Commentary

Content posted in December 2009
Page 1 / 2   >   >>
2010 Security Dreams? GFI Says "Dream On!"
Commentary  |  12/31/2009  | 
Sometimes you've just got to smile, and GFI security expert David Kelleher gave me more than one with his dreams of a security utopia in 2010. Dream on is more like it.
2010 Threat Environment: New Year's Familiar Fears
Commentary  |  12/30/2009  | 
Saying goodbye to 2009 won't, alas, let us say goodbye to many of the year's top threats, which promise to linger and persist into 2010, even as the New Year brings new threats, as well as new versions and varieties of the old ones.
Mobile Botnets: A New Frontline
Commentary  |  12/29/2009  | 
There has been a recent rash of worms and malware targeting (jailbroken) iPhones. A group of researchers from SRI International published a study of an Apple iPhone bot client, captured just before Thanksgiving.
Global CIO: My 5 Favorite Cover Stories Of 2009
Commentary  |  12/27/2009  | 
From a year's worth of InformationWeek cover stories, here's a very personal list. And I'm already regretting some I didn't pick.
Data Masking Primer
Commentary  |  12/26/2009  | 
Data masking is an approach to data security used to conceal sensitive information. Unlike encryption, which renders data unusable until it is restored to clear text, masking is designed to protect data while retaining business functionality.
5 Security Predictions For 2010
Commentary  |  12/24/2009  | 
Varonis shares five security trends that will impact SMBs in the coming year.
Fixing The Security Disconnect
Commentary  |  12/24/2009  | 
A disconnect often exits between security teams and the population they service. I'm not referring to just users -- of course, you'll pretty much always find a rift between security and users -- but instead I mean the disconnect that often occurs among network groups, system administrators, developers, and similar groups.
Global CIO: A Holiday Miracle: Do You Believe In Angels?
Commentary  |  12/23/2009  | 
Our recent column "The Thanksgiving Angels Of Flight 3405" sparked dozens of letters so we're rerunning it for Christmas and the holiday season. Do you believe?
Security PR: How To Disclose A Vulnerability
Commentary  |  12/22/2009  | 
When your team discovers a new security vulnerability in a third-party product, there are ways to handle it correctly to achieve maximum visibility.
Global CIO: Oracle's Incredible Profit Machine: 22% Maintenance Fees
Commentary  |  12/21/2009  | 
How important are your 22% annual fees to Oracle? It earned $3 billion on those fees last quarter while losing $800 million across the rest of the company.
2010 Year Of Fibre Channel-Over-Ethernet?
Commentary  |  12/21/2009  | 
Will 2010 be the year of Fibre Channel-Over-Ethernet (FCoE)? I am always hesitant to predict that any particular year with be "the year" but I do think that FCoE will move out of conversation and testing phases and more into production.
Paper-Based Breaches Just As Damaging
Commentary  |  12/21/2009  | 
IT tends to forget about things that aren't electronic. But you remember that stuff called paper, right? Have you considered that printed documents are just as damaging to a company's reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server?
Global CIO: Glimmers Of Growth In Outlook 2010 Research
Commentary  |  12/21/2009  | 
Our exclusive research shows IT shops may spend more this year, but not much on hiring people.
Season's Security Greetings: 12 Holiday Tips To Keep Your Data Safe
Commentary  |  12/21/2009  | 
'Tis the season -- for holiday time off, extended trips, office parties... and security negligence. Time to tighten the defenses and clamp down on the user indulgences. No Grinch or Scrooge stuff here: Just a few tips for keeping your workplace systems and data safe, as well as merry and bright.
Global CIO: The Top 10 CIO Issues For 2010
Commentary  |  12/21/2009  | 
For CIOs, 2010 will require new emphases on customers, revenue, external information, and a passion for rapid change.
SkyGrabber Is For Porn, Not For Hacking Predator Drones
Commentary  |  12/18/2009  | 
According to a sensationalized news story from late last week, Iraqi insurgents have intercepted live feeds from Predator drones. But the story's facts seem fishy: it claims the $26 off-the-shelf software product, SkyGrabber, was used to intercept live video feeds from U.S. Predator drones. But SkyGrabber does not have this ability.
Making Your IDS Work For You
Commentary  |  12/18/2009  | 
Talk to anyone who knows anything about running an intrusion detection system (IDS), and he will tell you one of the most important processes during the initial deployment is tuning. It's also one of the important operational tasks that go on as new rules are released to make sure they are relevant to the environment you're tasked to protect.
