News & Commentary

Content posted in December 2008
Page 1 / 3   >   >>
Apple Without Jobs: Who Secures A Company's Heart?
Commentary  |  12/31/2008  | 
Very often a founder is the heart of a unique, successful company, or in the case of IBM it was actually the son of the founder, Thomas Watson Jr. All the focus this week on the likely departure of Steve Jobs from Apple has me thinking back about one of my very first jobs at Disney shortly after Walt died. In many ways these men embodied more than their companies' brands: They embodied a way of thinking about business that wasn't defined in dollars and cents; it was defined by imagination, carin
200 Sony PS3s Harnessed To Crack Secure Site Certification
News  |  12/31/2008  | 
A research group finds a way to forge certain digital certificates and create fake versions of popular e-commerce and banking sites.
'Curse Of Silence' Exploit Found For Nokia Handsets
News  |  12/31/2008  | 
A single malformed SMS message can prevent some handsets from sending and receiving further SMS and MMS messages, security researchers warn.
Four Threats For '09 That You've Probably Never Heard Of (Or Thought About)
News  |  12/31/2008  | 
What could keep you up at night in the new year may not be what you expect -- a look at some of the lesser-known threats predicted for 2009
Hundreds of Israeli Websites Hacked in 'Propaganda War'
Quick Hits  |  12/31/2008  | 
Attackers deface sites with anti-Israeli and anti-U.S. messages as bombings escalate in Gaza; U.S. Webmasters warned to be vigilant
Top 10 Security Stories Of 2008
News  |  12/30/2008  | 
A spike in data breaches, the threat of malicious hardware, and alarming revelations about the Internet's vulnerabilities from security experts such as Dan Kaminsky all made headlines in 2008.
The (Not Quite) End Of Security On The Internet
Commentary  |  12/30/2008  | 
Speaking at the 25th annual Chaos Communication Congress in Berlin, security researchers showed how they developed a rogue (forged) Certificate Authority digital certificate. Yes, this is a big deal. But no, the Internet isn't broken.
ID Theft and Police Scanners
Commentary  |  12/30/2008  | 
When asked why he robbed banks, the flamboyant criminal Willie Sutton answered, "Because that's where the money is." That's the perfect example of how the principle of Occam's razor applies to crime: the simplest solution to a problem is often the best one. With the economic downturn, high unemployment rates, and the booming business of identity fraud, would-be criminals are on the lookout for easy methods to get access to personal information. And we stumbled across one such way during a rece
Security 2008: Bad Year, But Better Than What's Ahead
Commentary  |  12/30/2008  | 
How bad were the security challenges in 2008? Bad! And a glance back over the year leads to the conclusion that 2009 is going to be worse.
Verizon Wins $33 Million In Cybersquatting Case
News  |  12/30/2008  | 
The telecom said this is the largest-ever cybersquatting judgment, but it may have a hard time getting the money from OnlineNIC.
New SSL Hack Imperils Secure Websites
News  |  12/30/2008  | 
Potentially deadly silent attack impersonating legitimate digital certificates revealed at hacker confab in Germany
Microsoft: The Windows Media Player Flaw That Wasn't
Quick Hits  |  12/30/2008  | 
Microsoft refutes report of code execution vulnerability
Cloud Computing Security: What About It?
Commentary  |  12/29/2008  | 
I'm always trolling the Web for insight into the latest technology trends, and how these trends could impact both how we use technology and how it may change how we secure our data. During my pursuit for knowledge, I'll often run into bone-headed comments and blogs, and when I do, for the most part, I just shrug them off. Today's experience isn't one of those times.
SIFT Workstation And Resources For Aspiring Forensic Examiners
Commentary  |  12/29/2008  | 
Rob Lee of Mandiant and a faculty fellow from the SANS Institute gave the forensic community an early Christmas present with the release of version 1.2 of the SIFT Workstation. It is a Linux-based VMware appliance pre-configured with the tools needed to conduct a forensic examination. Rob has developed the SIFT Workstation for the SANS course he developed and teaches, which is ve
CastleCops Shuts Down
News  |  12/29/2008  | 
After years of fighting the good fight against spammers and phishers, the all-volunteer online community has pulled the plug
New Open Standard Arrives For Gauging Security of Web Apps, Services
Quick Hits  |  12/29/2008  | 
OWASP releases Application Security Verification Standard for developers, security pros, and buyers
CastleCops Phish Fighters Close Site
Commentary  |  12/29/2008  | 
Quietly, just before Christmas, six year old volunteer anti-phishing group CastleCops closed its Web site, noting in an open letter that "all things come to an end." True enough, but the example CastleCops set deserves to live on, and be emulated.
