News & Commentary

Content posted in February 2008
Page 1 / 4   >   >>
F-Secure Survey Shows Misplaced Security Confidence
Commentary  |  2/29/2008  | 
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
Commentary  |  2/29/2008  | 
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
'Phone Flu' Could Infect Mobile Devices
Quick Hits  |  2/29/2008  | 
Researchers demonstrate ability of wireless devices to pass viruses through close proximity
Tech Insight: Hacking Your Encryption Options
News  |  2/29/2008  | 
Choosing the right encryption solution isn't always easy
Beware of Aftermarket Batteries
News  |  2/29/2008  | 
Why aftermarket and counterfeit laptop batteries can be dangerous to your health - and life-threatening
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Commentary  |  2/28/2008  | 
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
Commentary  |  2/28/2008  | 
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
Researchers Name Top Six Spamming Botnets
News  |  2/28/2008  | 
Marshal researchers say six botnets are sending 85% of the world's spam
Study Reveals Banks, Telecom Firms That Get Hit Most by ID Theft
Quick Hits  |  2/28/2008  | 
Bank of America, HSBC, and telecommunications providers AT&T and Sprint/Nextel hit the most by identity thieves
VMware Moves To Protect Applications Living On The Hypervisor
Commentary  |  2/27/2008  | 
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
Commentary  |  2/27/2008  | 
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
Study: Consumers Don't Use Anti-Phishing Defenses
News  |  2/27/2008  | 
Much-ballyhooed 'green bar' is lost on most end consumers
Stolen FTP Credentials Offered for Sale: Major Firms at Risk
News  |  2/27/2008  | 
Nearly 9,000 stolen FTP server admin credentials offered with an automated crimeware kit, Finjan says
Many Companies Short on Security Skills
Quick Hits  |  2/27/2008  | 
Enterprises increase demand for security expertise, but find their staffs in short supply
An Ounce Of Virtual Prevention
Commentary  |  2/26/2008  | 
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
Commentary  |  2/26/2008  | 
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Commentary  |  2/26/2008  | 
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Hacker Steals Data on 18M Auction Customers in South Korea
News  |  2/26/2008  | 
Chinese attacker asks for ransom on data, reports say
SNMP Joins Dark Side in New XSS Attack
News  |  2/26/2008  | 
Researchers show how the Simple Network Management Protocol can be abused for cross-site scripting attacks
New Tool Protects You From Antivirus Gone Wild
Quick Hits  |  2/26/2008  | 
German security firm releases product to plug little-known but dangerous holes in AV and email security
Challenges From The Vendor View
Commentary  |  2/26/2008  | 
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Commentary  |  2/25/2008  | 
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
Agencies Fall Short on Protecting User Data
News  |  2/25/2008  | 
Government Accountability Office says many agencies still haven't met guidelines
Critical VMware Bug Breaks 'Barrier'
News  |  2/25/2008  | 
Core Security discovers VMware desktop software vulnerability with Shared Folders feature
Pakistan Takes YouTube Offline
Quick Hits  |  2/25/2008  | 
Effort to block access locally leads to a worldwide outage of popular video site
A Bad Day at Pakistan Telecom
Commentary  |  2/24/2008  | 
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Commentary  |  2/23/2008  | 
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea
Quick Hits  |  2/22/2008  | 
Proposed method of deploying patches is swatted by industry experts
'Gecko' Penetrates Building Access Systems
News  |  2/22/2008  | 
Black Hat researcher builds device that lets intruders steal and clone legitimate credentials from biometric and contactless card-based systems
At Del Monte, New Apps Open a Can of Worms for Remote Access
News  |  2/22/2008  | 
Package of Cisco products helps food giant resolve security conundrum
Where Storage Gets Innovative
Commentary  |  2/21/2008  | 
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Commentary  |  2/21/2008  | 
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Commentary  |  2/21/2008  | 
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
US Checks China's Tech Challenge
News  |  2/21/2008  | 
US veto of the Huawei/3Com deal could thwart China's security and storage ambitions
'Live' VMs at Risk While in Transit
News  |  2/21/2008  | 
Black Hat researcher demonstrates how an attacker could gain control of a hypervisor when a VM is moved from one machine to another
Canadian Police Bust Huge Botnet Ring
News  |  2/21/2008  | 
Botnet enslaved a million PCs in 100 countries, authorities say
Encrypted GSM Voice Calls & SMS Messages Hacked in Minutes
Quick Hits  |  2/21/2008  | 
Black Hat researchers have engineered a way to easily and cheaply crack GSM's encryption
Big Challenges Ahead
Commentary  |  2/20/2008  | 
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism. It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Commentary  |  2/20/2008  | 
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
The Social Engineer's Toolbox
News  |  2/20/2008  | 
These are a few of our favorite things to bring along for a social engineering exploit
Black Hat Researcher Hacks Credit Cards
News  |  2/20/2008  | 
Newly released tool grabs credit card account ID data off magnetic strips, RFID chips
Mega-Spammer Nabbed in Japan
Quick Hits  |  2/20/2008  | 
Twenty-five-year-old may be responsible for as many as 2.2B messages, authorities say
Feds Wrestle With Security Threats
News  |  2/20/2008  | 
In Black Hat DC keynote, current and former government officials discuss emerging Internet threats
That Didn't Take Long
Commentary  |  2/19/2008  | 
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Commentary  |  2/19/2008  | 
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
Page 1 / 4   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.