Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in September 2007
Would You Hire This Hacker?
Commentary  |  9/28/2007  | 
Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?
No Excuse: Security Lessons From T.J. MAXX Data Breach
Commentary  |  9/28/2007  | 
Maybe the company should change its name to T.J. LAX -- lax security practices let the hacked retailer's data breach go from bad to worse to bad beyond belief while nobody did anything to remedy the situation.
Disaster Recovery: Plan for Recovery, Not for Disaster
Commentary  |  9/27/2007  | 
So many elements to business IT operations -- so many elements that can get sliced, diced, slammed, flooded, flamed, hacked, attacked, smashed and just plain hammered that your disaster recovery plan has to be universal to be effective.
Is Your Domain Name Safe From Porn Pirates?
Commentary  |  9/27/2007  | 
Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.
Getting to the Real Endpoint of Endpoint Security
Commentary  |  9/26/2007  | 
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.
Good News: Attacks Are Down; Bad News: Attacks Are Worse
Commentary  |  9/24/2007  | 
Fewer but fiercer attacks -- that's the word from a new study of business IT security trends over the past year. Today's breaches are reportedly twice as severe as those of just a couple of years ago.
Secure Computer Recycling II
Commentary  |  9/21/2007  | 
The first step (admittedly paranoid but also, I think, practical) in recycling computers is to physically remove any storage devices. The second is to smash those devices to smithereens. The third step is to find the right place to drop off the now storage-less (and business data-less) remains of the computer.
What ISPs Are Scared Of
Commentary  |  9/20/2007  | 
A new study of Internet service providers (ISP) and their top security concerns lets us know what they're most scared of: armies of zombie computers mounting huge distributed denial of service (DDoS) attacks.
Cybercrooks Outpacing Cybercops: McAfee
Commentary  |  9/19/2007  | 
It's that time of year when the major security vendors release updates, upgrades... and public statements. McAfee's CEO this week pointed out that cybercrime is now bigger than the illegal drug trade -- and continues to grow.
Government Prodding Biometrics into the Mainstream?
Commentary  |  9/18/2007  | 
Biometrics has been a market segment that seems to under perform consistently. To date, use of the technology has limited to select applications, such as securing laptops, but Uncle Sam may soon help to change that.
Cybercrime Gets More Organized
Commentary  |  9/17/2007  | 
The increasingly organized -- and commoditized -- nature of cybercrime should make all of us more alert than ever to the risks our information, and our customers' information, face on our networks.
Don't Do As TD Ameritrade Does -- And Don't Do As They Say, Either
Commentary  |  9/14/2007  | 
The security breach that let spammers get hold of as many as 6.3 million TD Ameritrade customer names, phone numbers and e-mail addresses is being spun as a "Well, they didn't get Social Security numbers, account numbers, PINs or other confidential info; still we apologize for any inconvenience or annoyance," sort of problem. Mistake. Big mistake.
QuickTime Patch Procrastination Poses Firefox Problems
Commentary  |  9/13/2007  | 
Said it before, say it again: Bad enough to have flawed and vulnerable software out there, but probably unavoidable as code gets more and more complex. Completely unavoidable and equally inexcusable is letting a known vulnerability languish for any amount of time, much less a full year. Yet that's exactly what Apple's done with a QuickTime media player security hole that's been known of for at least that long.
Company Computers Not Safe At Home
Commentary  |  9/12/2007  | 
A warning from Computer Associates that home computers are increasingly vulnerable and threatened -- surprise! -- set me to wondering how many of those computers aren't really home computers at all, but business computers used at home... and, more critically, used at home by people other than the authorized employee.
Do Not Ask Your Customers for Their Social Security Numbers
Commentary  |  9/11/2007  | 
Do you want to make potential and existing customers feel secure? If so, one item that you need to avoid is asking them for their social security numbers. A poll by Consumer Reports National Research found that close to nine of every ten Americans want state and federal lawmakers to pass laws restricting the use of Social Security numbers. So if you want consumers coming back and ordering products
Skype Worm Bubbles Up
Commentary  |  9/11/2007  | 
The latest worm wriggling from Skype (for Windows) user to Skype user by way of the network's chat function gives a good opportunity to remind employees not to click on unexpected messages or images on free VoIPware any more than they should anywhere else.
Botnet Storm Surge: Insecurity In Numbers
Commentary  |  9/10/2007  | 
Whatever the summer heavy weather season has been like in your neck of the woods, the cyber-season saw the explosive growth of a monster security storm. After building strength all year, the Storm botnet worm has created a zombie grid so large that it could be a threat to... pretty much whatever the hackers who created it want it to be a threat to.
Bandwidth Is A Business Security Matter, Too
Commentary  |  9/7/2007  | 
The more we can get, the more want to get -- nowhere truer than on the Internet, and getting truer by the day as rich video, audio, effects and extras become an expected part of the traffic. Not just entertainment traffic -- more and more small to midsized businesses are taking advantage of rich media and Web 2.0-ish techniques to send sophisticated sales, marketing and communications signals. But is their richness a business risk? It may be if your customers are Comcast customers.
Time to Guard Your Instant Messaging Traffic
Commentary  |  9/6/2007  | 
One downside with popular IT technologies is they attract unsavory elements. Akonix Systems Inc. , a vendor specializing in instant messaging security products, reported that the number of instant messaging specific viruses doubled from July to August. The change could mean a shift in hacker priorities, so therefore small and medium enterprises need to take a closer look at protecting their IM traffic.
Counting The Cost Of Business Data Theft
Commentary  |  9/6/2007  | 
Just how much does it cost to deal with a data theft or resolve a security breach? Insurance company Darwin Professional Underwriters has a free on-line calculator to help you find out.
Recycle Your Computers -- Not Your Business Info
Commentary  |  9/4/2007  | 
The news that Sony's opening a number of electronics recycling centers across the country is good news for businesses that have stacks and scads of old, outdated, underpowered and otherwise unused computers and other electronic devices cluttering their closets and storage spaces. (It's even better news for landfills, which do not need the toxic materials the devices contain.) Just be sure that what you're putting into the system is the equipment, not your business data.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15703
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.