Commentary
Content posted in March 2008
Page 1 / 2   >   >>
McAfee Volunteers Go For All The Spam They Can Stand (And Then Some!)
Commentary  |  3/31/2008  | 
Y'know those e-mails and offers and come-ons you're never never supposed to open or reply to? Well, McAfee is putting fifty, count 'em, fifty volunteers from across the world on an all-the-spam-you-can-answer diet. You get it, you answer it; you see it you click it -- every one of them for a month Seriously.
Another Trojan Targets Mac OS X
Commentary  |  3/31/2008  | 
Yet another unscrupulous chunk of malicious software is being aimed at unsuspecting Mac users.
Manage Your Risk Before It Mangles Your Business
Commentary  |  3/31/2008  | 
Informationweek has a good long piece on risk management that will more than repay your attention -- if only in calling your attention to the rapidly evolving nature of risk management -- and the risks we all need, or at least seek, to manage.
Lockdown Tradeoffs
Commentary  |  3/29/2008  | 
Enterprise users and consumers alike have been scared straight about data protection, given the regular headlines about laptop theft or misplaced hard drives. But as users rush to secure the desktop, are their good intentions making the jobs (and lives) of storage pros more difficult?
CA Customers Newly Targeted
Commentary  |  3/28/2008  | 
While most software exploits target end users and end-point applications, this one is aiming squarely at corporate users.
Hundreds Of Servers Compromised In Hannaford Breach
Commentary  |  3/28/2008  | 
More details about the credit breach at the Hannaford grocery chain are becoming known, and they aren't pretty.
Hacker Contest: And The Loser Is... MacBook Air
Commentary  |  3/28/2008  | 
The hacker contest at this year's CanSecWest Conference in Vancouver has produced a winner... er, a loser. The hack--ee? Pricey, trendy and oh so desirable MacBook Air.
And I Recommend Caviar For Dinner
Commentary  |  3/27/2008  | 
Yes, every night. Because in this age of federal bailouts of brokerages, record mortgage defaults, and a stock market that doesn't know which way is up, it's time to indulge. At least that seems to be a piece of the logic behind this report, encouraging would-be videoconferencing customers to go HD.
Internet Evolution Reports On Test-Shy Peer-To-Peer Filters
Commentary  |  3/27/2008  | 
More than two dozen vendors say they can help ISPs filter unwanted P2P traffic. But only two were willing to put marketing claims on the line in an in-depth test of P2P filtering technology.
Startup Flips On Its Virtual Switch
Commentary  |  3/26/2008  | 
A growing number of security startups aim to bring visibility to the network traffic of virtual systems. Today, Montego Networks officially came out of stealth mode.
IT And The Global Village
Commentary  |  3/26/2008  | 
"The toughest job you'll ever love," according to Lillian Carter, a tagline used for recruiting by the Peace Corps in the '70s and '80s, herself a volunteer in India at age 66. A forward-thinking IT vendor has picked up on this international service model and here's why it makes great sense.
"New" Word Vulnerability: What Did Microsoft Know And When Did They Know It?
Commentary  |  3/26/2008  | 
It turns out that Microsoft engineers knew about a vulnerability that could expose Word users to attacks, and knew about it for awhile before letting the rest of us in on the problem. A long while.
Web App Threats Rising
Commentary  |  3/25/2008  | 
Great news: 1 out of 10 Web sites you visit may actually be secure.
The Disruption Factor
Commentary  |  3/25/2008  | 
Here's a hypothetical based on a lot of ifs. If you had a bunch of money to invest, if you had access to the smartest brokers around, and if the economy were on firm ground, which of these ideas would you invest in?
Tool Emerges to Automate Companies' Battle Against Identity Theft
Commentary  |  3/25/2008  | 
The problems associated with identity theft have become so great that the federal government is forcing corporations to put checks in place to prevent it. Now, help has arrived for businesses that have to comply with these new regulations.
Medical Records For 2,500 Study Participants Are Stolen
Commentary  |  3/24/2008  | 
Only after a laptop is stolen from the trunk of a car owned by a researcher at the National Heart, Lung, and Blood Institute (NHLBI) does this organization promise to do better when it comes to security. Why does it always go down this way?
Real Tossers
Commentary  |  3/24/2008  | 
How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly? If you answered yes to that last question, there might be a job at the White House for you.
More Passport Problems, More Business Security Lessons
Commentary  |  3/24/2008  | 
Or maybe just more of the same. As the Obama passport-filepeek story expanded to become the Obama/Clinton/McCain passport pry-in story, the business lessons the snafu offered only grew more important.
But Cling If You Must To The Illusion Of Privacy
Commentary  |  3/21/2008  | 
I'm trying to work up a head of steam over the presidential candidate passport snooping. But my contract with TechWeb limits my self-righteousness to certain decibel levels, which, frankly is quite smart when the subject is data privacy.
SnooperGate: Two Fired Over Illegal Obama Passport Snooping
Commentary  |  3/21/2008  | 
It's the second time in a week where workers improperly accessed electronic records of the rich, powerful, or famous.
Passport Privacy Problem Offers Business Lessons
Commentary  |  3/21/2008  | 
The current news cycle hot-button -- State Department contractors poking into Barack Obama's passport files -- will give the pundits plenty to spout and sputter about from all sides. It should give small and midsize businesses pause to consider some of their own security procedures, policies and potential vulnerabilities.
Behind Microsoft's Visor
Commentary  |  3/21/2008  | 
What if Microsoft decided to get really serious about server virtualization? Yeah, yeah, I know Hyper-V is coming this summer. But especially now that they've made such a hash of Vista, virtualization's a natural place for the company to regain a bit of
The Start Of NAC Market Consolidation?
