Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2008
<<   <   Page 2 / 3   >   >>
Storage Consolidation?
Commentary  |  11/17/2008  | 
Every so often you hear the prediction of consolidation in the storage industry, especially during times where the economy is in question. Now is again one of those times and surely we will see some acquisitions here or there, but I think we are a long way off from the classic consolidate down to three vendors scenario. Here's why....
Phishing Attacks Reach Record Highs
Quick Hits  |  11/17/2008  | 
Cyveillance researchers attribute spike to financial downturn
Making a Case For Comprehensive Patch Management
Commentary  |  11/17/2008  | 
The Security Manager's Journal at Computerworld had a good, "real life" story about the effort required to implement a comprehensive patch management program and to have management sign off. J.F. Rice (a pseudonym created to protect the manager and the company) says he used a two-pronged attack to get support and raise awareness by meeting with system admini
November 24 Deemed Black Monday
News  |  11/17/2008  | 
Researchers at PC Tools predict that Monday, Nov. 24, will be the most active day of the year for malware threats, but other researchers disagree
Privacy & Protection Challenges: The European Perspective
Commentary  |  11/17/2008  | 
Curious about how other nations are addressing security and privacy concerns? A new report from an EU agency offers some interesting and provocative insights.
Palin E-Mail Hacker Trial Delayed
Commentary  |  11/16/2008  | 
The trial of David "Popcorn" Kernell, the 20-something student who has been accused of hacking then vice president-hopeful Sarah Palin's Yahoo e-mail account, has been postponed.
Hacking VoIP Book Review
Commentary  |  11/15/2008  | 
Having implemented and customized Asterisk-based VoIP solutions in the past, I was already aware of potential security issues around Voice over IP, especially using SIP.  So it was with great curiosity to read about author Himanshu Dwived's VoIP-hacking investigations.
Pssst. What's Your Password?
Commentary  |  11/14/2008  | 
Your company invests heavily in provisioning and identity management software. Password are to be changed every 90 days or so. The goal is to make sure accounts are secure and users are accountable for their actions. Problem is: Everyone is sharing passwords.
Anti-Virus Vendor Makes Amends For PC-Breaking Snafu
News  |  11/14/2008  | 
The problem started Nov. 9 when AVG released a virus signature update that misidentified the user32.dll file, a core Windows XP file, as a Trojan.
Researchers Find Flaws In Microsoft VoIP Apps
News  |  11/14/2008  | 
Vulnerabilities could lead to denial-of-service attacks, researchers say
New Tool Makes VoIP An Easy Target
Commentary  |  11/14/2008  | 
VoIP isn't something that pops up on my radar too often. We're only now just beginning a deployment at my office that will take place during the next couple of weeks, so I'm slowly becoming more aware of what impact it could have. But what really got me thinking about just how secure the upcoming implementation is going to be is the release of a new VoIP security tool, UCSniff, by the Sipera Viper Lab.
Employees' Online Shopping Could Threaten Company Security
Quick Hits  |  11/14/2008  | 
Younger employees say they plan to spend as much as five work hours shopping for the holiday season
Schools Suffer One-Third of Total U.S. Data Breaches
News  |  11/13/2008  | 
New report reveals 12.4 million student and consumer profiles were compromised in 324 breaches at colleges, K-12 schools
Widespread Account-Sharing Threatens Corporate Security, Revenues
News  |  11/13/2008  | 
Many users break security defenses by simply handing over their credentials to colleagues, friends, experts say
My Spammers Didn't Get the Memo That They Were Toast
Commentary  |  11/13/2008  | 
It has been a week that seemed like the good guys might finally be winning -- something -- in the cybercrime war. First, there were reports of a 65-plus percent drop in spam volume after a Web hosting firm known for hosting botnets, spammers, and child pornography was taken down. Then the Internet Corporation for Assigned Names and Numbers (ICANN) on Wednesday finally
Hosting King Of Spam And Botnets Shut Down, For Now
Quick Hits  |  11/13/2008  | 
McColo's fall results in a brief holiday from spam and botnet activity, but don't get used to it, researchers say
Spam Falls By More Than Half After Single Host Is Closed
Commentary  |  11/13/2008  | 
What does it take to cut spam volumes by half or more worldwide? A reporter whose research resulted in shutting down a single Web host, evidently. What does it take to keep volumes down? Depends on who you ask.
