News & Commentary

Content posted in December 2010
Page 1 / 4   >   >>
Three 2011 Security Resolutions (for the uninitiated)
Commentary  |  12/31/2010  | 
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Commentary  |  12/30/2010  | 
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
Commentary  |  12/30/2010  | 
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Information Security Predictions 2011
Commentary  |  12/29/2010  | 
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
Apple May Face More Privacy Lawsuits
News  |  12/29/2010  | 
Without definitive laws defining data privacy rights, Apple and other companies involved in developing mobile applications are likely to be targeted by consumers turning to the courts for protection.
Mozilla Claims Exposed Account Data Posed 'Minimal Risk'
News  |  12/29/2010  | 
The Firefox browser maker says it was able to account for every download of a partial database containing 44,000 inactive registered developer accounts that was left on a public server.
Nintendo Warns Children Should Skip 3DS
News  |  12/29/2010  | 
Because their eyes are still developing, kids under the age of 6 shouldn't use the handheld gaming device's 3D functions, said the company.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
Facebook Value Leaps 56% To $41.2 Billion
News  |  12/28/2010  | 
The social media giant led strong gains among privately held social media companies, including Groupon, Zynga, and Twitter, in the second half of 2010, finds analyst study.
Dell 'Looking Glass' Tab Specs Revealed
News  |  12/27/2010  | 
The 7' Android tablet will support 3G and Wi-Fi wireless networks according to documents the computer maker filed with the FCC.
As More SMBs Engage Online Security Concerns Grow
Commentary  |  12/27/2010  | 
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Amazon Says Kindle Best Selling Product Ever
News  |  12/27/2010  | 
Apple iPad owners are also buying e-readers according to the online retailer, which announced that sales of the Kindle have surpassed its previous all-time bestseller, "Harry Potter and the Deathly Hallows."
Why SMBs Aren't Buying DLP
Commentary  |  12/27/2010  | 
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
Online Holiday Shopping Surges 15%
News  |  12/27/2010  | 
Mobile phones accounted for a larger share of the $36.4 billion consumers spent in November and December.
SCADA Security Heats Up
Commentary  |  12/27/2010  | 
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Happy Holidays From Dark Reading
Quick Hits  |  12/23/2010  | 
Dark Reading staff takes brief hiatus; rebooting on Jan. 3
Pioneer Ships First 3D Blu-ray Players
News  |  12/23/2010  | 
The three models support the latest HDMI and audio formats, and can access content from streaming video services.
Why Don't Firewalls Work?
News  |  12/23/2010  | 
Even the best firewalls might fail an audit -- or get hacked -- if your enterprise doesn't follow proper change and configuration management practices. Here's a look at some of the common pitfalls that trip up firewall administrators
Microsoft Moves To Block Zero Day Attack
Commentary  |  12/22/2010  | 
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Targeted, Skilled Attacks Shaped 2010 Threats
News  |  12/22/2010  | 
While high-profile breaches like that of Google and the Stuxnet worm served as a wake-up call for many organizations, attackers continue to 'mow through' enterprises' systems and networks
Lessons Learned From Five Big Database Breaches In 2010
News  |  12/22/2010  | 
Second half of 2010 featured some major mess-ups that led to the exposure of sensitive data
Subcontractor Arrested For Stealing 15,000 SSNs From NY Disability Assistance Agency
Quick Hits  |  12/22/2010  | 
Suspect lifted other personal information, as well, from computers storing New York state agency data
Fidelis Snags Anti-WikiLeaks Contracts
News  |  12/22/2010  | 
Security vendor is working with several federal agencies to prevent classified information on the Web from reaching unclassified government networks.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
Why All The Big Deals?
Commentary  |  12/22/2010  | 
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
'Tis Attack Season: 5 Ways To Fight Back
Commentary  |  12/22/2010  | 
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
Facebook Testing Newsfeed Filter Options
News  |  12/22/2010  | 
Social media site testing an enhancement to allow users to customize the information they see.
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Schwartz On Security: Don't Get Hacked For the Holidays
Commentary  |  12/22/2010  | 
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
SIEM Gathers Steam In 2010
News  |  12/21/2010  | 
Strong market growth rate attracting new start-ups, but biggest slices are increasingly being hoarded by a very short list of SIEM vendors
Harvard Report: DDoS As A Weapon For Silencing Internet Speech
Quick Hits  |  12/21/2010  | 
Berkman Center for Internet & Society report looks at breadth and impact of distributed denial-of-service attacks on independent media and human rights websites
41st Parameter Awarded Patent For Device Identification For Online And Mobile Commerce
News  |  12/21/2010  | 
DeviceInsight represents a significant advancement in the fight against online and mobile fraud
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
What If Data Services Were Free?
Commentary  |  12/21/2010  | 
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Britain Scraps Biometric National ID Cards
News  |  12/21/2010  | 
The identity register, billed as a way to increase security, was criticized for collecting too much information on United Kingdom citizens.
The Six Coolest Hacks Of 2010
News  |  12/21/2010  | 
Owned ATMs, a rogue cell tower, Firesheep, and a Samy comeback -- yep, it was a year to remember
Hulu Nixes IPO Plans
News  |  12/21/2010  | 
The online video site may look to its existing investors to raise capital, now that it's dismissed plans for a public stock offering, say reports.
Apple Unplugs WikiLeaks App
News  |  12/21/2010  | 
Other applications that connect users to Julian Assange's rogue Web site are still available for Google's Android platform.
Social Lender Prosper.com Drops Auction Model
News  |  12/20/2010  | 
Prosper.com says it will no longer allow lender bidding to set interest rates on new loans.
Being Your Own SSL Certificate Authority
News  |  12/20/2010  | 
How to address some key security and operational issues with managing and creating your own SSL CA
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Google Adds 'Hacked Site' Alert To Search Results
Quick Hits  |  12/20/2010  | 
New feature an expansion of Safe Browsing efforts
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
University Of Wisconsin-Madison Leaves 60,000 SSNs Unprotected For Two Years
News  |  12/20/2010  | 
Colleges getting schooled on dangers of keeping social security numbers on file
Security Design Fail
Commentary  |  12/19/2010  | 
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Page 1 / 4   >   >>


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-14185
PUBLISHED: 2018-05-25
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
CVE-2018-8862
PUBLISHED: 2018-05-25
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
CVE-2018-8864
PUBLISHED: 2018-05-25
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
CVE-2018-8871
PUBLISHED: 2018-05-25
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2017-9641
PUBLISHED: 2018-05-25
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.