Infected Digital Picture Frames: They're Ba'aack
Commentary  |  12/28/2008  | 
Last January, Insignia had to yank a line of 10.4-inch digital frames from Best Buy due to reports of infection. This year it's Samsung that has egg on its face.
Every Year Bogus Holiday Cards Flood In-Boxes: This Year is No Exception
Commentary  |  12/27/2008  | 
If your in-box is like mine, you've been hit with numerous fake greeting card spams. Who knows what you really get if you click on the link: Phishing attack attempt? A keystroke logger? Worse? Keep it safe.
Yes, Virginia, There Will Be More Attacks
Commentary  |  12/24/2008  | 
This is the time of year when the editor of a publication usually issues a warm and fuzzy holiday message that's supposed to make you want to gather around the fire with your family for a group hug. Unless, of course, your publication has to do with information security.
Computer Security's Six Most Important Words Of 2008
News  |  12/24/2008  | 
For good or ill, these six words were top of mind for security pros -- and hackers -- in the past year
You're A Mean One, Ms. Grinch
Quick Hits  |  12/24/2008  | 
Thief who steals holiday package contents from homes is now a star on YouTube
Second Zero Day Flaw Nails Microsoft In Two Weeks
Commentary  |  12/23/2008  | 
For the second time in two weeks, Microsoft is rushing to fix a zero-day vulnerability. This time the flaw is in some versions of the software used to run corporate databases.
Zero-Day SQL Server Flaw Could Allow Remote Code Execution
News  |  12/23/2008  | 
Exploits of unpatched vulnerability have already been published, Microsoft warns
Microsoft Confirms New SQL Server Threat
News  |  12/23/2008  | 
The vulnerability could leave numerous versions of the database software vulnerable to cyberattack.
Check Point Buys Nokia's Security Appliance Business
Quick Hits  |  12/23/2008  | 
Acquisition will expand Check Point's product line, execs say
Cloud Storage Is About Dispersion
Commentary  |  12/23/2008  | 
Cloud storage is destined to be one of the hottest markets next year. It is one of those technologies that is actually aided by a down economy. As IT budgets remain flat or decline, the need for storage capacity will accelerate. The ability to buy that storage as you need it instead of all at once will be interesting. Additionally, Web 2.0 and other Internet-enabled services are supposed to continue to thrive, and all these will need storage as well.
WARNING: Old Windows SQL Server Flaw Exploit Code Published
Commentary  |  12/23/2008  | 
Microsoft has issued an advisory that a known critical vulnerability in older versions of Windows SQL Server now has proven attack code, developed by a security firm weary of waiting for a patch to be released.
Researchers Point Out XSS Flaws On American Express Site
News  |  12/22/2008  | 
Flaws could jeopardize users' identities, researchers say
Quick Take: Check Point Frees Nokia To Be Nokia
Commentary  |  12/22/2008  | 
To IT security industry watchers, the move announced today that Check Point Software Technologies is acquiring Nokia's security business is no shocker. And perhaps it will enable Check Point to start doing what it should have been doing all along: innovating more.
Database Breach Preparedness
Commentary  |  12/22/2008  | 
A copy of "SQL Server Forensic Analysis," by Kevvie Fowler, arrived in my mailbox today. I'd been looking forward it to because it is a highly topical subject given all of the data breaches that have occurred in the past couple of years involving databases. David Litchfield has produced numerous whitepapers and presented on the topic of Orac
Couriers Take The Cake -- And Thousands Of Bank Records
Quick Hits  |  12/22/2008  | 
Delivery drivers reroute thousands of bank records to major German newspaper
Holiday Security: While Employees Are Away, Don't Let Crooks Play
Commentary  |  12/22/2008  | 
As the holidays approach, so do opportunities to tighten security in the workplace -- or have lax habits turn into disasters.
Has Microsoft's Trustworthy Computing Got Us Anywhere?
Commentary  |  12/19/2008  | 
As we noted earlier this week, Microsoft learned of a vulnerability in IE 7 on "Patch Tuesday," Dec. 9, and had a fix published for download eight days later. Now, Microsoft's Michael Howard, from the security engineering team, takes an interesting look at the lessons learned.
