News & Commentary

Content posted in January 2009
Page 1 / 3   >   >>
Web Applications: Achilles' Heel Of Corporate Security
News  |  1/30/2009  | 
Custom-built software is more likely to garner an online attack and less likely to be disclosed in bug reports, IBM reveals.
Despite Economy, IT Security Salaries Are On The Rise
Quick Hits  |  1/30/2009  | 
Pay for certified security professionals is among the fastest-growing in IT, study says
Primary Storage's Three Faces
Commentary  |  1/30/2009  | 
Primary storage has three faces. There is active data and inactive data; both of these data sets actually consume space, which we can compress and then remove. Then there is the third face, with the capacity that is allocated but not in use. Each needs to be handled in a different way.
Account & Identity Mismanagement
Commentary  |  1/30/2009  | 
Companies' lack of proper identity management and account revocation never ceases to amaze me. Why aren't these things integrated with the human resources hiring process and subsequent exit procedure when an employee leaves or is fired?
Tech Insight: How to Pick The Right Web Application Vulnerability Scanner
News  |  1/30/2009  | 
There's more to a "black box" scanner than the number of vulnerabilities it can detect
Google Chrome Patch Released
Commentary  |  1/30/2009  | 
Google has released an important patch for its Chrome browwer. If you're running Chrome, patch now.
Fannie Mae Logic Bomb Makes Case For Strong IDM
Commentary  |  1/29/2009  | 
The indictment of an IT contractor working at Fannie Mae, who schemed to destroy the data on 4,000 servers, confirms what we know: bad economic times and layoffs are perilous, and identity and access management has never been more important.
Are We In A Tech 'War' With Russia?
Commentary  |  1/29/2009  | 
I was reading the withering comments Vladimir Putin made to Michael Dell in response to Dell's offer to help Russia. Though Putin is Russia's prime minister, he clearly is also the guy who is running the country. Reading between the lines, I think it is likely he is driving a technology w
IT Worker Indicted For Setting Malware Bomb At Fannie Mae
News  |  1/29/2009  | 
IT contractor deployed highly malicious script before his administrative rights were terminated
Report: Intellectual Property In Peril Worldwide
Quick Hits  |  1/29/2009  | 
Companies aren't sufficiently protecting their intellectual property in this global economy, suffering $1 trillion in losses last year, new McAfee report says
SQL Server Database Hack Tricks Forensics
News  |  1/29/2009  | 
Black Hat researcher will show how the bad guys can use a database's own features against it
Startup Of The Week: FireEye
News  |  1/29/2009  | 
FireEye deploys virtual victims to uncover new malware.
Click Fraud Rises As Economy Sinks
Commentary  |  1/29/2009  | 
Fake clicks on ad links are climbing as fast as the economy falls,up a full percentage point in the last three months of 2008, according to pay per click monitoring company Click Forensics.
Nokia Fixes 'Curse Of Silence' Exploit
News  |  1/28/2009  | 
The vulnerability could crash millions of Nokia handsets' SMS system with a single malformed text message.
Web Malware Infects Fast, Dies Young
News  |  1/28/2009  | 
The number of new infected Web sites grew by 66%, from 100,000 to 200,000 per day to 200,000 to 300,000 per day in the past three months, according to AVG Technologies.
The Inevitable Has Occurred: Heartland Payment Sued
Commentary  |  1/28/2009  | 
The payment processor Heartland Payment Systems just got served with a lawsuit over the allegedly massive data breach.
Microsoft SharePoint: A Weak Link In Enterprise Security?
News  |  1/28/2009  | 
Popular collaboration tool is easy to deploy, but hard to secure, experts say
Microsoft Study: Users Worry About Privacy But Know Little About Threats
News  |  1/28/2009  | 
The second annual International Data Privacy Day finds many users unaware of privacy controls at their disposal
Simulated Wi-Fi Worm Infects Thousands Of Routers Overnight
Quick Hits  |  1/28/2009  | 
University study demonstrates potential impact of virulent attack on Wi-Fi networks
Hardware Vendor-Induced Vulnerabilities
Commentary  |  1/28/2009  | 
During a recent penetration test, a friend encountered some really strange findings that he asked me to review. Several of the desktops located in one of the departments had a process listening on an ephemeral, nonstandard TCP port. He provided his Nmap and Nessus findings, which both reported an Apache Web server was running on this mysterious port. The fact they were all running Apache was cert
IE8 Security: Some Questions Answered, Others Raised
Commentary  |  1/28/2009  | 
Internet Explorer 8, which Microsoft has now labeled "Release Candidate 1," meaning it's ready to be tried out by (or on) the public, promises some leaps in browser security. Does it deliver? Yes and, depending on who you ask, not quite.
