, which has been quiet for about a month, could very well be dead. Some are saying the era of big botnets may be over.
My (Tentative) Wish List For A Better Secure Browser
Commentary  |  10/14/2008  | 
Web browsers are where the client machine rubber meets the Web server road. So it stands to reason that strong Web browser security is paramount -- far more effective than relying on thousands of Web application/plug-in developers to write more secure code. There are definitely some browser developers that are making strides in the right directions, but none of them are quite there yet. I'm still thinking through this, but if I were writing my wish list for a more secure Web browser today (and,
McAfee Offers One-Stop Business Security: In 15 Minutes!
Commentary  |  10/13/2008  | 
McAfee's new Total Protection for Secure Business aims to address the top small and midsized business security concerns and give you the tools to deal with them in 15 minutes a day.
Microsoft Readies For Likelihood Of Attacks
Commentary  |  10/13/2008  | 
We provided you the heads up about the Microsoft "Exploitability Index" a couple of months ago when the software company announced the new index, designed to predict the likelihood its security vulnerabilities would be attacked. It's an interesting idea, but will it have much value for practitioners?
Saving Storage Dollars -- Manual Moves
Commentary  |  10/13/2008  | 
With the current financial news, IT professionals are looking for ways to keep budgets flat. There is a common misconception in storage that there is only so much you can do. Over the next several entries, we'll explore a host of options that you can implement to curb storage costs. Today, it's manual moves.
World Bank (Allegedly) Hacked
Commentary  |  10/11/2008  | 
It seems, based on a FoxNews.com report that broke Friday that the World Bank Group suffered a series of cyberattacks during the past few months. The claims of the level of access gained by the attackers are troubling -- but the real extent of the breach remains in dispute, and unknown.
Stop #1, Munich. Made It
Commentary  |  10/11/2008  | 
I rolled into Munich this morning on the S1 train from the airport, looking forward to public transportation but instead ran smack dab into the Munich Marathon, which means that streets were blocked off and the trams shut down. Oh well, I could have rented a bicycle, but I'm too lazy for that, even though Munich is a bicycle kind of town. I would have rented a motor scooter, but Munich doesn't appear to be a motor scooter burg. Except for those three guys on Vespas who about took me ou
New Back Door Targeting Windows Users Surfaces
Commentary  |  10/10/2008  | 
Security firm Barracuda Networks says it spotted a new virus that attempts to install a back door on the systems of its victims. It's spread via an e-mail purporting to be a Microsoft security update.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.