News & Commentary

Content posted in October 2008
Page 1 / 4   >   >>
Vista Security Shines In Microsoft Report
News  |  10/31/2008  | 
Among browser-based attacks on computers, just 6% targeted Windows Vista machines while 42% targeted Windows XP, Microsoft disclosed in a security report.
Defense Intelligence Agency Fixes Risky Web Site Code
News  |  10/31/2008  | 
The presence of a call to execute JavaScript code that resides on a Statcounter.com server in Ireland provided a weak link in the security chain that could have been exploited.
Preventing USB Drives From Biting Back
Commentary  |  10/31/2008  | 
This week, the Florida Free Culture student club hosted a three-day event in which they helped secure student-owned computers at the University of Florida campus by cleaning up malware infections and installing the university site-licensed antivirus software. The event was designed not only to help secure student computers, but to also promote free and open source software by providing educational handouts and installing a variety of applications, including Firefox, Thunderbird, the Gimp, OpenOf
Recycled Storage Media Includes Confidential Data
Commentary  |  10/31/2008  | 
We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.
Antivirus 'Scareware' is Lucrative
News  |  10/31/2008  | 
Rogue antivirus software circulating on the Web potentially making top distributors millions of dollars a year
Trojan Caught Stealing Data From Hundreds of Thousands
Quick Hits  |  10/31/2008  | 
Sinowal has been capturing data for almost three years without leaving a trace, RSA says
SSDs Are Not Confusing
Commentary  |  10/31/2008  | 
Seems like every vendor I speak with is laying out its solid-state disk (SSD) strategy, and almost all say they're trying to help the customer through this confusing platform change. It's not confusing.
Cyber Attacks Targeting UK National Infrastructure
Commentary  |  10/30/2008  | 
A key U.K. IT security defense leader says that continuous cyberattacks are targeting U.K. businesses that work in the nation's critical infrastructure.
Recycled Tapes Yield Data On Former Owners
News  |  10/30/2008  | 
Study of 100 "recertified" tapes turns up sensitive data from major bank, hospital
New Phishing Attacks Target Legitimate Web Domain Owners
News  |  10/30/2008  | 
Phishing campaign could be fallout from pressure to shutter notorious registrar associated with spammers, cybercrime
IBM Fined $900,000 For Failing To Backup
Commentary  |  10/30/2008  | 
The Dallas Morning News reported that the state of Texas is fining IBM $900,000 for failing to make timely backups as part of an $863 million outsourcing contract. Gov. Rick Perry also suspended the transfer of additional state records into the IBM system, claiming the new system puts state agency data at risk.
Halloween Treats: Ghouls, Goblins And -- Backups!
Commentary  |  10/30/2008  | 
Maxell has a good, timely suggestion:in addition to traditional Halloween activities (whether allowed in your workplace or not) use Halloween as the day you begin (or re-commmit to) regular backups of your data.
Firefox Add-On Simulates Great Firewall Of China
News  |  10/30/2008  | 
The browser software connects to various Internet proxies inside China, putting the user through the same government supervision as Chinese Web surfers.
Survey: Most Americans Altering Online Behaviors Amid ID Theft Threat
Quick Hits  |  10/30/2008  | 
More than 40 percent say they surf only sites they know, and 20 percent have stopped or scaled back online shopping, according to a new National Cyber Security Alliance survey
What Horror Movies Can Teach Us About Disaster Recovery
Commentary  |  10/30/2008  | 
Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?
Insiders, After a Fashion
Quick Hits  |  10/30/2008  | 
Employees of a fashion trade show operation accused of hacking company data to build a side business of their own
Bono's Bikini Teens Perplex Facebook's Privacy
News  |  10/29/2008  | 
An American fashion student and her British friend's pose with the U2 front man call into question what kinds of rules should be standard on the social network.
Hack Turns Application Code Against Itself
News  |  10/29/2008  | 
New attack uses application flaws to force good code to go rogue
Memoryze This
Commentary  |  10/29/2008  | 
At the Hack in the Box security conference in Malaysia Wednesday, Mandiant's Peter Silberman announced the release of Mandiant's newest free tool for incident response and forensic investigations. The tool, Memoryze, is the latest memory analysis tool for first responders to consider adding to their toolkit for acquiring physical memory from running Windows systems. This summer, we saw the rele
Green Storage Is More Than Just Green Drives
Commentary  |  10/29/2008  | 
Most, if not all, the hard drive manufacturers have come out with green drives; drives that spin down or turn off. There are two problems with counting on green drives to reduce your power consumption; first, they are only one component in the storage solution, and second, there has to be intelligence for them to be used optimally.
SocNets May Boost Insecurity
Commentary  |  10/28/2008  | 
A new survey of IT managers shows that heavy use of social networks, such as Facebook, LinkedIn, and instant messaging may be strongly correlated to a higher number of security incidents.
Employees: Security Policies Are Unrealistic
Quick Hits  |  10/28/2008  | 
Many say they must break rules to get their jobs done
Economic Crisis May Be Boon For Cybercriminals, Experts Say
News  |  10/28/2008  | 
How the global financial crisis is affecting organized cybercrime
Social Networking Growth Grows Business Risks Too
Commentary  |  10/28/2008  | 
We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.
Security Weathering Economic Storm
News  |  10/28/2008  | 
Despite a flood of poor financial results, enterprises are finding the cash to fund security initiatives -- and even grow them
Dark Reading's New Look
Commentary  |  10/28/2008  | 
Take a close look at today's edition of Dark Reading. Notice anything different? Take a closer look. We think you'll like what you see. After nearly three years of bringing you the best -- and the scariest -- of security news and information, Dark Reading has undergone a bit of a makeover. The changes we're making aren't drastic, and, as with most new releases, we're not guaranteeing they'll all work perfectly right out of the box. But we
Microsoft Issues Emergency Advisory
Commentary  |  10/27/2008  | 
Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.
