Commentary
Content posted in August 2007
Mobile Computing Makes For Risky Business
Commentary  |  8/30/2007  | 
Here's one we all already know -- mobile computer users take more security risks than office-bound computer users. A new survey shows just how risky their behavior is.
Small Business Lessons From Big Monster's Big Security SNAFU
Commentary  |  8/29/2007  | 
How you handle news of a security breach can be as important to your business as how you handle the breach itself. And how you handle perception of your handling ranks just as high.
Most Small Businesses Are Security Over-Confident
Commentary  |  8/28/2007  | 
That's what a new study says, anyway -- 80 percent of small to midsize businesses don't block (or, by implication, monitor) employee use of computers for file-sharing or use of USB devices, three-quarters allow unfettered Instant Messenging, nearly half don't even have spyware controls installed, and a staggering percentage don't regularly update what security software they do have. Yet most feel confident that their companies are protected.
Talking Trash
Commentary  |  8/27/2007  | 
Shred up those papers and that trash! Or crooks can grab your business cash! And identities, trade secrets and anything else that's not micro-shredded or broken down into its component atoms.
Advice On Building A Better Password
Commentary  |  8/24/2007  | 
We're always hearing that we need stronger passwords, but many people don't know how to craft a better, stronger password or they simply don't take the time to come up with some crazy complex string that they have no chance of remembering. I was just talking with someone who gave me some great advice.
Weathering The Weather
Commentary  |  8/24/2007  | 
Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?
A Monster Of A Security Problem
Commentary  |  8/23/2007  | 
Ever hire anybody via Monster.com? Ever look for a job there yourself? You may have an identity problem.
Facebook 'em, Danno!
Commentary  |  8/21/2007  | 
Did you hear the one about how Facebook is costing the Australian economy $5 billion a year? And that's just lost productivity -- not the security risks Facebook exposes companies to.
Ready to Lock Up Your Employees iPods?
Commentary  |  8/21/2007  | 
If you thought that you had your companys security concerns under control, you may have to think again. The widespread success of Apple's iPod is creating new security concerns for enterprises. Because it is equipped with 1G byte (or more) of memory and includes software to synch with a local PC, the handy little device has become a new entry way for hackers. Chances are that it has become just that at your company; securi
Pods Pose Possible Problems
Commentary  |  8/20/2007  | 
Got employees? Then you've got iPods -- and you may have some security problems you haven't considered.
Take That Thumb Drive Out Of Your...
Commentary  |  8/16/2007  | 
employees' hands. Not really, of course, the big-storage/small-bucks devices are just too convenient, too portable, too easy to use. All of which makes them too dangerous to use indiscriminately.
Beware IE and Excel Users!
Commentary  |  8/16/2007  | 
With the exception of email, there are two applications most of us can't live without: an internet browser and a spreadsheet. With Microsoft's latest release of security patches, one must ask will they ever get it right? How does a small business manage their IT environment without constant fear?
MAXXED-Out
Commentary  |  8/15/2007  | 
There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.
Steal This Notebook
Commentary  |  8/14/2007  | 
I was sitting in a Chinese buffet restaurant the other day, dividing my attention between the potsickers on my plate and the activities of the businessman at a table across the room. We were the only two customers, although he was far from alone. Bluetooth-budded and Wi-Fi connected, he was carrying on conversations and speedtyping dat
Heads Up!
Commentary  |  8/13/2007  | 
Turns out that one of the biggest computer vulnerabilities is all in your head. And your employees'.
And The Winnah Is!
Commentary  |  8/10/2007  | 
Actually, the results of Wednesday's night's ClamAV Anti-Virus Fight club should read: And The Winnahs Are...
Security Slugfest TONITE!!!
Commentary  |  8/8/2007  | 
The open source folks at Clam AntiVirus are taking all commercial comers in an anti-virus test-off at Linuxworld tonight.
SMB -- Security Means Bucks
Commentary  |  8/7/2007  | 
How much is your business spending on information/computer/communications security? Odds are it's more than last year, maybe lots more, and not just because of inflation.
PDFs: Not Mighty
Commentary  |  8/6/2007  | 
I hate PDFs. Always have. Probably always will. Actually, I don't hate all PDFs. Printed-out PDFs are fine. Printing is what PDFs are for. But on the Web, PDFs are almost always a poor choice of format. I thought I was pretty much alone in my "PDFobia", but apparently I've got company. Chris Nerney at Datamation has his own reasons for despising them.
IBM Lost His Data... A Follow Up Story
Commentary  |  8/6/2007  | 
George is an ID theft victim whose personal data was potentially exposed after an incident involving IBM. While IBM has graciously extended its hand to help fix the problem, George hasn't been completely happy with how things are turning out. His story may have lessons for the rest of us.
CSO Heartland
Commentary  |  8/6/2007  | 
Good news for security pros: salaries are up -- and they're up in the real world, not just Silicons Valley, Northeast, Northwest.
Bridge To Security
Commentary  |  8/3/2007  | 
How many bridges, overpasses, tunnels do you and your employees drive over, under, through every day? That's been on my mind the last couple of days as the Minneapolis bridge collapse and its physical infrastructure implications for other bridges, overpasses, buildings and everything dominated the news.
What Richard Clarke Was Really Saying At Black Hat
Commentary  |  8/1/2007  | 
Don't let politics get in the way of progress. That was one of the key messages former U.S. counterterrorism advisor Richard Clarke delivered during his Black Hat keynote. Of course, Clarke has a colorful way of putting things.
One Degree Of Vulnerability Separation
Commentary  |  8/1/2007  | 
No aspect of your business data is more than one degree removed from theft, cybercrime or compromise, and maybe it can't ever be.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.