News & Commentary

Content posted in December 2010
Page 1 / 4   >   >>
Three 2011 Security Resolutions (for the uninitiated)
Commentary  |  12/31/2010  | 
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Commentary  |  12/30/2010  | 
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
Commentary  |  12/30/2010  | 
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Trojan Targeting Android Phones
News  |  12/30/2010  | 
Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.
Information Security Predictions 2011
Commentary  |  12/29/2010  | 
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
Apple May Face More Privacy Lawsuits
News  |  12/29/2010  | 
Without definitive laws defining data privacy rights, Apple and other companies involved in developing mobile applications are likely to be targeted by consumers turning to the courts for protection.
Mozilla Claims Exposed Account Data Posed 'Minimal Risk'
News  |  12/29/2010  | 
The Firefox browser maker says it was able to account for every download of a partial database containing 44,000 inactive registered developer accounts that was left on a public server.
Nintendo Warns Children Should Skip 3DS
News  |  12/29/2010  | 
Because their eyes are still developing, kids under the age of 6 shouldn't use the handheld gaming device's 3D functions, said the company.
Apple, Social Networks Top Cybercrime Targets In 2011
News  |  12/28/2010  | 
McAfee threat predictions for the coming year forecast that Apple's increasing influence in personal computing, smartphones, and tablets will make it a prime target for cybercriminals.
Facebook Value Leaps 56% To $41.2 Billion
News  |  12/28/2010  | 
The social media giant led strong gains among privately held social media companies, including Groupon, Zynga, and Twitter, in the second half of 2010, finds analyst study.
Dell 'Looking Glass' Tab Specs Revealed
News  |  12/27/2010  | 
The 7' Android tablet will support 3G and Wi-Fi wireless networks according to documents the computer maker filed with the FCC.
As More SMBs Engage Online Security Concerns Grow
Commentary  |  12/27/2010  | 
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Amazon Says Kindle Best Selling Product Ever
News  |  12/27/2010  | 
Apple iPad owners are also buying e-readers according to the online retailer, which announced that sales of the Kindle have surpassed its previous all-time bestseller, "Harry Potter and the Deathly Hallows."
Why SMBs Aren't Buying DLP
Commentary  |  12/27/2010  | 
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
Online Holiday Shopping Surges 15%
News  |  12/27/2010  | 
Mobile phones accounted for a larger share of the $36.4 billion consumers spent in November and December.
SCADA Security Heats Up
Commentary  |  12/27/2010  | 
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Happy Holidays From Dark Reading
Quick Hits  |  12/23/2010  | 
Dark Reading staff takes brief hiatus; rebooting on Jan. 3
Pioneer Ships First 3D Blu-ray Players
News  |  12/23/2010  | 
The three models support the latest HDMI and audio formats, and can access content from streaming video services.
Why Don't Firewalls Work?
News  |  12/23/2010  | 
Even the best firewalls might fail an audit -- or get hacked -- if your enterprise doesn't follow proper change and configuration management practices. Here's a look at some of the common pitfalls that trip up firewall administrators
Microsoft Moves To Block Zero Day Attack
Commentary  |  12/22/2010  | 
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Targeted, Skilled Attacks Shaped 2010 Threats
News  |  12/22/2010  | 
While high-profile breaches like that of Google and the Stuxnet worm served as a wake-up call for many organizations, attackers continue to 'mow through' enterprises' systems and networks
Lessons Learned From Five Big Database Breaches In 2010
News  |  12/22/2010  | 
Second half of 2010 featured some major mess-ups that led to the exposure of sensitive data
Subcontractor Arrested For Stealing 15,000 SSNs From NY Disability Assistance Agency
Quick Hits  |  12/22/2010  | 
Suspect lifted other personal information, as well, from computers storing New York state agency data
Fidelis Snags Anti-WikiLeaks Contracts
News  |  12/22/2010  | 
Security vendor is working with several federal agencies to prevent classified information on the Web from reaching unclassified government networks.
State Department Announces Cybersecurity Post
News  |  12/22/2010  | 
The position, planned before the recent WikiLeaks exposure, will report directly to Secretary of State Hillary Clinton and work to prevent data breaches involving confidential diplomatic information.
