Author

 Rob Enderle

Profile of Rob Enderle

News & Commentary Posts: 43
Articles by Rob Enderle

A Peek At The Intel-McAfee Strategy

10/12/2010
This week is McAfee's annual customer and partner event, and the first one since the announcement that Intel would acquire McAfee. The message at Focus is that the Intel-McAfee plan to secure all parts of the emerging highly distributed and massively diverse ecosystem -- from devices such as smartphones and tablets to large-scale virtualized servers -- in what is increasingly a SaaS and virtualized environment.

Post a Comment

Anticipating The First Car Virus

9/7/2010
I've been thinking a lot about Intel's acquisition of McAfee, and recently spent the afternoon with the company reviewing its strategy. Intel doesn't want to repeat the mistake made with the PC in regard to malware as we move to more common interfaces, operating systems, and network-connected TVs, appliances, manufacturing equipment, air conditioning and heating systems -- and, yes, automobiles and motorcycles. While a virus or an attack on a PC or server is certainly painful, the same attack on

Post a Comment

How RIM Could Fail

8/9/2010
Of the handset choices that are sold broadly on the market, the BlackBerry platform is the most inherently secure. To appeal to the business market it targets, it had to be better than any other handset or mobile solutions vendor. But with Saudi Arabia blocking the service and other countries expected to follow -- coupled with mistakes on its new flagship Blackberry Torch -- RIM could be on the brink of a Palm-like failure.

Post a Comment

Is Google Stealing Our Digital Freedom?

7/2/2010
With the Fourth Of July here, it's a good time to focus on freedom. It seems that often when new technology and new ways of getting revenue advance in an industry, those who don't understand that technology are exploited by those who do. Google's model seems to increasingly fit this mold, and the example it is setting is driving others down the same path.

Post a Comment

BP And The Importance Of Calling Out Corruption

6/18/2010
A recent article in Rolling Stone shows how the combination of a corrupt process for ensuring the safety of oil rigs, corruption of the information on the risk, the actual BP disaster -- and politics -- has resulted in the biggest environmental disaster in the country's history. It also mirrors a massive problem in IT security where political expediency, short-term financial gains, and personal benefits often trump good business practice.

Post a Comment

It's Time For Personal 'OnStar'-Like Security

3/12/2010
I recently saw a story about a young child who, upon being confronted by armed robbers in his home, had the presence of mind to lock himself in a bathroom with his younger sister and call 911. Doing so likely saved the lives of everyone in the house. Because this outcome is unusual, I think it's time we looked at personal security more closely.

Post a Comment

Tool Helps Prepare For Disaster

2/3/2010
When I see an event like the Haiti earthquake, I worry that we treat disaster preparedness much like we do data backup -- we don't really think about it until it's too late. We are faced with putting in place a plan to deal with disaster, and then realize we don't aren't properly prepared. But I might have found a tool that can help.

Post a Comment

How Obama Could Fix Airline Security

1/4/2010
Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to

Post a Comment

Snow Leopard's Toothless Trojan Defense

8/31/2009
Snow Leopard is the strongest business offering that Apple has ever fielded, but Apple remains in the dark ages when it comes to protection against malware and its unwillingness to work with third-party vendors to minimize the risk of bringing an Apple machine into a large business.

Post a Comment

It's Time To Integrate Physical And Virtual Security

8/13/2009
With examples of employee theft and the increasing threat of damage to systems by disgruntled ex-employees, it's time to consider presence-linked polices and implementing the Trusted Computing Group's new Trusted Network Connect (TNC) standard. We have the technology to better support our financial and intellectual property -- and in these hard times, we need to step up and do just that.

Post a Comment

Obama Administration Going Soft On Cybersecurity

7/28/2009
Viruses, botnets with international botmasters, denial-of-service attacks on government properties, cyberbullying, and the increasing threat of identity theft plague every resident, from child to adult, regardless of whether they are actually ever online -- U.S. cybersecurity has been little more than a bad joke.

Post a Comment

Apple Without Jobs: Who Secures A Company's Heart?

12/31/2008
Very often a founder is the heart of a unique, successful company, or in the case of IBM it was actually the son of the founder, Thomas Watson Jr. All the focus this week on the likely departure of Steve Jobs from Apple has me thinking back about one of my very first jobs at Disney shortly after Walt died. In many ways these men embodied more than their companies' brands: They embodied a way of thinking about business that wasn't defined in dollars and cents; it was defined by imagination, carin

Post a Comment

The 2009 Security Tsunami

12/19/2008
Many in the United States think the party in power has sacrificed too much privacy and liberty in order to address security concerns, particularly in regard to terrorism. The incoming administration is likely to undo a lot of this, but, at the same time, a massive number of very upset people with and without tech skills are going to find themselves jobless.

Post a Comment

Death of the AV Vendor: Microsoft Offers Free AV

11/18/2008
The fundamental problem with the AV market is that it makes antivirus vendors as much a part of the problem as they are a part of the solution. They are motivated to promote exposures to create a market for their offerings, and the end result has been a massive increase in malware and an inability by the ecosystem to effectively combat it. This will change that dramatically.

Post a Comment

Laptop Security During the Economic Crash

11/3/2008
Theft rates go up sharply when you have an economic crash. People are looking for items to take from homes and cars that are easy to transport and easy to sell. Laptops fall into this category because they are both small and easily sold -- especially if new, attractive, and one of the more desirable models. This suggests a number of best practices are necessary to ensure they don't walk off and, if they do, don't compromise the business.

Post a Comment
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12580
PUBLISHED: 2018-06-19
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
CVE-2018-12578
PUBLISHED: 2018-06-19
There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
CVE-2018-1061
PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073
PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...