Global CIO: Oracle CEO Larry Ellison On The Future Of IT
Commentary  |  12/18/2009  | 
Ellison speaks out on Oracle's new Sun-enabled strategy and how that points to where the entire IT industry is headed.
Security Reminders From "Hacked" Predator Drones
Commentary  |  12/17/2009  | 
The Wall Street Journal reported today that Iraqi militants are able to intercept live feeds from U.S. military predator drones with standard hardware equipment and a $30 software application.
Improved Security In Microsoft Office 2010
Commentary  |  12/17/2009  | 
Microsoft has made Office 2010 available in public beta. After playing around with it for a while, I am not yet sure I need any of the new functionality.
Global CIO: Oracle-Sun A Bad Deal? Only A Fool Would Say That
Commentary  |  12/16/2009  | 
Oracle buying Sun is bad business, says Motley Fool, but that analysis is simply, well, foolish. Here's why.
Christmas Wish List: Patching & Whitelisting
Commentary  |  12/16/2009  | 
Christmas is next week, and if I were putting together a wish list of things to help lock down my enterprises, I'd have to put patch management and application whitelisting at the top. Why? It's simple. The two together could deliver the one-two punch to knockout the majority of compromises I've been seeing lately.
2010 Cybercrime Goals: Symantec
Commentary  |  12/16/2009  | 
What do cybercrooks want next year? According to Symantec Hosted Services, they want bigger and badder botnets, pathways through CAPTCHA traps, local language spam and plenty of hooks as good as Michael Jackson and Tiger Woods.
Global CIO: The World's Largest Private Cloud: Who's Number One?
Commentary  |  12/16/2009  | 
Its 13 petabytes include archived data from the world's top banks and pharma companies, and it's growing rapidly. The owner's name starts with A -- but it's not Amazon.
2010 Storage Trends Scale Out Storage
Commentary  |  12/16/2009  | 
This time of year I am always asked what storage trends will take off during the next year. I often resist because it is very hard to get it right. What I try to do is see what is likely to gain traction in the coming year. Over the next few entries we will explore some of the 2010 storage trends that you ought to be paying attention to. One of those is scale out storage.
Global CIO: Welcome To The CIO Revolution, Circa 2010
Commentary  |  12/15/2009  | 
After the craziness that was 2009, what are the top strategic priorities for CIOs in 2010? Four world-class CIOs share their insights.
U.S. And Russia Talk Internet Security
Commentary  |  12/14/2009  | 
According to news reports, the American and Russian governments are engaged in talks designed to pave a way for a more secure Internet and a treaty to limit certain types of cyberweapons.
What It Takes To Have True Visibility Into Web Attacks
Commentary  |  12/14/2009  | 
I'm one of those people who takes extensive notes but rarely goes back and read them. Today was one of those exceptions: I was looking through Evernote for something, and a statement I'd copied some time ago stuck out.
Trojan Buzus Attack Passes 1.5 Million Infected Sites
Commentary  |  12/14/2009  | 
A widlfire-fast SQL injection that started picking up speed last week hasn't slowed down. Last week's hundreds of thousands of compromised sites have grown to more than 1.5 million, eSoft reports.
Global CIO: Oracle's EU Nemesis Mocked Intel After $1.5B Fine
Commentary  |  12/14/2009  | 
After fining Intel $1.5 billion, top EC bureaucrat Neelie Kroes joked about Intel sponsoring European taxpayers. What sort of joke was she planning for Oracle?
Global CIO: Oracle Customer Comments Will Force EU To Yield
Commentary  |  12/13/2009  | 
Oracle customers last week crushed the EU's case against Oracle by saying its databases don't compete with MySQL. But will the EU listen?
Why Stop At Automated Storage Tiering?
Commentary  |  12/11/2009  | 
Automated tiering, the transparent movement of data based on activity or type, is quickly proving itself to be a hot consideration for storage managers but why stop at automated tiering? Can't we make the entire storage ecosystem respond automatically based on environmental conditions and its available resources?
Security PR: How To Talk To Reporters
Commentary  |  12/11/2009  | 
Here are some tips for security professionals and security public relations representatives on how to pitch reporters when you have something new and exciting to share.
Global CIO: Riverbed Sees Cloud Computing Boom In 2010
Commentary  |  12/11/2009  | 
With CIOs looking to the cloud to help rekindle growth and CEOs dazzled by the economic promise, Riverbed is very bullish on cloud computing.
