Commentary
Content posted in September 2008
Page 1 / 2   >   >>
End Users Lax With Company Data
Commentary  |  9/30/2008  | 
A new security study shows end users from around the world treat data and corporate systems with little respect for the potential consequences. When it comes to corporate data, which is actually often customer data, there's little regard for security.
New DoS Attack Is a Killer
Commentary  |  9/30/2008  | 
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Can You Prove Compliance In The Cloud?
Commentary  |  9/30/2008  | 
Whether you're in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren't able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.
Scareware Purveyors To Get Legal Thrashing
Commentary  |  9/29/2008  | 
We've previously warned about the rising number of scareware threats attempting to scam Internet users. Now Microsoft and the state of Washington are gnashing their legal teeth. Will it work?
Free Cloudmail Continuity Offer From LiveOffice
Commentary  |  9/29/2008  | 
Snailmail may be immune to rain, sleet snow, etc. but heavy weather can wreak heavy damage -- and outright interruption and downtime -- on your e-mail traffic. A new free service from LiveOffice argues that the solution to storm clouds' potential for disruption lies in the digital Cloud.
The Death Of The Dual Controller Architecture?
Commentary  |  9/29/2008  | 
Clustered storage is everywhere; are we seeing the end of the dual controller architecture?
Mozilla Fixes Password Management Gaffe
Commentary  |  9/28/2008  | 
Just after Mozilla released Firefox version 3.0.02, which fixed a bevy of security problems, the foundation had to issue a notice to users about a flaw that could keep users from accessing and even creating passwords under some conditions.
Archive Needs To Succeed For SSD To Dominate
Commentary  |  9/27/2008  | 
In my last entry I wrote that speed is solid state disk's "killer app," but for SSD to really become the primary storage mechanism in tier one, the archive tier needs to be fully established.
Astaro Debuts E-mail Spam Fighter For SMBs
Commentary  |  9/26/2008  | 
Everybody hates spam. It clogs inboxes and online traffic, cuts productivity, and holds out false hope of riches, romance, and hair. Astaro's new Mail Gateway is designed to help your company deal with spam and other e-mail issues without spending a lot of money.
Senate Committee Approves Updated FISMA Bill
Commentary  |  9/25/2008  | 
The Senate Homeland Security and Government Affairs Committee just approved S.3474, which will update the Federal Information Security Management Act (FISMA), in the hope of lifting federal security efforts beyond what many have deemed a paperwork shuffle that does little to boost security.
One In Ten Computer Users Don't Have A Clue About Security
Commentary  |  9/25/2008  | 
They've got computers, they've got apps and they've almost undoubtedly got confidential data, but a new study from privacy company Steganos found that nearly 10 percent of computer users didn't know if they had anti-virusware installed. And it gets worse...
India's Government Claims BlackBerry Crypto Crack
Commentary  |  9/24/2008  | 
After months of wrangling with Research In Motion to hand over its crypto keys, the country now claims to have attained the ability to snoop on some RIM users in that country.
Speed Is The SSD 'Killer App'
Commentary  |  9/24/2008  | 
In a recent blog entry I provided a time line on when I thought SSD would become the dominant storage type for what is currently the active storage tier. One of the key enablers of this will be the increasing need for speed and mechanical hard drives' lack of ability to deliver it in a cost- effective manner.
North American Companies Embracing Security Outsourcing
Commentary  |  9/23/2008  | 
The U.S. managed security services market is booming, and set to double in size in the next few years? MSSPs have been around, in one iteration or another, for as long as I can remember. Why is the market set to rock now?
Risky Employee Web Use: Cloud Storms Gathering
Commentary  |  9/23/2008  | 
How are you going to keep them on task when they can go to the Web? is not only a productivity question, it's a growing security concern. A new study indicates the concern is growing fast.
Information Cards Are Awesome; But Are Identifying Parties Really Ready To Do This Right?
Commentary  |  9/23/2008  | 
Perhaps the greatest thing about information cards is that they might finally free us from the purpose-defeating and idiotic practice of using Social Security numbers as a nigh-universal identifier. But it won't work unless the Identifying Parties find a way to balance security with portability, and can smartly manage distribution, expiration, and destruction.
McAfee Secures Place In UTM Market With $465 Million Acquisition
Commentary  |  9/22/2008  | 
There's still big demand for unified threat management (UTM) devices, especially in the SMB part of the market, and with its $465 million acquisition McAfee is making a big move that will shore its network security products.
McAfee Acquires Secure Computing
Commentary  |  9/22/2008  | 
McAfee is buying Secure Computing for $465 million, rounding out its network security business and strengthening its security risk management offerings among companies of all sizes.
