Commentary

Content posted in November 2010
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
Commentary  |  11/30/2010  | 
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
Do Password Crackers Help Database Security?
Commentary  |  11/29/2010  | 
Password 'crackers' determine if passwords are strong or compliant with company policies, but do they improve database security?
Are You Ready For High Speed Storage Interfaces?
Commentary  |  11/29/2010  | 
A new wave of high speed storage interfaces is on the way offering improved storage I/O performance To see the expected performance improvement you have to do more than simply add drives with the new interface and install a host bus adapter in the server, you have to make sure every link in the I//O chain is ready.
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
Commentary  |  11/29/2010  | 
We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
Healthcare Breach Highlights Need For More Security Insight
Commentary  |  11/29/2010  | 
Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
Wolfe's Den: Airport Scanner Patents Promise Not To Show Your 'Junk'
Commentary  |  11/29/2010  | 
Rapiscan, the company supplying the controversial x-ray backscatter screeners, has won a patent for a machine which detects threats "with minimum display of anatomical details." Its competitors, and body scanner pioneer Martin Annis, are also pursuing enhanced privacy approaches. Here are the technology details.
Taming the Beast: Preventing/Detecting Insider Threat
Commentary  |  11/27/2010  | 
While many companies deal with the problem of insider threat, there are some practical things that can be done to both prevent and detect insider threat. Always remember, prevention is ideal but detection is a must.
Schwartz On Security: China's Internet Hijacking Misread
Commentary  |  11/24/2010  | 
Core Internet security concerns aren't as sexy as hyping Chinese attacks, but concern over the potential assault is misplaced and distracts from the need to fix what's really broken.
Sophos Sees Macs OS Infected With Windows Sludge
Commentary  |  11/23/2010  | 
Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.
Thanksgiving IT Help
Commentary  |  11/23/2010  | 
Tips for helping family members secure their computers for safe internet browsing and online shopping
What About Biometrics?
Commentary  |  11/22/2010  | 
Integrating fingerprints in a standard way so that Web and enterprise applications can take advantage of them
Does SSD Make Sense In The Small Data Center?
Commentary  |  11/22/2010  | 
Solid State Storage is often thought of as being used in one of two extremes. Either in the high end enterprise to acceleration databases or in the consumer netbook, smartphone market. The truth is that solid state storage can be used in a wide variety of applications in businesses of all sizes. The small data center with two to three servers should not exclude SSD from it's consideration.
Researchers: Be Wary Of New Trojan Attacks
Commentary  |  11/21/2010  | 
A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.
Server Virtualization's Encapsulation And Its Impact On Backup
Commentary  |  11/19/2010  | 
In our last entry we discussed how the encapsulation of the millions of files that make up a single server into a single file has changed what we expect from storage and the network infrastructure. The same encapsulation may have an even more dramatic impact on data protection that will fundamentally change the way you protect and recover data. It may also change who the 'go to' data protection vendors a
Dark Reading Switches To New App Platform; Please Pardon Our Dust
Commentary  |  11/18/2010  | 
New PHP environment will make site more flexible -- sorry for the bumps!
Dangerous Safari Bugs Patched
Commentary  |  11/18/2010  | 
Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.
Server Virtualization's Encapsulation And Its Impact On Storage
Commentary  |  11/18/2010  | 
To say that server virtualization changes everything is an understatement. In storage though I don't think we understand or give credit to just how much of a game changer storage virtualization really is. For storage managers and backup administrators it has brought new capabilities, new requirements and new problems to solve.
Survey Provides Peek Inside Database Security Operations
Commentary  |  11/17/2010  | 
Database security budgets on the rise, 20 percent expect to suffer a data breach in the next 12 months
Emergency Patch From Adobe Arrives
Commentary  |  11/16/2010  | 
Adobe today released a patch designed to patch a number of critical flaws in Adobe Reader. You'll want to patch this one, quickly.
Larry Ellison's Mistress, And Security As A Blame Game
Commentary  |  11/16/2010  | 
Focus on security, not on finger-pointing
Profiling The Evil Insider
Commentary  |  11/16/2010  | 
How to sniff out a rogue insider
When To Change Passwords
Commentary  |  11/16/2010  | 
Knowing when to change your password depends mainly on what your password is for
SSD Lessons From The iPad
Commentary  |  11/15/2010  | 
In their latest quarterly filings Apple stated that they have sold over 4.2 million iPads, exceeding most people's expectations. So popular is the iPad that Apple is taking some of the lessons learned on the product and incorporating them into their next generation of notebooks starting with the MacBook Air. One of those lessons is how Apple is integrating Solid State Disk (SSD) into the product line. Enterprise storage manufacturers need to pay attention and learn a lesson.