Why All The Big Deals?
Commentary  |  12/22/2010  | 
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
100,000 Credit Cards Compromised By Data Breach
News  |  12/22/2010  | 
CitySights NY tour operator was storing card security codes in apparent violation of payment card industry regulations.
'Tis Attack Season: 5 Ways To Fight Back
Commentary  |  12/22/2010  | 
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
OpenBSD Project Finds Two Bugs In Software's IPsec Implementation
News  |  12/22/2010  | 
Up for debate: whether the FBI created a backdoor in the open-source operating system's code base
Facebook Testing Newsfeed Filter Options
News  |  12/22/2010  | 
Social media site testing an enhancement to allow users to customize the information they see.
OpenBSD Founder Believes FBI Built IPsec Backdoor
News  |  12/22/2010  | 
But Theo de Raadt said it is unlikely that the Federal Bureau of Investigation's Internet protocol security code made it into the final operating system.
Schwartz On Security: Don't Get Hacked For the Holidays
Commentary  |  12/22/2010  | 
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
SIEM Gathers Steam In 2010
News  |  12/21/2010  | 
Strong market growth rate attracting new start-ups, but biggest slices are increasingly being hoarded by a very short list of SIEM vendors
Harvard Report: DDoS As A Weapon For Silencing Internet Speech
Quick Hits  |  12/21/2010  | 
Berkman Center for Internet & Society report looks at breadth and impact of distributed denial-of-service attacks on independent media and human rights websites
41st Parameter Awarded Patent For Device Identification For Online And Mobile Commerce
News  |  12/21/2010  | 
DeviceInsight represents a significant advancement in the fight against online and mobile fraud
Gawker Details Missteps Behind Security Breach
News  |  12/21/2010  | 
The Gnosis group apparently faced few defenses in what it called a revenge attack on the prominent online media property.
What If Data Services Were Free?
Commentary  |  12/21/2010  | 
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Britain Scraps Biometric National ID Cards
News  |  12/21/2010  | 
The identity register, billed as a way to increase security, was criticized for collecting too much information on United Kingdom citizens.
The Six Coolest Hacks Of 2010
News  |  12/21/2010  | 
Owned ATMs, a rogue cell tower, Firesheep, and a Samy comeback -- yep, it was a year to remember
Hulu Nixes IPO Plans
News  |  12/21/2010  | 
The online video site may look to its existing investors to raise capital, now that it's dismissed plans for a public stock offering, say reports.
Apple Unplugs WikiLeaks App
News  |  12/21/2010  | 
Other applications that connect users to Julian Assange's rogue Web site are still available for Google's Android platform.
Social Lender Prosper.com Drops Auction Model
News  |  12/20/2010  | 
Prosper.com says it will no longer allow lender bidding to set interest rates on new loans.
Being Your Own SSL Certificate Authority
News  |  12/20/2010  | 
How to address some key security and operational issues with managing and creating your own SSL CA
EU Investigating Intel's Plan To Buy McAfee
News  |  12/20/2010  | 
Sticking point is apparently Intel's stated intention to include previously standalone security features in its microprocessors
Microsoft Overhauls Free Antivirus Software
News  |  12/20/2010  | 
Firewall integration, a better heuristic antivirus scanner, and network traffic inspection added to Microsoft Security Essentials 2.0.
Google Adds 'Hacked Site' Alert To Search Results
Quick Hits  |  12/20/2010  | 
New feature an expansion of Safe Browsing efforts
Intel Faces Antitrust Probe On Planned McAfee Acquisition
News  |  12/20/2010  | 
European Commission investigating whether proposed deal would box out competing antivirus products, reports the Wall Street Journal.
DHS Secretary Asserts Cybersecurity Leadership
News  |  12/20/2010  | 
Cybersecurity should be led by the Department of Homeland Security and not left to the market or the military, Janet Napolitano said.
University Of Wisconsin-Madison Leaves 60,000 SSNs Unprotected For Two Years
News  |  12/20/2010  | 
Colleges getting schooled on dangers of keeping social security numbers on file
Security Design Fail
Commentary  |  12/19/2010  | 
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.