Commentary

Content posted in June 2008
Page 1 / 2   >   >>
Apple Plugs Growing List Of Security Holes
Commentary  |  6/30/2008  | 
If you're an OS X user, and have yet to download today's 59-MB set of security patches, right now would be a good time to run Software Update. The vendor has patched 25 vulnerabilities, and some are fairly nasty at that.
Part One -- SMB Lessons
Commentary  |  6/30/2008  | 
As I've been following the devastating floods in the Midwest and specifically Iowa, I can't help but say something from a disaster recovery viewpoint. Clearly my heart goes out to the personal losses being suffered by thousands of people in the area, but part of my nature is always to look for ways that companies survive. I have seen a number of stories with company's stock price being affected by not being able to maintain business operations. In some cases, this makes sense, especially in agri
Security Spending: Dollars Up, Safety Down?
Commentary  |  6/30/2008  | 
IT security is spending more to deliver less or, at best, hold the line against a growing threat universe, according to major new Informationweek survey.
Catalyst Conference 2008: The State Of Federated Identity Management
Commentary  |  6/29/2008  | 
At last week's Catalyst conference in San Diego, I had a chance to sit down with identity management executives from IBM and CA to discuss the state of federated identity management. It appears while the federation of identities hasn't taken off as expected, there is still life in the technology.
Cloud Storage 101 - Part One
Commentary  |  6/27/2008  | 
It seems like the hype-o-meter on cloud computing and cloud storage has been turned up a few notches lately. How real is this emerging market and how will the players begin to settle in? At its most simplistic, cloud storage is disk at the end of a wire that resides outside of your data center. It creates a "storage as a service" model that is delivered over the Internet. Many are positioning this as storage for your older digital assets, essentially an archive.
Catalyst Conference 2008: GRC Is A Four Letter Word
Commentary  |  6/26/2008  | 
If you work anywhere near the risk management functions within your company, whether it be as an executive, manager, auditor, or IT security practitioner, you've probably heard from many vendors trying to sell you a "GRC solution." Burton Group analysts say you just may be better off covering your ears.
Catalyst Conference 2008: Virtualization Security, Myths Vs. Reality
Commentary  |  6/25/2008  | 
At Burton Group's Catalyst Conference, here in San Diego, security and virtualization analyst Alessandro Perilli explained what he sees as some of the greatest challenges to securing virtualized environments.
Central Office IT Neglects Mobile Security: CDW Survey
Commentary  |  6/25/2008  | 
Mobile security is very much a moving target -- one that too many businesses are either missing or not aiming at altogether, according to a newly released study.
3 Ways That Storage Virtualization Can Save You Money
Commentary  |  6/25/2008  | 
Storage virtualization is often billed as what I call a "Time To" product, meaning that it reduces the time it takes IT to respond to demands on the business. Virtualization shortens the amount of time that it takes to respond to a provisioning request, allowing for more rapid deployment of storage assets. IT departments also should consider storage virtualization if they need to flatten or shrink their budget.
Target's (The Retailer) Swipe At Privacy
Commentary  |  6/24/2008  | 
Why don't retailers care more about how they handle your personal information?
Watch Those Wikis: Small Public Posts Can Cause Big Business Problems
Commentary  |  6/24/2008  | 
Inside knowledge, much less insider knowledge can be a dangerous business thing. Just ask the wiki-poster who got fired for leaking early news of Tim Russert's death.
Citect Doesn't Get 'IT' When It Comes To Application Security
Commentary  |  6/23/2008  | 
Citect, the Sydney, Australia-based maker of Supervisory Control And Data Acquisition (SCADA) software, CitectSCADA, doesn't seem to understand IT security, or why applications that run things like pharmaceutical plants, water treatment facilities, and natural gas pipelines should be inherently secure.
Agent-Based Data Movers
Commentary  |  6/23/2008  | 
In last week's entry I discussed Global Name Spaces as a data mover for moving data to and from a disk-based archive. In addition to a Global Name Space there are other tools to move data to and archive. I find that the other solutions typically fall into one of two camps; Agent-based data movers or crawl-based data movers. There's also another category of monitoring tools that don't actually move the da
Failing The Basics Will Get You Hacked
Commentary  |  6/22/2008  | 
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.
