Best Of Web
Best Of The Web
SEARCH SECURITY
Secure Software Development Lifecycle Still Lacking At Dev Firms
Even firms that consider security to be important don't have a formal methodology in place, study says
BANK INFO SECURITY
Insider Threat: No Industry Is Safe
Carnegie-Mellon expert outlines the warning signs of potential insider breaches
CSO
How Security Professionals Monitor Their Kids
What kind of monitoring is useful, and how much is too much?
FEDERAL NEWS RADIO
Cybercriminals Prey On The Unemployed
Jobless are recruited for roles as "mules," duped into participating in cybercrime
GARY WARNER BLOGSPOT
Nicolae Popescu, Romanian Hacker, At Large
One of the ringleaders among 70 Romanian cybercriminals who were arrested this month is no longer imprisoned
BUSINESSWEEK
Bank of America Insider To Plead Guilty To Hacking ATMs
Bank of America computer specialist is set to plea guilty to charges that he hacked the bank's automated tellers to dispense cash
THE NEW YORK TIMES
Identity Thieves Infiltrated Tax Office In Bronx, A Suit Says
An H&R Block branch is under fire for identity theft of its customers
EWEEK
Researchers To Demonstrate Database Man-In-The-Middle Attacks
Trustwave researchers at Black Hat Europe this week will demonstrate how to use man-in-the-middle attacks against Oracle databases to steal user credentials and take over sessions
TECHWORLD
Adobe PDF Flaw To Spread Malware, Says Researcher
A design flaw in Adobe's PDF format is likely to be quickly exploited by hackers to install Trojans on users' computers, a security company says
BETA NEWS
Don't Tell Spammers That You're On Vacation
Microsoft has temporarily turned off Hotmail's "vacation" auto-reply feature in an attempt to quell spam attacks
INVESTMENT NEWS
Data Theft Puts LPL Financial Clients At Risk
An unencrypted USB drive stolen from an LPL employee's vehicle has left clients' names, addresses, birth dates, and social security numbers exposed
PC ADVISOR
NASA Hacker's Mother Stands For Parliament
The mother of NASA hacker Gary McKinnon is running for Parliament in a bid to prevent the "erosion of civil liberties"
HOST EXPLOIT
Cyber Attack Cripples Free Malaysia Today
Attack left readers unable to access news articles, reports say
THREAT CENTER LIVE BLOG
Tiger Woods (Searches) Not To Be Trusted
As users seek clips of new Tiger Woods ad, malware authors seek to hijack search results
HOST EXPLOIT
Data Breaches Cost Australian Companies $1.97 Million Per Incident, Report Says
Ponemon study for region says companies lose $123 per record
CONCURRING OPINIONS
How Identity Theft Is Like The Ford Pinto
Study suggests companies aid in identity theft by playing fast and loose with consumer credit
WIRED
Identity Thieves Filed For $4 Million In Tax Refunds Using Names Of Living And Dead
Crime ring used names of others to file bogus returns and collect refunds, indictment says
ADOBE READER BLOG
Upcoming Adobe Reader And Acrobat 9.3.2 And 8.2.2 To Be Delivered By New Updater
New security patches could be made easier by automated technology, Adobe says
HELP NET SECURITY
Q&A: Cyber Warfare
What constitutes an act of cyberwar and how should nations respond? ISSA chief offers insights
MICROSOFT SECURITY RESPONSE CENTER
Microsoft To Issue 11 Patches On Tuesday
Patches address 25 vulnerabilities found, software giant says
SC MAGAZINE
Romanian Police, FBI Break Up 70-Strong eBay Fraud Ring
Three different organized cybercrime groups were involved in auction fraud, officials say
COMPUTERWORLD UK
Hackers Using Search Engine Optimization Techniques, Says Sophos
SEO tricks feed users malware and viruses
SEARCH SECURITY
Outsourced Security Extends To A Wealth Of Services, Study Finds
MSSPs extend offerings to log, configuration, and patch management
THE TECH HERALD
Facebook Users Still Unhappy With Privacy Options
Users displeased with proposed changes, survey says
SEARCH SECURITY
HITECH Act Increases HIPAA Security Requirements
Government agencies begin levying fines for failure to comply
FINEXTRA
ID Theft Ring Gleaned Socials From Medical Records
Hospital insiders allegedly used data to obtain credit cards
H-ONLINE
Security Through Virtualization
Researcher proposes new "Qubes" operating system to improve security in virtual environs
ESET
Researchers Discover Massive New Koobface Campaign
Worm promises hidden-camera videos, but what users really get is a big bug
COMPUTER WEEKLY
More Organizations Adopt Secure Coding Practices
Software developers doing more training, Errata study finds
NETWORK WORLD
Is The U.S. The Nation Most Vulnerable To Cyberattack?
Ex-presidential advisor Richard Clarke warns cyberattacks could lead to more traditional combat
VIEW FROM THE BUNKER
Symantec Urges UK Businesses To Bolster Defenses To Avoid New Breach Fines
Violations of Data Protection Act could now cost businesses more than $1 million
ZDNET ASIA
Companies Should Not Use Free Security Testing Tools Exclusively
Few companies are relying on open market software, study finds
SECURE COMPUTING AUSTRALIA
Vietnamese Government Denies Aurora-Style Hacks
Accusations are "groundless," officials say
FEDERAL COMPUTER WEEK
Health IT Data Security Crude In Some Companies, Says CMS CIO
IT chief at Centers for Medicare and Medicaid Services says even large companies make mistakes that are "almost embarrassing"
FINEXTRA
Fraudulent U.S. ATM Withdrawals On The Rise
Stolen identity information frequently used to access accounts via ATM, Javelin study says
HOW STUFF WORKS
Could A Single Hacker Bring Down A Country's Network?
In a word: yes. Here's how
SECURITY ARCHITECTURE
Employee Expectations Of Privacy In The Workplace Only Improving In Very Specific Contexts
Recent court cases still don't protect employees from scrutiny by employers
BANK INFO SECURITY
Six Steps To Reduce Online Fraud
Banking expert outlines current fraud trends �� and how to handle them
DATAMATION
Security Panel To IT: "Expect A Breach"
Companies that don't plan properly for security breaches are putting their business at risk, experts say
SC MAGAZINE
Most Organizations Falling Short On Cloud Security Policies
Most organizations fail to properly safeguard sensitive data stored in the cloud, Ponemon study says
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.