Commentary
Content posted in February 2008
Page 1 / 2   >   >>
F-Secure Survey Shows Misplaced Security Confidence
Commentary  |  2/29/2008  | 
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
Commentary  |  2/29/2008  | 
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Commentary  |  2/28/2008  | 
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
Commentary  |  2/28/2008  | 
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
VMware Moves To Protect Applications Living On The Hypervisor
Commentary  |  2/27/2008  | 
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
Commentary  |  2/27/2008  | 
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
An Ounce Of Virtual Prevention
Commentary  |  2/26/2008  | 
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
Commentary  |  2/26/2008  | 
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Commentary  |  2/26/2008  | 
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Challenges From The Vendor View
Commentary  |  2/26/2008  | 
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Commentary  |  2/25/2008  | 
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
A Bad Day at Pakistan Telecom
Commentary  |  2/24/2008  | 
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Commentary  |  2/23/2008  | 
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Where Storage Gets Innovative
Commentary  |  2/21/2008  | 
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Commentary  |  2/21/2008  | 
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Commentary  |  2/21/2008  | 
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
Big Challenges Ahead
Commentary  |  2/20/2008  | 
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism. It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Commentary  |  2/20/2008  | 
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
That Didn't Take Long
Commentary  |  2/19/2008  | 
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Commentary  |  2/19/2008  | 
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
Security And (Or) Regulatory Compliance
Commentary  |  2/18/2008  | 
Anyone who knows me knows that I don't believe achieving regulatory compliance is a technology problem. Sure, good tech will help you get there. But at it's core, compliance is a processes problem. And a pet peeve of mine has been how the mad dash toward regulatory compliance has, in many organizations, forced CISOs to take their eye off of security.
Safety In Numbers
Commentary  |  2/15/2008  | 
There's a great movie I hope they still show in math and science classes called something like "Powers of 10." It begins with a shot of an earthbound human, then zooms out 100 feet, then 10,000 feet, racking up the exponents til we're out in Carl Sagan country. It then reverses itself into the subatomic realm. It blew my 10-year old mind, such that when the discussion turns to
A (Potentially) Bad Idea Is Resurrected At Microsoft
Commentary  |  2/14/2008  | 
The software maker is researching ways to use worms as a software patch distribution mechanism. Not on any of my machines.
'Pleased To Put This Matter Behind Us'
Commentary  |  2/14/2008  | 
As a journalist, it makes me wince to witness reporters getting all sanctimonious when in reality they're doing little more than burnishing their reputations. But the roles got reversed as Hewlett-Packard settled one of two sets of pretexting and spying claims yesterday, acting and speaking with a smugness and neutrality that don't really put the matter behind anyone.
Valentine's Virus-Mail-- Anything But Romantic
Commentary  |  2/14/2008  | 
Won't you be my Valentine? Won't you be my VirusTime is more like it, as a storm of malicious e-cards and messages breaks across the Net. Don't click on any unexpected e-cards or messages, however Cupid-cute -- and warn your employees not to, either.
Now, That's Service
Commentary  |  2/13/2008  | 
Six weeks into the year and you're finally remembering that sinuous "8" when you write a new check. And it's been barely a week since the Year of the Rat celebrations ended. No matter -- in Storageville, it's pretty safe if we just go ahead and label this the Year of Storage Services.
Zero-Day Attacks Trend Down? I Don't Give A Flying Hoot
Commentary  |  2/13/2008  | 
Security researchers and the press like to parse vulnerability trends. They like to argue (among themselves) as to whether zero-day attacks are on the rise, and if the underground is selling or sandbagging the security flaws these black hats uncover. I say: So what? None of this should matter to you.
Google Warns Of Search Fraud Surge
Commentary  |  2/13/2008  | 
As search engines become the default starting point for many if not most Web activities, they're increasingly targeted by crooks. That's what Google's finding, and pretty grim findings they are.
The Changing Role Of The CISO?
Commentary  |  2/12/2008  | 
Just a few years ago, the chief information security officer's focus was to defend business-technology systems from the continuous barrage of viruses, worms, denials-of-service, and many other types of attacks that placed system availability and information at risk. For many, I suspect, this role has changed dramatically.