New Malware Technique Bypasses Traditional Defenses
News  |  10/27/2008  | 
Two UC San Diego students have demonstrated a way to turn good computer code into malicious instructions using a technique called "return-oriented programming."
Cutting Through E-Voting Debate Semantics
Commentary  |  10/27/2008  | 
The United Kingdom's government said unequivocably that the U.K. will not now, nor in the foreseeable future, adopt electronic voting.
Internet Apps & Social Networking Office Boom Linked to Breaches
News  |  10/27/2008  | 
New study finds that nearly all organizations have employees using Internet apps at work, and 60% use social networking at the office
Microsoft's 'Black Screen of Death' Patched...By Hackers
Commentary  |  10/27/2008  | 
Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death
E-Voting Complaints Heat Up With Early Voting
News  |  10/27/2008  | 
Some people also have complained that the touch screens are overly sensitive and do not separate the choices enough for voters to be sure they're activating the right selection.
Waiting On A Worm
Commentary  |  10/27/2008  | 
Waiting for the other shoe to drop: That's what I've been doing since last Thursday when Microsoft released the out-of-cycle MS08-067 bulletin and accompanying patches. It's more than a little nerve-wracking knowing that there is this vulnerability in machines within networks that you're responsible for but know that they can't all be patched right now due to various reasons and there is active exploitation of this vu
Economy Declines: Zombies Multiply And Spam Soars!
Commentary  |  10/27/2008  | 
Even as the economy plummets and economic projections tumble, quarterly threat reports show rapidly rising threats and another outright explosion in spam, according to Secure Computing's quarterly Internet threat report.
WiFi Availability Explodes, But Many Networks Remain Insecure
Quick Hits  |  10/27/2008  | 
RSA study indicates WiFi networks are growing, but security is still vulnerable
Are 'Green' Drives Really Green?
Commentary  |  10/27/2008  | 
The storage industry is often guilty of jumping on the bandwagon without giving the architecture much thought. We see this in solid state disk, data deduplication, and green drives. Are users really going to see decreased power consumption by deploying green drives? If so, is it going to be worth the effort of replacing your current systems?
Sandboxes and Surfing With Google Chrome
Commentary  |  10/27/2008  | 
Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today's web application users. As more businesses venture into the cloud, it's becoming increasingly important that your browser doesn't crash when you're creating reports in Google Docs or when you're video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each
T-Mobile G1 'Android' Smartphone Has Serious Security Flaw
Commentary  |  10/26/2008  | 
As if headlines haven't been bad enough lately, reading the New York Times' story on Saturday about the security flaw in Google's Android software didn't help cheer me up very much.
11 Steps to Safe WiFi
Commentary  |  10/26/2008  | 
Earlier, I argued that wireless adoption in the enterprise, is, for the most part, a bad idea. I was pleased to get several interesting comments on my post, with a bunch of good critiques. In particular, "edyahoo" raised the point that it is far easier to complain about problems than to present constructive help for people living with the technology. So, thanks to edyahoo for that, and here's a list of my re
The Root of Online Evils
Commentary  |  10/24/2008  | 
What if you could boil all of the Internet's problems down to a few original issues -- what would you do with that information? Would it even be useful? What if it might help predict future Internet-shaking issues? I was at a malware conference last week, and I heard two interesting tidbits about the origins of some of the more social issues we currently face. The first is the concept of spam. Spam as a concept is actually accredited to Montgomery Ward. That's right, you can blame them --
NAS Clusters, How Should You Couple?
Commentary  |  10/24/2008  | 
A split decision surrounds the use of tightly coupled or loosely coupled solutions. There aren't enough implemented cases yet available to make a determination on the best approach; the deployments that have been made aren't stretching either method to the point a real determination can be made.
FTC Pushes Back 'Red Flag' Deadline
Quick Hits  |  10/24/2008  | 
Companies have another six months to develop identity theft prevention programs
Tech Insight: Digital Forensics & Incident Response Go Live
News  |  10/24/2008  | 
New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Click Frauding Botnets On The Rise
Commentary  |  10/24/2008  | 
Around 16 percent of all advertising clicks were fraudulent over the last three months, according to industry watch-firm Click Forensics. That's about the same percentage as the last two quarters -- but an upclick in the number of fraudclicks coming from botnets indicates that things may be changing.
Microsoft's Emergency Patch
Commentary  |  10/23/2008  | 
I've received a number of e-mails, and held a few conversations, today with admins upset with Microsoft's atypical out-of-cycle patch. Newsflash: This was the right thing for the company to do.
Microsoft Releases Critical Out-Of-Band Update
Commentary  |  10/23/2008  | 
Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."
Data Breach? Who Ya Gonna Call?
News  |  10/23/2008  | 
Our latest CSI survey shows few organizations bring in law enforcement after an attack. That's bad policy.
Microsoft Releases Emergency Patch For Windows Vulnerability
News  |  10/23/2008  | 
The out-of-band security update addresses a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction.
Microsoft To Issue Emergency Security Patch On Thursday
News  |  10/23/2008  | 
The out-of-band bulletin will address a vulnerability (or more than one) that is rated "critical" for Windows 2000, Windows Server 2003, and Windows XP.
A Can't-Miss Event You Can't Miss
Commentary  |  10/23/2008  | 
Usually, if you miss an industry event, you're out of luck. As Dark Reading winds up today's big virtual security event, though, I suddenly realize -- it's not over yet. "Risk, Protection, and Access: Mastering Today's Security Threats," originally held on Oct. 23, was the first-ever virtual conference co-produced by Dark Reading and our big sister publication,
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.