Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2011
Page 1 / 4   >   >>
Data Leak Vulnerability In Android Gingerbread
Commentary  |  1/31/2011  | 
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Report: Noncompliance Much More Costly Than Compliance
News  |  1/31/2011  | 
Ponemon Institute study finds average cost of not complying with security regulations and policies is more than two-and-a-half times as high as what it costs to comply
Online Dating Site Breached
News  |  1/31/2011  | 
PlentyOfFish.com has been compromised and the company is blaming the messenger.
Windows Faces Zero Day MHTML Vulnerability
News  |  1/31/2011  | 
Microsoft releases temporary fix for bug that allows attackers to run malicious scripts on a user's computer via Internet Explorer.
Backup Deduplication 2.0 Needs Better RAID
Commentary  |  1/31/2011  | 
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Veracode Launches Free XSS Bug Scanning Service
News  |  1/31/2011  | 
Offering detects cross-site scripting flaws in Java applications, provides reports, remediation information
Trend Micro Unveils IBM Security Suite
News  |  1/31/2011  | 
ScanMail Suite for 64-bit Lotus Domino platforms uses a cloud-based database to detect threats, including those generated by URL-shortening services recently linked to the spread of malware.
Is Apple (Finally) Stepping Up Its Security Game?
Commentary  |  1/29/2011  | 
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Sony Wins Restraining Order Against Hacker
News  |  1/28/2011  | 
George Hotz, who gained notoriety by hacking the iPhone, was barred from distributing, creating, or marketing his technology for running unauthorized software on the PlayStation 3.
Hamilton Beach Reports Hack; Credit Card Data At Risk
Quick Hits  |  1/28/2011  | 
'Hacker code' rerouted order entry data to email addresses, company says
Vegas Casinos Face New Threat: Database Hackers
News  |  1/28/2011  | 
Crooks going after casinos' valuable player rewards databases, experts worry casinos ill-equipped to secure them
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
ISP Data Retention Doesn't Aid Crime Prosecution
News  |  1/28/2011  | 
German study finds that the laws haven't resulted in police filing a greater number of charges in serious cases.
Data-Leak Flaw Found In Newest Version Of Google Android
News  |  1/28/2011  | 
'Gingerbread,' or Version 2.3, contains similar flaw as previous versions
OpenLeaks Site Leaked Before Launch
News  |  1/27/2011  | 
The latest whistle-blowing Web site aims to avoid the most controversial aspects of Wikileaks.
Lab Discovers 50 Millionth Virus
Quick Hits  |  1/27/2011  | 
AV-Test's malware repository numbers illustrate the malware explosion
An Advanced Persistent Threat Reality Check
News  |  1/27/2011  | 
Prevention is often futile, so how you manage the aftermath of discovering an intrusion can make all the difference in proper remediation
Intel McAfee Acquisition Cleared By EU
News  |  1/27/2011  | 
European regulators have approved the $7.68 billion acquisition following commitments from Intel to not hamper competition in the security market.
A Glaring Lesson In Shared Passwords
News  |  1/27/2011  | 
Vodafone's embarrassing breach should serve as a wake-up call for enterprises that also engage in the dangerous practice of credential-sharing
Russia To NATO: Investigate Stuxnet
Commentary  |  1/27/2011  | 
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Facebook Boosts Security With SSL Encryption
News  |  1/27/2011  | 
Technology upgrade blocks Firesheep and eavesdropping attacks, but, for now, users must opt in.
BlackBerry Service Faces Ban In India
News  |  1/27/2011  | 
RIM says it is technically unable to comply with a request to give security officials in the South Asian country access to user data.
Anonymous Takes Aim At Egypt
Quick Hits  |  1/26/2011  | 
Online hacker group joins protests, launches DDoS attacks on Egyptian government sites
Researcher To Release Smartphone Botnet Proof-Of-Concept Code
News  |  1/26/2011  | 
Rootkit, SMS text messages used to build a botnet of smartphones
Justice Department Wants ISPs To Store More Data
News  |  1/26/2011  | 
Government investigators are finding that ISPs don't record enough about what their customers are doing.
