News & Commentary

Content posted in February 2010
Page 1 / 4   >   >>
Targeted Threats, Cloud Security Will Top RSA Talk
Commentary  |  2/28/2010  | 
It's that time of year again, when thousands of security professionals converge here at the Moscone Center in San Francisco to hear about the latest security technologies and trendiest threats. What will top this year's lists?
Tech Insight: Preparing Your Enterprise For Cyberwar
News  |  2/28/2010  | 
Recent attacks prove you don't have to be in government or maintain a critical infrastructure to be a target. Are you ready?
Verizon Offers Up Its Data Breach Framework
News  |  2/26/2010  | 
Free Verizon Incident-Sharing (VerIS) provides a standard way to collect and anonymously share security incident data and analysis
HBGary Awarded Contract Extension by Department Of Homeland Security For Forensics Training
News  |  2/26/2010  | 
Company to conduct memory forensics and malware analysis training events with local, state, and federal law enforcement officials
State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test
News  |  2/26/2010  | 
Veracode app-testing data demonstrates that application security still has a ways to go
Google Adds 'Nearby' Search Option
News  |  2/26/2010  | 
Mobile location-based search capabilities are now available to desktop computer users.
Raytheon Lands $886 Million GPS Contract
News  |  2/26/2010  | 
The project aims to improve the accuracy, reliability, and security of data from GPS satellites.
Facebook Patents News Feeds
News  |  2/26/2010  | 
Social networking site claims exclusive method for organizing and posting members' news updates.
DHS E-Verify Program Flawed
News  |  2/26/2010  | 
The Department of Homeland Security's online verification system wrongly identifies unauthorized workers more than half the time, study says.
IBM Report: Number Of New Vulnerabilities Declined In 2009
Quick Hits  |  2/26/2010  | 
Web application vulnerabilities top the list, and cross-site scripting (XSS) edges out SQL injection as top bug
Global CIO Quick Take: Don't Crown Salesforce Cloud King Just Yet
Commentary  |  2/25/2010  | 
CEO Marc Benioff has something most companies don’t--blockbuster sales results. But in his latest market expansion, he's in for a fight.
Database Security Metrics Project Needs Community Input
News  |  2/25/2010  | 
Project Quant to offer framework and a way to measure time, tools, and manpower for locking down databases
Security And Privacy Certification Service Nailed For Misleading Customers
Quick Hits  |  2/25/2010  | 
FTC alleges that ControlScan offered 'little or no verification' of site security or privacy
Cryptome Back Online After Brief DMCA Battle
News  |  2/25/2010  | 
Website reportedly taken down for posting sensitive Microsoft document on criminal investigation compliance
Intel Hacked At Same Time As Google
Commentary  |  2/25/2010  | 
Intel's annual report revealed that the company was successfully hacked this past January, around the same time as the Chinese Google hacks were grabbing all the headlines.
Microsoft, Researchers Team Up And Tear Down Major Spamming Botnet
News  |  2/25/2010  | 
Unprecedented court order helped dismantle Waledac, the second-gen iteration of the Storm botnet; here's how the undercover operation went down
Roundup: Spy Agencies On The Web
News  |  2/25/2010  | 
U.S. intelligence agencies are using the Web to share information and engage the public. Some offer mobile versions and social networking tools -- others badly need an update.
Can Rip And Replacing Storage Solutions Be Good?
Commentary  |  2/25/2010  | 
When you hear the term "Rip and Replace" it is not typically considered a good feature. In fact most of the time you hear it will be from a vendor stating that their solution is NOT rip and replace. Which of course they expect you to take to be good. Are there times though were rip and replace could be a good thing?
At RSA Conference, Analysts Will Focus On Security's 'Big Issues'
News  |  2/24/2010  | 
Cloud security, sophisticated attacks will be among hot topics, industry watchers say
Is That A Rootkit In Your Pocket?
Commentary  |  2/24/2010  | 
Computer scientists from Rutgers University have demonstrated how smart phones could be as susceptible to rootkit infiltration as PC and server operating systems.
Comcast Goes DNSSEC, OpenDNS Adopts Alternative DNS Security
News  |  2/24/2010  | 
DNS provider OpenDNS selects DNSCurve over DNSSEC, but experts say the two technologies could eventually play together
Attackers Improving Their Aim Against Top Brands, Study Says
Quick Hits  |  2/24/2010  | 
Overall volume of attacks is up, while detection is down, Cyveillance reports
Fight Malware With Software Restriction Policies
Commentary  |  2/24/2010  | 
Good news for Department of Defense folks. They can now start using USB flash drives again -- provided there's absolutely no other way to transfer the data from point A to point B. OK, so maybe it isn't time to rejoice just yet.
FBI Investigating Web Spycam
News  |  2/24/2010  | 
As a federal investigation begins, a security researcher has uncovered evidence related to the case and provided a way to identify the surveillance software
Attack Unmasks User Behind The Browser
News  |  2/23/2010  | 
Researchers develop proof-of-concept that exploits social networking patterns to 'deanonymize' online users
Researchers: Rootkits Work Nicely On Smartphones, Thank You
News  |  2/23/2010  | 
Rootkit-based exploits could include eavesdropping, user locator, Rutgers study finds
Former Intelligence Chief: U.S. Would Lose Cyberwar
News  |  2/23/2010  | 
Michael McConnell, former director of national intelligence, warns that the threat of a cyberattack rivals nuclear weapons in terms of seriousness.
