News & Commentary

Content posted in October 2008
Page 1 / 4   >   >>
Vista Security Shines In Microsoft Report
News  |  10/31/2008  | 
Among browser-based attacks on computers, just 6% targeted Windows Vista machines while 42% targeted Windows XP, Microsoft disclosed in a security report.
Defense Intelligence Agency Fixes Risky Web Site Code
News  |  10/31/2008  | 
The presence of a call to execute JavaScript code that resides on a Statcounter.com server in Ireland provided a weak link in the security chain that could have been exploited.
Preventing USB Drives From Biting Back
Commentary  |  10/31/2008  | 
This week, the Florida Free Culture student club hosted a three-day event in which they helped secure student-owned computers at the University of Florida campus by cleaning up malware infections and installing the university site-licensed antivirus software. The event was designed not only to help secure student computers, but to also promote free and open source software by providing educational handouts and installing a variety of applications, including Firefox, Thunderbird, the Gimp, OpenOf
Recycled Storage Media Includes Confidential Data
Commentary  |  10/31/2008  | 
We've said it before and often: if it's ever held data, don't throw it away no matter how sure you are it's been wiped clean. Now there's evidence that you shouldn't recycle old media either.
Antivirus 'Scareware' is Lucrative
News  |  10/31/2008  | 
Rogue antivirus software circulating on the Web potentially making top distributors millions of dollars a year
Trojan Caught Stealing Data From Hundreds of Thousands
Quick Hits  |  10/31/2008  | 
Sinowal has been capturing data for almost three years without leaving a trace, RSA says
SSDs Are Not Confusing
Commentary  |  10/31/2008  | 
Seems like every vendor I speak with is laying out its solid-state disk (SSD) strategy, and almost all say they're trying to help the customer through this confusing platform change. It's not confusing.
Cyber Attacks Targeting UK National Infrastructure
Commentary  |  10/30/2008  | 
A key U.K. IT security defense leader says that continuous cyberattacks are targeting U.K. businesses that work in the nation's critical infrastructure.
Recycled Tapes Yield Data On Former Owners
News  |  10/30/2008  | 
Study of 100 "recertified" tapes turns up sensitive data from major bank, hospital
New Phishing Attacks Target Legitimate Web Domain Owners
News  |  10/30/2008  | 
Phishing campaign could be fallout from pressure to shutter notorious registrar associated with spammers, cybercrime
IBM Fined $900,000 For Failing To Backup
Commentary  |  10/30/2008  | 
The Dallas Morning News reported that the state of Texas is fining IBM $900,000 for failing to make timely backups as part of an $863 million outsourcing contract. Gov. Rick Perry also suspended the transfer of additional state records into the IBM system, claiming the new system puts state agency data at risk.
Halloween Treats: Ghouls, Goblins And -- Backups!
Commentary  |  10/30/2008  | 
Maxell has a good, timely suggestion:in addition to traditional Halloween activities (whether allowed in your workplace or not) use Halloween as the day you begin (or re-commmit to) regular backups of your data.
Firefox Add-On Simulates Great Firewall Of China
News  |  10/30/2008  | 
The browser software connects to various Internet proxies inside China, putting the user through the same government supervision as Chinese Web surfers.
Survey: Most Americans Altering Online Behaviors Amid ID Theft Threat
Quick Hits  |  10/30/2008  | 
More than 40 percent say they surf only sites they know, and 20 percent have stopped or scaled back online shopping, according to a new National Cyber Security Alliance survey
What Horror Movies Can Teach Us About Disaster Recovery
Commentary  |  10/30/2008  | 
Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?
Insiders, After a Fashion
Quick Hits  |  10/30/2008  | 
Employees of a fashion trade show operation accused of hacking company data to build a side business of their own
Bono's Bikini Teens Perplex Facebook's Privacy
News  |  10/29/2008  | 
An American fashion student and her British friend's pose with the U2 front man call into question what kinds of rules should be standard on the social network.
