Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2009
Page 1 / 3   >   >>
Oracle Patches Get Bad Rap
Commentary  |  2/27/2009  | 
On the surface, a recently published survey by the Independent Oracle Users Group (IOUG) bears some seemingly frightening numbers. According to the study, which was conducted during the middle of 2008, 26 percent of 150 respondents admitted that their respective companies require the quarterly Oracle patches to be applied upon release. Nineteen percent said their companies don't have any policies at all
Few Oracle Customers Have Official Database Patching Policies
News  |  2/27/2009  | 
Joint survey by the Independent Oracle User Group and Oracle finds database patching practices weak
Obama's Intelligence Chief: NSA Should Have Wider Role In Cybersecurity
Quick Hits  |  2/27/2009  | 
Director of National Intelligence Dennis Blair tells House committee that the National Security Agency has the expertise, but must win public's trust
6 Tips For Doing More Security With Less
News  |  2/26/2009  | 
Security ranks as a top priority in many IT budgets, but this year the money may not be there for many organizations -- here's how to get creative
FTC Report: Identity Theft Remains Consumers' No. 1 Fraud Complaint
Quick Hits  |  2/26/2009  | 
Number of identity theft complaints rose 20 percent from 2007 to 2008
Mandiant Appliance Accelerates Incident Response
News  |  2/26/2009  | 
MIR gets to the heart of system compromises, but its forensic tools are limited.
Proving The ROI
Commentary  |  2/26/2009  | 
With budgets and IT staff stretched to thinner levels than ever, change is going to come slowly this year and proving the ROI of each project is going to be critical not only to enable the approval of the next project, but possibly to keep your job.
PCI Compliance Questions? You're Hardly Alone.
Commentary  |  2/26/2009  | 
The more companies breached, the likelier we are to hear more clamor for for tighter, stricter, tougher compliance standards for companies handling customer credit card information. But some feel it will take a lot more breaches before standards get a lot tighter.
Better Storage Practices To Improve Backup
Commentary  |  2/25/2009  | 
Backup is the thorn in the side of many otherwise smoothly running IT operations. There is probably little coincidence that the newest hire is almost always assigned the backup process or the ramification for missing the assignments meeting. The truth is that backup should be simple -- all you're doing is copying data to tape. The problem in general has nothing to do with the backup process, it has more to do with how primary storage is managed and optimized.
Heartland CEO Provides More Details On Big Data Breach
Quick Hits  |  2/25/2009  | 
Heartland chairman and CEO Bob Carr talks about breach during quarterly earnings call
Report: More Than 500,000 Websites Hit By New Form Of SQL Injection In '08
News  |  2/25/2009  | 
New Web breach incident report finds the bad guys deploying more automated attacks, targeting customers rather than data on sites
IR/Forensic Favorites Get Streamlined
Commentary  |  2/25/2009  | 
A couple of my favorite incident response and forensic tools were recently updated with some great new features to help streamline their use. The first two tools are from Mandiant and work hand-in-hand, Memoryze and Audit Viewer. If you've not used Memoryze yet, it deserves your attention. I've found it to be extremely useful in incident response situations dealing with malware.
MessageLabs: Recession Spam Volume Shows No Recession In Spam
Commentary  |  2/25/2009  | 
Spam subject lines reflect public concerns, curiosities, interests -- and fears, as the surge in recession-oriented spam shows. This latest surge includes a tricky search engine link tactic that you need to be aware of.
Consumer Password Status Quo
Commentary  |  2/24/2009  | 
So what's it going to take for consumers to take security seriously? Apparently a lot more than the nearly 10 million cases of identity fraud and massive breaches at their favorite discount retail chains. If they haven't already had their credit card accounts compromised, most everyone knows of someone who has. But apparently that's not incentive enough for them to
Microsoft Warns Of Zero-Day Excel Exploit
News  |  2/24/2009  | 
The vulnerability in Excel could allow an attacker to execute malicious code, if a user opens a specially crafted Excel file.
