News & Commentary

Content posted in November 2010
Page 1 / 4   >   >>
Expert: BSIMM Can Help Enterprises Build Secure App Development Processes
News  |  11/30/2010  | 
A look at the BSIMM framework, and how it has helped 30 companies to write safer code
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
Commentary  |  11/30/2010  | 
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
Feds' Crackdown Of Online Counterfeit, Copyrighted Goods Meets DNS Backlash
News  |  11/30/2010  | 
Alternative DNS systems emerge to pick up seized domains
Report: Biometrics And One-Time Passwords Gaining Traction Among Consumers
News  |  11/30/2010  | 
Improved technology, growing familiarity making alternative authentication more palatable to consumers
WikiLeaks Missives Contain Many Tech Secrets
News  |  11/30/2010  | 
The diplomatic cables include references to the alleged execution of an IT director in Iran, cybersecurity weaknesses in Brazil, and friction with Germany over information sharing.
New Tool Patches Offline VMs
Quick Hits  |  11/30/2010  | 
Nuwa, named after the Chinese goddess who patched a hole in the sky, aims to fix cloud computing security hole
WikiLeaks Under Hack Attack
News  |  11/30/2010  | 
DDOS hit comes days after the Web site slipped highly sensitive government information to media outlets.
Pirate Bay Loses Copyright Conviction Appeal
News  |  11/30/2010  | 
A Swedish court has reduced the prison sentences, but increased the monetary damages levied against the founders of the file-sharing site.
United Arab Emirates: Open For Hacking?
Quick Hits  |  11/29/2010  | 
Three-quarters of companies in UAE have no written security plan in place, study says
Do Password Crackers Help Database Security?
Commentary  |  11/29/2010  | 
Password 'crackers' determine if passwords are strong or compliant with company policies, but do they improve database security?
Preventing Outsiders From Becoming Insiders
News  |  11/29/2010  | 
Physical security and employee awareness can stop in-building attacks, experts say
Slide Show: DDoS With The Slow HTTP POST Attack
Slideshows  |  11/29/2010  | 
Researchers demonstrate attack that picks on inherent flaw in HTTP
Are You Ready For High Speed Storage Interfaces?
Commentary  |  11/29/2010  | 
A new wave of high speed storage interfaces is on the way offering improved storage I/O performance To see the expected performance improvement you have to do more than simply add drives with the new interface and install a host bus adapter in the server, you have to make sure every link in the I//O chain is ready.
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
Commentary  |  11/29/2010  | 
We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
New HTTP POST DDoS Attack Tools Released
News  |  11/29/2010  | 
Very slooowwww HTTP POST connections wage denial-of-service attack on Web-based servers
Zero Day Bug Bypasses Windows User Account Control
News  |  11/29/2010  | 
Local buffer overflow vulnerability tricks Microsoft operating systems into granting an attacker system-level user privileges.
Android Vulnerable To Data Theft Exploit
News  |  11/29/2010  | 
Google is preparing a fix for the bug that could allow attackers to use JavaScript to read files from handsets.
Healthcare Breach Highlights Need For More Security Insight
Commentary  |  11/29/2010  | 
Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
Wikileaks Spills Security Beans On State Department
News  |  11/29/2010  | 
Chinese officials oversaw cyberattack on Google among range of potentially embarrassing revelations
FBI Warns Of Mobile Cyber Threats
News  |  11/29/2010  | 
Criminals will target holiday shoppers with SMS text and voice mail scams, or smishing and vishing, said the agency.
Wolfe's Den: Airport Scanner Patents Promise Not To Show Your 'Junk'
Commentary  |  11/29/2010  | 
Rapiscan, the company supplying the controversial x-ray backscatter screeners, has won a patent for a machine which detects threats "with minimum display of anatomical details." Its competitors, and body scanner pioneer Martin Annis, are also pursuing enhanced privacy approaches. Here are the technology details.
5 Airport Body Scanner Patents Stripped Down
Slideshows  |  11/29/2010  | 
Here's a deep dive on five patents applying X-ray backscatter technology to airport contraband detection. These screening machines have been much in the news recently, amid controversy regarding both their effectiveness and the amount of radiation exposure to which travelers are subjected. The patents we'll look at are from prime players in the airport body scanner field. This list is led by Rapiscan Systems Inc. , of Torrance, Calif., which in 2009 won the TSA contract to supply whole-body imag
China Directed Google Attack, Leaked Cable Says
News  |  11/28/2010  | 
A trove of diplomatic communications released by Wikileaks includes the claim that Chinese officials oversaw the cyber attack on Google.
Taming the Beast: Preventing/Detecting Insider Threat
Commentary  |  11/27/2010  | 
While many companies deal with the problem of insider threat, there are some practical things that can be done to both prevent and detect insider threat. Always remember, prevention is ideal but detection is a must.
Shuttle Discovery Launch Delayed
News  |  11/24/2010  | 
External fuel tank repairs are in process and NASA says the earliest Discovery will make its final trip to the International Space Station is Dec. 17.
