Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2009
Page 1 / 3   >   >>
Web Applications: Achilles' Heel Of Corporate Security
News  |  1/30/2009  | 
Custom-built software is more likely to garner an online attack and less likely to be disclosed in bug reports, IBM reveals.
Despite Economy, IT Security Salaries Are On The Rise
Quick Hits  |  1/30/2009  | 
Pay for certified security professionals is among the fastest-growing in IT, study says
Primary Storage's Three Faces
Commentary  |  1/30/2009  | 
Primary storage has three faces. There is active data and inactive data; both of these data sets actually consume space, which we can compress and then remove. Then there is the third face, with the capacity that is allocated but not in use. Each needs to be handled in a different way.
Account & Identity Mismanagement
Commentary  |  1/30/2009  | 
Companies' lack of proper identity management and account revocation never ceases to amaze me. Why aren't these things integrated with the human resources hiring process and subsequent exit procedure when an employee leaves or is fired?
Tech Insight: How to Pick The Right Web Application Vulnerability Scanner
News  |  1/30/2009  | 
There's more to a "black box" scanner than the number of vulnerabilities it can detect
Google Chrome Patch Released
Commentary  |  1/30/2009  | 
Google has released an important patch for its Chrome browwer. If you're running Chrome, patch now.
Fannie Mae Logic Bomb Makes Case For Strong IDM
Commentary  |  1/29/2009  | 
The indictment of an IT contractor working at Fannie Mae, who schemed to destroy the data on 4,000 servers, confirms what we know: bad economic times and layoffs are perilous, and identity and access management has never been more important.
Are We In A Tech 'War' With Russia?
Commentary  |  1/29/2009  | 
I was reading the withering comments Vladimir Putin made to Michael Dell in response to Dell's offer to help Russia. Though Putin is Russia's prime minister, he clearly is also the guy who is running the country. Reading between the lines, I think it is likely he is driving a technology w
IT Worker Indicted For Setting Malware Bomb At Fannie Mae
News  |  1/29/2009  | 
IT contractor deployed highly malicious script before his administrative rights were terminated
Report: Intellectual Property In Peril Worldwide
Quick Hits  |  1/29/2009  | 
Companies aren't sufficiently protecting their intellectual property in this global economy, suffering $1 trillion in losses last year, new McAfee report says
SQL Server Database Hack Tricks Forensics
News  |  1/29/2009  | 
Black Hat researcher will show how the bad guys can use a database's own features against it
Startup Of The Week: FireEye
News  |  1/29/2009  | 
FireEye deploys virtual victims to uncover new malware.
Click Fraud Rises As Economy Sinks
Commentary  |  1/29/2009  | 
Fake clicks on ad links are climbing as fast as the economy falls,up a full percentage point in the last three months of 2008, according to pay per click monitoring company Click Forensics.
Nokia Fixes 'Curse Of Silence' Exploit
News  |  1/28/2009  | 
The vulnerability could crash millions of Nokia handsets' SMS system with a single malformed text message.
Web Malware Infects Fast, Dies Young
News  |  1/28/2009  | 
The number of new infected Web sites grew by 66%, from 100,000 to 200,000 per day to 200,000 to 300,000 per day in the past three months, according to AVG Technologies.
The Inevitable Has Occurred: Heartland Payment Sued
Commentary  |  1/28/2009  | 
The payment processor Heartland Payment Systems just got served with a lawsuit over the allegedly massive data breach.
Microsoft SharePoint: A Weak Link In Enterprise Security?
News  |  1/28/2009  | 
Popular collaboration tool is easy to deploy, but hard to secure, experts say
Microsoft Study: Users Worry About Privacy But Know Little About Threats
News  |  1/28/2009  | 
The second annual International Data Privacy Day finds many users unaware of privacy controls at their disposal
Simulated Wi-Fi Worm Infects Thousands Of Routers Overnight
Quick Hits  |  1/28/2009  | 
University study demonstrates potential impact of virulent attack on Wi-Fi networks
Hardware Vendor-Induced Vulnerabilities
Commentary  |  1/28/2009  | 
During a recent penetration test, a friend encountered some really strange findings that he asked me to review. Several of the desktops located in one of the departments had a process listening on an ephemeral, nonstandard TCP port. He provided his Nmap and Nessus findings, which both reported an Apache Web server was running on this mysterious port. The fact they were all running Apache was cert
IE8 Security: Some Questions Answered, Others Raised
Commentary  |  1/28/2009  | 
Internet Explorer 8, which Microsoft has now labeled "Release Candidate 1," meaning it's ready to be tried out by (or on) the public, promises some leaps in browser security. Does it deliver? Yes and, depending on who you ask, not quite.
