Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2010
<<   <   Page 2 / 5   >   >>
Researcher: Flaws In Facebook App Authorization Could Lead To Clickjacking
News  |  1/20/2010  | 
Vulnerabilities could enable attackers to collect data on Facebook users and friends, Dhanjani says
Network Solutions Customers Hit By Web Defacement
News  |  1/20/2010  | 
Cyber attacks on Web sites are on the rise, the company says.
Emergency IE Patch Coming Thursday; Microsoft Warns Office Apps Can Also Be Used In Attacks
News  |  1/20/2010  | 
Security update covers attacks using IE, Office apps
Enterprise Data Taken To The Cleaners -- Literally
Quick Hits  |  1/20/2010  | 
Study of 100 U.K. dry cleaners finds more than 4,500 storage devices left in clothes in one year
User Security After The Google Hack
Commentary  |  1/20/2010  | 
Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.
Automated Tiering Methods
Commentary  |  1/20/2010  | 
A few entries ago we opened up the subject of Automated Tiering with an explanation of why the technology is becoming so needed. As this series of entries continues we will review various storage vendors specific approach to automated tiering, but first it is helpful to understand the common methods that are employed.
Global CIO: IBM CFO Offers 7 Key Insights In Earnings Analysis
Commentary  |  1/20/2010  | 
IBM's CFO sheds light on atypical opportunities, applications outsourcing, retail resurgence, business analytics, and more.
Global CIO: Dell And The Pursuit Of Google
Commentary  |  1/20/2010  | 
Huge buyers such as search engines have reshaped the top end of the server market. That's forced Dell to turn its traditional mass-market business model on its head.
What Data Discovery Tools Really Do
Commentary  |  1/20/2010  | 
Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.
Image Gallery: U.S. Cybersecurity Team Takes Shape
News  |  1/20/2010  | 
U.S. cybersecurity leadership is in transition, as cybersecurity coordinator Howard Schmidt and Lt. Gen. Keith Alexander of Cyber Command join others in protecting the nation's IT systems and information.
Report: DDoS Attacks Still Growing, But At Slower Rate
Quick Hits  |  1/19/2010  | 
Distributed denial-of-service attacks against network operators are becoming less brawny, more stealthy
7 Steps For Protecting Your Organization From 'Aurora'
News  |  1/19/2010  | 
Microsoft patch is imminent, but here's a checklist for locking down in the meantime
New Proxy Promises To Shield Users From Google Data Collection
News  |  1/19/2010  | 
GoogleSharing is an anonymizing proxy service that pools user search data, security researcher says
'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security
News  |  1/19/2010  | 
Microsoft plans possible emergency patch for exploit used in attacks on Google, others
Was Novell Too Quick To Use China/Google Incident To Disparage Cloud Computing?
Commentary  |  1/19/2010  | 
Had Novell's director of public relations Ian Bruce not responded to my blog post about Google's choice to change Gmail's default transmission mode from the less secure HTTP (Web) to the more secure and encrypted HTTPS (Secure Web), I would have never seen his own blog post on Novell's Web site entitled On Google, e-mail security, and cloud. But I'm gla
Wolfe's Den: IBM Patenting Airport Security Profiling Technology
Commentary  |  1/19/2010  | 
A dozen "secret" patent applications define a sophisticated scheme for airport terminal and perimeter protection, incorporating potential support for computer implementation of passenger behavioral profiling to detect security threats.
Global CIO: Oracle Foes Scurry To Curry Favor With Dictatorships
Commentary  |  1/17/2010  | 
Spurned by his former heartthrob heroes in the EU, MySQL's founder now sings the praises of Russia and China.
Global CIO: IBM Iowa's Birthday: IBM Gets $52M, But What Does Iowa Get?
Commentary  |  1/17/2010  | 
IBM promised 1,300 jobs for incentives of $52M but isn't releasing hiring figures. That's not right.
How Many (Sub) Zero-Day Attacks?
Commentary  |  1/17/2010  | 
We now know that one of the vectors used in the series of attacks against U.S. businesses was a zero-day vulnerability in Internet Explorer. Apparently, the way most of the world learned of this particular flaw was when it was actually used in these attacks. That's some powerful form of "disclosure," but how common is it?
Nothing New In Aurora Hack
Commentary  |  1/16/2010  | 
Attackers targeting victims through phishing e-mails that lure users to maliciously crafted Web sites is nothing new. But it does highlight the sophistication of the modern attacker.
Google Hack Code Released, Metasploit Exploit Now Available
News  |  1/16/2010  | 
Researchers now say there's no evidence infected PDFs were used in the targeted attacks originating from China on Google and other companies, but investigations continue
Other Targets In Google Cyber Attack Surface
News  |  1/15/2010  | 
The U.S. has formally asked Chinese officials for an explanation; China says it welcomes companies that obey the law.
How Not To Deploy SSL
Quick Hits  |  1/15/2010  | 
The most common missteps that lead to SSL security problems
Share Your New Security Innovations
Commentary  |  1/15/2010  | 
I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.
