News & Commentary

Content posted in March 2008
Page 1 / 3   >   >>
McAfee Volunteers Go For All The Spam They Can Stand (And Then Some!)
Commentary  |  3/31/2008  | 
Y'know those e-mails and offers and come-ons you're never never supposed to open or reply to? Well, McAfee is putting fifty, count 'em, fifty volunteers from across the world on an all-the-spam-you-can-answer diet. You get it, you answer it; you see it you click it -- every one of them for a month Seriously.
Another Trojan Targets Mac OS X
Commentary  |  3/31/2008  | 
Yet another unscrupulous chunk of malicious software is being aimed at unsuspecting Mac users.
Manage Your Risk Before It Mangles Your Business
Commentary  |  3/31/2008  | 
Informationweek has a good long piece on risk management that will more than repay your attention -- if only in calling your attention to the rapidly evolving nature of risk management -- and the risks we all need, or at least seek, to manage.
Security Issues Limit Telecommuting
Quick Hits  |  3/31/2008  | 
Want to work from home? Better beef up security first, CDW study says
Black Hat Researcher Hacks Biometric System
News  |  3/31/2008  | 
'Biologger' steals fingerprint, other biometric data
Lockdown Tradeoffs
Commentary  |  3/29/2008  | 
Enterprise users and consumers alike have been scared straight about data protection, given the regular headlines about laptop theft or misplaced hard drives. But as users rush to secure the desktop, are their good intentions making the jobs (and lives) of storage pros more difficult?
CA Customers Newly Targeted
Commentary  |  3/28/2008  | 
While most software exploits target end users and end-point applications, this one is aiming squarely at corporate users.
Hundreds Of Servers Compromised In Hannaford Breach
Commentary  |  3/28/2008  | 
More details about the credit breach at the Hannaford grocery chain are becoming known, and they aren't pretty.
Hacker Contest: And The Loser Is... MacBook Air
Commentary  |  3/28/2008  | 
The hacker contest at this year's CanSecWest Conference in Vancouver has produced a winner... er, a loser. The hack--ee? Pricey, trendy and oh so desirable MacBook Air.
Tech Insight: Keeping Your Thumb on Thumb Drives
News  |  3/28/2008  | 
Those little USB drives certainly are handy, but how do you keep your company's sensitive data from walking away? Here are a few ideas
Hacked in Two Minutes
Quick Hits  |  3/28/2008  | 
In contest, researcher cracks a Mac with lightning speed using zero-day exploit
CastleCops Hit by Another DDOS Attack
News  |  3/28/2008  | 
But this time, attackers employ a 'POST' attack
And I Recommend Caviar For Dinner
Commentary  |  3/27/2008  | 
Yes, every night. Because in this age of federal bailouts of brokerages, record mortgage defaults, and a stock market that doesn't know which way is up, it's time to indulge. At least that seems to be a piece of the logic behind this report, encouraging would-be videoconferencing customers to go HD.
EMC Gets Physical
News  |  3/27/2008  | 
Unveils services for storing data from video cameras and security systems
Free Honeypot Client Could Sting Malware
News  |  3/27/2008  | 
The Honeynet Project has released a new automated tool for thwarting botnet and other client-side attacks
Internet Evolution Reports On Test-Shy Peer-To-Peer Filters
Commentary  |  3/27/2008  | 
More than two dozen vendors say they can help ISPs filter unwanted P2P traffic. But only two were willing to put marketing claims on the line in an in-depth test of P2P filtering technology.
Attention, Stolen Credit Card Shoppers
Quick Hits  |  3/27/2008  | 
Sophisticated online marketplace for stolen credit cards and data offers buyers volume discounts and guarantees
Startup Flips On Its Virtual Switch
Commentary  |  3/26/2008  | 
A growing number of security startups aim to bring visibility to the network traffic of virtual systems. Today, Montego Networks officially came out of stealth mode.
IT And The Global Village
Commentary  |  3/26/2008  | 
"The toughest job you'll ever love," according to Lillian Carter, a tagline used for recruiting by the Peace Corps in the '70s and '80s, herself a volunteer in India at age 66. A forward-thinking IT vendor has picked up on this international service model and here's why it makes great sense.
"New" Word Vulnerability: What Did Microsoft Know And When Did They Know It?
Commentary  |  3/26/2008  | 
It turns out that Microsoft engineers knew about a vulnerability that could expose Word users to attacks, and knew about it for awhile before letting the rest of us in on the problem. A long while.
Phishers Enlist Google 'Dorks'
News  |  3/26/2008  | 
Researcher finds most phishing sites use Google search terms to locate vulnerable sites
Millions of Russians' Personal Data Posted on Free Website
News  |  3/26/2008  | 
Names, addresses, account information, and other data posted by unknown source
SOX Out, GRC In
Quick Hits  |  3/26/2008  | 
For the first time in five years, companies will be spending more on IT governance than on Sarbanes-Oxley compliance, study says
Web App Threats Rising
Commentary  |  3/25/2008  | 
Great news: 1 out of 10 Web sites you visit may actually be secure.
