Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2008
Page 1 / 4   >   >>
Vista Security Shines In Microsoft Report
News  |  10/31/2008  | 
Among browser-based attacks on computers, just 6% targeted Windows Vista machines while 42% targeted Windows XP, Microsoft disclosed in a security report.
Defense Intelligence Agency Fixes Risky Web Site Code
News  |  10/31/2008  | 
The presence of a call to execute JavaScript code that resides on a Statcounter.com server in Ireland provided a weak link in the security chain that could have been exploited.
Preventing USB Drives From Biting Back
Commentary  |  10/31/2008  | 
This week, the Florida Free Culture student club hosted a three-day event in which they helped secure student-owned computers at the University of Florida campus by cleaning up malware infections and installing the university site-licensed antivirus software. The event was designed not only to help secure student computers, but to also promote free and open source software by providing educational handouts and installing a variety of applications, including Firefox, Thunderbird, the Gimp, OpenOf
Recycled Storage Media Includes Confidential Data
Commentary  |  10/31/2008  | 
We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.
Antivirus 'Scareware' is Lucrative
News  |  10/31/2008  | 
Rogue antivirus software circulating on the Web potentially making top distributors millions of dollars a year
Trojan Caught Stealing Data From Hundreds of Thousands
Quick Hits  |  10/31/2008  | 
Sinowal has been capturing data for almost three years without leaving a trace, RSA says
SSDs Are Not Confusing
Commentary  |  10/31/2008  | 
Seems like every vendor I speak with is laying out its solid-state disk (SSD) strategy, and almost all say they're trying to help the customer through this confusing platform change. It's not confusing.
Cyber Attacks Targeting UK National Infrastructure
Commentary  |  10/30/2008  | 
A key U.K. IT security defense leader says that continuous cyberattacks are targeting U.K. businesses that work in the nation's critical infrastructure.
Recycled Tapes Yield Data On Former Owners
News  |  10/30/2008  | 
Study of 100 "recertified" tapes turns up sensitive data from major bank, hospital
New Phishing Attacks Target Legitimate Web Domain Owners
News  |  10/30/2008  | 
Phishing campaign could be fallout from pressure to shutter notorious registrar associated with spammers, cybercrime
IBM Fined $900,000 For Failing To Backup
Commentary  |  10/30/2008  | 
The Dallas Morning News reported that the state of Texas is fining IBM $900,000 for failing to make timely backups as part of an $863 million outsourcing contract. Gov. Rick Perry also suspended the transfer of additional state records into the IBM system, claiming the new system puts state agency data at risk.
Halloween Treats: Ghouls, Goblins And -- Backups!
Commentary  |  10/30/2008  | 
Maxell has a good, timely suggestion:in addition to traditional Halloween activities (whether allowed in your workplace or not) use Halloween as the day you begin (or re-commmit to) regular backups of your data.
Firefox Add-On Simulates Great Firewall Of China
News  |  10/30/2008  | 
The browser software connects to various Internet proxies inside China, putting the user through the same government supervision as Chinese Web surfers.
Survey: Most Americans Altering Online Behaviors Amid ID Theft Threat
Quick Hits  |  10/30/2008  | 
More than 40 percent say they surf only sites they know, and 20 percent have stopped or scaled back online shopping, according to a new National Cyber Security Alliance survey
What Horror Movies Can Teach Us About Disaster Recovery
Commentary  |  10/30/2008  | 
Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?
Insiders, After a Fashion
Quick Hits  |  10/30/2008  | 
Employees of a fashion trade show operation accused of hacking company data to build a side business of their own
Bono's Bikini Teens Perplex Facebook's Privacy
News  |  10/29/2008  | 
An American fashion student and her British friend's pose with the U2 front man call into question what kinds of rules should be standard on the social network.
Hack Turns Application Code Against Itself
News  |  10/29/2008  | 
New attack uses application flaws to force good code to go rogue
Memoryze This
Commentary  |  10/29/2008  | 
At the Hack in the Box security conference in Malaysia Wednesday, Mandiant's Peter Silberman announced the release of Mandiant's newest free tool for incident response and forensic investigations. The tool, Memoryze, is the latest memory analysis tool for first responders to consider adding to their toolkit for acquiring physical memory from running Windows systems. This summer, we saw the rele
Green Storage Is More Than Just Green Drives
Commentary  |  10/29/2008  | 
Most, if not all, the hard drive manufacturers have come out with green drives; drives that spin down or turn off. There are two problems with counting on green drives to reduce your power consumption; first, they are only one component in the storage solution, and second, there has to be intelligence for them to be used optimally.
SocNets May Boost Insecurity
Commentary  |  10/28/2008  | 
A new survey of IT managers shows that heavy use of social networks, such as Facebook, LinkedIn, and instant messaging may be strongly correlated to a higher number of security incidents.
Employees: Security Policies Are Unrealistic
Quick Hits  |  10/28/2008  | 
Many say they must break rules to get their jobs done
Economic Crisis May Be Boon For Cybercriminals, Experts Say
News  |  10/28/2008  | 
How the global financial crisis is affecting organized cybercrime
Social Networking Growth Grows Business Risks Too
Commentary  |  10/28/2008  | 
We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.
Security Weathering Economic Storm
News  |  10/28/2008  | 
Despite a flood of poor financial results, enterprises are finding the cash to fund security initiatives -- and even grow them
Dark Reading's New Look
Commentary  |  10/28/2008  | 
Take a close look at today's edition of Dark Reading. Notice anything different? Take a closer look. We think you'll like what you see. After nearly three years of bringing you the best -- and the scariest -- of security news and information, Dark Reading has undergone a bit of a makeover. The changes we're making aren't drastic, and, as with most new releases, we're not guaranteeing they'll all work perfectly right out of the box. But we
Microsoft Issues Emergency Advisory
Commentary  |  10/27/2008  | 
Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.
