DarkReading Dark Dominion Weblog

Personal Panic-Button Apps Land On Mobile Phones

By Kelly Jackson Higgins — Fri, 19 Mar 2010 15:06:40 -0500

Personal security apps for mobile phones are here, and famed criminal profiler and frequent NBC/MSNBC guest commentator Clinton Van Zandt is getting into the act. Van Zandt is now featuring on his LiveSecure.org Website, among other personal security products, a silent panic-button app for smartphones. Separately, a new start-up called SafeKidZone is also about to launch a new panic-button app and service for kids' mobile phones.

Firewalls And DIY Plug-Ins

By Kelly Jackson Higgins — Tue, 23 Feb 2010 14:22:43 -0500

Let's face it: Users love the concept of adding free plug-ins and apps to customize and empower the base software tool, whether it's in a smartphone or browser. Doing so is fun, it's cool, and it lets them personalize their software to augment or shape how they use it. Even firewall management has joined the plug-in party.

Sights, Sounds (And Snow) Of ShmooCon 2010

By Kelly Jackson Higgins — Thu, 11 Feb 2010 17:49:31 -0500

There are hacker conferences, and then there's ShmooCon. The annual East Coast convention was held during a major snowstorm in Washington, D.C., but that didn't stop researchers from sharing their latest exploits, hardware, and software inventions, and huddling over discussions about the latest security issues.

Dark Reading Launches New Database Security Newsletter

By Tim Wilson — Wed, 10 Feb 2010 13:49:02 -0500

One of the things we've learned in publishing Dark Reading is that a pretty wide range of people work under the title of "security professional." There are techies and managers, risk managers and privacy people, white hats and black hats. Not surprisingly, they aren't all interested in the same news and information.

Litchfield's Last Hurrah

By Kelly Jackson Higgins — Wed, 03 Feb 2010 17:44:08 -0500

Yesterday was David Litchfield's last day at NGS Software, and he commemorated the milestone by dropping a zero-day vulnerability in Oracle's 11g database at Black Hat DC. He also surprised the audience -- and possibly himself -- by awarding Oracle a "B+" final grade for security in 11g, after nearly 10 years of keeping Oracle on its toes by calling out vulnerabilities in its database technology.

The Cybersecurity Czar's First Big Test

By Kelly Jackson Higgins — Thu, 14 Jan 2010 12:21:37 -0500

I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.

New Year Will Put New Pressure On Security Services Decisions

By Tim Wilson — Thu, 07 Jan 2010 13:58:03 -0500

Security, as many consumers have recently discovered, is a matter of perspective. Many consumers carefully lock their houses each night and turn off their computers. They keep their AV products up to date, their wireless connections encrypted, and their passwords in their heads.

Firefox On Fire

By Kelly Jackson Higgins — Wed, 02 Dec 2009 14:05:27 -0500

Firefox is hot. The latest numbers show it now owns one-fourth of the browser market right now. But fame, of course, comes with a price: A recent, separate report shows that Firefox accounted for nearly 45 percent of all Web vulnerabilities in the first half of this year.

LinkedIN With 'Bill Gates'

By Kelly Jackson Higgins — Fri, 30 Oct 2009 17:04:08 -0500

Bill Gates invited me to join his LinkedIN network. OK, so it wasn't really Bill Gates, but as far as my email system, spam filter, and email client were concerned, it's perfectly normal for Gates to send me a LinkedIn invitation.

Dark Reading Launches Vulnerability Management Tech Center

By Tim Wilson — Mon, 12 Oct 2009 10:26:19 -0500

Today Dark Reading launches a new feature: the Vulnerability Management Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the technologies and practices used to identify and eradicate security vulnerabilities from enterprise IT environments.

Dark Reading's Database Security Tech Center Refresh

By Kelly Jackson Higgins — Thu, 01 Oct 2009 10:55:52 -0500

The Dark Reading Database Security Tech Center is expanding. The subsite, devoted to bringing you news, product information, opinion, and analysis all focused on the very timely topic of database security, has been well-received by our readers since its launch in June, so we're adding two new elements to provide even more depth of coverage: a new blogger dedicated to database security, and new monthly feature articles that drill down on the latest database security threats and issues.

Debit Or Credit? Neither

By Kelly Jackson Higgins — Thu, 24 Sep 2009 22:55:55 -0500

I stopped using my debit card altogether a couple of years ago out of an intense fear that I would never recoup the losses if my card were skimmed in the grocery-store line or compromised at TJ Maxx. Now I casually slide my checkbook onto the card reader stand and perform that rare act of putting pen to paper while trying to avoid the annoyed stares of shoppers behind me in line who may lose a few seconds off of their shopping time because I didn't use plastic.

Hosting Kevin Mitnick

By Kelly Jackson Higgins — Fri, 04 Sep 2009 14:26:44 -0500

It's not easy being Kevin Mitnick: The reformed black hat hacker may sue AT&T after it kicked him off its wireless network, and his Web hosting provider dropped him after his Website suffered a nasty hack last month. Seems he has become too big a target for some network and hosting providers.

Cybercriminals: Taking The Road Less Traveled

By Tim Wilson — Thu, 27 Aug 2009 15:26:58 -0500

If you were a criminal, what data would you be looking for? The most obvious answer is to look for the types of data that give you direct access to cash: bank accounts, brokerage accounts, credit cards. Like Willie Sutton, you'd go where the money is, right? And that's why some of the stiffest security defenses surround this sort of account data.