Global Name Spacing
Commentary  |  6/20/2008  | 
In speaking with an IT manager the other day, he was complaining about running out of drive letters and the difficulty that moving away from using drive letters was causing his users. He was looking into Microsoft DFS and was looking for other solutions since he had a mixed environment of Unix and Windows. Global Name Space solutions like those available from Acopia or built into OnStor NAS products are ideal for solving the
Security Staff Snoops: Who's Watching Your Watchers (And What Are Your Watchers Watching?)
Commentary  |  6/20/2008  | 
Fully a third of IT staffers recently surveyed admitted to taking unauthorized, inappropriate, and often illegal looks at confidential files and e-mails. Maybe that lets them get their peeping Tom jollies off -- but it may also leave your business on very shaky and un-jolly legal ground.
Mozilla Confirms TippingPoint's Cheap Shot (Whoops. I Meant Vulnerability Announcement)
Commentary  |  6/20/2008  | 
Mozilla security chief Window Snyder says that there is, in fact, a security flaw in the foundation's just-released Firefox 3.0 Web browser. Her announcement confirms the sucker-punch swung by TippingPoint Technologies just hours after Firefox's release.
Make Your Own Worm
Commentary  |  6/18/2008  | 
Point. Click. Worm. Malware creators make it easy to convert any executable file into a self-propagating worm, the folks at PandaLabs have just reported.
New Trojan Targets Wireless Routers
Commentary  |  6/18/2008  | 
A new variation of the bad old Zlob Trojan is going after wireless routers, particularly the near-ubiquitous home wireless routers, which more than a few small and midsize businesses just happen to be running.
Solid State Disk And Green
Commentary  |  6/18/2008  | 
I saw a recent claim by Sun that Solid State Disk Drives (SSDs) consume 20% of the energy that traditional storage systems do. While I can't verify that to be the case, it makes sense. Texas Memory Systems, the veteran of the SSD space, recommends that for real power savings, companies should compare a SSD with a storage array that is configured to deliver the same level of performance that an SSD can.
There's Value In Data Leak Prevention
Commentary  |  6/17/2008  | 
Richard "IDS Is Dead" Stiennon is back to his absolutist ways. This time he is aiming (again) at the DLP space.
Blogging Your Business? Be Careful Who You Quote
Commentary  |  6/17/2008  | 
Blogs are common if not universal tools for small and midsize businesses. They communicate new products and offers, open dialogues, and keep your business name out there. But if your blog, like many, includes outside content, you need to start being careful, particularly if the source is the AP.
Antivirus Firm: Use File Recovery Tools To Defeat Ransomware Attack
Commentary  |  6/16/2008  | 
While Kaspersky Lab says it's currently not possible to decrypt files encrypted by the most recent variant of the so-called "ransomware" Gpcode virus, file recovery tools just might get your data back.
Storage Consolidation, The Foundation
Commentary  |  6/16/2008  | 
As a business grows and the demands on IT increase, there comes a point where the young data center has to consider such initiatives as server virtualization, advanced backup software, disk-to-disk backup, and deployment of its first SAN or NAS. Storage consolidation via a networked storage solution (be it SAN, NAS, or both) provides a foundation for those other early initiatives and is a logical first step.
Telecoms: Should Content Carriers Become Content Cops?
Commentary  |  6/16/2008  | 
The thing about the so-called Information Superhighway, as it used to be so-called, was that once the telecom companies deployed the wire and fiber and wireless roads, they pretty much left businesses and consumers alone in their travels along them. That may be changing.
Reducing Backup Windows, Part III
Commentary  |  6/13/2008  | 
In this third segment on reducing backup windows, the focus will be on getting rid of the data that no longer needs to be backed up. If you're like most of the customers we speak with, well over 85% of the data that you backup during your full backup hasn't changed since the last backup and 70% hasn't changed in the last few years. Yet, every week, it's methodically backed up. If you could eliminate this data, that means in a 10 TB environment you could reduce your full backup set to 1.5 TBs, or
China's Long List Of Hacking Denials
Commentary  |  6/12/2008  | 
China today denied allegations from two U.S. congressmen that the nation had cracked its way into congressional computer systems. In fact, says China's Foreign Ministry spokesman Qin Gang, China doesn't even have the skills to do so.
