News & Commentary

Content posted in February 2008
Page 1 / 4   >   >>
F-Secure Survey Shows Misplaced Security Confidence
Commentary  |  2/29/2008  | 
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
Commentary  |  2/29/2008  | 
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
'Phone Flu' Could Infect Mobile Devices
Quick Hits  |  2/29/2008  | 
Researchers demonstrate ability of wireless devices to pass viruses through close proximity
Tech Insight: Hacking Your Encryption Options
News  |  2/29/2008  | 
Choosing the right encryption solution isn't always easy
Beware of Aftermarket Batteries
News  |  2/29/2008  | 
Why aftermarket and counterfeit laptop batteries can be dangerous to your health - and life-threatening
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Commentary  |  2/28/2008  | 
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
Commentary  |  2/28/2008  | 
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
Researchers Name Top Six Spamming Botnets
News  |  2/28/2008  | 
Marshal researchers say six botnets are sending 85% of the world's spam
Study Reveals Banks, Telecom Firms That Get Hit Most by ID Theft
Quick Hits  |  2/28/2008  | 
Bank of America, HSBC, and telecommunications providers AT&T and Sprint/Nextel hit the most by identity thieves
VMware Moves To Protect Applications Living On The Hypervisor
Commentary  |  2/27/2008  | 
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
Commentary  |  2/27/2008  | 
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
Study: Consumers Don't Use Anti-Phishing Defenses
News  |  2/27/2008  | 
Much-ballyhooed 'green bar' is lost on most end consumers
Stolen FTP Credentials Offered for Sale: Major Firms at Risk
News  |  2/27/2008  | 
Nearly 9,000 stolen FTP server admin credentials offered with an automated crimeware kit, Finjan says
Many Companies Short on Security Skills
Quick Hits  |  2/27/2008  | 
Enterprises increase demand for security expertise, but find their staffs in short supply
An Ounce Of Virtual Prevention
Commentary  |  2/26/2008  | 
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
Commentary  |  2/26/2008  | 
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Commentary  |  2/26/2008  | 
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Hacker Steals Data on 18M Auction Customers in South Korea
News  |  2/26/2008  | 
Chinese attacker asks for ransom on data, reports say
SNMP Joins Dark Side in New XSS Attack
News  |  2/26/2008  | 
Researchers show how the Simple Network Management Protocol can be abused for cross-site scripting attacks
New Tool Protects You From Antivirus Gone Wild
Quick Hits  |  2/26/2008  | 
German security firm releases product to plug little-known but dangerous holes in AV and email security
Challenges From The Vendor View
Commentary  |  2/26/2008  | 
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Commentary  |  2/25/2008  | 
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
Agencies Fall Short on Protecting User Data
News  |  2/25/2008  | 
Government Accountability Office says many agencies still haven't met guidelines
Critical VMware Bug Breaks 'Barrier'
News  |  2/25/2008  | 
Core Security discovers VMware desktop software vulnerability with Shared Folders feature
Pakistan Takes YouTube Offline
Quick Hits  |  2/25/2008  | 
Effort to block access locally leads to a worldwide outage of popular video site
A Bad Day at Pakistan Telecom
Commentary  |  2/24/2008  | 
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Commentary  |  2/23/2008  | 
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea
Quick Hits  |  2/22/2008  | 
Proposed method of deploying patches is swatted by industry experts
'Gecko' Penetrates Building Access Systems
News  |  2/22/2008  | 
Black Hat researcher builds device that lets intruders steal and clone legitimate credentials from biometric and contactless card-based systems
At Del Monte, New Apps Open a Can of Worms for Remote Access
News  |  2/22/2008  | 
Package of Cisco products helps food giant resolve security conundrum
Where Storage Gets Innovative
Commentary  |  2/21/2008  | 
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Commentary  |  2/21/2008  | 
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Commentary  |  2/21/2008  | 
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
US Checks China's Tech Challenge
News  |  2/21/2008  | 
US veto of the Huawei/3Com deal could thwart China's security and storage ambitions
'Live' VMs at Risk While in Transit
News  |  2/21/2008  | 
Black Hat researcher demonstrates how an attacker could gain control of a hypervisor when a VM is moved from one machine to another
Canadian Police Bust Huge Botnet Ring
News  |  2/21/2008  | 
Botnet enslaved a million PCs in 100 countries, authorities say
Encrypted GSM Voice Calls & SMS Messages Hacked in Minutes
Quick Hits  |  2/21/2008  | 
Black Hat researchers have engineered a way to easily and cheaply crack GSM's encryption
Big Challenges Ahead
Commentary  |  2/20/2008  | 
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism. It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Commentary  |  2/20/2008  | 
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
The Social Engineer's Toolbox
News  |  2/20/2008  | 
These are a few of our favorite things to bring along for a social engineering exploit
Black Hat Researcher Hacks Credit Cards
News  |  2/20/2008  | 
Newly released tool grabs credit card account ID data off magnetic strips, RFID chips
Mega-Spammer Nabbed in Japan
Quick Hits  |  2/20/2008  | 
Twenty-five-year-old may be responsible for as many as 2.2B messages, authorities say
Feds Wrestle With Security Threats
News  |  2/20/2008  | 
In Black Hat DC keynote, current and former government officials discuss emerging Internet threats
That Didn't Take Long
Commentary  |  2/19/2008  | 
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Commentary  |  2/19/2008  | 
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Air Force Awards $12,500 for One Bug
Dark Reading Staff 2/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.