Commentary  |  3/20/2008  | 
Lockdown Networks has closed its doors and is looking for someone to buy it's IP. Is this just the beginning of the NAC market consolidation, or an isolated event?
Hacker Contest Next Week: The Real March Madness
Commentary  |  3/20/2008  | 
It's fierce comeptition time again, and not just for basketball fans. At next week's CanSecWest conference in Vancouver, the second annual hacker contest offers big bucks to the first person to hack a supposedly secure laptop.
De-Dupe Do-Si-Do
Commentary  |  3/19/2008  | 
I'm not sure if you need a dance card or a scorecard to keep track of the pairings in the data deduplication market. One thing's abundantly clear: this storage app must have more commercial appeal than most everything else that's come down the pike lately, given the scramble for partners.
In Massive Patch, Apple Mends Roughly 90 Security Vulnerabilities
Commentary  |  3/19/2008  | 
In one swing, Apple unleashes a tally of security updates that nearly surpasses all of the patches it released last year.
New Secure Mail Release Pushes Price/Performance Leap
Commentary  |  3/19/2008  | 
Secure Computing's announcement of the latest version of its Secure Mail appliance puts the emphasis on volume, promising to process up to "7 million mails a day on a single appliance."
4.2 Million Credit Cards Leaked
Commentary  |  3/18/2008  | 
A New England-based supermarket, Hannaford Bros., said Monday that a system breach may have given criminals access to more than 4 million credit and debit cards. It's a significant event, and while the facts aren't out yet, it looks unlike most other breaches.
Information Is Power
Commentary  |  3/18/2008  | 
Government officials' seeming inability to manage information has led me to conclude they don't need a backup and archiving policy so much as they need a virtual Roto-Rooter turned on their servers and tape drives and cardboard boxes. And here are three cases in point.
Compliance Tools Filter Down to Small and Medium Sized Businesses
Commentary  |  3/18/2008  | 
As companies have automated more business processes, the government as well as industry market leaders have mandated that checks be put in place to ensure that those items are processed safely. Consequently, compliance tools have become a hot IT topic.
Not As Dumb As Eliot Spitzer
Commentary  |  3/17/2008  | 
Don't get me wrong -- I think Chris Crocker would make a crap spokesperson for HIPAA. But the medical staff of the UCLA Health System facing discipline or dismissal for snooping in Britney Spears' medical records deserve everything coming to them.
Hospital Workers Busted For Snooping On Britney Spears' Medical Records
Commentary  |  3/17/2008  | 
The Los Angeles Times reported over the weekend that medical workers violated the star's privacy when she visited the UCLA Medical Center in late January and early February of this year. They're all getting fired.
P2P Points To Plenty Of Business Problems
Commentary  |  3/17/2008  | 
Turns out the problems with peer-to-peer file-sharing goes way beyond piracy. A new investigative piece indicates that there's plenty of business and personal data afloat on P2P networks.
The Clock Is Ticking For Retailer Web Application Security
Commentary  |  3/16/2008  | 
In a few months time, what is now considered merely an advisable best practice will become mandatory for any business accepting credit card payments over the Web. Problem is, the mandate is ill conceived.
Worth Watching
Commentary  |  3/14/2008  | 
Back when I covered storage networking a lot more closely, I learned to anticipate the industry's rhythms. If any one of EMC, HP, IBM, or NetApp introduced something, one of the other three would frequently contact me on the QT to let me know why their solution was still superior.
T.J. Maxx To Hold 'We Got Hacked' Sale
Commentary  |  3/14/2008  | 
As part of class-action settlement for one of the most egregious breaches of consumer credit cards in U.S. history, T.J. Maxx plans to hold a special one-day sales event. Seriously?
Trend Micro Anti-Virus Site Hacked
Commentary  |  3/14/2008  | 
If the anti-virus makers can't keep their sites safe, how safe are the rest of us? That's one of the questions raised by a hack of Trend Micro earlier this week.
Air Force Sheds (Some) Light On A Strategic Cyberspace Vision
Commentary  |  3/13/2008  | 
But after reading the Air Force Cyber Command Strategic Vision, I'm still not clear on what the strategy actually is ... or if it's just PR posturing.
What Sticks
Commentary  |  3/13/2008  | 
And what doesn't in the startup world doesn't appear to have much to do with technology. Like in sports, whoever can deliver on the fundamentals -- in this case, basic business fundamentals, stands a better chance of thriving in the market.
Hackers Mass-Target Gamers
Commentary  |  3/13/2008  | 
A mass attack identified by McAfee tagged more than 10,000 Web pages. The target: gamers' passwords.
Developers: Check Your %*^& Inputs
Commentary  |  3/12/2008  | 
Better watch where you click, you just may be stepping into a Web page with a Trojan horse, according to security researcher Dancho Danchev. This warning brought to you by the fact that developers continue to neglect to check their application -- and in this case, search engine -- inputs.
I Smell A Reality Show
Commentary  |  3/12/2008  | 
Geeky? Unsociable? Does this sound like you? It's how the European Union's top technology official summed up the current lot holding down jobs in IT. Her prescription for change isn't likely to win her tons of support, either.
Economic Spin
Commentary  |  3/11/2008  | 
While we contemplate the wisdom of locking Eliot Spitzer and Geraldine Ferraro in a room together for all eternity, let's take a deep breath and give thanks for some positive economic news (Go, Dow, go) and wonder what in the world they're smoking over at the freshly renamed NetApp.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.