Poker: The New Game In Secure Application Development
News  |  2/24/2009  | 
Researchers develop a poker-like risk management system to help software developers identify potential flaws in their code before they write it; Red Hat's IT group one of the first to test tool
SSLStrip Hacking Tool Released
Quick Hits  |  2/24/2009  | 
Black Hat DC researcher's SSL man-in-the-middle attack tool now available
IT Security Remains Top Government CIO Priority
News  |  2/24/2009  | 
Those surveyed by TechAmerica say they'd also put IT infrastructure and management at the top of the list, including improvements in governance and standardization.
Breach! More Payment Processor Problems
Commentary  |  2/24/2009  | 
The news of another -- another! -- payment processor data breach makes it clear that the crooks have selected processing companies as the battleground of choice in their efforts to grab your customers' credit card information.
Terminated Employees Take Company Data With Them
News  |  2/23/2009  | 
Nearly 60 percent of departing employees make off with sensitive company information, study says
Tool Validation: Trust, But Verify
Commentary  |  2/23/2009  | 
I received a lot of great feedback after my Friday post about WinFE, the bootable Windows Forensic Environment. The biggest question was whether it really is treating the drive as read-only. In my closing, I said I'd do more testing than just building the CD and making sure it booted up in my virtual machine environment. As security professionals and forensic investigators, don't you all validate your tools befor
Banks, Credit Card Firms Wait For The Other Shoe To Drop Amid Reports Of Another Payment Processor Breach
News  |  2/23/2009  | 
Hack of a second U.S.-based payment processing firm exposes accounts used in Internet, phone transactions, according to credit union alerts
Top 20 Cybersecurity Defenses Proposed
News  |  2/23/2009  | 
The government-private organization guidelines are expected to become baseline best practices for computer security.
Layoffs: Close Security Doors Before Showing Employees The Exit Door
Commentary  |  2/23/2009  | 
Security and system access issues must be addressed long before pink slips are distributed. Some observers, in fact, view laid off employees as one of the biggest network and data security threats your company will face.
TCG Drive Encryption Goes Mainstream
Commentary  |  2/20/2009  | 
The Trusted Computing Group's newly released specifications for the management of hard drive encryption are now being adopted by a number of vendors -- Seagate arguably the most prominent, but also including Fujitsu, Toshiba, Hitachi, Wave Systems, CryptoMill, WinMagic, Secude, and McAfee.
WinFE: Windows Bootable Forensic CD
Commentary  |  2/20/2009  | 
I've been using the Helix incident response and forensics LiveCD since it was first created. It has been an invaluable tool, but sometimes it falls short on hardware support for various SATA/SAS and RAID controllers. In those situations, creating a forensic image came down to a "best effort" exercise during which I did my best to prevent modification to the original evidence while still getting an image I could analyze later. WinFE is here to help.
Adobe Warns Of Critical Vulnerability In Acrobat, Reader
News  |  2/20/2009  | 
Users are advised to disable JavaScript until Adobe releases a patch, which may not occur for more than two weeks.
New XSS Attack Builds An Anonymous Network
News  |  2/20/2009  | 
Black Hat DC researchers demonstrate new cross-site scripting browser hack that lets attackers retrieve data without a trace
'Sexy View' Malware Targets Symbian
News  |  2/20/2009  | 
The worm targets Symbian OS S60 3rd Edition handsets, and it can send a user's contacts, phone number, and other sensitive information to a remote server.
Zero-Day Attack On Adobe Acrobat And Reader Under Way, But Patch Is Weeks Away
Quick Hits  |  2/20/2009  | 
Disable JavaScript in Reader, security experts say
Disaster Recovery: Got A Plan? Know Where It Is?
Commentary  |  2/20/2009  | 
Do you have a formal, written disaster recovery plan? Do you know where it is? Just as important, do others know where it is in case something happens to you?
Romanian Hacker Cracks Symantec, International Herald Tribune
Quick Hits  |  2/19/2009  | 
Unu claims SQL injection flaws in sites operated by Symantec, New York Times
Black Hat: Google Gears Offline Data Vulnerable
News  |  2/19/2009  | 
Google defends its product after a demonstration of a Web service-based attack using a cross-site scripting vulnerability.