Partners That Compete
Commentary  |  2/12/2008  | 
I know cooperative competition is supposed to be a cornerstone of business today. Still, I have to wonder how much further down the path to recovery will Dell get before its primary storage partner EMC complains?
Microsoft Office, Internet Explorer At Greatest Risk
Commentary  |  2/12/2008  | 
Microsoft unleashed 11 security bulletins today, as part of its monthly patch cycle. Six of the bulletins are rated by the software vendor as "Critical," and five are ranked as "Important." You'll want to patch yourself right away, but if you had to prioritize . . .
Apple Fixes Security Holes, Updates Leopard
Commentary  |  2/11/2008  | 
Where last week finished up with having to patch my Firefox browser with two handfuls of security patches, Apple has released its first batch of security updates for this year. And it's a biggie.
Pleading The E-Fifth
Commentary  |  2/11/2008  | 
It's probably not the career most storage professionals might have envisioned -- data forensic specialist, law enforcement agent, and archivist/go-fer. But with recent incidents that span from Detroit to Paris, here's why storage
Following Bevy Of Patches, The Firefox Browser Is Still Vulnerable
Commentary  |  2/11/2008  | 
On Friday, Feb. 8, Mozilla released an updated version of its Firefox Web browser that aimed to fix 10 vulnerabilities. Now, at least one security researcher says flaws still remain.
Malware Getting Worse: 11 Trends To Watch
Commentary  |  2/11/2008  | 
Half a million malwares (and then some) and counting -- that's McAfee Avert Labs' prediction for this year. That's a more than 50 percent jump over '07, and the scarier thing is that the prediction may be conservative.
Storm Worm Makers Reaping Millions A Day In Profit
Commentary  |  2/10/2008  | 
That's the scoop from a U.K. PC publication quoting an IBM Internet Security Systems' security expert during a debate at NetEvents Forum in Barcelona.
Backup That's Off The Hook
Commentary  |  2/8/2008  | 
"Unfortunately, it's a huge file and it's taking a long time," says a Verizon spokesman in this report about a database gone astray. Unfortunately, the file problem left 750,000 landline customers here in Southern California without any voice mail service for two days.
PCI Web Application Security Deadline Looms
Commentary  |  2/8/2008  | 
If you're a Web merchant, you're (or had better be) familiar with the Payment Card Industry Data Security Standard, or PCI DSS. What you may not know is that this June some new rules apply.
Enough With The Patches Already!
Commentary  |  2/7/2008  | 
I'm growing increasingly grateful for those quiet days when I can actually use my computer systems, for work or fun, rather than have to patch them. Is it really too much to ask?
Socially Challenged
Commentary  |  2/7/2008  | 
You'd think I might have taken the hint the year someone gave me Miss Manners' Guide to Excruciatingly Correct Behavior for Christmas. But in the real world or online, I can't seem to get that whole social graces things right. Which is why I'm such a zero with social networks.
Online Shoppers Increasingly Fed Up With Data Breaches
Commentary  |  2/7/2008  | 
For anyone who needs even more evidence that security is critical to keeping online shoppers happy: read on.
Spam Across The Waters: Europe Grabs Junkmail Lead
Commentary  |  2/7/2008  | 
This month's Symantec Spam Report brings some interesting -- and surprising -- information about the nature of the spam that clogs our queues and pipelines. Spam filesize is shrinking and more of it's coming from Europe than anywhere else.
Total Cost Of Lead Generation
Commentary  |  2/6/2008  | 
I know at least four vendors who'd be more than willing to help you calculate it, but does anyone really know the total cost of ownership (TCO) of their storage? Too often, these calculations have about the same gravitas as when someone starts describing what they're worth "on paper."
Free Encryption For All
Commentary  |  2/6/2008  | 
Sure, you can keep your files secure with BitLocker, available for certain versions of Vista. And Mac users have FileVault, which is free with Mac OS X. Personally, I like TrueCrypt. Here's why.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.