The Death Of PCI DSS? Don't Be Silly
Commentary  |  1/27/2009  | 
Yes, in the past year two big retailers, who were apparently compliant to the Payment Card Industry Data Security Standard, were breached. Does that mean PCI DSS has grown increasingly irrelevant? That's absurd.
Microsoft Study Finds Consumers Want Control Over Data
News  |  1/27/2009  | 
The software vendor's commissioned research will be revealed during a panel discussion with leaders from the California Office of Privacy Protection, Intel, and MySpace.
How To Celebrate Privacy Day (And How Not To)
Commentary  |  1/27/2009  | 
Wednesday, Jan. 28, has been designated International Data Privacy Day, and I'm still not sure how to celebrate. Should I invite all of my friends and family over, then go in the bathroom, lock the door, and make an entry in my personal diary? Or maybe we should all put on funny hats and go outside with noisemakers, screaming, "It's none of your friggin' business!!" Ah, those holiday traditions.
Former Energy Worker Admits Trying To Sell Nuclear Secrets
News  |  1/27/2009  | 
Janitor pleads guilty to offering next-generation nuclear materials to France in exchange for $200,000
Microsoft Releases Security-Enhanced Internet Explorer 8
News  |  1/27/2009  | 
Latest version of the browser adds clickjacking, cross-site scripting protection
NFS On VMware, Not NetApp's Sole Domain
Commentary  |  1/27/2009  | 
Using NFS to store and boot virtual machine images is becoming an attractive option, and for obvious reasons NetApp has been promoting the use of its solutions as the perfect complement to a VMware on NFS strategy. However, NFS isn't the sole domain of NetApp any longer. It now has company from a variety of vendors, including EMC, ONStor, BlueArc, and
Survey: Consumers, SMBs Slack On Privacy Protection
Quick Hits  |  1/27/2009  | 
One-third of U.S. and U.K. consumers and SMBs say they've lost USB sticks, and nearly three-fourths leave data unprotected overall
USB Drives Dropped Off With Laundry: Whole New Meaning For "Clean Data"
Commentary  |  1/27/2009  | 
9,000 USB drives were left in clothes dropped at UK dry cleaners last year. With numbers that high, you can bet that some, and maybe most, of those drives held private, sensitive, confidential data.
Software Piracy Places Everyone At Risk
Commentary  |  1/27/2009  | 
On Monday, the United States claimed victory in a World Trade Organization case against China for that country's alleged lax stance toward software piracy. What's that have to do with IT security? Plenty, as the recent Downadup outbreak, as well as a number of new Trojans to hit the Mac OS X platform, highlight.
Monster.com Hit With Possible Monster-Sized Data Breach
News  |  1/26/2009  | 
The company declined to cite the number of affected accounts, raising the possibility that every Monster user could be affected.
Monster.com Reports Another Breach Of Its User Database
News  |  1/26/2009  | 
Attackers accessed username and passwords, as well as email addresses and phone numbers, popular job-hunting site says
Mac OS X Trojan Found In Pirated Photoshop CS4
News  |  1/26/2009  | 
About 5,000 people have downloaded the OSX.Trojan.iServices.B-infected, unauthorized software from BitTorrent and other peer-to-peer networks.
Famed British Hacker Gets Another Stay On Extradition To U.S.
Quick Hits  |  1/26/2009  | 
Gary McKinnon now says he hacked 97 U.S. government computers because he was looking for UFOs
OS X Trojan Resurfaces In Photoshop CS4
Commentary  |  1/26/2009  | 
I guess too many people got wind of the iWork 09 Trial Trojan application that was circulating in some peer-to-peer networks. The bad guys have changed their strategy: they're now targeting people downloading pirated versions of Adobe Photoshop.