Black Hat: Security Pro Shows How To Bypass SSL
News  |  2/19/2009  | 
Moxie Marlinspike captured 16 credit card numbers, seven PayPal logins, and 300 other miscellaneous secure login sessions in only 24 hours.
Kaminsky Calls For DNSSEC Adoption
News  |  2/19/2009  | 
Researcher who discovered big DNS vulnerability gets behind DNSSEC, points out steps needed to implement it
CAPTCHA Cnondrum: Automated Attacks Trump Human-Entry Defenses
Commentary  |  2/19/2009  | 
Automated attacks aimed at bypassing CAPTCHA -- those squiggly characters you have to enter to access some blogs and e-mail -- are getting better and faster at overcoming anti-spam defenses. In other words, the machines are beating us at what was supposed to be our game.
How Metasploit Turned The Tables On Its DDoS Attackers
News  |  2/18/2009  | 
An inside look at how Metasploit creator HD Moore battled the botnet that flooded Metasploit servers for nearly one week
Forensic Science System In U.S. Needs Overhaul
News  |  2/18/2009  | 
Digital evidence examiners have no agreed-upon certification program or list of qualifications, in addition to other issues, a report to Congress points out.
Microsoft Internet Explorer 7 Vulnerability Being Exploited
News  |  2/18/2009  | 
Cyber criminals are using a malicious Microsoft Word file distributed through spam to attack an exploit Microsoft patched last week.
Conficker's Three-Way Knockout
Commentary  |  2/18/2009  | 
Malware analysis is a highlight of what I do, but it's not something I get to do on a weekly basis. The cases I deal with are a bit sporadic and clustered, showing an obvious ebb and flow based on current trends. This is one of those heavy times, thanks to Conficker and its friends.
Sun Delivers Open Source Protocol For Encrypted Devices
News  |  2/18/2009  | 
The communications protocol aims to help Sun's users and business partners more flexibly handle encryption keys while sidestepping costly licensing fees.
Online Scam In Utah Nets $2.5 Million For Fraudsters
Quick Hits  |  2/18/2009  | 
Attackers successfully submit fake invoices to university -- and get paid
About-Facebook: Zuckerberg Relents On Privacy Rules
News  |  2/18/2009  | 
Social networking site's CEO reverses course on new polices that drew fire from users.
Black Hat DC: U.S. Must Consider Impact Of 'Militarization' Of Cyberspace
News  |  2/18/2009  | 
Homeland security and cybersecurity expert Paul Kurtz calls for public debate on cyberweapons, cyberattack response, and the role of the intelligence community
Data Compliance: Massachusetts Law Has National Implications (If It Ever Gets Finished)
Commentary  |  2/18/2009  | 
Massachusetts' decision to revise its exceptionally tough new data privacy law (which will exert effects far beyond the Commonwealth's borders) has a lot of businesses (not to mention their lawyers and compliance advisers) wondering just what to do and when. How do you know what to comply with, and what to finesse? How far do you go in complying with a law that may be changed in the next few months?
Cisco Adds Security Apps To Home Wireless Routers
News  |  2/17/2009  | 
The hardware includes an antivirus application and can provide reports on user control violations.
Smartphone Threats Intensify
News  |  2/17/2009  | 
Enterprise data at risk, according to new McAfee report, which shows mobile device manufacturers seeing more malware attacks than ever before
Three Arrested For Using Stolen Heartland Credit Card Numbers
News  |  2/17/2009  | 
Heartland Payment Systems, which handles about 100 million payment transactions per month, reported in January that its network was compromised by malware in 2008.
Wyndham Hotels Hack Exposes Guest Names, Credit Cards
Quick Hits  |  2/17/2009  | 
State Attorney General of Florida warns residents whose accounts may have been compromised to keep an eye on their credit reports for suspicious activity
Busted: 3 Myths About Stealing Identify From Electronic Tax Returns
Commentary  |  2/17/2009  | 
No one (accountants excepted) looks forward to the quarterly and annual scrambles to pay taxes. And though electronic filing has made the process easier, it creates an opening for identify theft that could put you and your business at risk.
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.