News & Commentary

Content posted in November 2008
Page 1 / 3   >   >>
Microsoft Releases Updated Offline Virtual Machine Services Tool
Commentary  |  11/26/2008  | 
It's the second release of this handy tool, and it comes with a number of major improvements for enterprises managing numerous Microsoft virtual machines.
U.S. Army Goes Bot Hunting
News  |  11/26/2008  | 
As an automated network-flow analysis tool, BotHunter uses IDS routines to scan inbound and outbound network packet headers and payloads.
How Are We Doing? Dark Reading Seeks Your Input
Commentary  |  11/26/2008  | 
Dear Readers, If you've been clicking through the pages of Dark Reading regularly for the past several weeks, you've probably noticed lots of changes. As we told you back in October, the site has undergone an overhaul that included moving to a new server and a new production system, and we've implemented a new design that's intended to make the site easier to navigate and use. As with most new releases,
Dark Reading Takes Thanksgiving Break
Quick Hits  |  11/26/2008  | 
Holiday begins four-day hiatus
Nightmare Before Christmas: Researchers Warn Of Holiday Shopping Threats
News  |  11/26/2008  | 
Increases in malware, enterprise vulnerabilities, laptop theft expected
Solving The DR Testing Problem
Commentary  |  11/26/2008  | 
It seems like almost every time I see a report on disaster recovery plan (DRP) testing, there are typically 50% of the respondents that either don't test their DR plan or don't test it frequently enough for the plan to be worthwhile. How can we solve this?
Facebook Wins $873 Million Lawsuit Against Spammer
News  |  11/25/2008  | 
Spammer remains on the lam, but courts hope big award will scare others
Free Memoryze Tool Gets A Much Needed GUI
Commentary  |  11/25/2008  | 
When software vendors release a "free" version, there is often a catch or some limitation that leaves you wanting for more. Rarely is the release good enough to fill a void that you've been missing. But that's not always the case. A good example is the NetWitness Investigator product that I've been testing and wrote about in Friday's
Obama Cell Phone Breach Raises Broader Privacy Questions
News  |  11/25/2008  | 
A U.S. senator is demanding to know whether ordinary Americans' records are at risk.
Cyber Monday Risk Factor: Employees Back At Their Desks, Ready to Shop!
Commentary  |  11/25/2008  | 
When everybody comes back to work next Monday, count on some of them spending at least a bit of the day surfing for online bargains. And some of them are going to be spending a lot of their time shopping -- some estimates place Monday's online shopping time as consuming more than half the workday. How much of that time also puts you and your network is up to you.
New Free Texting Feature Locks Down Lost Or Stolen ThinkPads
Quick Hits  |  11/25/2008  | 
Protects against "cold boot attack" on Lenovo laptops' encrypted hard drives
Feds Put Brakes On ID Theft Ring That Targets Home Equity Accounts
News  |  11/24/2008  | 
Four arrested in scheme to steal money using customers' home equity lines of credit
Security Firm Warns Of New Apple Malware
Commentary  |  11/24/2008  | 
A Trojan horse application has been found circulating the Internet. If infected, users can end up having their system passwords nabbed, and be redirected to a number of phishing Web sites.
Verizon Workers Fired In Obama Phone Account Breach
News  |  11/24/2008  | 
Verizon is neither confirming nor denying the firings, first reported by CNN over the weekend.
LiveView: Seeing Is Believing
Commentary  |  11/24/2008  | 
Investigating security incidents is a necessary fact of life for IT shops everywhere. What varies is how each group handles the incident. I read an interesting article over the weekend from Enterprise IT Planet called "Five Essential Forensics Tools." While I wouldn't consider them all "essential," a couple of them are very important, like Wireshark and Helix, and others are just examples of the ki
Facebook Wins $873 Million Judgment Against Spammer
News  |  11/24/2008  | 
The penalty is the largest award yet under the 2003 Can-Spam Act.
