Commentary

Content posted in February 2008
Page 1 / 2   >   >>
F-Secure Survey Shows Misplaced Security Confidence
Commentary  |  2/29/2008  | 
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
Commentary  |  2/29/2008  | 
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Commentary  |  2/28/2008  | 
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
Commentary  |  2/28/2008  | 
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
VMware Moves To Protect Applications Living On The Hypervisor
Commentary  |  2/27/2008  | 
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
Commentary  |  2/27/2008  | 
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
An Ounce Of Virtual Prevention
Commentary  |  2/26/2008  | 
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
Commentary  |  2/26/2008  | 
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Commentary  |  2/26/2008  | 
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Challenges From The Vendor View
Commentary  |  2/26/2008  | 
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Commentary  |  2/25/2008  | 
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
A Bad Day at Pakistan Telecom
Commentary  |  2/24/2008  | 
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Commentary  |  2/23/2008  | 
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Where Storage Gets Innovative
Commentary  |  2/21/2008  | 
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Commentary  |  2/21/2008  | 
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Commentary  |  2/21/2008  | 
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
Big Challenges Ahead
Commentary  |  2/20/2008  | 
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism. It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Commentary  |  2/20/2008  | 
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
That Didn't Take Long
Commentary  |  2/19/2008  | 
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Commentary  |  2/19/2008  | 
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
Security And (Or) Regulatory Compliance
Commentary  |  2/18/2008  | 
Anyone who knows me knows that I don't believe achieving regulatory compliance is a technology problem. Sure, good tech will help you get there. But at it's core, compliance is a processes problem. And a pet peeve of mine has been how the mad dash toward regulatory compliance has, in many organizations, forced CISOs to take their eye off of security.
Safety In Numbers
Commentary  |  2/15/2008  | 
There's a great movie I hope they still show in math and science classes called something like "Powers of 10." It begins with a shot of an earthbound human, then zooms out 100 feet, then 10,000 feet, racking up the exponents til we're out in Carl Sagan country. It then reverses itself into the subatomic realm. It blew my 10-year old mind, such that when the discussion turns to
A (Potentially) Bad Idea Is Resurrected At Microsoft
Commentary  |  2/14/2008  | 
The software maker is researching ways to use worms as a software patch distribution mechanism. Not on any of my machines.
'Pleased To Put This Matter Behind Us'
Commentary  |  2/14/2008  | 
As a journalist, it makes me wince to witness reporters getting all sanctimonious when in reality they're doing little more than burnishing their reputations. But the roles got reversed as Hewlett-Packard settled one of two sets of pretexting and spying claims yesterday, acting and speaking with a smugness and neutrality that don't really put the matter behind anyone.
Valentine's Virus-Mail-- Anything But Romantic
Commentary  |  2/14/2008  | 
Won't you be my Valentine? Won't you be my VirusTime is more like it, as a storm of malicious e-cards and messages breaks across the Net. Don't click on any unexpected e-cards or messages, however Cupid-cute -- and warn your employees not to, either.
Now, That's Service
Commentary  |  2/13/2008  | 
Six weeks into the year and you're finally remembering that sinuous "8" when you write a new check. And it's been barely a week since the Year of the Rat celebrations ended. No matter -- in Storageville, it's pretty safe if we just go ahead and label this the Year of Storage Services.
Zero-Day Attacks Trend Down? I Don't Give A Flying Hoot
Commentary  |  2/13/2008  | 
Security researchers and the press like to parse vulnerability trends. They like to argue (among themselves) as to whether zero-day attacks are on the rise, and if the underground is selling or sandbagging the security flaws these black hats uncover. I say: So what? None of this should matter to you.
Google Warns Of Search Fraud Surge
Commentary  |  2/13/2008  | 
As search engines become the default starting point for many if not most Web activities, they're increasingly targeted by crooks. That's what Google's finding, and pretty grim findings they are.
The Changing Role Of The CISO?
Commentary  |  2/12/2008  | 
Just a few years ago, the chief information security officer's focus was to defend business-technology systems from the continuous barrage of viruses, worms, denials-of-service, and many other types of attacks that placed system availability and information at risk. For many, I suspect, this role has changed dramatically.
