News & Commentary

Content posted in January 2008
Page 1 / 5   >   >>
Does This Storage Make My Butt Look Big?
Commentary  |  1/31/2008  | 
This is a curious link to follow if you agree that women as storage buyers: A) Are aliens B) Constitute a completely different species C) Need to be spoken to like prostitutes (the "Pretty Woman" Julia Roberts kind, not that Theresa Russell sort)
Toward Buffer Overflow Extinction
Commentary  |  1/31/2008  | 
The first time a buffer overflow was used as part of an attack on information systems, at least the best I can find, was the infamous 1988 Morris worm. While the Morris worm propagated across Unix, buffer overflows have been the bane of Windows security for years. Microsoft is furthering its efforts to push this problem into the history books.
When Criminal Intent Lurks One Cube Away
Commentary  |  1/31/2008  | 
The ongoing Société Général fraud story is a case study in insider threats. The costs, north of $7 billion for the French bank, are high and likely to go higher. For the rest of us, it leaves an uneasy question: Do we have a rogue in our organization? And if so, what do we do about it?
Fortify Offers States Analysis
News  |  1/31/2008  | 
Secretaries of State are offered free source code analyzer to ensure security of state-owned electronic voting systems
Malware for Windows Is Widespread
News  |  1/31/2008  | 
BitDefender Lab's top 10 malware list for January reveals domination of malware exploiting Microsoft Windows Graphics
Spyware Threat Isn't Dead, Experts Say
News  |  1/31/2008  | 
Traditional spyware attacks being replaced by more clandestine, malware-style deployments
Startup Aims for Meatier Signatures
News  |  1/31/2008  | 
New technology promises more visibility into threats, fewer false positives
Stopping Google Blog Spam
News  |  1/31/2008  | 
Removing spam from your Google blog - in seven 'easy' steps
90% of Facebook Apps Have Unnecessary Access to Private Data
Quick Hits  |  1/31/2008  | 
Researcher is building a prototype to protect users' privacy from Facebook 'widgets'
Federal Government To Spend $30 Billion On New Security Efforts
Commentary  |  1/30/2008  | 
One of the most interesting IT security news stories to hit this week is that the Bush administration is apparently proposing $6 billion (maybe this is an increase on existing spending. That's not yet clear) be invested to shore up federal network security next year, and up to $30 billion across seven years. This is good news. Maybe.
The Four (Non) Myths Of IT Security
Commentary  |  1/30/2008  | 
Some of the reports and surveys security firm Symantec has provided over the years I've found both useful and informative. This most recent report, which hit today, isn't one of them.
Tizor Launches Discovery Service
News  |  1/30/2008  | 
Insight into potentially dangerous user behavior with data improves enterprise compliance and security initiatives
Lumension Rolls Out Security Configuration
News  |  1/30/2008  | 
Lumension Security unveils new configuration management to help organizations streamline compliance, improve posture, and reduce costs
Online Tax Service Selects EV SSL
News  |  1/30/2008  | 
Leading online tax filing service turns to VeriSign's Green Bar to ensure trust at tax time
8e6 Technologies Reports Growth in 2007
News  |  1/30/2008  | 
Leader in Internet filtering and reporting expands strategic channel partnerships and European presence for continued growth in 2008
MessageLabs Releases Jan. Spam Report
News  |  1/30/2008  | 
MessageLabs intelligence: spammers exploit new year diffidence - financial uncertainties and personal insecurities
Paper Outlines Methods for Beating Anonymity Technology
News  |  1/30/2008  | 
University professor postulates multiple methods for collecting data on 'anonymous' users
'L0pht ' Reunion on Tap
News  |  1/30/2008  | 
Famed and controversial '90s hacker group plans on-stage get-together in March in Boston
Real Estate Investment Trusts Deploys NAC
News  |  1/30/2008  | 
One of nation's largest real estate investment trusts deploys Mirage Networks to protect against zeroday threats
IR for the Enterprise
News  |  1/30/2008  | 
Mandiant's new incident response appliance carries a big price tag, but comes with heavy-duty features
11 Truths We Hate to Admit
News  |  1/30/2008  | 
To get better, we need to admit we have a few problems
Real Men Don't Fear the Web
Quick Hits  |  1/30/2008  | 
Study reveals 'macho factor' in online security as many males express overconfidence in their system integrity
Are You SCAP Ready?
Commentary  |  1/29/2008  | 
In case you missed it, about a year ago the Office of Management and Budget issued policy memorandum M-07-11, aka the Implementation of Commonly Accepted Security Configurations for Windows Operating Systems. Essentially, this mandates that all federal agency systems must adhere to the Federal Desktop Core Configuration (FDCC) by February 2008. That's this Friday.
