Commentary

Content posted in September 2007
Would You Hire This Hacker?
Commentary  |  9/28/2007  | 
Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?
No Excuse: Security Lessons From T.J. MAXX Data Breach
Commentary  |  9/28/2007  | 
Maybe the company should change its name to T.J. LAX -- lax security practices let the hacked retailer's data breach go from bad to worse to bad beyond belief while nobody did anything to remedy the situation.
Disaster Recovery: Plan for Recovery, Not for Disaster
Commentary  |  9/27/2007  | 
So many elements to business IT operations -- so many elements that can get sliced, diced, slammed, flooded, flamed, hacked, attacked, smashed and just plain hammered that your disaster recovery plan has to be universal to be effective.
Is Your Domain Name Safe From Porn Pirates?
Commentary  |  9/27/2007  | 
Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.
Getting to the Real Endpoint of Endpoint Security
Commentary  |  9/26/2007  | 
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.
Good News: Attacks Are Down; Bad News: Attacks Are Worse
Commentary  |  9/24/2007  | 
Fewer but fiercer attacks -- that's the word from a new study of business IT security trends over the past year. Today's breaches are reportedly twice as severe as those of just a couple of years ago.
Secure Computer Recycling II
Commentary  |  9/21/2007  | 
The first step (admittedly paranoid but also, I think, practical) in recycling computers is to physically remove any storage devices. The second is to smash those devices to smithereens. The third step is to find the right place to drop off the now storage-less (and business data-less) remains of the computer.
What ISPs Are Scared Of
Commentary  |  9/20/2007  | 
A new study of Internet service providers (ISP) and their top security concerns lets us know what they're most scared of: armies of zombie computers mounting huge distributed denial of service (DDoS) attacks.
Cybercrooks Outpacing Cybercops: McAfee
Commentary  |  9/19/2007  | 
It's that time of year when the major security vendors release updates, upgrades... and public statements. McAfee's CEO this week pointed out that cybercrime is now bigger than the illegal drug trade -- and continues to grow.
Government Prodding Biometrics into the Mainstream?
Commentary  |  9/18/2007  | 
Biometrics has been a market segment that seems to under perform consistently. To date, use of the technology has limited to select applications, such as securing laptops, but Uncle Sam may soon help to change that.
Cybercrime Gets More Organized
Commentary  |  9/17/2007  | 
The increasingly organized -- and commoditized -- nature of cybercrime should make all of us more alert than ever to the risks our information, and our customers' information, face on our networks.
Don't Do As TD Ameritrade Does -- And Don't Do As They Say, Either
Commentary  |  9/14/2007  | 
The security breach that let spammers get hold of as many as 6.3 million TD Ameritrade customer names, phone numbers and e-mail addresses is being spun as a "Well, they didn't get Social Security numbers, account numbers, PINs or other confidential info; still we apologize for any inconvenience or annoyance," sort of problem. Mistake. Big mistake.
QuickTime Patch Procrastination Poses Firefox Problems
Commentary  |  9/13/2007  | 
Said it before, say it again: Bad enough to have flawed and vulnerable software out there, but probably unavoidable as code gets more and more complex. Completely unavoidable and equally inexcusable is letting a known vulnerability languish for any amount of time, much less a full year. Yet that's exactly what Apple's done with a QuickTime media player security hole that's been known of for at least that long.
Company Computers Not Safe At Home
Commentary  |  9/12/2007  | 
A warning from Computer Associates that home computers are increasingly vulnerable and threatened -- surprise! -- set me to wondering how many of those computers aren't really home computers at all, but business computers used at home... and, more critically, used at home by people other than the authorized employee.
Do Not Ask Your Customers for Their Social Security Numbers
Commentary  |  9/11/2007  | 
Do you want to make potential and existing customers feel secure? If so, one item that you need to avoid is asking them for their social security numbers. A poll by Consumer Reports National Research found that close to nine of every ten Americans want state and federal lawmakers to pass laws restricting the use of Social Security numbers. So if you want consumers coming back and ordering products
Skype Worm Bubbles Up
Commentary  |  9/11/2007  | 
The latest worm wriggling from Skype (for Windows) user to Skype user by way of the network's chat function gives a good opportunity to remind employees not to click on unexpected messages or images on free VoIPware any more than they should anywhere else.
Botnet Storm Surge: Insecurity In Numbers
Commentary  |  9/10/2007  | 
Whatever the summer heavy weather season has been like in your neck of the woods, the cyber-season saw the explosive growth of a monster security storm. After building strength all year, the Storm botnet worm has created a zombie grid so large that it could be a threat to... pretty much whatever the hackers who created it want it to be a threat to.
Bandwidth Is A Business Security Matter, Too
Commentary  |  9/7/2007  | 
The more we can get, the more want to get -- nowhere truer than on the Internet, and getting truer by the day as rich video, audio, effects and extras become an expected part of the traffic. Not just entertainment traffic -- more and more small to midsized businesses are taking advantage of rich media and Web 2.0-ish techniques to send sophisticated sales, marketing and communications signals. But is their richness a business risk? It may be if your customers are Comcast customers.
Time to Guard Your Instant Messaging Traffic
Commentary  |  9/6/2007  | 
One downside with popular IT technologies is they attract unsavory elements. Akonix Systems Inc. , a vendor specializing in instant messaging security products, reported that the number of instant messaging specific viruses doubled from July to August. The change could mean a shift in hacker priorities, so therefore small and medium enterprises need to take a closer look at protecting their IM traffic.
Counting The Cost Of Business Data Theft
Commentary  |  9/6/2007  | 
Just how much does it cost to deal with a data theft or resolve a security breach? Insurance company Darwin Professional Underwriters has a free on-line calculator to help you find out.
Recycle Your Computers -- Not Your Business Info
Commentary  |  9/4/2007  | 
The news that Sony's opening a number of electronics recycling centers across the country is good news for businesses that have stacks and scads of old, outdated, underpowered and otherwise unused computers and other electronic devices cluttering their closets and storage spaces. (It's even better news for landfills, which do not need the toxic materials the devices contain.) Just be sure that what you're putting into the system is the equipment, not your business data.


Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto, Associate Editor, Dark Reading,  12/4/2017
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuth,  12/4/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.