The Death Of PCI DSS? Don't Be Silly
Commentary  |  1/27/2009  | 
Yes, in the past year two big retailers, who were apparently compliant to the Payment Card Industry Data Security Standard, were breached. Does that mean PCI DSS has grown increasingly irrelevant? That's absurd.
Microsoft Study Finds Consumers Want Control Over Data
News  |  1/27/2009  | 
The software vendor's commissioned research will be revealed during a panel discussion with leaders from the California Office of Privacy Protection, Intel, and MySpace.
How To Celebrate Privacy Day (And How Not To)
Commentary  |  1/27/2009  | 
Wednesday, Jan. 28, has been designated International Data Privacy Day, and I'm still not sure how to celebrate. Should I invite all of my friends and family over, then go in the bathroom, lock the door, and make an entry in my personal diary? Or maybe we should all put on funny hats and go outside with noisemakers, screaming, "It's none of your friggin' business!!" Ah, those holiday traditions.
Former Energy Worker Admits Trying To Sell Nuclear Secrets
News  |  1/27/2009  | 
Janitor pleads guilty to offering next-generation nuclear materials to France in exchange for $200,000
Microsoft Releases Security-Enhanced Internet Explorer 8
News  |  1/27/2009  | 
Latest version of the browser adds clickjacking, cross-site scripting protection
NFS On VMware, Not NetApp's Sole Domain
Commentary  |  1/27/2009  | 
Using NFS to store and boot virtual machine images is becoming an attractive option, and for obvious reasons NetApp has been promoting the use of its solutions as the perfect complement to a VMware on NFS strategy. However, NFS isn't the sole domain of NetApp any longer. It now has company from a variety of vendors, including EMC, ONStor, BlueArc, and
Survey: Consumers, SMBs Slack On Privacy Protection
Quick Hits  |  1/27/2009  | 
One-third of U.S. and U.K. consumers and SMBs say they've lost USB sticks, and nearly three-fourths leave data unprotected overall
USB Drives Dropped Off With Laundry: Whole New Meaning For "Clean Data"
Commentary  |  1/27/2009  | 
9,000 USB drives were left in clothes dropped at UK dry cleaners last year. With numbers that high, you can bet that some, and maybe most, of those drives held private, sensitive, confidential data.
Software Piracy Places Everyone At Risk
Commentary  |  1/27/2009  | 
On Monday, the United States claimed victory in a World Trade Organization case against China for that country's alleged lax stance toward software piracy. What's that have to do with IT security? Plenty, as the recent Downadup outbreak, as well as a number of new Trojans to hit the Mac OS X platform, highlight.
Monster.com Hit With Possible Monster-Sized Data Breach
News  |  1/26/2009  | 
The company declined to cite the number of affected accounts, raising the possibility that every Monster user could be affected.
Monster.com Reports Another Breach Of Its User Database
News  |  1/26/2009  | 
Attackers accessed username and passwords, as well as email addresses and phone numbers, popular job-hunting site says
Mac OS X Trojan Found In Pirated Photoshop CS4
News  |  1/26/2009  | 
About 5,000 people have downloaded the OSX.Trojan.iServices.B-infected, unauthorized software from BitTorrent and other peer-to-peer networks.
Famed British Hacker Gets Another Stay On Extradition To U.S.
Quick Hits  |  1/26/2009  | 
Gary McKinnon now says he hacked 97 U.S. government computers because he was looking for UFOs
OS X Trojan Resurfaces In Photoshop CS4
Commentary  |  1/26/2009  | 
I guess too many people got wind of the iWork 09 Trial Trojan application that was circulating in some peer-to-peer networks. The bad guys have changed their strategy: they're now targeting people downloading pirated versions of Adobe Photoshop.
