Commentary
Content posted in July 2006
Network Security Courtesy Of A Fist Full Of Chips
Commentary  |  7/25/2006  | 
Why pay tens of thousands of dollars on a firewall or other network security device when you can get comparable protection from one at a fraction of the cost? That's the promise behind security system-on-chip technology that embeds virtual private network, firewall, and other capabilities into network appliances at the silicon level, eliminating the need for the software and integrated circu
Dude! Wanna Be In The National Student Database?
Commentary  |  7/18/2006  | 
It's been a while since I've been in college or hung around with anyone who is, but I distinctly recall that no matter who was paying the freight, a student's grades were delivered only to the student. Even paying parents had no right to see the results. In the weird halfway house of adulthood that makes up the college experience, students are considered adults in some areas, children in others. Grades fell into the adult side of the class. And my guess is this goes for student health and other
Same Old Security Song And Dance? Yes And No
Commentary  |  7/10/2006  | 
The results of InformationWeek's annual Global Security Survey got me to thinking that the more things change, the more they stay the same.
The 5 Biggest Surprises From The 2006 InformationWeek Global Security Survey
Commentary  |  7/10/2006  | 
A tip of the hat to all the InformationWeek readers who participated in this year's Global Security Survey. In this week's issue, I wrote a story analyzing the survey's results and drilling down beyond the numbers by speaking with a few of you who took the survey and other security pros who likewise had interesting things to say. Th
The March Of Malware
Commentary  |  7/6/2006  | 
A friend called me the other day. She's an independent bookkeeper who works for many small businesses, usually in their offices on their computers. She's often their first line of tech support, even though that falls way outside her job description. One of her clients' computers had been acting funny. She loaded up some anti-virus software, and sure enough it told her the machine had a Trojan. She cleaned it, restarted, and there was the Trojan again. A few attempts later, the Trojan was still


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: You are infected!  @malwareunicorn to the rescue...  
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.