The Disruption Factor
Commentary  |  3/25/2008  | 
Here's a hypothetical based on a lot of ifs. If you had a bunch of money to invest, if you had access to the smartest brokers around, and if the economy were on firm ground, which of these ideas would you invest in?
Tool Emerges to Automate Companies' Battle Against Identity Theft
Commentary  |  3/25/2008  | 
The problems associated with identity theft have become so great that the federal government is forcing corporations to put checks in place to prevent it. Now, help has arrived for businesses that have to comply with these new regulations.
WhiteHat: 90% of Sites Still Vulnerable
News  |  3/25/2008  | 
Most sites open to hacks via cross-site scripting, CSRF, report says
Child Charities Stand Against Web 'Intelligence Gathering'
Quick Hits  |  3/25/2008  | 
People shouldn't lose opportunities because of something they wrote on MySpace at age 14, consortium says
Medical Records For 2,500 Study Participants Are Stolen
Commentary  |  3/24/2008  | 
Only after a laptop is stolen from the trunk of a car owned by a researcher at the National Heart, Lung, and Blood Institute (NHLBI) does this organization promise to do better when it comes to security. Why does it always go down this way?
Real Tossers
Commentary  |  3/24/2008  | 
How long do you hang on to decommissioned hard drives and storage devices? Do you at least wait to make sure your new drives or backup applications are functioning properly? If you answered yes to that last question, there might be a job at the White House for you.
More Passport Problems, More Business Security Lessons
Commentary  |  3/24/2008  | 
Or maybe just more of the same. As the Obama passport-filepeek story expanded to become the Obama/Clinton/McCain passport pry-in story, the business lessons the snafu offered only grew more important.
Intel Researching New Approach to Laptop Security
News  |  3/24/2008  | 
'Proteus' technology tracks user behavior, flags atypical activity
Has Banking Industry Overlooked Its Biggest Breach Ever?
Quick Hits  |  3/24/2008  | 
Insider theft case at Compass Bank affected more than 1M customers
But Cling If You Must To The Illusion Of Privacy
Commentary  |  3/21/2008  | 
I'm trying to work up a head of steam over the presidential candidate passport snooping. But my contract with TechWeb limits my self-righteousness to certain decibel levels, which, frankly is quite smart when the subject is data privacy.
SnooperGate: Two Fired Over Illegal Obama Passport Snooping
Commentary  |  3/21/2008  | 
It's the second time in a week where workers improperly accessed electronic records of the rich, powerful, or famous.
Passport Privacy Problem Offers Business Lessons
Commentary  |  3/21/2008  | 
The current news cycle hot-button -- State Department contractors poking into Barack Obama's passport files -- will give the pundits plenty to spout and sputter about from all sides. It should give small and midsize businesses pause to consider some of their own security procedures, policies and potential vulnerabilities.
US Treasury Department Adopts Dual-Factor Authentication
News  |  3/21/2008  | 
Entrust IdentityGuard costs only 25 cents per card for each user
Obama Suffers Personal Data Breach
Quick Hits  |  3/21/2008  | 
State Department contractors under investigation for accessing passport files without authorization
Behind Microsoft's Visor
Commentary  |  3/21/2008  | 
What if Microsoft decided to get really serious about server virtualization? Yeah, yeah, I know Hyper-V is coming this summer. But especially now that they've made such a hash of Vista, virtualization's a natural place for the company to regain a bit of
The Start Of NAC Market Consolidation?
Commentary  |  3/20/2008  | 
Lockdown Networks has closed its doors and is looking for someone to buy it's IP. Is this just the beginning of the NAC market consolidation, or an isolated event?
Hacker Contest Next Week: The Real March Madness
Commentary  |  3/20/2008  | 
It's fierce comeptition time again, and not just for basketball fans. At next week's CanSecWest conference in Vancouver, the second annual hacker contest offers big bucks to the first person to hack a supposedly secure laptop.
US Firms Brace for Cyber War
News  |  3/20/2008  | 
Last year's cyber attack on Estonia was the shape of things to come, warns expert
A Peek at Snort 3.0
News  |  3/20/2008  | 
Next-generation of open source platform will be more than just IDS/IPS
Vietnam: 95% of Its PCs Infected With Viruses
Quick Hits  |  3/20/2008  | 
Brokerages, other sensitive Websites also vulnerable to attack, Vietnamese officials report at security conference there
De-Dupe Do-Si-Do
Commentary  |  3/19/2008  | 
I'm not sure if you need a dance card or a scorecard to keep track of the pairings in the data deduplication market. One thing's abundantly clear: this storage app must have more commercial appeal than most everything else that's come down the pike lately, given the scramble for partners.
In Massive Patch, Apple Mends Roughly 90 Security Vulnerabilities
Commentary  |  3/19/2008  | 
In one swing, Apple unleashes a tally of security updates that nearly surpasses all of the patches it released last year.
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.