Get Your Pentesting Permission Slip
Commentary  |  1/26/2009  | 
As infosec professionals, we are often tasked with performing duties that would be considered illegal if we did not receive proper authorization beforehand. For example, if you were performing a penetration test against a system that you or your employer doesn't own, or for which you don't have authorization to access, then you could be violating a number of laws leading to termination and possible criminal prosecution.
Monster.Com Loses Millions MORE Job Seekers' Records
Commentary  |  1/26/2009  | 
Monster.com has been hacked again, with possibly millions of customer records -- including names, phone numbers, e-mails, passwords and more -- stolen from its obviously poorly protected database. The company's handling of the news of the breach (the third in less than two years!) is as sloppy as its security.
Netgear ProSecure Brand Launches With New Security Appliances
Commentary  |  1/26/2009  | 
Netgear -- well known for its networking products -- is moving into the SMB security arena with its new ProSecure brand and a new line of Security Threat Management (STM) Web and Email Threat Management Appliances.
Spread Of Downadup Worm, New Apple Mac Trojan
Commentary  |  1/25/2009  | 
Security firm Symantec notes that the Downadup worm has swept through China, Argentina, Taiwan, Brazil, India, Chile, and Russia. The infection doesn't even register in the United States. Why?
White House Web Site Revisits Privacy Policy
News  |  1/23/2009  | 
Staffers address privacy concerns after a 1-by-1-pixel image file loaded by Web page code for tracking purposes is revealed.
Report: Law Enforcement Closing In On Heartland Breach Perpetrator
News  |  1/23/2009  | 
Secret Service, DoJ reportedly pinpoint location of cybercriminal outside North America
Phishing Doesn't Pay, Microsoft Finds
News  |  1/23/2009  | 
Lured by bad math and get-rich-quick pipe dreams into a life of cybercrime, those phishing for dollars confront a problem not unlike that faced by traditional anglers: too few fish in the sea.
Journalism School 'Ricochets' Spam Messages
Commentary  |  1/23/2009  | 
If you get a message this weekend from RJICONTACTS as part of the Missouri School of Journalism, don't reply. It's the result of a mail server snafu.
Trojan Steals Cash From Symbian Phones
News  |  1/23/2009  | 
A Trojan targeting Indonesian Symbian users hijacks the SMS system to transfer funds from the user's account to one held by criminals.
Text Message Attack Steals Money From Bank Accounts
Quick Hits  |  1/23/2009  | 
New mobile phone Trojan discovered by Kaspersky Lab is similar to a banking Trojan targeting PCs, but does its dirty work via text message
U.K. Orders ISPs To Archive Private E-mail Records
News  |  1/23/2009  | 
Critics say the plan amounts to an unwarranted invasion of privacy.
Downadup Worm Infects 1 In 16 Of World's PCs, Adding A Million A Day
Commentary  |  1/23/2009  | 
The rapid (to say the least) spread of the Downadup (also known as Confickr) worm is getting worse fast, with security companies noting that one in every sixteen of the world's PCs is infected. And that number may be very conservative.
Cloud Storage Matures
Commentary  |  1/23/2009  | 
The cloud is becoming tangible and definable. Customers are beginning to store data on it and companies like Bycast, Cleversafe, Amazon and Nirvanix have real customers paying real money to use their products or services. Companies like EMC and HP are bringing legitimacy to the co
Trojan Attack Masquerades As Airline E-Ticket Notice
News  |  1/22/2009  | 
Realistic-looking email messages from Northwest, United actually bear data-stealing malware, researcher warns
The Trouble With Phishing
Commentary  |  1/22/2009  | 
Any person who is familiar with even the basics of modern computer threats will know the term phishing. It is an example of the more generic threat known as social engineering, or using psychology as a primary attack vehicle. In general, people tend to be trusting and helpful (although, of course, we can all quickly bring to mind those who are neither). Phishing and other social engineering attacks make use of these traits to trick computer users into giving up valuable information, fr
Page 1 / 3   >   >>


Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.