Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


posted in December 2010
Three 2011 Security Resolutions (for the uninitiated)
Commentary  |  12/31/2010  | 
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Commentary  |  12/30/2010  | 
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
Commentary  |  12/30/2010  | 
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Information Security Predictions 2011
Commentary  |  12/29/2010  | 
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
As More SMBs Engage Online Security Concerns Grow
Commentary  |  12/27/2010  | 
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Why SMBs Aren't Buying DLP
Commentary  |  12/27/2010  | 
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
SCADA Security Heats Up
Commentary  |  12/27/2010  | 
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Microsoft Moves To Block Zero Day Attack
Commentary  |  12/22/2010  | 
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Why All The Big Deals?
Commentary  |  12/22/2010  | 
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
'Tis Attack Season: 5 Ways To Fight Back
Commentary  |  12/22/2010  | 
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
Schwartz On Security: Don't Get Hacked For the Holidays
Commentary  |  12/22/2010  | 
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
What If Data Services Were Free?
Commentary  |  12/21/2010  | 
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Security Design Fail
Commentary  |  12/19/2010  | 
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Hacked: A Reformed Victim's Story
Commentary  |  12/17/2010  | 
What I learned as a hacking victim and how you could prevent something similar from happening to you or a loved one
Take A Deep Breath
Commentary  |  12/17/2010  | 
In the midst of the recent surge of security hype and angst, a dose of perspective
Reputation Can't Be Delegated
Commentary  |  12/16/2010  | 
A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.
Why Chrome OS Will Succeed
Commentary  |  12/15/2010  | 
Google's "third choice" of operating system will sell itself to businesses and schools.
What Disaster Are You Planning For?
Commentary  |  12/14/2010  | 
When the subject of disaster recovery comes up many IT professionals' minds immediately flash to an epic event like a fire, hurricane, tornado or earthquake. While this is fine for a point of reference, what about planning for the more mundane disaster? These simple disasters can often cost you as much in revenue and brand reputation than their larger alternatives.
Gawker Goof
Commentary  |  12/13/2010  | 
Sometimes it helps knowing what not to do with database security to clarify why you need database security -- and sometimes somebody else goofs up real bad and sheds light on the little security details you need to get right
Patch Tuesday: Too Big To Ignore?
Commentary  |  12/13/2010  | 
Any IT administrators hoping to get an early jump on the holidays this week face a big disappointment: 40 software updates coming from Redmond this month.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
On To 2011
Commentary  |  12/13/2010  | 
2011 will be the year we catch the first glimpse of the biometric movement
Researchers: Major Ad Networks Serving Malware
Commentary  |  12/11/2010  | 
Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.
The Hazards Of Bot Volunteerism
Commentary  |  12/10/2010  | 
Not only can you get caught, you can also get 0wned if the bot software is malicious
Is The Storage Industry Consolidated?
Commentary  |  12/10/2010  | 
There have long been predictions that the storage industry would consolidate down to three or four vendors. A few weeks ago EMC made a bid to buy Isilon and yesterday Dell made a bid to buy Compellent for $876 million dollars. These deals come on the heels of the dramatic HP - Dell bidding war over 3PAR. Is the storage industry consolidated? Not even close.
Monitoring Challenges For NERC/FERC Environments
Commentary  |  12/10/2010  | 
Many vendors claim to be entrenched within NERC and FERC regulated critical infrastructure clients, but few understand where the real goldmine of data resides
Why 2010 Will Make 2011 The Year Of SSD
Commentary  |  12/8/2010  | 
In technology we are always looking for next year to be the year of something. Reality is that most technologies don't establish themselves in a single year, but 2011 could be the year that solid state storage makes significant inroads into the enterprise data center and that work will be because of what was done in 2010.
California Does Health Care Data Breaches Right
Commentary  |  12/7/2010  | 
Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
What Appliances Should Be Virtualized?
Commentary  |  12/3/2010  | 
In our last entry we discussed the value of virtual appliances and how they might be a better option for the data center than stand alone appliances are today. If you agree that there is value in leveraging the virtual infrastructure for appliances then the next step is to decide which appliances make the most sense to be virtualized.
Wikileaks: The Canary In The Coal Mine For DLP
Commentary  |  12/2/2010  | 
The supposedly confidential State Department memos ('cables' in the quaint, antiquated parlance of diplomats) oozing out in dribs and drabs this week prompts many questions, but for the IT professional none is more acute than "how could something like this even happen?" This marks the third time in the last six months that the Web's premier whistleblower outlet has release dsensitive government reports. Admittedly, most of these aren't highly classified (and none are "top secret), nor even all t
The Value Of Virtual Appliances
Commentary  |  12/1/2010  | 
Vendors created the appliance market by delivering their software applications pre-installed on standalone servers. The goal was to simplify installation for the users and to make support easier thanks to the consistent hardware platform. The downside to appliances is that there is an added hardware cost and when performance needs to be upgraded it often requires a new appliance. These issues can be addressed by leveraging server virtualization to create virtual appliances.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.t...
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is locat...
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. Ther...