Commentary
Content posted in November 2010
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
Commentary  |  11/30/2010  | 
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
Do Password Crackers Help Database Security?
Commentary  |  11/29/2010  | 
Password 'crackers' determine if passwords are strong or compliant with company policies, but do they improve database security?
Are You Ready For High Speed Storage Interfaces?
Commentary  |  11/29/2010  | 
A new wave of high speed storage interfaces is on the way offering improved storage I/O performance To see the expected performance improvement you have to do more than simply add drives with the new interface and install a host bus adapter in the server, you have to make sure every link in the I//O chain is ready.
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
Commentary  |  11/29/2010  | 
We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
Healthcare Breach Highlights Need For More Security Insight
Commentary  |  11/29/2010  | 
Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
Wolfe's Den: Airport Scanner Patents Promise Not To Show Your 'Junk'
Commentary  |  11/29/2010  | 
Rapiscan, the company supplying the controversial x-ray backscatter screeners, has won a patent for a machine which detects threats "with minimum display of anatomical details." Its competitors, and body scanner pioneer Martin Annis, are also pursuing enhanced privacy approaches. Here are the technology details.
Taming the Beast: Preventing/Detecting Insider Threat
Commentary  |  11/27/2010  | 
While many companies deal with the problem of insider threat, there are some practical things that can be done to both prevent and detect insider threat. Always remember, prevention is ideal but detection is a must.
Schwartz On Security: China's Internet Hijacking Misread
Commentary  |  11/24/2010  | 
Core Internet security concerns aren't as sexy as hyping Chinese attacks, but concern over the potential assault is misplaced and distracts from the need to fix what's really broken.
Sophos Sees Macs OS Infected With Windows Sludge
Commentary  |  11/23/2010  | 
Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.
Thanksgiving IT Help
Commentary  |  11/23/2010  | 
Tips for helping family members secure their computers for safe internet browsing and online shopping
What About Biometrics?
Commentary  |  11/22/2010  | 
Integrating fingerprints in a standard way so that Web and enterprise applications can take advantage of them
Does SSD Make Sense In The Small Data Center?
Commentary  |  11/22/2010  | 
Solid State Storage is often thought of as being used in one of two extremes. Either in the high end enterprise to acceleration databases or in the consumer netbook, smartphone market. The truth is that solid state storage can be used in a wide variety of applications in businesses of all sizes. The small data center with two to three servers should not exclude SSD from it's consideration.
Researchers: Be Wary Of New Trojan Attacks
Commentary  |  11/21/2010  | 
A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.
Server Virtualization's Encapsulation And Its Impact On Backup
Commentary  |  11/19/2010  | 
In our last entry we discussed how the encapsulation of the millions of files that make up a single server into a single file has changed what we expect from storage and the network infrastructure. The same encapsulation may have an even more dramatic impact on data protection that will fundamentally change the way you protect and recover data. It may also change who the 'go to' data protection vendors a
Dark Reading Switches To New App Platform; Please Pardon Our Dust
Commentary  |  11/18/2010  | 
New PHP environment will make site more flexible -- sorry for the bumps!
Dangerous Safari Bugs Patched
Commentary  |  11/18/2010  | 
Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.
Server Virtualization's Encapsulation And Its Impact On Storage
Commentary  |  11/18/2010  | 
To say that server virtualization changes everything is an understatement. In storage though I don't think we understand or give credit to just how much of a game changer storage virtualization really is. For storage managers and backup administrators it has brought new capabilities, new requirements and new problems to solve.
Survey Provides Peek Inside Database Security Operations
Commentary  |  11/17/2010  | 
Database security budgets on the rise, 20 percent expect to suffer a data breach in the next 12 months
Emergency Patch From Adobe Arrives
Commentary  |  11/16/2010  | 
Adobe today released a patch designed to patch a number of critical flaws in Adobe Reader. You'll want to patch this one, quickly.
Larry Ellison's Mistress, And Security As A Blame Game
Commentary  |  11/16/2010  | 
Focus on security, not on finger-pointing
Profiling The Evil Insider
Commentary  |  11/16/2010  | 
How to sniff out a rogue insider
When To Change Passwords
Commentary  |  11/16/2010  | 
Knowing when to change your password depends mainly on what your password is for
SSD Lessons From The iPad
Commentary  |  11/15/2010  | 
In their latest quarterly filings Apple stated that they have sold over 4.2 million iPads, exceeding most people's expectations. So popular is the iPad that Apple is taking some of the lessons learned on the product and incorporating them into their next generation of notebooks starting with the MacBook Air. One of those lessons is how Apple is integrating Solid State Disk (SSD) into the product line. Enterprise storage manufacturers need to pay attention and learn a lesson.