In Final Decision, Teacher Pleads To Misdemeanor
Quick Hits  |  11/24/2008  | 
Amero is relieved by resolution of one-time felony case caused by pornographic popups in a Web presentation
Cybercrime Servers Selling Billions of Dollars' Worth of Stolen Information, Illicit Services
News  |  11/24/2008  | 
New Symantec report puts dollar figures on full potential value of stolen financial data, malware, and pirated software
IT Efficiency, First Demand Oversight
Commentary  |  11/24/2008  | 
In this era of tightening budgets, storage administrators are once again being asked to do more with less. The problem is that for most data centers, the efficiency crank has been turned several times already and the easy efficiency steps already have been taken.
Underground Economy Booms While World Goes Bust
Commentary  |  11/24/2008  | 
Turns out the real "new economy" may be the one the crooks have created. A new Symantec report shows just how organized the underground is -- and how fast it's growing.
Verizon Fires Employees Who Snooped On President-Elect Obama's Personal Cell Phone Records
Commentary  |  11/23/2008  | 
The news broke publicly late last week that a number of Verizon employees had taken the liberty to sneak a peek at President-elect Barack Obama's personal cell phone records. This weekend, it's been announced that the employees involved have been fired.
Security and Return-Oriented Programming
Commentary  |  11/23/2008  | 
You don't have to stray too far from the financial pages to know that returns of any kind aren't much to brag about these days. You could say the same thing about "return-oriented programing." In a nutshell, return-oriented programming security attacks start out like familiar attacks, in which attackers take advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system's designer
Obama's Cell Phone Records Accessed, Verizon Admits
News  |  11/21/2008  | 
The account in question had been inactive for several months and was a voice flip phone, rather than a smartphone packed with e-mail and other data.
Verizon Employees Sneak Peek At Obama Cell Phone Records
Quick Hits  |  11/21/2008  | 
Verizon employees put on leave for unauthorized data access
Tech Insight: Free Network Tool Shows The Bigger Picture
News  |  11/21/2008  | 
A hands-on look at the new NetWitness Investigator network analysis tool and how it can team with Wireshark
SSD Can Mean Hard Cost Savings
Commentary  |  11/21/2008  | 
In our last entry we talked about the time savings and potential increase in productivity and revenue that deploying SSD can enable. This entry we will focus on the hard cost savings associated with SSD. In the right situation, SSD can actually be less expensive than mechanical drives.
Web Security Testing Cookbook Book Review
Commentary  |  11/21/2008  | 
Veteran web application developers know how hostile the Internet can be, and cookbooks like this one remind us that code vulnerabilities are as diverse as the applications they are unintentionally a part of.  Authors Paco Hope and Ben Walther outfit readers with free software security tools and instruct how to use these plug-ins and utilities to build more tamper-resistent apps.
Hundreds Of Thousands Of Bots Lay Dormant
Commentary  |  11/20/2008  | 
According to a story that ran in our sister site, DarkReading.com, 500,000 bots from a recently severed botnet army may now lay dormant, awaiting their next set of orders.
China Targets U.S. Computers For Espionage, Report Warns
News  |  11/20/2008  | 
The 2008 Annual Report to Congress urges tighter computer security measures to prevent data loss or corruption.
Identity Management: Low On Excitement, High On Payback
News  |  11/20/2008  | 
Effective identity and access management schemes could help enterprises save bucks in tough times, analysts say
Orphaned Bots Not Necessarily Free Or Clean
News  |  11/20/2008  | 
Half a million former bot machines are at risk of reinfection or are still under cybercriminal control
Recruitment Of Unwitting Money Mules on the Rise
Quick Hits  |  11/20/2008  | 
Cybercriminals are duping people desperate for work to illegally launder their dirty money -- online and offline -- as the unemployment rate climbs
Startup Of The Week: Purewire
News  |  11/20/2008  | 
Purewire offers a cloud-based Web filtering service, including a unique reputation-based component.
As More Lose Jobs, More Job-Spam Scams On The Loose
Commentary  |  11/20/2008  | 
Spammers get their clicks by preying upon fear, among other things. And as unemployment levels rise, job, income and related concerns are becoming more common spam-prompts than ever.And prime among them are money-mule scams that try to rope people into laundering money from home.
