Author

 Mitch Wagner

Profile of Mitch Wagner

California Bureau Chief, Light Reading
News & Commentary Posts: 28

Mitch Wagner is California bureau chief for Light Reading.

Articles by Mitch Wagner

New Security Threats For VoIP

1/5/2007
Panda Software looks at some scary security threats posed by VoIP. The top part of the article in IT-Observer looks at new ways that VoIP might be used for denial-of-service attacks, but the author, Fernando de la Cuadra, dismisses those threats as unlikely (too quickly, I think). The article then goes on to deal with possible threats posed by social engineering.


Post a Comment

Technology Jeopardizes The Secret Ballot

12/15/2006
Ed Felten at Freedom to Tinker has several brief, but meaty, posts this week on the erosion of a pillar of Western democracy: The secret ballot. The secret ballot offers two forms of protection: Because nobody can look over your shoulder to see how you voted, it's hard to coerce your vote. And, because you can't prove to anybody how you voted, you can't sell your vote. But technology and social trends are making the secret ballot harder to preserv

Post a Comment

Protecting Against Insider Threats

12/11/2006
When you visualize what a computer criminal looks like, you probably think of a teen-ager living in his mother's basement, or a shady-looking character in a lawless country far away. But if you want to know what the most dangerous computer criminals look like, take a look at the guy sitting in the next cube.


Post a Comment

Technology Makes Fraud Trivially Easy

11/14/2006
Identity theft expert Frank Abagnale describes how technology has made fraud trivially easy:

Abagnale was subject of the 2002 Steven Spielberg movie Catch Me If You Can, starring Leonardo DiCaprio, which depicted his exploits as a teenager in the 60s, posing as an airline pilot to live the glamorous life of a jet-setter around the world, until he was caught.


Post a Comment

Blue Security Shoots Itself, And Thousands Of Other People, In The Foot

5/5/2006
When an outfit called Blue Security launched a service to go after spammers with vigilante justice, any idiot could've foreseen big problems. In fact, an idiot did. It wasn't a tough prediction to make. Vigilante justice is always a bad idea because it often results in innocent people getting hurt. And that's what happened, as a spammer's counterattack against Blue Security brought down thousands of

Post a Comment

Security Research Isn't Pretty, But It's Necessary

4/17/2006
Security research is a dirty job, but somebody has to do it. Security researchers run an assembly line of self-aggrandizing publicity, churning out press releases and announcements patting themselves on the back for discovering security vulnerabilities in software by Microsoft, Oracle, and other major vendors. The researchers operate under a constant cloud of suspicion: Are they simply creating a climate of useless fear, stifling innovation, E-commerce, and technology implementation? Are they

Post a Comment

Let's Make 2006 The Year We Wipe Out Spam

12/30/2005
We don't care about spam anymore, and that's wrong. Spam is a crime highway that runs straight through your computer, carrying a cargo of worms, fraud, viruses and other attacks. Security vendor Sophos reported that attacks jumped 48% in the first 11 months of 2005. The most dangerous threats were spam-distributed. Spam has direct financial costs, as network managers are required to spend money on software and

Post a Comment

EFF Releases List Of Spyware-Infected Sony CDs

11/9/2005
The Electronic Frontier Foundation has released a partial list of what it claims are the CDs that sony has infected with its copy-protection software. The titles include CDs by Celine Dion, Neil Diamond, Dion, and Ricky Martin. The EFF article also has tips on how you can tell if a CD you bought from Sony contains the copy protection.

Post a Comment

How Not To Stop Online Bank Fraud

10/24/2005
In the name of protecting against phishing, identity theft and other forms of fraud, federal regulators handed banks and consumers an enormous job recently. The work required will make online transactions a great deal more expensive for banks--who will no doubt pass the expense on to customers. The requirement will make online transactions far less convenient for consumers. And it'll be, at best, partially effective. As reported in a story by my colleague Steve Marlin, Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14633
PUBLISHED: 2018-09-25
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The at...
CVE-2018-14647
PUBLISHED: 2018-09-25
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming larg...
CVE-2018-10502
PUBLISHED: 2018-09-24
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...
CVE-2018-11614
PUBLISHED: 2018-09-24
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wit...
CVE-2018-14318
PUBLISHED: 2018-09-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of ...