DarkReading Weblog

Amazon's SimpleDB Not Your Typical Database

Sat, 06 Feb 2010 16:08:12 -0500

Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.

New Flaws Pry Lid Off Cloud Frameworks

Fri, 05 Feb 2010 12:21:05 -0500

A new set of vulnerabilities came to light this week at Black Hat DC, and its appearance provides a good look at our bleak "next-gen" security future.

'Brand' Your Employees

Fri, 05 Feb 2010 06:14:08 -0500

You might want your product to be in the news every day, and for your PR to create miracles for you. But if you want attention, then your company must speak out on big security issues and news.

Litchfield's Last Hurrah

Wed, 03 Feb 2010 17:44:08 -0500

Yesterday was David Litchfield's last day at NGS Software, and he commemorated the milestone by dropping a zero-day vulnerability in Oracle's 11g database at Black Hat DC. He also surprised the audience -- and possibly himself -- by awarding Oracle a "B+" final grade for security in 11g, after nearly 10 years of keeping Oracle on its toes by calling out vulnerabilities in its database technology.

Updated Tool Targets Facebook Security

Wed, 03 Feb 2010 14:15:05 -0500

Security issues surrounding social networking sites make me cringe. I understand their practical applications, but they are also the platform for easy delivery of exploits through social engineering. I've seen many systems compromised by the unconscious click on a Facebook link that users' nonchalance on similar sites and their trust in the Internet frustrates me to no end.

Tool Helps Prepare For Disaster

Wed, 03 Feb 2010 09:19:38 -0500

When I see an event like the Haiti earthquake, I worry that we treat disaster preparedness much like we do data backup -- we don't really think about it until it's too late. We are faced with putting in place a plan to deal with disaster, and then realize we don't aren't properly prepared. But I might have found a tool that can help.

When Software Glitches Are Fatal -- Literally

Mon, 01 Feb 2010 14:50:41 -0500

Hearing about how many companies were hacked during the Aurora attacks due to a software vulnerability in Microsoft's Internet Explorer (IE) is frustrating. Now another attack is ready to be unveiled at Black Hat DC that also uses an IE "feature." The thought of what can and has happened because of these flaws is scary -- theft of personal information, espionage, identity theft, etc. -- but what happens when software glitches lead to death?

70% Rise In Malware: Time To Block Facebook?

Mon, 01 Feb 2010 11:19:57 -0500

New research published by Sophos today reveals a 70 percent increase in the number of companies reporting spam and malware attacks via social networks.

Wiping Out Wimpy Passwords

Fri, 29 Jan 2010 13:11:20 -0500

Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.

IE 6 Aftermath: Time To Review Your Browser Strategy

Wed, 27 Jan 2010 19:31:31 -0500

The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.

TechCrunch Hacked Again: Foul-Mouth Hacker Embarrasses Top Blog

Wed, 27 Jan 2010 02:51:24 -0500

Technology blog TechCrunch has been hacked for the second time in 24 hours.

TechCrunch Hacked

Tue, 26 Jan 2010 04:10:56 -0500

The immensely popular blog TechCrunch has been compromised by hackers who posted an offensive message on its home page.

Johnny Depp Death Crash Video Launches Malware Attack

Mon, 25 Jan 2010 06:40:24 -0500

An Internet rumor that Hollywood superstar Johnny Depp has died in a French car crash is being taken advantage of by cybercriminals, who have planted malware posing as video footage of the accident.

Operating In An Insecure World

Fri, 22 Jan 2010 14:47:22 -0500

I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.

Google/China Reality Check Amid The Fog Of Cyberwar

Thu, 21 Jan 2010 11:00:23 -0500

We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.

User Security After The Google Hack

Wed, 20 Jan 2010 14:10:09 -0500

Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.

Emergency Microsoft Internet Explorer Patch Arrives Thursday

Wed, 20 Jan 2010 13:28:19 -0500

The IT world sighed with relief at the news that Microsoft is releasing an out-of-band patch for Internet Explorer on Thursday, Jan. 21.

What Data Discovery Tools Really Do

Wed, 20 Jan 2010 09:00:02 -0500

Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.

Share Your New Security Innovations

Fri, 15 Jan 2010 16:00:22 -0500

I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.

The Cybersecurity Czar's First Big Test

Thu, 14 Jan 2010 12:21:37 -0500

I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.

Discovery And Your Database

Wed, 13 Jan 2010 10:13:53 -0500

Database discovery is the act of locating databases on a network. Years ago, this was simple because companies had only one or two databases. Now just about every application created relies on database services to provide data integrity and transactional consistency.

We Have Nothing To Say -- Or Do We?

Tue, 12 Jan 2010 02:05:41 -0500

The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?

Iranian Cyber Army Attacks Chinese Search Giant

Tue, 12 Jan 2010 01:22:52 -0500

China's No. 1 Website has fallen victim to a group of hackers calling themselves the "Iranian Cyber Army," who replaced the site's home page with a political message.

The Inconvenient Truth Behind Security

Mon, 11 Jan 2010 14:55:24 -0500

A co-worker forwarded me an e-mail in which the original sender was asking about running vulnerability scans on his own and stated he was concerned about the scans causing downtime while the servers were being tested.

When PDFs And Flash Files Attack

Fri, 08 Jan 2010 14:18:03 -0500

It's getting harder to protect our users from threats coming at them from seemingly trusted places. The Websites they've been using for years are suddenly the source of attacks through malicious advertisements being pushed to the "trusted" site by a third-party advertising service. File format attacks against Adobe's Flash and Acrobat are becoming the exploit du jour for attackers.