News & Commentary

Content posted in December 2009
Page 1 / 4   >   >>
2010 Security Dreams? GFI Says "Dream On!"
Commentary  |  12/31/2009  | 
Sometimes you've just got to smile, and GFI security expert David Kelleher gave me more than one with his dreams of a security utopia in 2010. Dream on is more like it.
Tech Insight: After The Holidays, It's Time To Re-Examine Smartphone Policies
News  |  12/31/2009  | 
With new portable devices coming out of the wrapping paper, how can enterprise security keep up?
Online Holiday Shopping Up In December; Phishers Follow Suit
Quick Hits  |  12/31/2009  | 
Majority of threats on the Web in December were phishing attacks, study says
2010 Security Outlook: Reply Hazy, Try Again
News  |  12/30/2009  | 
Security researchers, experts don't show much agreement on the coming year's threats
Gonzalez Pleads Guilty To Hack Of Heartland, Hannaford, 7-Eleven
Quick Hits  |  12/30/2009  | 
Guilty plea reveals Target was also victim of massive hacking ring
2010 Threat Environment: New Year's Familiar Fears
Commentary  |  12/30/2009  | 
Saying goodbye to 2009 won't, alas, let us say goodbye to many of the year's top threats, which promise to linger and persist into 2010, even as the New Year brings new threats, as well as new versions and varieties of the old ones.
Adobe To Surpass Microsoft As Hacker Target
News  |  12/30/2009  | 
McAfee says Adobe Reader and Flash will top Microsoft Office as the favorite target of cybercriminals in 2010.
Researchers Prepare Practical Demonstration Of GSM Encryption Cracking Technology
News  |  12/29/2009  | 
GSM calls can be intercepted and decoded using low-cost hardware and open-source software, researchers say
Hacker Breaks GSM Mobile Phone Code
News  |  12/29/2009  | 
A German computer scientist has cracked the encryption algorithm that secures 80% of the world's mobile phones, but it's far from a practical attack.
Mobile Botnets: A New Frontline
Commentary  |  12/29/2009  | 
There has been a recent rash of worms and malware targeting (jailbroken) iPhones. A group of researchers from SRI International published a study of an Apple iPhone bot client, captured just before Thanksgiving.
After Hacks, Louisiana Restaurants Sue POS Companies
Quick Hits  |  12/29/2009  | 
More than 100,000 credit cards exposed by keylogger attack, Secret Service says
DDoS Attack Briefly Interrupts Online Holiday Shopping
News  |  12/28/2009  | 
Attack On UltraDNS was detected 'within minutes,' and shoppers were back online in an hour
Former Executive Accused Of Selling Data From Matchmaking Firm
Quick Hits  |  12/28/2009  | 
Ex-employee allegedly ransomed customer information, then tried to deal it to competitors
Amazon Hit With DDoS Attack
News  |  12/28/2009  | 
The storage and computing cloud services, S3 and EC2, respectively, were briefly affected Wednesday.
Global CIO: My 5 Favorite Cover Stories Of 2009
Commentary  |  12/27/2009  | 
From a year's worth of InformationWeek cover stories, here's a very personal list. And I'm already regretting some I didn't pick.
Data Masking Primer
Commentary  |  12/26/2009  | 
Data masking is an approach to data security used to conceal sensitive information. Unlike encryption, which renders data unusable until it is restored to clear text, masking is designed to protect data while retaining business functionality.
Twitter Acquires GeoAPI Creator Mixer Labs
News  |  12/24/2009  | 
Software allows users to map their Twitter posts to specific locations, though some worry about privacy
5 Security Predictions For 2010
Commentary  |  12/24/2009  | 
Varonis shares five security trends that will impact SMBs in the coming year.
Top 10 Security Challenges For 2010
News  |  12/24/2009  | 
Cloud-hosted malware, bot blasts, compromised smartphones, and privacy-busting malvertising are a few of the security pitfalls we can expect this year.
Fixing The Security Disconnect
Commentary  |  12/24/2009  | 
A disconnect often exits between security teams and the population they service. I'm not referring to just users -- of course, you'll pretty much always find a rift between security and users -- but instead I mean the disconnect that often occurs among network groups, system administrators, developers, and similar groups.
Facebook Hit By Clickjacking Attack
News  |  12/23/2009  | 
Social network targeted by emerging brand of attack that's hard to kill
Feds Need To Push Forward On Cybersecurity, Says Former FBI CIO
News  |  12/23/2009  | 
Key to any plan is to focus on hardware, software, and people, and to understand that cybersecurity is a risk management effort, says Zal Azmi
Intel Website Hacked With SQL Injection
Quick Hits  |  12/23/2009  | 
Hacker reveals major hole that exposes personal passport information on channel partner events Website
Global CIO: A Holiday Miracle: Do You Believe In Angels?
Commentary  |  12/23/2009  | 
Our recent column "The Thanksgiving Angels Of Flight 3405" sparked dozens of letters so we're rerunning it for Christmas and the holiday season. Do you believe?
Former FBI CIO Urges 'Actionable' Cybersecurity Plan
News  |  12/23/2009  | 
The first step: harden desktops, servers, switches, and routers and the software that runs them via security and management tools, says Zal Azmi.