Get Your Pentesting Permission Slip
Commentary  |  1/26/2009  | 
As infosec professionals, we are often tasked with performing duties that would be considered illegal if we did not receive proper authorization beforehand. For example, if you were performing a penetration test against a system that you or your employer doesn't own, or for which you don't have authorization to access, then you could be violating a number of laws leading to termination and possible criminal prosecution.
Monster.Com Loses Millions MORE Job Seekers' Records
Commentary  |  1/26/2009  | 
Monster.com has been hacked again, with possibly millions of customer records -- including names, phone numbers, e-mails, passwords and more -- stolen from its obviously poorly protected database. The company's handling of the news of the breach (the third in less than two years!) is as sloppy as its security.
Netgear ProSecure Brand Launches With New Security Appliances
Commentary  |  1/26/2009  | 
Netgear -- well known for its networking products -- is moving into the SMB security arena with its new ProSecure brand and a new line of Security Threat Management (STM) Web and Email Threat Management Appliances.
Spread Of Downadup Worm, New Apple Mac Trojan
Commentary  |  1/25/2009  | 
Security firm Symantec notes that the Downadup worm has swept through China, Argentina, Taiwan, Brazil, India, Chile, and Russia. The infection doesn't even register in the United States. Why?
White House Web Site Revisits Privacy Policy
News  |  1/23/2009  | 
Staffers address privacy concerns after a 1-by-1-pixel image file loaded by Web page code for tracking purposes is revealed.
Report: Law Enforcement Closing In On Heartland Breach Perpetrator
News  |  1/23/2009  | 
Secret Service, DoJ reportedly pinpoint location of cybercriminal outside North America
Phishing Doesn't Pay, Microsoft Finds
News  |  1/23/2009  | 
Lured by bad math and get-rich-quick pipe dreams into a life of cybercrime, those phishing for dollars confront a problem not unlike that faced by traditional anglers: too few fish in the sea.
Journalism School 'Ricochets' Spam Messages
Commentary  |  1/23/2009  | 
If you get a message this weekend from RJICONTACTS as part of the Missouri School of Journalism, don't reply. It's the result of a mail server snafu.
Trojan Steals Cash From Symbian Phones
News  |  1/23/2009  | 
A Trojan targeting Indonesian Symbian users hijacks the SMS system to transfer funds from the user's account to one held by criminals.
Text Message Attack Steals Money From Bank Accounts
Quick Hits  |  1/23/2009  | 
New mobile phone Trojan discovered by Kaspersky Lab is similar to a banking Trojan targeting PCs, but does its dirty work via text message
U.K. Orders ISPs To Archive Private E-mail Records
News  |  1/23/2009  | 
Critics say the plan amounts to an unwarranted invasion of privacy.
Downadup Worm Infects 1 In 16 Of World's PCs, Adding A Million A Day
Commentary  |  1/23/2009  | 
The rapid (to say the least) spread of the Downadup (also known as Confickr) worm is getting worse fast, with security companies noting that one in every sixteen of the world's PCs is infected. And that number may be very conservative.
Cloud Storage Matures
Commentary  |  1/23/2009  | 
The cloud is becoming tangible and definable. Customers are beginning to store data on it and companies like Bycast, Cleversafe, Amazon and Nirvanix have real customers paying real money to use their products or services. Companies like EMC and HP are bringing legitimacy to the co
Trojan Attack Masquerades As Airline E-Ticket Notice
News  |  1/22/2009  | 
Realistic-looking email messages from Northwest, United actually bear data-stealing malware, researcher warns
The Trouble With Phishing
Commentary  |  1/22/2009  | 
Any person who is familiar with even the basics of modern computer threats will know the term phishing. It is an example of the more generic threat known as social engineering, or using psychology as a primary attack vehicle. In general, people tend to be trusting and helpful (although, of course, we can all quickly bring to mind those who are neither). Phishing and other social engineering attacks make use of these traits to trick computer users into giving up valuable information, fr
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
PUBLISHED: 2022-05-24
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
PUBLISHED: 2022-05-24
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
PUBLISHED: 2022-05-24
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
PUBLISHED: 2022-05-24
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.