Forget FCoE - The War Is About Convergence
Commentary  |  11/12/2010  | 
There has been a lot written about Fibre Channel over Ethernet (FCoE) the last few years but FCoE was merely an initial skirmish in the battle for the infrastructure. The major systems manufacturers are all placing their bets on everything over Ethernet and that is were the battle will be waged. 2011 may not be the year that you implement a converged infrastructure but it may be the year you decide which vendors you are going to use for convergence.
Security M&A: Where Innovation (Too Often) Goes To Die
Commentary  |  11/11/2010  | 
Following a handful of high profile security acquisitions this year, the ever-simmering topic of security industry consolidation has once again surfaced.
Feds Respond To Air Safety Threats
Commentary  |  11/10/2010  | 
A series of recent incidents have prompted air transportation officials in the United States to outline new security measures, just as millions of people book flights and begin packing for the Thanksgiving travel rush.
Schwartz On Security: Reaching The M&A Tipping Point
Commentary  |  11/9/2010  | 
The jury is out on whether businesses will benefit from Intel buying McAfee or from Symantec, IBM and Microsoft sucking up everything in sight.
BlackSheep Sounds Alarm Against Firesheep
Commentary  |  11/9/2010  | 
Zscaler tool alerts users when it detects Firesheep, because the latter has made it easy to steal identities over a shared network.
A True Second Factor
Commentary  |  11/9/2010  | 
I'm sure some of you remember a time when you actually used to telephone the bank to do a transaction. Do you remember all the questions they would ask to verify that you were, in fact, the account owner?
Enterprise Lessons From New ADT Home Security System
Commentary  |  11/9/2010  | 
I've run physical security groups in a variety of firms over the years -- from a small real estate firm to a large enterprise, and my family owned one of the largest electronic security firms in the state when I was growing up.
The Politics Of Malware
Commentary  |  11/8/2010  | 
I recently saw a provocative tweet from @mikkohypponen that reminded me malware is still quite often politically motivated.
Microsoft Internet Explorer Zero-Day Under Attack
Commentary  |  11/8/2010  | 
The risk surrounding a new zero-day Microsoft Internet Explorer vulnerability increased significantly over the weekend and could prompt an emergency patch release from the software company at any time.
How To Get High Performance Cloud Storage
Commentary  |  11/8/2010  | 
One of the challenges with cloud storage is the connection between you and the storage. For almost everyone it is going to be slower than what is available within the data center. This performance difference does not mean a more limited use of cloud storage, it means that greater intelligence is needed to load data into the cloud. With that intelligence cloud storage could be leveraged for even the most demanding of applications.
InformationWeek State of Storage Survey
Commentary  |  11/6/2010  | 
I will be writing InformationWeek's annual State of Storage report in the next few weeks and in preparation InformationWeek Analytics is conducting its third annual storage survey on data management technologies and strategies. We are surveying IT pros to understand your storage usage and challenges. We're also interested in what our readers think are the major trends, both from a technology and business perspective, in the storage world this year.
Don't Be A Sheep
Commentary  |  11/6/2010  | 
Thanks to the new Firefox plug-in dubbed Firesheep, snoops and attackers now have an easier shot at hijacking some of your Internet sessions. Don't let this opportunity go to waste.
An Optimize Once Storage Optimization Strategy
Commentary  |  11/5/2010  | 
Storage optimization technologies like compression and deduplication have reduced the capacity requirements of many processes within the data center, most noticeably backup. When these data sets need to move between storage types though much of this optimization is lost. For storage optimization to achieve broad adoption it must move beyond just saving hard drive space. It has to increase data center efficiency and only optimize once.
NoSQL: Not Much, Anyway
Commentary  |  11/4/2010  | 
I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.
Blekko Search Fails To Inspire
Commentary  |  11/4/2010  | 
The beta service that uses slashtags to narrow your search's sites and topics has some good ideas but too many shortcomings.
Is Cloud Storage Fluffy?
Commentary  |  11/3/2010  | 
Before continuing with our look at how to use cloud storage in your business, we need to take a quick detour and discuss if cloud storage is a legitimate platform to begin with. The term in a recent comment that was used to describe cloud storage is fluffy. I find that not only is cloud storage a tangible technology, it is something that businesses of all sizes should be leveraging in some form.
SMB Guide To Credit Card Regulations, Part 2: The Low-Hanging Fruit
Commentary  |  11/2/2010  | 
The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.
Firesheep Simplifies Stealing Logins
Commentary  |  11/1/2010  | 
Firefox extension created to shine a light on the problem of unencrypted websites fails, because rather than offering a solution, it only makes it worse.
RAID Rebuilds Will Kill The Hard Disk
Commentary  |  11/1/2010  | 
We've written about it before as have others. RAID rebuild times continue to increase and as they do the very technology that made the hard drive safe for the enterprise thirty years ago may now be its undoing. The time it takes to rebuild a drive, measured in double digit hours if not days, has a critical impact on performance and data reliability. The work arounds may lead you to solid state disk faster than you originally planned.
HP And The Scary Corporate Fifth Column Concept
Commentary  |  11/1/2010  | 
HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.