News & Commentary

Content posted in January 2008
Page 1 / 5   >   >>
Does This Storage Make My Butt Look Big?
Commentary  |  1/31/2008  | 
This is a curious link to follow if you agree that women as storage buyers: A) Are aliens B) Constitute a completely different species C) Need to be spoken to like prostitutes (the "Pretty Woman" Julia Roberts kind, not that Theresa Russell sort)
Toward Buffer Overflow Extinction
Commentary  |  1/31/2008  | 
The first time a buffer overflow was used as part of an attack on information systems, at least the best I can find, was the infamous 1988 Morris worm. While the Morris worm propagated across Unix, buffer overflows have been the bane of Windows security for years. Microsoft is furthering its efforts to push this problem into the history books.
When Criminal Intent Lurks One Cube Away
Commentary  |  1/31/2008  | 
The ongoing Société Général fraud story is a case study in insider threats. The costs, north of $7 billion for the French bank, are high and likely to go higher. For the rest of us, it leaves an uneasy question: Do we have a rogue in our organization? And if so, what do we do about it?
Fortify Offers States Analysis
News  |  1/31/2008  | 
Secretaries of State are offered free source code analyzer to ensure security of state-owned electronic voting systems
Malware for Windows Is Widespread
News  |  1/31/2008  | 
BitDefender Lab's top 10 malware list for January reveals domination of malware exploiting Microsoft Windows Graphics
Spyware Threat Isn't Dead, Experts Say
News  |  1/31/2008  | 
Traditional spyware attacks being replaced by more clandestine, malware-style deployments
Startup Aims for Meatier Signatures
News  |  1/31/2008  | 
New technology promises more visibility into threats, fewer false positives
Stopping Google Blog Spam
News  |  1/31/2008  | 
Removing spam from your Google blog - in seven 'easy' steps
90% of Facebook Apps Have Unnecessary Access to Private Data
Quick Hits  |  1/31/2008  | 
Researcher is building a prototype to protect users' privacy from Facebook 'widgets'
Federal Government To Spend $30 Billion On New Security Efforts
Commentary  |  1/30/2008  | 
One of the most interesting IT security news stories to hit this week is that the Bush administration is apparently proposing $6 billion (maybe this is an increase on existing spending. That's not yet clear) be invested to shore up federal network security next year, and up to $30 billion across seven years. This is good news. Maybe.
The Four (Non) Myths Of IT Security
Commentary  |  1/30/2008  | 
Some of the reports and surveys security firm Symantec has provided over the years I've found both useful and informative. This most recent report, which hit today, isn't one of them.
Tizor Launches Discovery Service
News  |  1/30/2008  | 
Insight into potentially dangerous user behavior with data improves enterprise compliance and security initiatives
Lumension Rolls Out Security Configuration
News  |  1/30/2008  | 
Lumension Security unveils new configuration management to help organizations streamline compliance, improve posture, and reduce costs
Online Tax Service Selects EV SSL
News  |  1/30/2008  | 
Leading online tax filing service turns to VeriSign's Green Bar to ensure trust at tax time
8e6 Technologies Reports Growth in 2007
News  |  1/30/2008  | 
Leader in Internet filtering and reporting expands strategic channel partnerships and European presence for continued growth in 2008
MessageLabs Releases Jan. Spam Report
News  |  1/30/2008  | 
MessageLabs intelligence: spammers exploit new year diffidence - financial uncertainties and personal insecurities
Paper Outlines Methods for Beating Anonymity Technology
News  |  1/30/2008  | 
University professor postulates multiple methods for collecting data on 'anonymous' users
'L0pht ' Reunion on Tap
News  |  1/30/2008  | 
Famed and controversial '90s hacker group plans on-stage get-together in March in Boston
Real Estate Investment Trusts Deploys NAC
News  |  1/30/2008  | 
One of nation's largest real estate investment trusts deploys Mirage Networks to protect against zeroday threats
IR for the Enterprise
News  |  1/30/2008  | 
Mandiant's new incident response appliance carries a big price tag, but comes with heavy-duty features
11 Truths We Hate to Admit
News  |  1/30/2008  | 
To get better, we need to admit we have a few problems
Real Men Don't Fear the Web
Quick Hits  |  1/30/2008  | 
Study reveals 'macho factor' in online security as many males express overconfidence in their system integrity
Are You SCAP Ready?
Commentary  |  1/29/2008  | 
In case you missed it, about a year ago the Office of Management and Budget issued policy memorandum M-07-11, aka the Implementation of Commonly Accepted Security Configurations for Windows Operating Systems. Essentially, this mandates that all federal agency systems must adhere to the Federal Desktop Core Configuration (FDCC) by February 2008. That's this Friday.