Startup Offers Cloud-Based Security For The Cloud
News  |  1/26/2011  | 
'Halo' architecture from CloudPassage built for securing software-as-a-service offerings
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Facebook Founder's Fan Page Hacked
News  |  1/26/2011  | 
Rogue post on Mark Zuckerberg's page calls into question the social network's credibility that it takes site security seriously.
Intermedia Introduces Policy-Based Email Encryption
News  |  1/25/2011  | 
The addition to the cloud provider's hosted Exchange service is aimed at SMBs struggling to standardize email rules and compliance at the user level.
Lush Cosmetics Site Needs Makeover Following Hack
News  |  1/25/2011  | 
Company pulls down website; experts wonder why it took so long to respond
Proposed Nonprofit Would Bridge Law Enforcement, Enterprise Security Worlds
News  |  1/25/2011  | 
Organization aimed at translating business' breach experience and what information law enforcement needs to prosecute a case
Combating Conficker: What Worked, What Didn't
Quick Hits  |  1/25/2011  | 
Postmortem report looks at lessons learned from the Conficker Working Group's efforts to keep potentially massive and damaging botnet at bay
Secret Service Training Enhanced By 3D Gaming Tech
News  |  1/25/2011  | 
The Site Security Planning Tool will use virtual reality to help prepare agents for real-life threats.
Deduplication 2.0 - Recovery Performance
Commentary  |  1/25/2011  | 
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
Commentary  |  1/24/2011  | 
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
Twitter Worm Unleashes Fake AV Attack
News  |  1/24/2011  | 
Google's goo.gl link shortening service, as well as code obfuscation with RSA public key cryptography algorithm are spreading malicious links via a bogus antivirus campaign.
Active 'Darkness' DDoS Botnet's Tool Now Available For Free
News  |  1/24/2011  | 
Botnet has DDoS'ed an average of 1.5 victim sites per day, and about three per day in the fourth quarter of last year
Study: Facebook Is The Most Frequently Blocked Website At Work
Quick Hits  |  1/24/2011  | 
Ironically, social networking giant is also the second-most whitelisted site, OpenDNS study says
Mozilla, Google Propose Defenses Against Ad Tracking
News  |  1/24/2011  | 
Will self-regulation will be any more effective in the future than it has been in the past?
DoD, NATO Huddle On Cybersecurity
News  |  1/24/2011  | 
Deputy secretary of defense William Lynn is building a partnership on cyber defense with NATO and the European Union in meetings in Brussels.
Facebook Defends Security Practices
News  |  1/24/2011  | 
The social network responds to report alleging it puts the safety of its 650 million users at risk by not better securing third-party applications.
WikiLeaks Targeting P2P Networks?
Commentary  |  1/23/2011  | 
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
Mozilla Blocks Buggy Skype Toolbar
News  |  1/21/2011  | 
Responsible for over 40,000 Firefox crashes last week, the Skype Toolbar has been temporarily blocked.
Five Ways To Get Rational About Risk
News  |  1/21/2011  | 
Seat of the pants is no way to prioritize security spending and set project precedence. But that's exactly how some CISOs are doing business.
Widgets Are Prime Targets For Site Infection, Researcher Says
Quick Hits  |  1/21/2011  | 
Popular third-party site elements could be single point of infection, according to Dasient
Next-Generation Threats: The Inside Story
News  |  1/21/2011  | 
Cutting-edge attacks like Stuxnet and Zeus will be the everyday security challenges of tomorrow. Here's what you need to know.
Google Acknowledges Web Spam Complaints
News  |  1/21/2011  | 
Low-quality content has some Internet users worried about the relevance of Google search results.
Product Watch: NetWitness To Add Real-Time Malware Analysis
News  |  1/21/2011  | 
New tool assesses, scores, and prioritize risks from malware found in the enterprise
How Careful Do You Need To Be With Cloud Storage? - Security
Commentary  |  1/21/2011  | 
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Page 1 / 4   >   >>

Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ...
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address allows attackers in the local network to access multiple quagga VTYs. Attackers can...
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.