Forget FCoE - The War Is About Convergence
Commentary  |  11/12/2010  | 
There has been a lot written about Fibre Channel over Ethernet (FCoE) the last few years but FCoE was merely an initial skirmish in the battle for the infrastructure. The major systems manufacturers are all placing their bets on everything over Ethernet and that is were the battle will be waged. 2011 may not be the year that you implement a converged infrastructure but it may be the year you decide which vendors you are going to use for convergence.
Security M&A: Where Innovation (Too Often) Goes To Die
Commentary  |  11/11/2010  | 
Following a handful of high profile security acquisitions this year, the ever-simmering topic of security industry consolidation has once again surfaced.
Feds Respond To Air Safety Threats
Commentary  |  11/10/2010  | 
A series of recent incidents have prompted air transportation officials in the United States to outline new security measures, just as millions of people book flights and begin packing for the Thanksgiving travel rush.
Schwartz On Security: Reaching The M&A Tipping Point
Commentary  |  11/9/2010  | 
The jury is out on whether businesses will benefit from Intel buying McAfee or from Symantec, IBM and Microsoft sucking up everything in sight.
BlackSheep Sounds Alarm Against Firesheep
Commentary  |  11/9/2010  | 
Zscaler tool alerts users when it detects Firesheep, because the latter has made it easy to steal identities over a shared network.
A True Second Factor
Commentary  |  11/9/2010  | 
I'm sure some of you remember a time when you actually used to telephone the bank to do a transaction. Do you remember all the questions they would ask to verify that you were, in fact, the account owner?
Enterprise Lessons From New ADT Home Security System
Commentary  |  11/9/2010  | 
I've run physical security groups in a variety of firms over the years -- from a small real estate firm to a large enterprise, and my family owned one of the largest electronic security firms in the state when I was growing up.
The Politics Of Malware
Commentary  |  11/8/2010  | 
I recently saw a provocative tweet from @mikkohypponen that reminded me malware is still quite often politically motivated.
Microsoft Internet Explorer Zero-Day Under Attack
Commentary  |  11/8/2010  | 
The risk surrounding a new zero-day Microsoft Internet Explorer vulnerability increased significantly over the weekend and could prompt an emergency patch release from the software company at any time.
How To Get High Performance Cloud Storage
Commentary  |  11/8/2010  | 
One of the challenges with cloud storage is the connection between you and the storage. For almost everyone it is going to be slower than what is available within the data center. This performance difference does not mean a more limited use of cloud storage, it means that greater intelligence is needed to load data into the cloud. With that intelligence cloud storage could be leveraged for even the most demanding of applications.
InformationWeek State of Storage Survey
Commentary  |  11/6/2010  | 
I will be writing InformationWeek's annual State of Storage report in the next few weeks and in preparation InformationWeek Analytics is conducting its third annual storage survey on data management technologies and strategies. We are surveying IT pros to understand your storage usage and challenges. We're also interested in what our readers think are the major trends, both from a technology and business perspective, in the storage world this year.
Don't Be A Sheep
Commentary  |  11/6/2010  | 
Thanks to the new Firefox plug-in dubbed Firesheep, snoops and attackers now have an easier shot at hijacking some of your Internet sessions. Don't let this opportunity go to waste.
An Optimize Once Storage Optimization Strategy
Commentary  |  11/5/2010  | 
Storage optimization technologies like compression and deduplication have reduced the capacity requirements of many processes within the data center, most noticeably backup. When these data sets need to move between storage types though much of this optimization is lost. For storage optimization to achieve broad adoption it must move beyond just saving hard drive space. It has to increase data center efficiency and only optimize once.
NoSQL: Not Much, Anyway
Commentary  |  11/4/2010  | 
I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.
Blekko Search Fails To Inspire
Commentary  |  11/4/2010  | 
The beta service that uses slashtags to narrow your search's sites and topics has some good ideas but too many shortcomings.
Is Cloud Storage Fluffy?
Commentary  |  11/3/2010  | 
Before continuing with our look at how to use cloud storage in your business, we need to take a quick detour and discuss if cloud storage is a legitimate platform to begin with. The term in a recent comment that was used to describe cloud storage is fluffy. I find that not only is cloud storage a tangible technology, it is something that businesses of all sizes should be leveraging in some form.
SMB Guide To Credit Card Regulations, Part 2: The Low-Hanging Fruit
Commentary  |  11/2/2010  | 
The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.
Firesheep Simplifies Stealing Logins
Commentary  |  11/1/2010  | 
Firefox extension created to shine a light on the problem of unencrypted websites fails, because rather than offering a solution, it only makes it worse.
RAID Rebuilds Will Kill The Hard Disk
Commentary  |  11/1/2010  | 
We've written about it before as have others. RAID rebuild times continue to increase and as they do the very technology that made the hard drive safe for the enterprise thirty years ago may now be its undoing. The time it takes to rebuild a drive, measured in double digit hours if not days, has a critical impact on performance and data reliability. The work arounds may lead you to solid state disk faster than you originally planned.
HP And The Scary Corporate Fifth Column Concept
Commentary  |  11/1/2010  | 
HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.