Flash Vs. RAM Solid State Disks
Commentary  |  6/12/2008  | 
As major vendors ready for entry into the solid-state disk (SSD) market with Flash memory systems, don't count out the traditional RAM SSD. Even though RAM SSDs are more expensive per capacity, companies like Texas Memory Systems are seeing continued growth in RAM-based SSD systems. Why? RAM SSDs have two advantages: speed and reliability.
New McAfee Product Aims To Keep Data Safe Even When Notebooks Aren't
Commentary  |  6/12/2008  | 
A day that passes without news of a stolen notebook or laptop filled with confidential data is becoming the exception, rather than the rule. McAfee's just-announced file protection program is touted as keeping files private when a business computer unexpectedly goes "public."
Lawmakers: Chinese Hackers Pwn3d US
Commentary  |  6/11/2008  | 
There are numerous news reports that multiple congressional computers have been hacked from systems apparently residing in China. The hackers' target: a list of dissidents.
Resurrecting Speed
Commentary  |  6/11/2008  | 
In a recent entry I pronounced 'speed is dead' as it relates to solving the backup window problem. As the entry indicates, the NEED to reduce the backup window continues to be a desire. The ABILITY to reduce the backup window is the challenge. Due to the network infrastructure, the ability of the servers being protected to send that data fast enough, as well as a host of other issues, are the big limiters no
Data Breaches: It's The Stupid Mistakes, Stupid!
Commentary  |  6/11/2008  | 
It's rarely comforting when hard numbers confirm bonehead truths we all know, but that's exactly what a new study does, showing that the vast majority of data breaches are not only avoidable, they're pretty easily and almost effortlessly avoidably. It's in not making that relatively minor effort that breaches breed, and the bad guys know it.
There Are Now (Finally) Business Class Disk Crypto Options For OS X
Commentary  |  6/10/2008  | 
Back in January, we listed a few things that Apple needs to do to to make the Mac OS X more "enterprise" IT security friendly. While we're waiting, a number of independent security vendors are stepping up with enterprise-class disk encryption.
New Ransom-Ware Virus Resurfaces
Commentary  |  6/9/2008  | 
Kaspersky Lab is warning that a new variant of a previous virus attack is under way, and those who fall victim will find their computer files held for ransom.
Sepaton Launches New Backup and Dedupe Products
Commentary  |  6/9/2008  | 
The VTL company says its new products can deduplicate and store petabytes of data.
PKWare's Latest SecureZIP Simplifies Encryption
Commentary  |  6/9/2008  | 
PKWare's latest evolution of its SecureZIP encryption and compression product adds digital certificates, simplifies key use, and provides easier integration with Microsoft Office, and does so at a price that should earn it a serious look from small and midsize businesses.
Metadata Consolidation
Commentary  |  6/9/2008  | 
In storage, there's always discussion about consolidation; taking all your dispersed storage assets and consolidating them to a single storage system. But there's a different kind of storage fragmentation going almost unnoticed in metadata, or data about data. Many applications create metadata -- backup systems, data movement or archive applications, data management applications, and content search applications -- but only a few consolidate them.
Password Tips From Google Worth Passing Along
Commentary  |  6/6/2008  | 
Odds are that you -- and almost definitely some of your colleagues, friends and family -- have seen a list of good strong password-creation tips more recently than you've changed your passwords. And here's another list, this one from Google.
Finding The Needle, Part Three
Commentary  |  6/6/2008  | 
In our final entry about finding emerging technology, I'll look at the third motivating factor when selecting an emerging technology company -- going with a company that is solving a problem that's not entirely unique, but they are just flat out doing it better.
Microsoft: Seven Security Fixes For June
Commentary  |  6/5/2008  | 
The software maker says seven security updates are on the way next week. One has been ranked "moderate," three as "important," and the remaining three reached "critical," its most severe rating.
OS X Lockdown
Commentary  |  6/4/2008  | 
I just finished reviewing Apple's Mac OS X Security Configuration for Version 10.5 Leopard guide. Anyone who is interested in keeping the 10.5 installation secure should take a look.
SMB Data Protection
Commentary  |  6/4/2008  | 
A friend of mine runs a small insurance company and they only have two servers, but that data is as critical to them as the hundreds of terabytes that Exxon Mobile stores is to them. While he does backups, it is to another disk drive, and he doesn't take the hard drive home with him. In fact, to be honest, the second drive is installed internally inside one of the servers. What if his office catches on fire or gets flooded?
Page 1 / 2   >   >>


Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.