Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2008
Page 1 / 3   >   >>
McAfee Volunteers Go For All The Spam They Can Stand (And Then Some!)
Commentary  |  3/31/2008  | 
Y'know those e-mails and offers and come-ons you're never never supposed to open or reply to? Well, McAfee is putting fifty, count 'em, fifty volunteers from across the world on an all-the-spam-you-can-answer diet. You get it, you answer it; you see it you click it -- every one of them for a month Seriously.
Another Trojan Targets Mac OS X
Commentary  |  3/31/2008  | 
Yet another unscrupulous chunk of malicious software is being aimed at unsuspecting Mac users.
Manage Your Risk Before It Mangles Your Business
Commentary  |  3/31/2008  | 
Informationweek has a good long piece on risk management that will more than repay your attention -- if only in calling your attention to the rapidly evolving nature of risk management -- and the risks we all need, or at least seek, to manage.
Security Issues Limit Telecommuting
Quick Hits  |  3/31/2008  | 
Want to work from home? Better beef up security first, CDW study says
Black Hat Researcher Hacks Biometric System
News  |  3/31/2008  | 
'Biologger' steals fingerprint, other biometric data
Lockdown Tradeoffs
Commentary  |  3/29/2008  | 
Enterprise users and consumers alike have been scared straight about data protection, given the regular headlines about laptop theft or misplaced hard drives. But as users rush to secure the desktop, are their good intentions making the jobs (and lives) of storage pros more difficult?
CA Customers Newly Targeted
Commentary  |  3/28/2008  | 
While most software exploits target end users and end-point applications, this one is aiming squarely at corporate users.
Hundreds Of Servers Compromised In Hannaford Breach
Commentary  |  3/28/2008  | 
More details about the credit breach at the Hannaford grocery chain are becoming known, and they aren't pretty.
Hacker Contest: And The Loser Is... MacBook Air
Commentary  |  3/28/2008  | 
The hacker contest at this year's CanSecWest Conference in Vancouver has produced a winner... er, a loser. The hack--ee? Pricey, trendy and oh so desirable MacBook Air.
Tech Insight: Keeping Your Thumb on Thumb Drives
News  |  3/28/2008  | 
Those little USB drives certainly are handy, but how do you keep your company's sensitive data from walking away? Here are a few ideas
Hacked in Two Minutes
Quick Hits  |  3/28/2008  | 
In contest, researcher cracks a Mac with lightning speed using zero-day exploit
CastleCops Hit by Another DDOS Attack
News  |  3/28/2008  | 
But this time, attackers employ a 'POST' attack
And I Recommend Caviar For Dinner
Commentary  |  3/27/2008  | 
Yes, every night. Because in this age of federal bailouts of brokerages, record mortgage defaults, and a stock market that doesn't know which way is up, it's time to indulge. At least that seems to be a piece of the logic behind this report, encouraging would-be videoconferencing customers to go HD.
EMC Gets Physical
News  |  3/27/2008  | 
Unveils services for storing data from video cameras and security systems
Free Honeypot Client Could Sting Malware
News  |  3/27/2008  | 
The Honeynet Project has released a new automated tool for thwarting botnet and other client-side attacks
Internet Evolution Reports On Test-Shy Peer-To-Peer Filters
Commentary  |  3/27/2008  | 
More than two dozen vendors say they can help ISPs filter unwanted P2P traffic. But only two were willing to put marketing claims on the line in an in-depth test of P2P filtering technology.
Attention, Stolen Credit Card Shoppers
Quick Hits  |  3/27/2008  | 
Sophisticated online marketplace for stolen credit cards and data offers buyers volume discounts and guarantees
Startup Flips On Its Virtual Switch
Commentary  |  3/26/2008  | 
A growing number of security startups aim to bring visibility to the network traffic of virtual systems. Today, Montego Networks officially came out of stealth mode.
IT And The Global Village
Commentary  |  3/26/2008  | 
"The toughest job you'll ever love," according to Lillian Carter, a tagline used for recruiting by the Peace Corps in the '70s and '80s, herself a volunteer in India at age 66. A forward-thinking IT vendor has picked up on this international service model and here's why it makes great sense.
"New" Word Vulnerability: What Did Microsoft Know And When Did They Know It?
Commentary  |  3/26/2008  | 
It turns out that Microsoft engineers knew about a vulnerability that could expose Word users to attacks, and knew about it for awhile before letting the rest of us in on the problem. A long while.
Phishers Enlist Google 'Dorks'
News  |  3/26/2008  | 
Researcher finds most phishing sites use Google search terms to locate vulnerable sites
Millions of Russians' Personal Data Posted on Free Website
News  |  3/26/2008  | 
Names, addresses, account information, and other data posted by unknown source
SOX Out, GRC In
Quick Hits  |  3/26/2008  | 
For the first time in five years, companies will be spending more on IT governance than on Sarbanes-Oxley compliance, study says
Web App Threats Rising
Commentary  |  3/25/2008  | 
Great news: 1 out of 10 Web sites you visit may actually be secure.