IronKey Rolls Out Secure E-Banking On A USB Stick
Quick Hits  |  2/23/2010  | 
Hardened device includes virtualized OS and a secure Web browser that goes directly to bank's Website
Navy Planning Prototype Cyber-Network Security System
News  |  2/23/2010  | 
Seeking proposals for a system that ensures cyber operations aren't shut down in the event of a cyber war
FBI Investigating Web Spycam
News  |  2/23/2010  | 
As a federal investigation begins, a security researcher has uncovered evidence related to the case and provided a way to identify the surveillance software.
Firewalls And DIY Plug-Ins
Commentary  |  2/23/2010  | 
Let's face it: Users love the concept of adding free plug-ins and apps to customize and empower the base software tool, whether it's in a smartphone or browser. Doing so is fun, it's cool, and it lets them personalize their software to augment or shape how they use it. Even firewall management has joined the plug-in party.
Navy Soliciting Cybersecurity Bids
News  |  2/23/2010  | 
The Office of Naval Research plans to spend $16 million through 2015 to protect its data and secure operations in the event of a cyberattack.
P2P Business Problems Growing: FTC Issues Warnings
Commentary  |  2/23/2010  | 
The FTC's announcement that nearly 100 private and public organizations had insecurely transmitted confidential, personal data over P2P networks is a wakeup call not just to those receiving the warnings, but to every business whose employees may be using file-sharing technology -- and especially to those who don't know whether employees are P2Ping or not.
Storage Services In The Infrastructure
Commentary  |  2/23/2010  | 
In our last entry we discussed using storage services as part of the hypervisor in a virtual server environment. In this entry we will explore embedding those services as part of a SAN infrastructure itself. In this deployment the storage services that we have come to count on are essentially part of the SAN switch instead of on the storage controller.
FTC Warns Of Widespread Data Breaches
News  |  2/22/2010  | 
Almost 100 organizations have been notified by the agency that sensitive personal data about their employees and customers has been shared from their networks over peer-to-peer file sharing services.
PGP Launches Multivendor Key Management Platform
Quick Hits  |  2/22/2010  | 
New tool set is designed to provide a single framework for administering multiple encryption keys
Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
News  |  2/22/2010  | 
Wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become
Product Watch: HP, Fortify To Offer Hybrid Analysis Of Web App Pen Testing, Code Scanning
News  |  2/22/2010  | 
New Hybrid 2.0 technology unites results from black-box, white-box testing
DHS May Scrap Border Patrol Project
News  |  2/22/2010  | 
The Department of Homeland Security is reevaluating a plan to add security cameras, radar, and sensors, to patrol efforts along the U.S. Mexico border.
Researchers Believe They've Identified Aurora Exploit Code Author
Commentary  |  2/22/2010  | 
According to one news report, more information has surfaced surrounding the attacks against Google and dozens of other U.S.-based companies.
Enhancing Botnet Detection With Manpower
Commentary  |  2/22/2010  | 
The average computer user (a.k.a. most of my family) doesn't have a fighting chance. I hate to say it, but the malware we're seeing on a daily basis makes this scary fact evermore true. There is absolutely no way that most home users are going to be able to protect themselves against modern malware like Zeus. Malware authors have become extremely good and proficient at what they do because it's making them money.
SQL Injections Top Attack Statistics
News  |  2/22/2010  | 
Cybercriminals are increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems
Adobe, Mozilla Users At Risk To Remote Code Execution Flaws
Commentary  |  2/20/2010  | 
Software maker Adobe Systems has certainly had its share of vulnerabilities recently. This week a security researcher added to the company's pain when he announced a vulnerability in Adobe Download Manager that allows remote attacks. Mozilla Firefox users are also at-risk to attacks against an unpatched flaw in that browser.
Defense Agencies Drop Ban On Portable Storage Devices
Quick Hits  |  2/19/2010  | 
Critics say new policies, practices may not be enforced
Spike In Power Grid Attacks Likely In Next 12 Months
News  |  2/19/2010  | 
'Window of opportunity for malicious intent' as energy firms roll out smart-grid pilot programs
How To Handle Patch Overload
News  |  2/19/2010  | 
Tips for preparing for and applying patches that come in big batches -- like Microsoft's February release
Boosting Your Defenses Against Botnet Infections
Commentary  |  2/19/2010  | 
In the past few weeks since the Google/China incident, we have seen a number of interesting blog posts and white papers that provide further details on some of the techniques used by the attackers.
Military Lifts Removable Media Ban, Imposes Limits
News  |  2/19/2010  | 
The new policies set strict limits on how thumb drives and other removable media may be used.
Storage Service At The Hypervisor
Commentary  |  2/19/2010  | 
In our last entry we discussed what storage services are and reviewed the traditional manner in which they are delivered. They are the capabilities that make a storage system more than just an array and this intelligence typically lives on the storage controllers. There are several alternative ways to deliver these services and one of the newest is to leverage server virtualization. Storage service at t
Proposal Would Hold Software Developers Accountable For Security Bugs
News  |  2/19/2010  | 
SANS releases Top 25 list of the most dangerous programming errors; joins with Mitre, others, to push for contract language that makes custom app developers liable for vulnerabilities
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.