Hack Turns Application Code Against Itself
News  |  10/29/2008  | 
New attack uses application flaws to force good code to go rogue
Memoryze This
Commentary  |  10/29/2008  | 
At the Hack in the Box security conference in Malaysia Wednesday, Mandiant's Peter Silberman announced the release of Mandiant's newest free tool for incident response and forensic investigations. The tool, Memoryze, is the latest memory analysis tool for first responders to consider adding to their toolkit for acquiring physical memory from running Windows systems. This summer, we saw the rele
Green Storage Is More Than Just Green Drives
Commentary  |  10/29/2008  | 
Most, if not all, the hard drive manufacturers have come out with green drives; drives that spin down or turn off. There are two problems with counting on green drives to reduce your power consumption; first, they are only one component in the storage solution, and second, there has to be intelligence for them to be used optimally.
SocNets May Boost Insecurity
Commentary  |  10/28/2008  | 
A new survey of IT managers shows that heavy use of social networks, such as Facebook, LinkedIn, and instant messaging may be strongly correlated to a higher number of security incidents.
Employees: Security Policies Are Unrealistic
Quick Hits  |  10/28/2008  | 
Many say they must break rules to get their jobs done
Economic Crisis May Be Boon For Cybercriminals, Experts Say
News  |  10/28/2008  | 
How the global financial crisis is affecting organized cybercrime
Social Networking Growth Grows Business Risks Too
Commentary  |  10/28/2008  | 
We've said it before but it bears repeating: social networking can be a valuable business tool. Whether or not you use social networks for work, your employees are using them at work, and the risk of data breaches and other security incidents is growing along with their use.
Security Weathering Economic Storm
News  |  10/28/2008  | 
Despite a flood of poor financial results, enterprises are finding the cash to fund security initiatives -- and even grow them
Dark Reading's New Look
Commentary  |  10/28/2008  | 
Take a close look at today's edition of Dark Reading. Notice anything different? Take a closer look. We think you'll like what you see. After nearly three years of bringing you the best -- and the scariest -- of security news and information, Dark Reading has undergone a bit of a makeover. The changes we're making aren't drastic, and, as with most new releases, we're not guaranteeing they'll all work perfectly right out of the box. But we
Microsoft Issues Emergency Advisory
Commentary  |  10/27/2008  | 
Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.
New Malware Technique Bypasses Traditional Defenses
News  |  10/27/2008  | 
Two UC San Diego students have demonstrated a way to turn good computer code into malicious instructions using a technique called "return-oriented programming."
Cutting Through E-Voting Debate Semantics
Commentary  |  10/27/2008  | 
The United Kingdom's government said unequivocably that the U.K. will not now, nor in the foreseeable future, adopt electronic voting.
Internet Apps & Social Networking Office Boom Linked to Breaches
News  |  10/27/2008  | 
New study finds that nearly all organizations have employees using Internet apps at work, and 60% use social networking at the office
Microsoft's 'Black Screen of Death' Patched...By Hackers
Commentary  |  10/27/2008  | 
Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death
E-Voting Complaints Heat Up With Early Voting
News  |  10/27/2008  | 
Some people also have complained that the touch screens are overly sensitive and do not separate the choices enough for voters to be sure they're activating the right selection.
Waiting On A Worm
Commentary  |  10/27/2008  | 
Waiting for the other shoe to drop: That's what I've been doing since last Thursday when Microsoft released the out-of-cycle MS08-067 bulletin and accompanying patches. It's more than a little nerve-wracking knowing that there is this vulnerability in machines within networks that you're responsible for but know that they can't all be patched right now due to various reasons and there is active exploitation of this vu
Economy Declines: Zombies Multiply And Spam Soars!
Commentary  |  10/27/2008  | 
Even as the economy plummets and economic projections tumble, quarterly threat reports show rapidly rising threats and another outright explosion in spam, according to Secure Computing's quarterly Internet threat report.
WiFi Availability Explodes, But Many Networks Remain Insecure
Quick Hits  |  10/27/2008  | 
RSA study indicates WiFi networks are growing, but security is still vulnerable
Are 'Green' Drives Really Green?