The Disruption Factor
Commentary  |  3/25/2008  | 
Here's a hypothetical based on a lot of ifs. If you had a bunch of money to invest, if you had access to the smartest brokers around, and if the economy were on firm ground, which of these ideas would you invest in?
Tool Emerges to Automate Companies' Battle Against Identity Theft
Commentary  |  3/25/2008  | 
The problems associated with identity theft have become so great that the federal government is forcing corporations to put checks in place to prevent it. Now, help has arrived for businesses that have to comply with these new regulations.
WhiteHat: 90% of Sites Still Vulnerable
News  |  3/25/2008  | 
Most sites open to hacks via cross-site scripting, CSRF, report says
Child Charities Stand Against Web 'Intelligence Gathering'
Quick Hits  |  3/25/2008  | 
People shouldn't lose opportunities because of something they wrote on MySpace at age 14, consortium says
Medical Records For 2,500 Study Participants Are Stolen
Commentary  |  3/24/2008  | 
Only after a laptop is stolen from the trunk of a car owned by a researcher at the National Heart, Lung, and Blood Institute (NHLBI) does this organization promise to do better when it comes to security. Why does it always go down this way?
Real Tossers
Commentary  |  3/24/2008  | 
How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly? If you answered yes to that last question, there might be a job at the White House for you.
More Passport Problems, More Business Security Lessons
Commentary  |  3/24/2008  | 
Or maybe just more of the same. As the Obama passport-filepeek story expanded to become the Obama/Clinton/McCain passport pry-in story, the business lessons the snafu offered only grew more important.
Intel Researching New Approach to Laptop Security
News  |  3/24/2008  | 
'Proteus' technology tracks user behavior, flags atypical activity
Has Banking Industry Overlooked Its Biggest Breach Ever?
Quick Hits  |  3/24/2008  | 
Insider theft case at Compass Bank affected more than 1M customers
But Cling If You Must To The Illusion Of Privacy
Commentary  |  3/21/2008  | 
I'm trying to work up a head of steam over the presidential candidate passport snooping. But my contract with TechWeb limits my self-righteousness to certain decibel levels, which, frankly is quite smart when the subject is data privacy.
SnooperGate: Two Fired Over Illegal Obama Passport Snooping
Commentary  |  3/21/2008  | 
It's the second time in a week where workers improperly accessed electronic records of the rich, powerful, or famous.
Passport Privacy Problem Offers Business Lessons
Commentary  |  3/21/2008  | 
The current news cycle hot-button -- State Department contractors poking into Barack Obama's passport files -- will give the pundits plenty to spout and sputter about from all sides. It should give small and midsize businesses pause to consider some of their own security procedures, policies and potential vulnerabilities.
US Treasury Department Adopts Dual-Factor Authentication
News  |  3/21/2008  | 
Entrust IdentityGuard costs only 25 cents per card for each user
Obama Suffers Personal Data Breach
Quick Hits  |  3/21/2008  | 
State Department contractors under investigation for accessing passport files without authorization
Behind Microsoft's Visor
Commentary  |  3/21/2008  | 
What if Microsoft decided to get really serious about server virtualization? Yeah, yeah, I know Hyper-V is coming this summer. But especially now that they've made such a hash of Vista, virtualization's a natural place for the company to regain a bit of
The Start Of NAC Market Consolidation?
Commentary  |  3/20/2008  | 
Lockdown Networks has closed its doors and is looking for someone to buy it's IP. Is this just the beginning of the NAC market consolidation, or an isolated event?
Hacker Contest Next Week: The Real March Madness
Commentary  |  3/20/2008  | 
It's fierce comeptition time again, and not just for basketball fans. At next week's CanSecWest conference in Vancouver, the second annual hacker contest offers big bucks to the first person to hack a supposedly secure laptop.
US Firms Brace for Cyber War
News  |  3/20/2008  | 
Last year's cyber attack on Estonia was the shape of things to come, warns expert
A Peek at Snort 3.0
News  |  3/20/2008  | 
Next-generation of open source platform will be more than just IDS/IPS
Vietnam: 95% of Its PCs Infected With Viruses
Quick Hits  |  3/20/2008  | 
Brokerages, other sensitive Websites also vulnerable to attack, Vietnamese officials report at security conference there
De-Dupe Do-Si-Do
Commentary  |  3/19/2008  | 
I'm not sure if you need a dance card or a scorecard to keep track of the pairings in the data deduplication market. One thing's abundantly clear: this storage app must have more commercial appeal than most everything else that's come down the pike lately, given the scramble for partners.
In Massive Patch, Apple Mends Roughly 90 Security Vulnerabilities
Commentary  |  3/19/2008  | 
In one swing, Apple unleashes a tally of security updates that nearly surpasses all of the patches it released last year.
Page 1 / 3   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...