Free Identity Theft Webinar Tomorrow
Commentary  |  1/29/2008  | 
This week's release of a new report on Identity Theft (and strategies for avoiding and combating it) will be accompanied by an online Identity Theft Webinar tomorrow, Thursday, January 31, at 2 pm EST.
Reflex Security Now Supports XenServer
News  |  1/29/2008  | 
Reflex Security announces reflex VSA support for Citrix XenServer; leading virtual security solution secures virtual server environment
Point. Click. Phish.
Commentary  |  1/29/2008  | 
Are you ready to launch your own phishing scam, but don't know where to start? Too tired from your day job to copy write your own fraudulent e-mails? Or, are you like millions of others who just don't know how to leverage Facebook or Orkut for illicit profit? These are no longer problems for you.
Researchers Expose 'Stupid Phisher Tricks'
News  |  1/29/2008  | 
Researchers discover that phishers aren't so good at covering their tracks and protecting their 'booty'
Researchers, Vendors Gear Up for Whaling Attacks
News  |  1/29/2008  | 
Increasingly sophisticated phishing exploits target top executives, wealthy end-users
Barracuda Responds to Trend Micro Lawsuit
News  |  1/29/2008  | 
Barracuda Networks defends free and open source software from patent threat by Trend Micro
Imperva Doubles Revenues, Customers
News  |  1/29/2008  | 
Imperva doubles revenues and customer base in 2007 to extend lead in application data security and compliance market
Lancope Reports Record Growth
News  |  1/29/2008  | 
Lancope dominates global network behavior analysis market in 2007; adoption of StealthWatch drives 100% growth for 2nd consecutive year
Akonix: IM Threats More Sophisticated
News  |  1/29/2008  | 
Akonix issues warnings on trends in instant messaging threat activity; publishes January IM threat report
Sourcefire to Hold Q4/Year-End Report Call
News  |  1/29/2008  | 
Sourcefire will release 4Q07 and full-year financial results after the market closes on February 27, 2008
One-Fourth of iPhones Hacked to Bypass AT&T
Quick Hits  |  1/29/2008  | 
Analyst estimates that 1 million iPhones have been 'unlocked'
Third Brigade Joins PCI SSC
News  |  1/29/2008  | 
Third Brigade announces that it has joined the PCI Security Standards Council as a participating organization
Abaca Launches Channel Program
News  |  1/29/2008  | 
Abaca launches comprehensive channel program designed to maximize partner success
Should Your IP Address Be Private?
Commentary  |  1/29/2008  | 
The European Union has just ruled that Spain's Telefonica SA doesn't have to hand over the identities of file sharers on its networks . At least, not simply because the allegedly aggrieved party asks for such information.

 
Whoops: $73 Billion In Fraudulent Trades Just Slipped By Us
Commentary  |  1/28/2008  | 
While there's no hard evidence yet released on what could prove to be one of the largest frauds in financial history, some details are starting to surface. It's my hunch that this case, other than its financial magnitude, will not prove much different than previous insider frauds.
Klocwork Rolls Out Insight
News  |  1/28/2008  | 
Klocwork Insight delivers innovative, patent-pending technology to empower the developer community
IronPort Upgrades Email Security Appliance
News  |  1/28/2008  | 
IronPort eases messaging administrator's workload with advanced M-Series security management appliance
IT Security Vs. Censorship
Commentary  |  1/28/2008  | 
In a memo distributed to employees, Tribune Co. owner Sam Zell called for all of Tribune's business units to yank the use of content filters. Now, I'm not sure anyone, myself included, would list content filters among their most favorite things. Yet, I'm not so sure Zell made a good move -- at least not for Tribune's IT security.
Google, NTT, & GSA Deploy SAML 2.0
News  |  1/28/2008  | 
Organizations leverage SAML 2.0 Liberty Federation to enable business services, meet regulatory requirements, and protect against fraud
Happy Data Privacy Day!
Commentary  |  1/28/2008  | 
We're less than a week away from finding out whether Punxsutawney Phil predicts six more weeks of winter. While we wait for him to make his annual weather forecast, we've got time to squeeze in another holiday. You may not be as familiar with this one -- there's no parades, gift-giving or time off from work. Frankly, it's a shame we have to acknowledge it at all. But it's a testament of the kind of world we live in. Today is Data Privacy Day.
Exploit Could Taint Forensics
News  |  1/28/2008  | 
Cross-site request forgery (CSRF) attack could falsely implicate an innocent user
Societe Generale: How Did It Happen?
News  |  1/28/2008  | 
Investigation continues as French bank and others try to figure out how a junior trader lost $7B
TriGeo Joins PCI Security Standards Council
News  |  1/28/2008  | 
TriGeo joins PCI Security Standards Council
Metasploit Gets User-Friendlier
News  |  1/28/2008  | 
Version 3.1 of the popular open hacking tool is available
Page 1 / 5   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.