News & Commentary
Content posted in February 2008
|
F-Secure Survey Shows Misplaced Security Confidence
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
'Phone Flu' Could Infect Mobile Devices
Researchers demonstrate ability of wireless devices to pass viruses through close proximity
Tech Insight: Hacking Your Encryption Options
Choosing the right encryption solution isn't always easy
Beware of Aftermarket Batteries
Why aftermarket and counterfeit laptop batteries can be dangerous to your health - and life-threatening
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
Researchers Name Top Six Spamming Botnets
Marshal researchers say six botnets are sending 85% of the world's spam
Study Reveals Banks, Telecom Firms That Get Hit Most by ID Theft
Bank of America, HSBC, and telecommunications providers AT&T and Sprint/Nextel hit the most by identity thieves
VMware Moves To Protect Applications Living On The Hypervisor
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
Study: Consumers Don't Use Anti-Phishing Defenses
Much-ballyhooed 'green bar' is lost on most end consumers
Stolen FTP Credentials Offered for Sale: Major Firms at Risk
Nearly 9,000 stolen FTP server admin credentials offered with an automated crimeware kit, Finjan says
Many Companies Short on Security Skills
Enterprises increase demand for security expertise, but find their staffs in short supply
An Ounce Of Virtual Prevention
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Hacker Steals Data on 18M Auction Customers in South Korea
Chinese attacker asks for ransom on data, reports say
SNMP Joins Dark Side in New XSS Attack
Researchers show how the Simple Network Management Protocol can be abused for cross-site scripting attacks
New Tool Protects You From Antivirus Gone Wild
German security firm releases product to plug little-known but dangerous holes in AV and email security
Challenges From The Vendor View
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
Agencies Fall Short on Protecting User Data
Government Accountability Office says many agencies still haven't met guidelines
Critical VMware Bug Breaks 'Barrier'
Core Security discovers VMware desktop software vulnerability with Shared Folders feature
Pakistan Takes YouTube Offline
Effort to block access locally leads to a worldwide outage of popular video site
A Bad Day at Pakistan Telecom
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea
Proposed method of deploying patches is swatted by industry experts
'Gecko' Penetrates Building Access Systems
Black Hat researcher builds device that lets intruders steal and clone legitimate credentials from biometric and contactless card-based systems
At Del Monte, New Apps Open a Can of Worms for Remote Access
Package of Cisco products helps food giant resolve security conundrum
Where Storage Gets Innovative
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
US Checks China's Tech Challenge
US veto of the Huawei/3Com deal could thwart China's security and storage ambitions
'Live' VMs at Risk While in Transit
Black Hat researcher demonstrates how an attacker could gain control of a hypervisor when a VM is moved from one machine to another
Canadian Police Bust Huge Botnet Ring
Botnet enslaved a million PCs in 100 countries, authorities say
Encrypted GSM Voice Calls & SMS Messages Hacked in Minutes
Black Hat researchers have engineered a way to easily and cheaply crack GSM's encryption
Big Challenges Ahead
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism.
It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
The Social Engineer's Toolbox
These are a few of our favorite things to bring along for a social engineering exploit
Black Hat Researcher Hacks Credit Cards
Newly released tool grabs credit card account ID data off magnetic strips, RFID chips
Mega-Spammer Nabbed in Japan
Twenty-five-year-old may be responsible for as many as 2.2B messages, authorities say
Feds Wrestle With Security Threats
In Black Hat DC keynote, current and former government officials discuss emerging Internet threats
That Didn't Take Long
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This