Free Identity Theft Webinar Tomorrow
Commentary  |  1/29/2008  | 
This week's release of a new report on Identity Theft (and strategies for avoiding and combating it) will be accompanied by an online Identity Theft Webinar tomorrow, Thursday, January 31, at 2 pm EST.
Reflex Security Now Supports XenServer
News  |  1/29/2008  | 
Reflex Security announces reflex VSA support for Citrix XenServer; leading virtual security solution secures virtual server environment
Point. Click. Phish.
Commentary  |  1/29/2008  | 
Are you ready to launch your own phishing scam, but don't know where to start? Too tired from your day job to copy write your own fraudulent e-mails? Or, are you like millions of others who just don't know how to leverage Facebook or Orkut for illicit profit? These are no longer problems for you.
Researchers Expose 'Stupid Phisher Tricks'
News  |  1/29/2008  | 
Researchers discover that phishers aren't so good at covering their tracks and protecting their 'booty'
Researchers, Vendors Gear Up for Whaling Attacks
News  |  1/29/2008  | 
Increasingly sophisticated phishing exploits target top executives, wealthy end-users
Barracuda Responds to Trend Micro Lawsuit
News  |  1/29/2008  | 
Barracuda Networks defends free and open source software from patent threat by Trend Micro
Imperva Doubles Revenues, Customers
News  |  1/29/2008  | 
Imperva doubles revenues and customer base in 2007 to extend lead in application data security and compliance market
Lancope Reports Record Growth
News  |  1/29/2008  | 
Lancope dominates global network behavior analysis market in 2007; adoption of StealthWatch drives 100% growth for 2nd consecutive year
Akonix: IM Threats More Sophisticated
News  |  1/29/2008  | 
Akonix issues warnings on trends in instant messaging threat activity; publishes January IM threat report
Sourcefire to Hold Q4/Year-End Report Call
News  |  1/29/2008  | 
Sourcefire will release 4Q07 and full-year financial results after the market closes on February 27, 2008
One-Fourth of iPhones Hacked to Bypass AT&T
Quick Hits  |  1/29/2008  | 
Analyst estimates that 1 million iPhones have been 'unlocked'
Third Brigade Joins PCI SSC
News  |  1/29/2008  | 
Third Brigade announces that it has joined the PCI Security Standards Council as a participating organization
Abaca Launches Channel Program
News  |  1/29/2008  | 
Abaca launches comprehensive channel program designed to maximize partner success
Should Your IP Address Be Private?
Commentary  |  1/29/2008  | 
The European Union has just ruled that Spain's Telefonica SA doesn't have to hand over the identities of file sharers on its networks . At least, not simply because the allegedly aggrieved party asks for such information.

 
Whoops: $73 Billion In Fraudulent Trades Just Slipped By Us
Commentary  |  1/28/2008  | 
While there's no hard evidence yet released on what could prove to be one of the largest frauds in financial history, some details are starting to surface. It's my hunch that this case, other than its financial magnitude, will not prove much different than previous insider frauds.
Klocwork Rolls Out Insight
News  |  1/28/2008  | 
Klocwork Insight delivers innovative, patent-pending technology to empower the developer community
IronPort Upgrades Email Security Appliance
News  |  1/28/2008  | 
IronPort eases messaging administrator's workload with advanced M-Series security management appliance
IT Security Vs. Censorship
Commentary  |  1/28/2008  | 
In a memo distributed to employees, Tribune Co. owner Sam Zell called for all of Tribune's business units to yank the use of content filters. Now, I'm not sure anyone, myself included, would list content filters among their most favorite things. Yet, I'm not so sure Zell made a good move -- at least not for Tribune's IT security.
Google, NTT, & GSA Deploy SAML 2.0
News  |  1/28/2008  | 
Organizations leverage SAML 2.0 Liberty Federation to enable business services, meet regulatory requirements, and protect against fraud
Happy Data Privacy Day!
Commentary  |  1/28/2008  | 
We're less than a week away from finding out whether Punxsutawney Phil predicts six more weeks of winter. While we wait for him to make his annual weather forecast, we've got time to squeeze in another holiday. You may not be as familiar with this one -- there's no parades, gift-giving or time off from work. Frankly, it's a shame we have to acknowledge it at all. But it's a testament of the kind of world we live in. Today is Data Privacy Day.
Exploit Could Taint Forensics
News  |  1/28/2008  | 
Cross-site request forgery (CSRF) attack could falsely implicate an innocent user
Societe Generale: How Did It Happen?
News  |  1/28/2008  | 
Investigation continues as French bank and others try to figure out how a junior trader lost $7B
TriGeo Joins PCI Security Standards Council
News  |  1/28/2008  | 
TriGeo joins PCI Security Standards Council
Metasploit Gets User-Friendlier
News  |  1/28/2008  | 
Version 3.1 of the popular open hacking tool is available
Page 1 / 5   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.