Cloud Storage 2.0
Commentary  |  9/22/2008  | 
Cloud storage 1.0 as it exists today has one primary service; it stores data. Not very exciting. Cloud storage 2.0 will have to provide the ability to do more with that data than just store it.
Untangle Offers Free Open Source Security
Commentary  |  9/22/2008  | 
Untangle's new open source security gateway aims to free small and midsized businesses from dedicated security machines -- and to do so for free.
Australian Spy Warns Of Rising Corporate Espionage
Commentary  |  9/19/2008  | 
The deputy-director general of the Australian Security Intelligence Organization, who cannot be named under Australian law, warned attendees of Australia's Security in Government Conference 2008 earlier this week that commercial and national espionage are becoming more intertwined.
NIC QOS?
Commentary  |  9/19/2008  | 
Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. Up until we started virtualizing servers, you generally only needed this at the network switch level. Now with the multitenant nature of virtualization hosts, we need QoS at the network interface.
Palin E-Mail Hack Was "Easy"; FBI Investigating
Commentary  |  9/18/2008  | 
Person who purportedly hacked VP hopeful Sarah Palin's Yahoo E-mail account posted what he or she claimed to be a first-person account of the attack. Meanwhile, the FBI is on the case of the pwned candidate's account.
From VMworld To Houston...
Commentary  |  9/18/2008  | 
Sorry for the delay in getting this entry posted. I arrived in Houston last night to a city that is about 60% blacked out, including my office. Thanks to the kindness (a common theme in Houston) of a local storage integrator, Unique Digital, I am able to be back in business and send you today's entry, "From VMworld to StorageWorld."
Even Hockey Moms Not Safe: Palin Hack Shows Cloudmail Security Concerns
Commentary  |  9/18/2008  | 
The hacking of vice presidential candidate Sarah Palin's Yahoo Mail account is a reminder of the vulnerability of Web-based mail -- and that's a cause for concern, or at least heightened vigilance, whatever side of the political spectrum you mail from.
VP Hopeful Sarah Palin's Yahoo E-Mail Account Hacked
Commentary  |  9/17/2008  | 
A team of hackers dubbed "Anonymous" claims to have breached vice presidential hopeful Gov. Sarah Palin's Yahoo e-mail account, based on a number of announcements and screenshots posted to the Web and Wikileaks.org
GAO States Obvious: U.S. Cybersecurity Is Stinko
Commentary  |  9/16/2008  | 
The Government Accountability Office finds government's cybersecurity efforts lacking.
Hiding Breach News Makes A Bad Situation Worse
Commentary  |  9/16/2008  | 
Retailer Forever 21, tagged by credit card data thieves, is dealing with letting the public know about the breach -- sort of.
SEC Fines Wall Street Firm LPL
Commentary  |  9/15/2008  | 
The Securities and Exchange Commission took -- relatively -- harsh action against financial services firm LPL Financial for failing to protect its customer data. While the fine levied against LPL certainly isn't the most important news to break on Wall Street this week, it is the first step in what I hope is a long-term harsher stance taken by the SEC.
Survived Ike? Time Will Tell...
Commentary  |  9/15/2008  | 
Ike tore through Houston, home one of our office and our lab. Once again, businesses have to learn that surviving the initial hit is only the beginning. The "P" part of a Disaster Recovery Plan is very critical to the long-term survival of the business.
IBM SMB Servers Get Hardware-Based Encryption
Commentary  |  9/15/2008  | 
With a new $1,099(and up) hardware-based data encryption device, IBM is talking directly to small and midsize businesses that operate their own servers (their own meaning IBM's.)
UAE Bank Breach Spreads
Commentary  |  9/13/2008  | 
International investigators still aren't sure, or they're not saying, how criminals managed to generate counterfeit bank and credit cards of legitimate users and conduct fraudulent charges from about 20 countries.
FCoE Or iSCSI, Does It Really Matter?
Commentary  |  9/12/2008  | 
There is a lot of debate about Fibre Channel over Ethernet and converged network adapters. A CNA is a 10-GbE network interface card that supports multiple data networking protocols, basically TCP/IP traffic and storage networking. These adapters are going to support Fibre Channel over Ethernet (FCoE). The plan is to reduce networking cost of ownership by converging the data and storage networks onto a single adapter, which results in lower adapter, cabling, switch, power, and cooling costs.
