Commentary

Content posted in August 2007
Mobile Computing Makes For Risky Business
Commentary  |  8/30/2007  | 
Here's one we all already know -- mobile computer users take more security risks than office-bound computer users. A new survey shows just how risky their behavior is.
Small Business Lessons From Big Monster's Big Security SNAFU
Commentary  |  8/29/2007  | 
How you handle news of a security breach can be as important to your business as how you handle the breach itself. And how you handle perception of your handling ranks just as high.
Most Small Businesses Are Security Over-Confident
Commentary  |  8/28/2007  | 
That's what a new study says, anyway -- 80 percent of small to midsize businesses don't block (or, by implication, monitor) employee use of computers for file-sharing or use of USB devices, three-quarters allow unfettered Instant Messenging, nearly half don't even have spyware controls installed, and a staggering percentage don't regularly update what security software they do have. Yet most feel confident that their companies are protected.
Talking Trash
Commentary  |  8/27/2007  | 
Shred up those papers and that trash! Or crooks can grab your business cash! And identities, trade secrets and anything else that's not micro-shredded or broken down into its component atoms.
Advice On Building A Better Password
Commentary  |  8/24/2007  | 
We're always hearing that we need stronger passwords, but many people don't know how to craft a better, stronger password or they simply don't take the time to come up with some crazy complex string that they have no chance of remembering. I was just talking with someone who gave me some great advice.
Weathering The Weather
Commentary  |  8/24/2007  | 
Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?
A Monster Of A Security Problem
Commentary  |  8/23/2007  | 
Ever hire anybody via Monster.com? Ever look for a job there yourself? You may have an identity problem.
Facebook 'em, Danno!
Commentary  |  8/21/2007  | 
Did you hear the one about how Facebook is costing the Australian economy $5 billion a year? And that's just lost productivity -- not the security risks Facebook exposes companies to.
Ready to Lock Up Your Employees iPods?
Commentary  |  8/21/2007  | 
If you thought that you had your companys security concerns under control, you may have to think again. The widespread success of Apple's iPod is creating new security concerns for enterprises. Because it is equipped with 1G byte (or more) of memory and includes software to synch with a local PC, the handy little device has become a new entry way for hackers. Chances are that it has become just that at your company; securi
Pods Pose Possible Problems
Commentary  |  8/20/2007  | 
Got employees? Then you've got iPods -- and you may have some security problems you haven't considered.
Take That Thumb Drive Out Of Your...
Commentary  |  8/16/2007  | 
employees' hands. Not really, of course, the big-storage/small-bucks devices are just too convenient, too portable, too easy to use. All of which makes them too dangerous to use indiscriminately.
Beware IE and Excel Users!
Commentary  |  8/16/2007  | 
With the exception of email, there are two applications most of us can't live without: an internet browser and a spreadsheet. With Microsoft's latest release of security patches, one must ask will they ever get it right? How does a small business manage their IT environment without constant fear?
MAXXED-Out
Commentary  |  8/15/2007  | 
There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.
Steal This Notebook
Commentary  |  8/14/2007  | 
I was sitting in a Chinese buffet restaurant the other day, dividing my attention between the potsickers on my plate and the activities of the businessman at a table across the room. We were the only two customers, although he was far from alone. Bluetooth-budded and Wi-Fi connected, he was carrying on conversations and speedtyping dat
Heads Up!
Commentary  |  8/13/2007  | 
Turns out that one of the biggest computer vulnerabilities is all in your head. And your employees'.
And The Winnah Is!
Commentary  |  8/10/2007  | 
Actually, the results of Wednesday's night's ClamAV Anti-Virus Fight club should read: And The Winnahs Are...
Security Slugfest TONITE!!!
Commentary  |  8/8/2007  | 
The open source folks at Clam AntiVirus are taking all commercial comers in an anti-virus test-off at Linuxworld tonight.
SMB -- Security Means Bucks
Commentary  |  8/7/2007  | 
How much is your business spending on information/computer/communications security? Odds are it's more than last year, maybe lots more, and not just because of inflation.
PDFs: Not Mighty
Commentary  |  8/6/2007  | 
I hate PDFs. Always have. Probably always will. Actually, I don't hate all PDFs. Printed-out PDFs are fine. Printing is what PDFs are for. But on the Web, PDFs are almost always a poor choice of format. I thought I was pretty much alone in my "PDFobia", but apparently I've got company. Chris Nerney at Datamation has his own reasons for despising them.
IBM Lost His Data... A Follow Up Story
Commentary  |  8/6/2007  | 
George is an ID theft victim whose personal data was potentially exposed after an incident involving IBM. While IBM has graciously extended its hand to help fix the problem, George hasn't been completely happy with how things are turning out. His story may have lessons for the rest of us.
CSO Heartland
Commentary  |  8/6/2007  | 
Good news for security pros: salaries are up -- and they're up in the real world, not just Silicons Valley, Northeast, Northwest.
Bridge To Security
Commentary  |  8/3/2007  | 
How many bridges, overpasses, tunnels do you and your employees drive over, under, through every day? That's been on my mind the last couple of days as the Minneapolis bridge collapse and its physical infrastructure implications for other bridges, overpasses, buildings and everything dominated the news.
What Richard Clarke Was Really Saying At Black Hat
Commentary  |  8/1/2007  | 
Don't let politics get in the way of progress. That was one of the key messages former U.S. counterterrorism advisor Richard Clarke delivered during his Black Hat keynote. Of course, Clarke has a colorful way of putting things.
One Degree Of Vulnerability Separation
Commentary  |  8/1/2007  | 
No aspect of your business data is more than one degree removed from theft, cybercrime or compromise, and maybe it can't ever be.


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14505
PUBLISHED: 2018-07-22
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
CVE-2018-14500
PUBLISHED: 2018-07-22
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
CVE-2018-14501
PUBLISHED: 2018-07-22
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.