Visa To Test New Credit Card Security Tactic
Commentary  |  11/12/2008  | 
Credit cards were never designed for online purchases. They were designed more than 50 years ago for face-to-face purchases, yet credit card companies and online merchants continue to try to re-tool credit cards as viable for online payments.
Intrusion Threatens Data Of 330,000 At UF
Quick Hits  |  11/12/2008  | 
Intruder broke through heightened defenses, university officials say
Spam Volume Drops When ISPs Terminate McColo
News  |  11/12/2008  | 
Security experts suggest there's a connection to the average of 11.9 spam messages per second in the last 24 hours compared to the 30.1 messages per second last month.
Economic Crisis Good For Acquisitions, Mergers
News  |  11/12/2008  | 
Cold economy a hot time for firms to either buy their way into new technologies and expand, or to merge and bulk up
Correlating Many Data Sources Is Often The Key
Commentary  |  11/12/2008  | 
Being able to successfully perform incident response and digital forensics requires having the right tools and, more importantly, the right sources of information. I was assisting a client with a case recently that made this simple fact more apparent the more I dug into the monstrous amount of information they provided me.
Will The Cloud Hurt Storage Companies?
Commentary  |  11/12/2008  | 
There have been a few articles written lately which claim cloud computing will hurt smaller storage companies like 3Par, Compellent, Xiotech, etc…. The theory being that there will have to be some industry consolidation. I disagree. Cloud computing should be a net gain for storage companies and here's why.
Serious Flaw Leaves SAP Users Vulnerable
Commentary  |  11/11/2008  | 
The US-CERT is warning SAP users of a flaw that could make it possible for systems to succumb to remote, unauthenticated attacks.
Antivirus Vendor's Snafu Breaks Users' PCs
News  |  11/11/2008  | 
AVG customers that unknowingly deleted the user32.dll file ended up with a PC that either wouldn't reboot or would go into an endless reboot cycle.
Visa Tests Credit Card With Random Number Generator
News  |  11/11/2008  | 
Built-in second factor of authentication could slow online card fraud
Relentless Web Attack Hard To Kill
News  |  11/11/2008  | 
Latest Website attack wave uses new, stealthy SQL injection tool from China, researchers say
Microsoft's November Patch Tuesday Unusually Light
News  |  11/11/2008  | 
The lone critical vulnerability affects Microsoft XML Core Services and, left unchecked, could allow remote code execution if the user visits a maliciously crafted Web page.
25% Of DNS Servers Still Vulnerable To Kaminsky Flaw
News  |  11/11/2008  | 
Security researchers say that DNS will remain a primary exploit target because many people don't understand the Internet's domain name system.
ISPs Facing More Service-Level Attacks
Quick Hits  |  11/11/2008  | 
DDoS attacks hit 40Gbps, but it's the lower-profile attacks that most worry service providers, according to Arbor's new Wordwide Infrastructure Security Report
A Quarter Of DNS Servers Still Vulnerable
Commentary  |  11/11/2008  | 
Maybe DNS should stand for Do Not Secure. Half a year after the announcement of of a Domain Name System flaw and about a quarter of the DNS servers that should have been patched haven't been.
Apple iLife Gets Security Fix
Commentary  |  11/10/2008  | 
Apple today announced a serious security fix for iLife 8.0, Aperture 2, and Max OS 10.4.9 through 10.4.11. Each of the security flaws, if left unpatched, could lead to "arbitrary code execution," which means attackers could run code of their choice on your system.