Password Crackers For Hire
Commentary  |  9/12/2008  | 
Earlier this week we wrote about how attackers are selling bogus security software suites to not only rip unsuspecting Web surfers off, but also infect their systems with malware. Now, an IBM researcher says many of those Webmail online password "recovery" services may actually be hackers for hire.
Amazon Pitches The Security Of Its Cloud
Commentary  |  9/11/2008  | 
Amazon Web Services, in an effort to foster faith in the security of its infrastructure, on Thursday published a white paper about its security processes.
New Norton, Trend Micro Security Products Released
Commentary  |  9/11/2008  | 
'Tis the season for security suite updates, with new ones just out from Symantec (Norton) and Trend Micro.
Video: KFC Hires Armed Guard To Transport Chicken Recipe
Commentary  |  9/11/2008  | 
This is a cute publicity stunt: The president of KFC decided that the famous original recipe lockdown wasn't secure enough, so they hired a Brinks guard to transport the document to a new, more secure location.
XP Security 'Scareware' Scams Skyrocketing
Commentary  |  9/10/2008  | 
More users than ever before seem to be falling for scams being levied by fraudsters looking to make a quick -- and lucrative -- buck from bogus security applications. It's sad to see people get scammed from their money when they're seeking some level of protection from Internet threats -- but instead they end up paying to install software that does nothing, at best, or is in fact itself malware. At least one security firm says criminals are raking in hundreds of thousands a month doing so.
SSD Domination, Sooner Than You Think
Commentary  |  9/10/2008  | 
Based on the recent news that Intel has announced an 80-GB Solid State Disk for less than $600, the end for the mechanical drive may get here within the next five years.
Microsoft: Four Patches, Eight Vulnerabilities, One Biggie
Commentary  |  9/10/2008  | 
Earlier this week we predicted that Microsoft would release a massive update, and the software giant certainly did. While it's not big in megabytes, it touches nearly every Windows user on the Internet. Make sure you're aware of the risks, and get yourself patched.
Top Tips For Preventing Identity Theft
Commentary  |  9/9/2008  | 
Your customers' and clients' private information should be as important to you as their business -- and should be protected just as carefully, according to a new book on identity theft prevention techniques. Take a look at the top tips below.
Google Chrome Polishes Its First Security Update
Commentary  |  9/8/2008  | 
Last week, Google released its shiny new Chrome browser. However, before the week finished, Google also had to issue a patch for one of security's most common -- and most well-known to developers -- application security issues: a buffer overflow vulnerability that would make it possible for an attacker to completely take over your system.
UPDATE: Some Google Chrome Problems Patched, Blended Threat Vulnerability Remains
Commentary  |  9/8/2008  | 
Update Google Chrome now! (We tell you how below.) A buffer overflow vulnerability in the new browser has been identified and patched but, contrary to early reports, the blended WebKit/Java vulnerability has NOT been patched yet.
Security Finally a CEO Level Concern
Commentary  |  9/8/2008  | 
Facing an ongoing threat from hackers and needing to comply with more government regulations have forced many businesses to recognize security as an important corporate initiative. Consequently, companies are increasing their spending on security products as well making it a top management concern.
Cloud Storage's Weakness
Commentary  |  9/8/2008  | 
Cloud storage has one glaring weakness compared with traditional storage offerings; it does not get cheaper over time. Today, some services each year will increase your capacity at "no extra charge," but you are still paying the same amount of money for data written last year and data written this year.
Patch Tuesday: Potentially Massive Windows XP, Vista Update Ahead
Commentary  |  9/7/2008  | 
On Tuesday, Microsoft will release four security fixes as part of its monthly patch update cycle. There are four patches slated for release and all are rated as critical. Yet, one of the bulletins strikes me as unusually vague. Is this cause for alarm?
In The Cloud, Architectures Matter
Commentary  |  9/5/2008  | 
There is a common statement that I hear when talking with members of the cloud community, that the user should not be concerned with what is the architecture of the cloud. I disagree -- details matter.
Google Picasa Picture-Perfect For Spammers
Commentary  |  9/5/2008  | 
Google's picture-sharing service, Picasa, has found favor not only with image-happy users, but also as a filter-evading route for spammers to stuff your mailbox with junk, according to a new Message Labs report.
Google Chrome Quick Security Precaution (Not A Fix)
Commentary  |  9/4/2008  | 
A couple of quick clicks can help you lessen (but not eliminate) the security risks in the brand-new Google Chrome browser.
Google Chrome Security Risks Already Announced
Commentary  |  9/3/2008  | 
Barely a day after Google's new browser was released, Chrome is showing some scratches: researchers have pointed out known security vulnerabilities that can put users at risk of malicious exploits.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.