Partners That Compete
Commentary  |  2/12/2008  | 
I know cooperative competition is supposed to be a cornerstone of business today. Still, I have to wonder how much further down the path to recovery will Dell get before its primary storage partner EMC complains?
Microsoft Office, Internet Explorer At Greatest Risk
Commentary  |  2/12/2008  | 
Microsoft unleashed 11 security bulletins today, as part of its monthly patch cycle. Six of the bulletins are rated by the software vendor as "Critical," and five are ranked as "Important." You'll want to patch yourself right away, but if you had to prioritize . . .
Apple Fixes Security Holes, Updates Leopard
Commentary  |  2/11/2008  | 
Where last week finished up with having to patch my Firefox browser with two handfuls of security patches, Apple has released its first batch of security updates for this year. And it's a biggie.
Pleading The E-Fifth
Commentary  |  2/11/2008  | 
It's probably not the career most storage professionals might have envisioned -- data forensic specialist, law enforcement agent, and archivist/go-fer. But with recent incidents that span from Detroit to Paris, here's why storage
Following Bevy Of Patches, The Firefox Browser Is Still Vulnerable
Commentary  |  2/11/2008  | 
On Friday, Feb. 8, Mozilla released an updated version of its Firefox Web browser that aimed to fix 10 vulnerabilities. Now, at least one security researcher says flaws still remain.
Malware Getting Worse: 11 Trends To Watch
Commentary  |  2/11/2008  | 
Half a million malwares (and then some) and counting -- that's McAfee Avert Labs' prediction for this year. That's a more than 50 percent jump over '07, and the scarier thing is that the prediction may be conservative.
Storm Worm Makers Reaping Millions A Day In Profit
Commentary  |  2/10/2008  | 
That's the scoop from a U.K. PC publication quoting an IBM Internet Security Systems' security expert during a debate at NetEvents Forum in Barcelona.
Backup That's Off The Hook
Commentary  |  2/8/2008  | 
"Unfortunately, it's a huge file and it's taking a long time," says a Verizon spokesman in this report about a database gone astray. Unfortunately, the file problem left 750,000 landline customers here in Southern California without any voice mail service for two days.
PCI Web Application Security Deadline Looms
Commentary  |  2/8/2008  | 
If you're a Web merchant, you're (or had better be) familiar with the Payment Card Industry Data Security Standard, or PCI DSS. What you may not know is that this June some new rules apply.
Enough With The Patches Already!
Commentary  |  2/7/2008  | 
I'm growing increasingly grateful for those quiet days when I can actually use my computer systems, for work or fun, rather than have to patch them. Is it really too much to ask?
Socially Challenged
Commentary  |  2/7/2008  | 
You'd think I might have taken the hint the year someone gave me Miss Manners' Guide to Excruciatingly Correct Behavior for Christmas. But in the real world or online, I can't seem to get that whole social graces things right. Which is why I'm such a zero with social networks.
Online Shoppers Increasingly Fed Up With Data Breaches
Commentary  |  2/7/2008  | 
For anyone who needs even more evidence that security is critical to keeping online shoppers happy: read on.
Spam Across The Waters: Europe Grabs Junkmail Lead
Commentary  |  2/7/2008  | 
This month's Symantec Spam Report brings some interesting -- and surprising -- information about the nature of the spam that clogs our queues and pipelines. Spam filesize is shrinking and more of it's coming from Europe than anywhere else.
Total Cost Of Lead Generation
Commentary  |  2/6/2008  | 
I know at least four vendors who'd be more than willing to help you calculate it, but does anyone really know the total cost of ownership (TCO) of their storage? Too often, these calculations have about the same gravitas as when someone starts describing what they're worth "on paper."
Free Encryption For All
Commentary  |  2/6/2008  | 
Sure, you can keep your files secure with BitLocker, available for certain versions of Vista. And Mac users have FileVault, which is free with Mac OS X. Personally, I like TrueCrypt. Here's why.
Page 1 / 2   >   >>


1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.