Dell, McAfee, Seagate Deliver Self-Encrypting Hard Drive
News  |  11/10/2008  | 
The new Momentus FDE (full-disk encryption) notebook hard drives, at speeds of 5,400 and 7,200 rpm, in capacities of up to 320 GB, are shipping.
Spam Campaigns Work, But Don't Generate Big Profits
News  |  11/10/2008  | 
University study says botnet-borne spam is effective, but profits are likely marginal
Many DNS Servers Still Vulnerable To Attack
Quick Hits  |  11/10/2008  | 
One-quarter of DNS servers are still not patched against cache poisoning, study says
Don't Blame TCP/IP
News  |  11/10/2008  | 
Recently disclosed threats to the Internet's IP infrastructure turn spotlight on the protocols -- but protection hinges more on politics and business than technology
Solving The Gap Between Virtual Machine And Storage
Commentary  |  11/10/2008  | 
Server virtualization rollouts often get stuck after the first wave. That first wave is where you have virtualized most of your easy stuff. Then as the virtual machines begin to proliferate, it occurs to you that you have lost control. One of the key disconnects is from server to storage.
Adobe Reader Vulnerability Being Attacked
Commentary  |  11/9/2008  | 
Within days of the announcement of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.
Gingrich: Repeal SOX
Commentary  |  11/7/2008  | 
The Republicans may have fallen short in the elections this week, but that didn't stop conservative Newt Gingrich from making news: The erstwhile antiregulator is now calling for the repeal of the Sarbanes-Oxley Act.
Attackers Hold Millions of Patient Records For Ransom
Quick Hits  |  11/7/2008  | 
Blackmailers threaten to expose personal information unless they're paid
Tech Insight: Helping Security Find Its Voice
News  |  11/7/2008  | 
With budgets tighter than ever, it's time for a new strategy for selling security to the business side
Obama Wins Spam Race Too
Commentary  |  11/7/2008  | 
The spammers love a winner -- winners exploited in subject-lines make it easier for spammers to turn computer users into losers. Take a look at the still-growing volume of Obama-themed spam and spam-scams to see how the cybercrooks are handling the transition.
Chinese Hackers Repeatedly Hack White House Network
Commentary  |  11/7/2008  | 
The Financial Times is reporting that Chinese hackers have repeatedly nabbed e-mails between government officials.
Conflicting Interests Pose Huge Challenge To Privacy Policies
News  |  11/7/2008  | 
Tensions between stakeholders make consensus-building a challenge, study says
SSD's Latency Impact
Commentary  |  11/7/2008  | 
In our last entry we talked about latency and what it was. We also discussed how storage system manufacturers are trying to overcome latency and performance issues of mechanical drives by using techniques like making the drives faster by using higher RPM drives, array groups with a high drive count, short-stroking those drives, wide striping those drives, and increasing the number of application servers
The Worst Way To Learn Of A Data Breach
Commentary  |  11/7/2008  | 
While there's no welcomed way to learn that your customer data has been compromised, perhaps the worst way is to learn via an extortion letter. Pay up, or we'll expose millions of patient records, threatens a letter to Express Scripts.
Bending Skein Code
Commentary  |  11/6/2008  | 
Few of the submissions to NIST's hash standard contest have been optimized for desktop/server processors. One, though, known as Skein, seems to have considered this. It is designed specifically to run well on Intel Core 2 processors -- without sacrificing speed on other processors or security.
Study: Breaches May Not Affect User Behavior
Quick Hits  |  11/6/2008  | 
Most users continue to use Internet apps -- even after being told they've been compromised
Report: Obama, McCain Campaigns Both Hacked By 'Foreign Entity'
News  |  11/6/2008  | 
Security experts say breaches could signal dangers for future campaigns
Trojan-Elect: Obama-Spam Inaugurates Malware Attack
Commentary  |  11/6/2008  | 
Even as the election results are still warm, a new Obama-related Trojan began running up a tally in the tens of millions of copies distributed -- and hundreds of thousands of newly infected computers.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.