New Malware Technique Bypasses Traditional Defenses
News  |  10/27/2008  | 
Two UC San Diego students have demonstrated a way to turn good computer code into malicious instructions using a technique called "return-oriented programming."
Cutting Through E-Voting Debate Semantics
Commentary  |  10/27/2008  | 
The United Kingdom's government said unequivocably that the U.K. will not now, nor in the foreseeable future, adopt electronic voting.
Internet Apps & Social Networking Office Boom Linked to Breaches
News  |  10/27/2008  | 
New study finds that nearly all organizations have employees using Internet apps at work, and 60% use social networking at the office
Microsoft's 'Black Screen of Death' Patched...By Hackers
Commentary  |  10/27/2008  | 
Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death
E-Voting Complaints Heat Up With Early Voting
News  |  10/27/2008  | 
Some people also have complained that the touch screens are overly sensitive and do not separate the choices enough for voters to be sure they're activating the right selection.
Waiting On A Worm
Commentary  |  10/27/2008  | 
Waiting for the other shoe to drop: That's what I've been doing since last Thursday when Microsoft released the out-of-cycle MS08-067 bulletin and accompanying patches. It's more than a little nerve-wracking knowing that there is this vulnerability in machines within networks that you're responsible for but know that they can't all be patched right now due to various reasons and there is active exploitation of this vu
Economy Declines: Zombies Multiply And Spam Soars!
Commentary  |  10/27/2008  | 
Even as the economy plummets and economic projections tumble, quarterly threat reports show rapidly rising threats and another outright explosion in spam, according to Secure Computing's quarterly Internet threat report.
WiFi Availability Explodes, But Many Networks Remain Insecure
Quick Hits  |  10/27/2008  | 
RSA study indicates WiFi networks are growing, but security is still vulnerable
Are 'Green' Drives Really Green?
Commentary  |  10/27/2008  | 
The storage industry is often guilty of jumping on the bandwagon without giving the architecture much thought. We see this in solid state disk, data deduplication, and green drives. Are users really going to see decreased power consumption by deploying green drives? If so, is it going to be worth the effort of replacing your current systems?
Sandboxes and Surfing With Google Chrome
Commentary  |  10/27/2008  | 
Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today's web application users. As more businesses venture into the cloud, it's becoming increasingly important that your browser doesn't crash when you're creating reports in Google Docs or when you're video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each
T-Mobile G1 'Android' Smartphone Has Serious Security Flaw
Commentary  |  10/26/2008  | 
As if headlines haven't been bad enough lately, reading the New York Times' story on Saturday about the security flaw in Google's Android software didn't help cheer me up very much.
11 Steps to Safe WiFi
Commentary  |  10/26/2008  | 
Earlier, I argued that wireless adoption in the enterprise, is, for the most part, a bad idea. I was pleased to get several interesting comments on my post, with a bunch of good critiques. In particular, "edyahoo" raised the point that it is far easier to complain about problems than to present constructive help for people living with the technology. So, thanks to edyahoo for that, and here's a list of my re
The Root of Online Evils
Commentary  |  10/24/2008  | 
What if you could boil all of the Internet's problems down to a few original issues -- what would you do with that information? Would it even be useful? What if it might help predict future Internet-shaking issues? I was at a malware conference last week, and I heard two interesting tidbits about the origins of some of the more social issues we currently face. The first is the concept of spam. Spam as a concept is actually accredited to Montgomery Ward. That's right, you can blame them --
NAS Clusters, How Should You Couple?
Commentary  |  10/24/2008  | 
A split decision surrounds the use of tightly coupled or loosely coupled solutions. There aren't enough implemented cases yet available to make a determination on the best approach; the deployments that have been made aren't stretching either method to the point a real determination can be made.
FTC Pushes Back 'Red Flag' Deadline
Quick Hits  |  10/24/2008  | 
Companies have another six months to develop identity theft prevention programs
Tech Insight: Digital Forensics & Incident Response Go Live
News  |  10/24/2008  | 
New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Click Frauding Botnets On The Rise
Commentary  |  10/24/2008  | 
Around 16 percent of all advertising clicks were fraudulent over the last three months, according to industry watch-firm Click Forensics. That's about the same percentage as the last two quarters -- but an upclick in the number of fraudclicks coming from botnets indicates that things may be changing.
Microsoft's Emergency Patch
Commentary  |  10/23/2008  | 
I've received a number of e-mails, and held a few conversations, today with admins upset with Microsoft's atypical out-of-cycle patch. Newsflash: This was the right thing for the company to do.
Microsoft Releases Critical Out-Of-Band Update
Commentary  |  10/23/2008  | 
Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."
Data Breach? Who Ya Gonna Call?
News  |  10/23/2008  | 
Our latest CSI survey shows few organizations bring in law enforcement after an attack. That's bad policy.
Microsoft Releases Emergency Patch For Windows Vulnerability
News  |  10/23/2008  | 
The out-of-band security update addresses a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction.
Microsoft To Issue Emergency Security Patch On Thursday
News  |  10/23/2008  | 
The out-of-band bulletin will address a vulnerability (or more than one) that is rated "critical" for Windows 2000, Windows Server 2003, and Windows XP.
A Can't-Miss Event You Can't Miss
Commentary  |  10/23/2008  | 
Usually, if you miss an industry event, you're out of luck. As Dark Reading winds up today's big virtual security event, though, I suddenly realize -- it's not over yet. "Risk, Protection, and Access: Mastering Today's Security Threats," originally held on Oct. 23, was the first-ever virtual conference co-produced by Dark Reading and our big sister publication,
Page 1 / 4   >   >>

Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.