IT Security's Next Big Threat: Young People
News  |  11/19/2008  | 
Generation Y user behavior could endanger security of enteprise systems, studies say
London Hospitals Still Sick From Virus Breach
Commentary  |  11/19/2008  | 
I was reading Graham Cluley's blog at Sophos earlier this week about a virus infection (the computer kind) at a number of U.K.-based hospitals. I pretty much passed over this story until I learned just how badly the hospitals were prepared for this.
SSD In Tough Times
Commentary  |  11/19/2008  | 
At a recent conference I was asked how to cost-justify solid state disk during tough economic times. The interesting aspect to SSD is that because of its cost, it always has needed to be cost justified, regardless of the economic situation, and as a result is far better suited to do more than just "ride out" the storm.
Internal vs. External Penetration Testing
Commentary  |  11/19/2008  | 
In the past, I've talked about the merits of penetration testing (a.k.a. pen-testing) and several related tools. One thing I've not covered much is the difference between internal and external pen-testing. Today's Webcast, "Zen and the Art of Maintaining an Internal Penetration Testing Program," by Paul Asadoorian of PaulDotCom (which has a great weekly security podcast) is what started me thin
Teen Admits To Online Crime Spree
Quick Hits  |  11/19/2008  | 
"Dshocker" allegedly ran several botnets, launched DDoS attacks on other hackers
Broadband Explosion in China And India To Fuel Bots, Spam
News  |  11/19/2008  | 
Botnets to cast wider geographic net, more widely adopt stealthy fast-flux technology, researcher says
Microsoft To Offer Free Security Software
News  |  11/19/2008  | 
Morro will replace the subscription Windows Live OneCare service starting next year.
Thompson Era At Symantec Drawing To A Close
Commentary  |  11/18/2008  | 
Yesterday, the news broke that decade-long Symantec veteran John Thompson would be retiring. Symantec's board of directors appointed Enrique T. Salem, currently chief operating officer at the company, to be president and chief executive officer effective April 4, 2009.
Death of the AV Vendor: Microsoft Offers Free AV
Commentary  |  11/18/2008  | 
The fundamental problem with the AV market is that it makes antivirus vendors as much a part of the problem as they are a part of the solution. They are motivated to promote exposures to create a market for their offerings, and the end result has been a massive increase in malware and an inability by the ecosystem to effectively combat it. This will change that dramatically.
New 'Stealth' Technology Secures Data On Shared Networks
News  |  11/18/2008  | 
Unisys combines encryption and bit-splitting to keep data all in the workgroup
Chinese-Born Scientist Pleads Guilty To Tech Espionage
News  |  11/18/2008  | 
Quan-Sheng Shu, who was also charged with illegal arms exports, faces up to 10 years in prison.
CSI: Hacking Bluetooth 2.1 Passwords
Quick Hits  |  11/18/2008  | 
Researcher pokes holes in Bluetooth security improvements
Economy Sinks, Phish Rise
Commentary  |  11/18/2008  | 
Shouldn't surprise anybody, but the worse the economy gets, the more aggressive the phishers become. Some new statistics show just how aggressive that is.
Secure OS Gets Highest NSA Rating, Goes Commercial
News  |  11/18/2008  | 
Unlike existing commercial OSes, Integrity OS is designed and certified to defend against sophisticated attacks
Fallout From 'Joe The Plumber' Snooping Heats Up
Commentary  |  11/17/2008  | 
This presidential election involved more hacking and digital snooping than any other election I can recall.
Free Analyzer Software Will Work With Wireshark
News  |  11/17/2008  | 
NetWitness Investigator software allows for session-based analysis of captured traffic
Page 1 / 3   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2607
PUBLISHED: 2018-05-21
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users...
CVE-2018-1108
PUBLISHED: 2018-05-21
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2018-11330
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11331
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-7687
PUBLISHED: 2018-05-21
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.