Big Names, Big Blogs

By Kelly Jackson Higgins — Mon, 10 Aug 2009 08:18:32 -0500

The Dark Reading blog section continues to add new voices from some of the top security researchers and experts in the industry.

The Seedy Side Of Hacking

By Kelly Jackson Higgins — Wed, 05 Aug 2009 07:46:58 -0500

The running joke among seasoned Defcon attendees in Las Vegas every year is to steer clear of ATM machines at the Riviera Hotel, where hackers have known to place a booby-trapped ATM to prove their point that nothing is sacred when hackers are in the house (or worse). Then there's the Wall of Sheep "contest" at both Black Hat USA and Defcon to see who's either clueless or bold enough to jump onto the unsecured WiFi network at the shows. When they do, they get the dubious honor of getting their usernames and partially redacted passwords blasted on the Wall of Sheep.

The Security 'Unconference' In Vegas

By Kelly Jackson Higgins — Wed, 15 Jul 2009 10:16:16 -0500

Most of the security action happening later this month will be in Vegas' Caesars Palace and the Riviera Hotel, where Black Hat USA and Defcon will convene. But at a rented house at a thus-far undisclosed location a few miles off of the Las Vegas Strip, a handful of hackers will host SecurityBSides, a homegrown "unconference" alternative to the more structured format of Black Hat.

Dark Reading Launches Database Security Tech Center

By Tim Wilson — Tue, 16 Jun 2009 09:23:10 -0500

Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.

For SMBs, Being Security-Savvy Doesn't Always Mean Doing It Yourself

By Tim Wilson — Thu, 04 Jun 2009 14:28:18 -0500

When it comes to security, most security professionals -- indeed, most Dark Reading readers -- are do-it-yourselfers. They do their own research, find their own bugs, and remediate their own systems. It's almost a rite of passage -- if you have to ask for help, you can't be a real security pro.

But I wonder, sometimes, if this attitude doesn't hurt small and midsize businesses, in which having even one full-time security professional is more than many can afford. Such businesses are just as concerned about security as their larger counterparts, but when their people attempt to ask questions or get the tools they need to build strong defenses, they are treated as "neophytes" or given tools they simply do not have the time or skills to learn to use properly. And because they don't have tools that work at their skill levels or have the support of the elite security community, they are sometimes left with no easy way to access the best defenses and tools available.

When Your Security Career Gets Hacked

By Kelly Jackson Higgins — Tue, 26 May 2009 13:48:59 -0500

Security professionals like to think they're immune from the economic woes plaguing the rest of the business world, but, unfortunately, many are finding out the hard way that their jobs aren't any more secure than their apps. So career coaches Lee Kushner and Michael Murray today launched an "incident response" podcast series to help security professionals whose careers have been hacked and their jobs lost get back into the job market.

Security's Past Gives Hints To Its Future

By Tim Wilson — Mon, 04 May 2009 00:48:35 -0500

Julius Caesar didn't see the need for a bodyguard when he went to the floor of the Roman senate on a March day in 44 B.C. That little oversight cost him 23 stab wounds and the throne of the empire. More than 1,900 years later, Abe Lincoln entered the presidential box at Ford's Theater in Washington, D.C. -- again, no bodyguard seemed necessary. We all know how that decision turned out.

RSA's Five Big Takeaways

By Kelly Jackson Higgins — Mon, 27 Apr 2009 14:06:27 -0500

Swag was scarce, attendee counts were down, and a few vendors opted not to exhibit this year, but last week's annual RSA Conference in San Francisco was still the obligatory get-together for security experts and vendors, sprinkled with loads of product and partner announcements and high-profile keynote speakers.

The trouble with a show as large as the RSA Conference, of course, is that you can't see it all. So here's a synopsis of just some of the more memorable moments:

WSJ's Meatless 'Spies' Story

By Kelly Jackson Higgins — Wed, 08 Apr 2009 19:54:03 -0500

Wednesday's Wall Street Journal article reporting that the U.S. power grid had been infiltrated by Chinese and Russian "cyberspies" likely caused a few people to choke on their Cheerios. But it left the security community -- already jaded with stories of SCADA and power-grid vulnerabilities, and with assumptions that the grid had been hacked a long time ago -- hungry for more.

Dark Reading Launches Security Services Tech Center

By Tim Wilson — Wed, 01 Apr 2009 00:50:45 -0500

Today Dark Reading launches a new feature: the Security Services Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis of the "outsourced" security services and technologies available to augment your organization's IT defenses.

New Dark Reading Tech Center Highlights Insider Threats

By Tim Wilson — Mon, 09 Mar 2009 08:18:45 -0500

Today marks the official launch of the Insider Threat Tech Center, a subsite of Dark Reading devoted to bringing you news, opinion, and analysis of the security threats that come from inside the organization -- and the technologies used to prevent them.

This is the first of what we hope will be several Dark Reading Tech Centers, which are designed to provide you with a more focused view of specific issues, threats, and technologies in the world of IT security. The Tech Centers will offer in-depth reports and studies, breaking news, and links to additional articles and information not found on the main Dark Reading site. Just as a traditional newspaper offers in-depth sections or supplements on sports, entertainment, or politics, the Dark Reading Tech Centers will provide an additional range of news and information for readers who have an interest in specific aspects of IT security.