Author

 George V. Hulme

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme

Users Still Careless With Email

4/25/2011
Company employees still consistently send confidential and sensitive information via email in violation of rules and regulations, according to a survey by VaporStream.

Post a Comment

NSA Investigating Nasdaq Hack

3/31/2011
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.

Post a Comment

Are Industrial Control Systems The New Windows XP

3/24/2011
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.

Post a Comment

RSA Breach Leaves Customers Bracing For Worst

3/18/2011
RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.

Post a Comment

Trojan Attacks Remain Most Popular

3/16/2011
Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.

Post a Comment

NERC Creates Cyber Assessment Task Force

3/12/2011
The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.

Post a Comment

Botnet Threat: More Visibility Needed

3/11/2011
According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.

Post a Comment

Hacks From China Strike Canadian Government

2/20/2011
CBC is reporting that attacks from IP addresses based in China have managed to successfully breach networks within the Finance and the Treasury Board of Canada, as well as Defence Research and Development Canada. The attack is the latest in a string of attacks aimed at high level government agencies.

Post a Comment

Successful Security: It Is In The Details

2/15/2011
Security is both hard to do right, and easy to make the simple mistakes that could jeopardize the security of most any organization. It may be a mistake that comprises of being a single digit off. And that one number could be the difference between a secure network and one that is readily breached. That was the overriding message in a Security B-Sides Conference presentation given today by Mike Lloyd, chief scientist at security software maker Red Seal Systems.

Post a Comment

WikiLeaks Targeting P2P Networks?

1/23/2011
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.

Post a Comment

Security Doesn't Matter To Brands: A Counter Point

1/10/2011
A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.

Post a Comment

Japan To Ban Virus Creation? Bad Idea

1/5/2011
The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.

Post a Comment

Three 2011 Security Resolutions (for the uninitiated)

12/31/2010
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.

Post a Comment

SCADA Security Heats Up

12/27/2010
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?

Post a Comment

Security Design Fail

12/19/2010
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.

Post a Comment

Reputation Can't Be Delegated

12/16/2010
A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.

Post a Comment

Researchers: Major Ad Networks Serving Malware

12/11/2010
Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.

Post a Comment

Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers

11/30/2010
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.

Post a Comment

Researchers: Be Wary Of New Trojan Attacks

11/21/2010
A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.

Post a Comment

Dangerous Safari Bugs Patched

11/18/2010
Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.

Post a Comment

Don't Be A Sheep

11/6/2010
Thanks to the new Firefox plug-in dubbed Firesheep, snoops and attackers now have an easier shot at hijacking some of your Internet sessions. Don't let this opportunity go to waste.

Post a Comment

Social Media Best Practices For Healthcare

10/19/2010
It's no secret that there have been instances of medical workers abusing social networking sites and violating patient privacy rights. A medical association has recently published a social media toolkit designed to help with more responsible use of social media.

Post a Comment

CloudAudit Now Under Cloud Security Alliance Umbrella

10/17/2010
We've blogged often about the need for organizations to be able to see and understand the regulatory compliance and security efforts of their cloud providers. Now, two organizations - the Cloud Security Alliance and CloudAudit - that have been working toward exactly that are joining forces.

Post a Comment

It's Not (Just) About EMR Software Security

10/12/2010
We recently discussed a report that provided an overview of the security breach trends at 300 health care providers. Some took the post to be a condemnation of EHR security. That is too narrow of an interpretation. The post was meant to convey the lack of maturity, pervasive in the health care industry, when it comes to security controls.

Post a Comment

In Software We (Can't) Trust

9/30/2010
I can't think of more than a few attacks in the past decade that involved stolen certificates as part of the malware or exploit code. However, recent attacks, and new research highlights the increasing danger of trusting signed digital certificates.

Post a Comment

Google To Warn Admins Of Malware Infestations

9/29/2010
It's been made very clear that one of the greatest threats to Web safety is reputable Web sites getting nailed with malware - and their web masters don't even know it. That malware then infects users - who also go unaware that they've been pwned. This week, Google is taking steps to try to turn that tide.

Post a Comment

Stuxnet Pwned Iran. Are We Next?

9/27/2010
For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.

Post a Comment

Twitter Under Attack

9/21/2010
There's a cross-site site scripting flaw aggressively spreading across the social networking site Twitter. I know, I was hacked first thing this morning. . .

Post a Comment

Cloud Security And Compliance: Clear The Ambiguity

9/13/2010
The fact that business consumers of public cloud computing services don't get much in the way of transparency into the governance and security efforts of their cloud providers has been an obvious hindrance to cloud adoption. Here's an example at how a nascent, but encouraging, standard - CloudAudit - aims to change that.

Post a Comment

iPhone iOS Devices Jailbroken

9/9/2010
Hackers are claiming to have uncovered a flaw within iPhone and iPod Touch hardware that will make it easy for users to jailbreak their devices. And, if these reports prove accurate, it'll not be a trivial workaround for Apple to fix.

Post a Comment

Microsoft Software Security Development Lifecycle (SDL) Unleashed

8/30/2010
While many industry watchers may not acknowledge it, Microsoft has been one of the few software makers to put a serious, and highly public, effort behind the development of secure software. Now, much of what the company has learned about secure software development is going to be even more accessible.

Post a Comment

CloudAudit Gets Real

8/22/2010
For enterprises, one of the biggest challenges with cloud computing include transparency into the operational, policy and regulatory, and security controls of cloud providers. For cloud providers, one of their pressing challenges is answering all of the audit and information gathering requests from customers and prospects. CloudAudit aims to change that.

Post a Comment

Anti-Virus Suite Protection? Not Much

8/17/2010
It's no secret that anti-virus software doesn't do much to protect you against new and rapidly moving viruses, so it shouldn't come as much of a surprise that these suites don't do much good defending you against exploit code, either. A fresh evaluation from NSS Labs reveals just how vulnerable you really are.

Post a Comment

Post Patch Tuesday. Don't Stop There

8/11/2010
While you may be well underway testing and deploying this month's hefty batch of patches from Redmond, it's never too soon to ask: how secure do the rest of your applications and servers look?

Post a Comment

On iPhone, Jailbreaking, And Security

8/3/2010
It may not be the fashionable decision, but I choose not to jailbreak my iPhone. That's primarily out of security concerns. However, it turns out that Jailbreaking (read: pwning) an iPhone is now as simple as visiting a web page.

Post a Comment

Be Careful What You Search For

7/31/2010
Viruses and malware used to spread and try to find computer users to infect. Today, research released at DefCON 18, shows that increasingly search engines are bringing users are going straight to the malware.

Post a Comment

Mozilla Raises Security Bug Payout

7/16/2010
If you are a bug finder, finding security flaws in Mozilla software products, such as the Firefox web browser, just became much more profitable after the foundation raised its bug bounty from $500 to $3,000. But will this move help improve your security?

Post a Comment

Android, iPhone, "Kill Switch" Capabilities

6/27/2010
The recent security related events surrounding Google Android highlights why users must exercise constant vigilance in the applications they choose to install on their handsets, and raises questions about the ability for vendors to reach into your handset to remove potentially nasty software.

Post a Comment
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.