Tech Insight: Tools For Securing Your Smartphones
News  |  1/15/2010  | 
What major smartphone vendors provide from a security standpoint
Laptop Search Documents Revealed
News  |  1/15/2010  | 
Though some travelers object to border agents reading their e-mail and viewing their digital images, the government insists "they're like pages in a book" and defends its right to review them.
Product Watch: Voice Biometrics Service Adds Third Factor Of Authentication
News  |  1/15/2010  | 
PhoneFactor matches user's voice with 'voiceprint' when he logs in
Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property
News  |  1/15/2010  | 
Attackers used intelligence, custom malware to access Google, Adobe, and other U.S. companies' systems.
Disposing Of Primary Storage
Commentary  |  1/15/2010  | 
Every few years you are going to need to replace your enterprise storage system. A challenge that many storage managers face is what to do with the old system. Today you have laws that require you to make sure information is not readable when that storage leaves your walls and you have individuals that want to see what trouble they can dig up by resurrecting old systems.
IE Hole Enables "Most Sophisticated" Attacks Yet
Commentary  |  1/15/2010  | 
The latest critical vulnerability in Microsoft's Internet Explorer, tagged as the key vector in a series of corporate attacks over the past three weeks, is being exploited in what one security expert calls "the most sophisticated" attacks ever committed against commercial targets.
Global CIO: SAP Blows Huge Opportunity With Timid Support Changes
Commentary  |  1/15/2010  | 
SAP is overblowing its new support plan, which gives customers only marginally more choice.
Attackers Employed IE Zero-Day Against Google, Others
News  |  1/14/2010  | 
Microsoft issues workaround for the attack; McAfee christens the Chinese hacks 'Aurora'
Spam Tips For SMBs
Commentary  |  1/14/2010  | 
Sure, even the smallest companies need some sort of anit-spam solution. But that doesn't mean there aren't things you can do to reduce the amount of spam you get in the first place.
Google Attack Used Internet Explorer Flaw
News  |  1/14/2010  | 
McAfee Labs has identified a zero-day flaw in Internet Explorer and Microsoft has published a security advisory.
Lincoln National Discloses Breach Of 1.2 Million Customers
News  |  1/14/2010  | 
Shared-password vulnerability may have exposed personal information in online account management system
More Victims Of Chinese Hacking Attacks Come Forward
Quick Hits  |  1/14/2010  | 
Law firm that filed suit against China for intellectual property theft and a Web hosting service report attacks; news site hit by a DDoS out of China
Apple Drops In PC Vendor Rankings
News  |  1/14/2010  | 
Mac shipments fell to fifth place in the fourth quarter, but Apple likely outpaced rivals in profitability.
AMD Intros $99 DirectX 11 Graphics Card
News  |  1/14/2010  | 
The ATI Radeon HD 5670 gives low-priced desktops power to handle mainstream video game graphics.
Law Firm Suing China Hit By Cyber Attack
News  |  1/14/2010  | 
Targeted e-mail messages tried to trick recipients into clicking on malicious links.
SAP Introduces Two-Tiered Support
News  |  1/14/2010  | 
Bowing to customer complaints, the company has also frozen prices for existing Enterprise Support contracts at the 2009 level.
RealNetworks CEO To Step Down
News  |  1/14/2010  | 
Rob Glaser will remain chairman of the company's board.
Universities Agree Not To Promote Kindle DX
News  |  1/14/2010  | 
The schools have agreed with the Justice Department not to purchase, recommend, or promote e-book readers that aren't fully accessible to visually impaired people.
Kodak Sues Apple, RIM For Patent Breaches
News  |  1/14/2010  | 
Film and photography vendor claims iPhone, Blackberry rip off its digital imaging tech.
Gmail Traffic Now Encrypted By Default, But Will Organizations Heed The Shift?
Commentary  |  1/14/2010  | 
Kudos to the folks at Gmail who, in defaulting to a secure browser setting (as opposed to the previous insecure default) for sending and retrieving email, have decided to help users who may not know enough to help themselves. The new default (see screenshot below) tells the browser to access the Gmail service over HTTPS instead of the prior default, HTTP. This significant shift by Google is a reminder th
PC Market Rebounds In Q4
News  |  1/14/2010  | 
Personal computer shipments in 2009 rose 26.5% year-over-year, in the U.S. according to Gartner.
The Cybersecurity Czar's First Big Test
Commentary  |  1/14/2010  | 
I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.
Product Watch: NitroSecurity Integrates Log Management With SIEM
News  |  1/13/2010  | 
New offering adds geo-location tracking
Facebook Partners With McAfee For Security
News  |  1/13/2010  | 
A free six-month security software subscription arrives just as a new Facebook attack technique debuts.
Chinese Spy Agency Behind Google Cyber Attack, Report Claims
News  |  1/13/2010  | 
The cyber attacks that contributed to Google's reevaluation of its operations in China also hit 33 other companies.
Court Reinstates Music Antitrust Suit
News  |  1/13/2010  | 
The case accuses major record labels of price fixing in music downloads.
<<   <   Page 2 / 5   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.