Report: FBI Probes Citigroup Breach
Quick Hits  |  12/22/2009  | 
Federal officials say they are investigating loss of tens of millions of dollars; Citigroup says there was no breach or loss
The 9 Coolest Hacks Of 2009
News  |  12/22/2009  | 
Digital faces, missile defenses, iPod Touches, and even texting teens all were the subject of extreme hacks
White House Names Howard Schmidt As Cybersecurity Czar
News  |  12/22/2009  | 
Former Bush administration official will head U.S. cybersecurity initiative for Obama, but experts question whether the post has much power
Obama Names Cybersecurity Coordinator
News  |  12/22/2009  | 
Former Bush administration official and Microsoft security official Howard Schmidt is tapped to develop a federal cybersecurity strategy.
Security PR: How To Disclose A Vulnerability
Commentary  |  12/22/2009  | 
When your team discovers a new security vulnerability in a third-party product, there are ways to handle it correctly to achieve maximum visibility.
Global CIO: Oracle's Incredible Profit Machine: 22% Maintenance Fees
Commentary  |  12/21/2009  | 
How important are your 22% annual fees to Oracle? It earned $3 billion on those fees last quarter while losing $800 million across the rest of the company.
2010 Year Of Fibre Channel-Over-Ethernet?
Commentary  |  12/21/2009  | 
Will 2010 be the year of Fibre Channel-Over-Ethernet (FCoE)? I am always hesitant to predict that any particular year with be "the year" but I do think that FCoE will move out of conversation and testing phases and more into production.
Smartphone Security Startup Offers Free Beta
News  |  12/21/2009  | 
Product to mix lightweight mobile client with cloud-based security, backup, and anti-theft features
Paper-Based Breaches Just As Damaging
Commentary  |  12/21/2009  | 
IT tends to forget about things that aren't electronic. But you remember that stuff called paper, right? Have you considered that printed documents are just as damaging to a company's reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server?
How The Koobface Worm Gang Makes Money
Quick Hits  |  12/21/2009  | 
Trend Micro report looks at the true motivation behind the widespread malware-laden botnet
Global CIO: Glimmers Of Growth In Outlook 2010 Research
Commentary  |  12/21/2009  | 
Our exclusive research shows IT shops may spend more this year, but not much on hiring people.
Feds Grant $60M For Health IT Research
News  |  12/21/2009  | 
The grant program is focused on areas, including security, where breakthroughs are needed to drive adoption and meaningful use of health IT.
4 Factors To Consider Before Firing Up That DLP Solution
News  |  12/21/2009  | 
There's an ugly truth that DLP vendors don't like to talk about
Season's Security Greetings: 12 Holiday Tips To Keep Your Data Safe
Commentary  |  12/21/2009  | 
'Tis the season -- for holiday time off, extended trips, office parties... and security negligence. Time to tighten the defenses and clamp down on the user indulgences. No Grinch or Scrooge stuff here: Just a few tips for keeping your workplace systems and data safe, as well as merry and bright.
Global CIO: The Top 10 CIO Issues For 2010
Commentary  |  12/21/2009  | 
For CIOs, 2010 will require new emphases on customers, revenue, external information, and a passion for rapid change.
SkyGrabber Is For Porn, Not For Hacking Predator Drones
Commentary  |  12/18/2009  | 
According to a sensationalized news story from late last week, Iraqi insurgents have intercepted live feeds from Predator drones. But the story's facts seem fishy: it claims the $26 off-the-shelf software product, SkyGrabber, was used to intercept live video feeds from U.S. Predator drones. But SkyGrabber does not have this ability.
Making Your IDS Work For You
Commentary  |  12/18/2009  | 
Talk to anyone who knows anything about running an intrusion detection system (IDS), and he will tell you one of the most important processes during the initial deployment is tuning. It's also one of the important operational tasks that go on as new rules are released to make sure they are relevant to the environment you're tasked to protect.
Attack Of The RAM Scrapers
News  |  12/18/2009  | 
Beware of malware aimed at grabbing valuable data from volatile memory in point-of-sale systems
Electronic Medical Records: The Good, Bad, And Ugly
News  |  12/18/2009  | 
EMRs offer huge benefits, but privacy and security threats are massive as well
Twitter Hit By DNS Hijacking Attack
Quick Hits  |  12/18/2009  | 
Twitter site redirected to 'Iranian Cyber Army' Website for about an hour last night
Global CIO: Oracle CEO Larry Ellison On The Future Of IT
Commentary  |  12/18/2009  | 
Ellison speaks out on Oracle's new Sun-enabled strategy and how that points to where the entire IT industry is headed.
Twitter Downed By 'Iranian' Hackers
News  |  12/18/2009  | 
Social networking site infiltrated by group claiming ties to Middle Eastern country.
Oracle Makes 10 Commitments To Seal EU Deal
News  |  12/17/2009  | 
Oracle has just released 10 commitments to customers and developers about MySQL's future accessibility and openness in the hope of gaining EU approval to acquire Sun.
Security Reminders From "Hacked" Predator Drones
Commentary  |  12/17/2009  | 
The Wall Street Journal reported today that Iraqi militants are able to intercept live feeds from U.S. military predator drones with standard hardware equipment and a $30 software application.
Improved Security In Microsoft Office 2010
Commentary  |  12/17/2009  | 
Microsoft has made Office 2010 available in public beta. After playing around with it for a while, I am not yet sure I need any of the new functionality.
Page 1 / 4   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19333
PUBLISHED: 2018-11-17
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVE-2018-19340
PUBLISHED: 2018-11-17
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter.
CVE-2018-19327
PUBLISHED: 2018-11-17
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19328
PUBLISHED: 2018-11-17
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.
CVE-2018-19329
PUBLISHED: 2018-11-17
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.