Commentary

Content posted in May 2006
Stolen Data: Trouble's Just A Click Away If You Know Where To Look
Commentary  |  5/25/2006  | 
If news of the recent theft of a Veterans Affairs laptop containing records of 26.5 million vets and their spouses has you feeling insecure, here's something you'll really like: marketplaces where this stolen information can be bought and sold so that criminals can not only steal your identity, but gain access to all that your identity provides. While these marketplaces aren't new, I recently sat down with a
Big Brother On Campus: Cell Phone-GPS Combo To Track Students' Whereabouts
Commentary  |  5/18/2006  | 
Campus security at a New Jersey university is getting help from an eye in the sky. Combining global positioning satellite and cell phone technologies, campus security officials can be alerted if a student fails to arrive at a destination on time.
PC Theft's Darwin Awards
Commentary  |  5/17/2006  | 
All you fans of the Darwin Awards will like this. Just as the Darwins "salute the improvement of the human genome by honoring those who remove themselves from it in really stupid ways," a company called Absolute Software recently shared some of the more interesting cases of computer theft and recovery it has encountered over the past year.
Hacking: A Few Cautionary Tales
Commentary  |  5/10/2006  | 
This week's story about a white-hat hacker who broke into the University of Southern California's computer system to warn of its vulnerabilities is an interesting cautionary tale for all the parties involved.
Blue Security Shoots Itself, And Thousands Of Other People, In The Foot
Commentary  |  5/5/2006  | 
When an outfit called Blue Security launched a service to go after spammers with vigilante justice, any idiot could've foreseen big problems. In fact, an idiot did. It wasn't a tough prediction to make. Vigilante justice is always a bad idea because it often results in innocent people getting hurt. And that's what happened, as a spammer's counterattack against Blue Security brought down thousands of
Put Down That Comb And Take InformationWeek's 2006 Security Survey
Commentary  |  5/4/2006  | 
Feeling insecure? I'm not talking about that new comb-over hairstyle you've adopted or the big new SUV you just leased, the one that takes up two highway lanes. No, I'm talking about the security of your company's IT systems and data. It's time for you to channel any nervous ene


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.