Schwartz On Security: China's Internet Hijacking Misread
Commentary  |  11/24/2010  | 
Core Internet security concerns aren't as sexy as hyping Chinese attacks, but concern over the potential assault is misplaced and distracts from the need to fix what's really broken.
Most Microsoft DLL Hijacking Vulnerabilities Remain Unpatched
News  |  11/24/2010  | 
Three months after they were first disclosed, only 15% of known bugs have been patched, reports ACROS Security.
Consumers Ignore Safe Online Shopping Guidance
News  |  11/24/2010  | 
Webroot survey finds that 52% of people don't check for an HTTPS connection before making purchases and 23% feel safe when using free, public wireless connections for e-commerce.
Facebook Christmas Tree Virus Hoax Spreading
News  |  11/24/2010  | 
Fake malware warnings multiplying faster than actual threats, says Sophos' Graham Cluley.
Healthcare Breach In Puerto Rico Could Affect More Than 400,000
Quick Hits  |  11/24/2010  | 
Breach disclosure says employees gained unauthorized access to customer records
Opera 11 Beta Offers Tab Stacking
News  |  11/23/2010  | 
Opera joins Firefox in trying to provide users a better way to organize large numbers of open browser tabs.
Smartphones: The Next Generation Of Security Vulnerabilities?
News  |  11/23/2010  | 
Enterprises are seeing an explosion of smart devices entering the company and accessing their data. Security experts recommend some simple steps to tame the mobile beast
The Top Five Challenges In Securing Oracle Databases
News  |  11/23/2010  | 
Keeping Oracle data safe has never been easy. Here's a look at the challenges -- and some emerging tools for handling them
Researchers Uncover Holes In WebOS Smartphones
News  |  11/23/2010  | 
Linux-based platform prone to Web-injection vulnerabilities and targeted attacks for stealing data
DHS Cybersecurity Center Promotes Information Sharing
News  |  11/23/2010  | 
The MS-ISAC aims to give state and local governments the same real-time access to cybersecurity threat info that the federal government has.
Credential-Stealing Botnet Infects Website To Website
Quick Hits  |  11/23/2010  | 
Kroxxu botnet infects servers, steals mostly FTP credentials
Enterprises Overlook Virtualization, Cloud In Disaster Recovery
News  |  11/23/2010  | 
Symantec study finds 44% of data on virtualized systems is rarely backed up, and 60% of virtualized servers are not included in disaster recovery plans.
Sophos Sees Macs OS Infected With Windows Sludge
Commentary  |  11/23/2010  | 
Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.
Thanksgiving IT Help
Commentary  |  11/23/2010  | 
Tips for helping family members secure their computers for safe internet browsing and online shopping
What About Biometrics?
Commentary  |  11/22/2010  | 
Integrating fingerprints in a standard way so that Web and enterprise applications can take advantage of them
Does SSD Make Sense In The Small Data Center?
Commentary  |  11/22/2010  | 
Solid State Storage is often thought of as being used in one of two extremes. Either in the high end enterprise to acceleration databases or in the consumer netbook, smartphone market. The truth is that solid state storage can be used in a wide variety of applications in businesses of all sizes. The small data center with two to three servers should not exclude SSD from it's consideration.
Securing The PDF
News  |  11/22/2010  | 
New Adobe Reader X sandbox and Invincea's virtualized Document Protection offer new methods to combat PDF attacks
Federal Officials Honored For Continuous Security Monitoring Efforts
News  |  11/22/2010  | 
Vivek Kundra, the nation's CIO, U.S. Sen. Tom Carper, and John Streufert, CIO at the State Department helped uncover $300 million in inefficiencies related to certification and accreditation reporting
Web-Based Malware Infections Have Doubled Since Last Year, Report Says
Quick Hits  |  11/22/2010  | 
More than 1.2 million sites were infected in Q3, according to figures from Dasient
Federal Reserve Hacker Indicted
News  |  11/22/2010  | 
Lin Mun Poo of Malaysia is accused of possessing more than 400,000 stolen credit and debit card numbers.
Air Force Launches Enormous Spy Satellite
News  |  11/22/2010  | 
A Delta IV Heavy rocket lifted off Sunday on a top-secret defense mission, according to the National Reconnaissance Office.
Check Point Survey: More Than Half Of U.K. Corporate Laptops Are Not Protected Against Theft Or Data Loss
News  |  11/22/2010  | 
A majority of businesses are potentially vulnerable to unauthorized network access
Alureon Malware Bites Windows 7
News  |  11/22/2010  | 
The threat's rootkit gets an upgrade to compromise Microsoft's 64-bit operating systems by defeating driver-signing security.
SOC 2.0: A Crystal-Ball Glimpse Of The Next-Generation Security Operations Center
News  |  11/22/2010  | 
Thanks to some fundamental shifts in security technology and thinking, the day-to-day activities of security professionals in large enterprises could take some sharp turns in the near future, experts say
Researchers: Be Wary Of New Trojan Attacks
Commentary  |  11/21/2010  | 
A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.
Page 1 / 4   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.