How Organizations Get Hacked
Commentary  |  12/10/2009  | 
Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.
Using Facebook To Social-Engineer A Business
Commentary  |  12/10/2009  | 
My firm was recently asked to compromise a company's network infrastructure using intelligence available from the Internet. The client's CIO was worried that social networking sites provided too much information about its employees and the company, so we discussed the possibility of using information gained from social networking sites to social-engineer our way into the customer's facility and, ultimately, into its network.
Top 15 Threats: How The Crooks Are Coming At You
Commentary  |  12/10/2009  | 
The latest Verizon Data Breach Report lists the top outside threats -- keyloggers, spyware, SQL injections, remote access and control -- and inside threats -- access and privilege abuse, usage and other policy violations -- that businesses have faced. The report is based on actual business's data breach experiences.
Global CIO: Why SAP Won't Match Oracle's 22% Maintenance Fees
Commentary  |  12/9/2009  | 
Here are five reasons why SAP won't make the awful mistake of raising annual maintenance fees to match Oracle at 22%.
Detecting Viral Persistence
Commentary  |  12/9/2009  | 
Persistence is something that malware strives to achieve. If malware cannot survive the monthly reboot due to the Microsoft patch cycle or the usual Windows troubleshooting process (reboot first!), then it's going to have a short lifetime and little effectiveness. There are a few exceptions to the rule in terms of persistence.
New Cloud-Based Wireless Password Cracker
Commentary  |  12/9/2009  | 
Security reports have consistently pointed out weak or default passwords as a major source for data breaches, similar to the recent Verizon Data Breach Study. Now there's a new service that tests the strength of passwords used in the encryption of wireless access points.
5 Tips To Help SMBs Stop Identity Theft
Commentary  |  12/9/2009  | 
Many SMBs like to think identity theft is someone else's problem. Sure, consumers have to worry about it, and so do large corporations that collect information on millions of customers. But not smaller companies, right? After all, who'd bother targeting a run-of-the-mill SMB?
Global CIO: IBM Supports Oracle But Microsoft Kisses EU Ring
Commentary  |  12/9/2009  | 
IBM exec Steve Mills says MySQL doesn't compete with Oracle, but Microsoft obsequiously awaits its chance to kiss the EU's ring by demonizing Larry Ellison's company.
When Controllers Fail
Commentary  |  12/9/2009  | 
What are the chances of a controller failing in a storage system? I don't know the exact statistic but its safe to assume that its pretty low. When they do fail, the ramifications can be extreme, especially in the increasingly virtualized data center that counts on shared storage. Active-Active controllers provide the protection from controller failure but they are a bit of a misnomer. Both controllers are being used but they are assigned to specific workloads.
Global CIO: General Motors CIO On 4 Essential IT Skills
Commentary  |  12/9/2009  | 
He'd like to hire people with all 4 into the new GM. But how can IT pros get this broad experience?
Bank Login Stealing Trojan Threat Grows
Commentary  |  12/8/2009  | 
Cisco released its Cisco 2009 Annual Security Report this morning, and it contains some interesting insight on many of the vulnerabilities and threat vectors we face today.
A Real Insider Threat Story
Commentary  |  12/8/2009  | 
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
Global CIO: Steve Jobs Is Bugs Bunny But Microsoft Is Elmer Fudd
Commentary  |  12/8/2009  | 
Windows 7 is nice, Bing is neat, Sharepoint is solid, and Azure is promising. But does Microsoft scare the crap out of any of its competitors anymore?
Global CIO: The 50 Top Tech Quotes For 2009, Part II
Commentary  |  12/8/2009  | 
"Take two of the five most-profitable businesses in China: they don't pay for their software." We've got 24 more great quotes in Part II of our best of 2009.
'Capture The Flag' Contest Targets End Users
Commentary  |  12/7/2009  | 
Capture the flag (CTF) competitions and similarly organized scenario-based "games" can be a great learning experience for security professionals of all experience levels. Contestants are typically forced to work under pressure and in scenarios that range from real-world situations to extreme, all-out cyber-warfare.
Failure To Move
Commentary  |  12/7/2009  | 
Don MacVittie in his blog over at F5 commented recently on an article that we have written "What is File Virtualization?" indicating that we missed a key issue in dealing with how to handle it when your virtualization box goes down. While my defense could be that th
Page 1 / 2   >   >>


Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Be a unicorn, not a donkey...
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.