Tech Insight: Finding Common Ground For Security, IT Teams
News  |  12/19/2008  | 
Tips for security and IT teams to better cooperate on hot-button issues of password policies, patch management, and network security
RIAA To Stem Tide Of Lawsuits Against Individuals
Quick Hits  |  12/19/2008  | 
Recording association to approach ISPs in effort to protect copyrighted music, video
The 2009 Security Tsunami
Commentary  |  12/19/2008  | 
Many in the United States think the party in power has sacrificed too much privacy and liberty in order to address security concerns, particularly in regard to terrorism. The incoming administration is likely to undo a lot of this, but, at the same time, a massive number of very upset people with and without tech skills are going to find themselves jobless.
Trust Trumps Price For Cybershoppers
Commentary  |  12/19/2008  | 
The hope that tight economic times are driving shoppers Webward in search of better prices carries a caveat: By a factor of ten to one, online shoppers place a higher value on trust and security than on bargains, according to recent research from VeriSign.
IE7 Zero-Day Lessons
Commentary  |  12/19/2008  | 
The recent zero-day IE7 vulnerability is a big deal. Hackers used it to hack into hundreds of thousands of machines, if not millions. Both IE7 and Vista are vastly more secure than their predecessors, yet this bug sliced right through them to give the hacker a robust exploit. We need to do a post mortem of this event to figure out what we should do in the future.
Researchers Hone In On 'Dropzones' For Stolen Credentials
News  |  12/18/2008  | 
One-third of "impersonation attack" victims from the U.S. and Russia, research finds
Royal Rip-Off: Fergie's Personal Laptop Stolen In Break-In
Quick Hits  |  12/18/2008  | 
Sarah Ferguson, Duchess of York, finds herself the latest victim of laptop theft
Yahoo Rivals Urged To Limit Personal Data Retention
News  |  12/18/2008  | 
House Internet chairman says Microsoft and Google should follow Yahoo's lead on privacy.
Much Ado Over Microsoft's (Somewhat) Rare Out-Of-Band Patch
Commentary  |  12/17/2008  | 
My advice: Patch this puppy, and don't worry about whether or not Microsoft should have published this update out of its normal monthly update cycle.
How Storage Latency Affects Performance
Commentary  |  12/17/2008  | 
A few entries ago I introduced the subject of latency as impedance to storage performance. The biggest area of concern is what impact storage latency has on application performance. This is an area where solid state disk (SSD) solutions can make a difference that standard mechanical drive solutions struggle to solve.
Out-Of-Cycle Patches Test Maturity Of Patch Management Programs
Commentary  |  12/17/2008  | 
With two out-of-cycle security updates from Microsoft this fall, organizations are getting the opportunity to evaluate the maturity of their patch management processes through trial by fire.
Patch 'Em Up! IE Releases Critical Patch, Firefox Patches Dozen Bugs
Commentary  |  12/17/2008  | 
Microsoft has released the patch that closes an Internet Explorer vulnerability that's been exploited hundreds of thousands of times in the last few days. Mozilla has patched more than a dozen Firefox problems, many of them critical. Time to get Patching!
Microsoft Releases Critical Internet Explorer Patch
News  |  12/17/2008  | 
The out-of-band security update fixes a JavaScript-related vulnerability that's being actively exploited through hacked Web sites.
Survey: Collaboration Applications Not Sufficiently Secured
Quick Hits  |  12/17/2008  | 
Rohati Systems' survey finds collaboration applications are secured mainly by passwords
The Five Coolest Hacks Of 2008
News  |  12/17/2008  | 
Not even your psyche was safe from hacking this year -- hackers found holes in the highway toll system, building security -- and, yes, your head
Researcher: Poor SSL Implementations Leave Many Sites At Risk
News  |  12/16/2008  | 
Major sites continue to operate with expired or misconfigured SSL certificates, according to a researcher at Canola & Jones
Page 1 / 3   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Typin' in my password. Somebody's shoulder surfin'. Woooh!
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11329
PUBLISHED: 2018-05-22
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wil...
CVE-2018-11363
PUBLISHED: 2018-05-22
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
CVE-2018-11364
PUBLISHED: 2018-05-22
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.
CVE-2018-11365
PUBLISHED: 2018-05-22
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.
CVE-2018-11339
PUBLISHED: 2018-05-22
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.