Commentary  |  10/27/2008  | 
The storage industry is often guilty of jumping on the bandwagon without giving the architecture much thought. We see this in solid state disk, data deduplication, and green drives. Are users really going to see decreased power consumption by deploying green drives? If so, is it going to be worth the effort of replacing your current systems?
Sandboxes and Surfing With Google Chrome
Commentary  |  10/27/2008  | 
Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today's web application users. As more businesses venture into the cloud, it's becoming increasingly important that your browser doesn't crash when you're creating reports in Google Docs or when you're video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each
T-Mobile G1 'Android' Smartphone Has Serious Security Flaw
Commentary  |  10/26/2008  | 
As if headlines haven't been bad enough lately, reading the New York Times' story on Saturday about the security flaw in Google's Android software didn't help cheer me up very much.
11 Steps to Safe WiFi
Commentary  |  10/26/2008  | 
Earlier, I argued that wireless adoption in the enterprise, is, for the most part, a bad idea. I was pleased to get several interesting comments on my post, with a bunch of good critiques. In particular, "edyahoo" raised the point that it is far easier to complain about problems than to present constructive help for people living with the technology. So, thanks to edyahoo for that, and here's a list of my re
The Root of Online Evils
Commentary  |  10/24/2008  | 
What if you could boil all of the Internet's problems down to a few original issues -- what would you do with that information? Would it even be useful? What if it might help predict future Internet-shaking issues? I was at a malware conference last week, and I heard two interesting tidbits about the origins of some of the more social issues we currently face. The first is the concept of spam. Spam as a concept is actually accredited to Montgomery Ward. That's right, you can blame them --
NAS Clusters, How Should You Couple?
Commentary  |  10/24/2008  | 
A split decision surrounds the use of tightly coupled or loosely coupled solutions. There aren't enough implemented cases yet available to make a determination on the best approach; the deployments that have been made aren't stretching either method to the point a real determination can be made.
FTC Pushes Back 'Red Flag' Deadline
Quick Hits  |  10/24/2008  | 
Companies have another six months to develop identity theft prevention programs
Tech Insight: Digital Forensics & Incident Response Go Live
News  |  10/24/2008  | 
New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Click Frauding Botnets On The Rise
Commentary  |  10/24/2008  | 
Around 16 percent of all advertising clicks were fraudulent over the last three months, according to industry watch-firm Click Forensics. That's about the same percentage as the last two quarters -- but an upclick in the number of fraudclicks coming from botnets indicates that things may be changing.
Microsoft's Emergency Patch
Commentary  |  10/23/2008  | 
I've received a number of e-mails, and held a few conversations, today with admins upset with Microsoft's atypical out-of-cycle patch. Newsflash: This was the right thing for the company to do.
Microsoft Releases Critical Out-Of-Band Update
Commentary  |  10/23/2008  | 
Because of the seriousness of a remote code execution vulnerability recently discovered in the Windows Server Service, Microsoft has released a fix outside of its normal "Patch Tuesday."
Data Breach? Who Ya Gonna Call?
News  |  10/23/2008  | 
Our latest CSI survey shows few organizations bring in law enforcement after an attack. That's bad policy.
Microsoft Releases Emergency Patch For Windows Vulnerability
News  |  10/23/2008  | 
The out-of-band security update addresses a critical flaw that could allow a remote attacker to take over Windows computers without any user interaction.
Microsoft To Issue Emergency Security Patch On Thursday
News  |  10/23/2008  | 
The out-of-band bulletin will address a vulnerability (or more than one) that is rated "critical" for Windows 2000, Windows Server 2003, and Windows XP.
A Can't-Miss Event You Can't Miss
Commentary  |  10/23/2008  | 
Usually, if you miss an industry event, you're out of luck. As Dark Reading winds up today's big virtual security event, though, I suddenly realize -- it's not over yet. "Risk, Protection, and Access: Mastering Today's Security Threats," originally held on Oct. 23, was the first-ever virtual conference co-produced by Dark Reading and our big sister publication,
Page 1 / 4   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...