Commentary
Content posted in December 2010
Three 2011 Security Resolutions (for the uninitiated)
Commentary  |  12/31/2010  | 
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Commentary  |  12/30/2010  | 
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
Commentary  |  12/30/2010  | 
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Information Security Predictions 2011
Commentary  |  12/29/2010  | 
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
As More SMBs Engage Online Security Concerns Grow
Commentary  |  12/27/2010  | 
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Why SMBs Aren't Buying DLP
Commentary  |  12/27/2010  | 
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
SCADA Security Heats Up
Commentary  |  12/27/2010  | 
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Microsoft Moves To Block Zero Day Attack
Commentary  |  12/22/2010  | 
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Why All The Big Deals?
Commentary  |  12/22/2010  | 
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
'Tis Attack Season: 5 Ways To Fight Back
Commentary  |  12/22/2010  | 
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
Schwartz On Security: Don't Get Hacked For the Holidays
Commentary  |  12/22/2010  | 
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
What If Data Services Were Free?
Commentary  |  12/21/2010  | 
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Security Design Fail
Commentary  |  12/19/2010  | 
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Hacked: A Reformed Victim's Story
Commentary  |  12/17/2010  | 
What I learned as a hacking victim and how you could prevent something similar from happening to you or a loved one
Take A Deep Breath
Commentary  |  12/17/2010  | 
In the midst of the recent surge of security hype and angst, a dose of perspective
Reputation Can't Be Delegated
Commentary  |  12/16/2010  | 
A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.
Why Chrome OS Will Succeed
Commentary  |  12/15/2010  | 
Google's "third choice" of operating system will sell itself to businesses and schools.
What Disaster Are You Planning For?
Commentary  |  12/14/2010  | 
When the subject of disaster recovery comes up many IT professionals' minds immediately flash to an epic event like a fire, hurricane, tornado or earthquake. While this is fine for a point of reference, what about planning for the more mundane disaster? These simple disasters can often cost you as much in revenue and brand reputation than their larger alternatives.
Gawker Goof
Commentary  |  12/13/2010  | 
Sometimes it helps knowing what not to do with database security to clarify why you need database security -- and sometimes somebody else goofs up real bad and sheds light on the little security details you need to get right
Patch Tuesday: Too Big To Ignore?
Commentary  |  12/13/2010  | 
Any IT administrators hoping to get an early jump on the holidays this week face a big disappointment: 40 software updates coming from Redmond this month.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
On To 2011
Commentary  |  12/13/2010  | 
2011 will be the year we catch the first glimpse of the biometric movement
Researchers: Major Ad Networks Serving Malware
Commentary  |  12/11/2010  | 
Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.
The Hazards Of Bot Volunteerism
Commentary  |  12/10/2010  | 
Not only can you get caught, you can also get 0wned if the bot software is malicious
Is The Storage Industry Consolidated?
Commentary  |  12/10/2010  | 
There have long been predictions that the storage industry would consolidate down to three or four vendors. A few weeks ago EMC made a bid to buy Isilon and yesterday Dell made a bid to buy Compellent for $876 million dollars. These deals come on the heels of the dramatic HP - Dell bidding war over 3PAR. Is the storage industry consolidated? Not even close.
Monitoring Challenges For NERC/FERC Environments
Commentary  |  12/10/2010  | 
Many vendors claim to be entrenched within NERC and FERC regulated critical infrastructure clients, but few understand where the real goldmine of data resides
Why 2010 Will Make 2011 The Year Of SSD
Commentary  |  12/8/2010  | 
In technology we are always looking for next year to be the year of something. Reality is that most technologies don't establish themselves in a single year, but 2011 could be the year that solid state storage makes significant inroads into the enterprise data center and that work will be because of what was done in 2010.
California Does Health Care Data Breaches Right
Commentary  |  12/7/2010  | 
Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
What Appliances Should Be Virtualized?
Commentary  |  12/3/2010  | 
In our last entry we discussed the value of virtual appliances and how they might be a better option for the data center than stand alone appliances are today. If you agree that there is value in leveraging the virtual infrastructure for appliances then the next step is to decide which appliances make the most sense to be virtualized.
Wikileaks: The Canary In The Coal Mine For DLP
Commentary  |  12/2/2010  | 
The supposedly confidential State Department memos ('cables' in the quaint, antiquated parlance of diplomats) oozing out in dribs and drabs this week prompts many questions, but for the IT professional none is more acute than "how could something like this even happen?" This marks the third time in the last six months that the Web's premier whistleblower outlet has release dsensitive government reports. Admittedly, most of these aren't highly classified (and none are "top secret), nor even all t
The Value Of Virtual Appliances
Commentary  |  12/1/2010  | 
Vendors created the appliance market by delivering their software applications pre-installed on standalone servers. The goal was to simplify installation for the users and to make support easier thanks to the consistent hardware platform. The downside to appliances is that there is an added hardware cost and when performance needs to be upgraded it often requires a new appliance. These issues can be addressed by leveraging server virtualization to create virtual appliances.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.