News & Commentary

Content posted in February 2008
Page 1 / 4   >   >>
F-Secure Survey Shows Misplaced Security Confidence
Commentary  |  2/29/2008  | 
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
Commentary  |  2/29/2008  | 
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
'Phone Flu' Could Infect Mobile Devices
Quick Hits  |  2/29/2008  | 
Researchers demonstrate ability of wireless devices to pass viruses through close proximity
Tech Insight: Hacking Your Encryption Options
News  |  2/29/2008  | 
Choosing the right encryption solution isn't always easy
Beware of Aftermarket Batteries
News  |  2/29/2008  | 
Why aftermarket and counterfeit laptop batteries can be dangerous to your health - and life-threatening
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Commentary  |  2/28/2008  | 
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
Commentary  |  2/28/2008  | 
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
Researchers Name Top Six Spamming Botnets
News  |  2/28/2008  | 
Marshal researchers say six botnets are sending 85% of the world's spam
Study Reveals Banks, Telecom Firms That Get Hit Most by ID Theft
Quick Hits  |  2/28/2008  | 
Bank of America, HSBC, and telecommunications providers AT&T and Sprint/Nextel hit the most by identity thieves
VMware Moves To Protect Applications Living On The Hypervisor
Commentary  |  2/27/2008  | 
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
Commentary  |  2/27/2008  | 
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
Study: Consumers Don't Use Anti-Phishing Defenses
News  |  2/27/2008  | 
Much-ballyhooed 'green bar' is lost on most end consumers
Stolen FTP Credentials Offered for Sale: Major Firms at Risk
News  |  2/27/2008  | 
Nearly 9,000 stolen FTP server admin credentials offered with an automated crimeware kit, Finjan says
Many Companies Short on Security Skills
Quick Hits  |  2/27/2008  | 
Enterprises increase demand for security expertise, but find their staffs in short supply
An Ounce Of Virtual Prevention
Commentary  |  2/26/2008  | 
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
Commentary  |  2/26/2008  | 
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Commentary  |  2/26/2008  | 
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Hacker Steals Data on 18M Auction Customers in South Korea
News  |  2/26/2008  | 
Chinese attacker asks for ransom on data, reports say
SNMP Joins Dark Side in New XSS Attack
News  |  2/26/2008  | 
Researchers show how the Simple Network Management Protocol can be abused for cross-site scripting attacks
New Tool Protects You From Antivirus Gone Wild
Quick Hits  |  2/26/2008  | 
German security firm releases product to plug little-known but dangerous holes in AV and email security
Challenges From The Vendor View
Commentary  |  2/26/2008  | 
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Commentary  |  2/25/2008  | 
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
Agencies Fall Short on Protecting User Data
News  |  2/25/2008  | 
Government Accountability Office says many agencies still haven't met guidelines
Critical VMware Bug Breaks 'Barrier'
News  |  2/25/2008  | 
Core Security discovers VMware desktop software vulnerability with Shared Folders feature
Pakistan Takes YouTube Offline
Quick Hits  |  2/25/2008  | 
Effort to block access locally leads to a worldwide outage of popular video site
A Bad Day at Pakistan Telecom
Commentary  |  2/24/2008  | 
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Commentary  |  2/23/2008  | 
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea
Quick Hits  |  2/22/2008  | 
Proposed method of deploying patches is swatted by industry experts
'Gecko' Penetrates Building Access Systems
News  |  2/22/2008  | 
Black Hat researcher builds device that lets intruders steal and clone legitimate credentials from biometric and contactless card-based systems
At Del Monte, New Apps Open a Can of Worms for Remote Access
News  |  2/22/2008  | 
Package of Cisco products helps food giant resolve security conundrum
Where Storage Gets Innovative
Commentary  |  2/21/2008  | 
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Commentary  |  2/21/2008  | 
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Commentary  |  2/21/2008  | 
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
US Checks China's Tech Challenge
News  |  2/21/2008  | 
US veto of the Huawei/3Com deal could thwart China's security and storage ambitions
'Live' VMs at Risk While in Transit
News  |  2/21/2008  | 
Black Hat researcher demonstrates how an attacker could gain control of a hypervisor when a VM is moved from one machine to another
Canadian Police Bust Huge Botnet Ring
News  |  2/21/2008  | 
Botnet enslaved a million PCs in 100 countries, authorities say
Encrypted GSM Voice Calls & SMS Messages Hacked in Minutes
Quick Hits  |  2/21/2008  | 
Black Hat researchers have engineered a way to easily and cheaply crack GSM's encryption
Big Challenges Ahead
Commentary  |  2/20/2008  | 
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism. It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Commentary  |  2/20/2008  | 
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
The Social Engineer's Toolbox
News  |  2/20/2008  | 
These are a few of our favorite things to bring along for a social engineering exploit
Black Hat Researcher Hacks Credit Cards
News  |  2/20/2008  | 
Newly released tool grabs credit card account ID data off magnetic strips, RFID chips
Mega-Spammer Nabbed in Japan
Quick Hits  |  2/20/2008  | 
Twenty-five-year-old may be responsible for as many as 2.2B messages, authorities say
Feds Wrestle With Security Threats
News  |  2/20/2008  | 
In Black Hat DC keynote, current and former government officials discuss emerging Internet threats
That Didn't Take Long
Commentary  |  2/19/2008  | 
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Commentary  |  2/19/2008  | 
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
Page 1 / 4   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.