Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2009
<<   <   Page 2 / 3   >   >>
Study: Web Application Security Spending Relatively Unscathed By Poor Economy
Quick Hits  |  3/19/2009  | 
New OWASP study also finds Web app security spending still only small chunk of overall security spending, and 40 percent don't run Web app firewalls
Safari Hacked... Followed By IE And Firefox
News  |  3/19/2009  | 
Last year's winner of the CanSecWest security conference's Pwn2Own contest repeats his success in record time.
Feds To Shut Down Google Apps?
News  |  3/19/2009  | 
FTC is weighing request from privacy group that claims data stored in the cloud isn't secure.
BBC Responds To Legality Issues Of Recent Tech Show
Commentary  |  3/19/2009  | 
Yesterday Nick Reynolds of the BBC directed me, as well as many other writers, to the BBC's official response to allegations that its technology show, Click, violated the U.K.'s Computer Misuse Act when it purchased and used a botnet as part of an investigative report into cybercrime.
BBC Responds To Allegations About The Legality Of Their Report
Commentary  |  3/19/2009  | 
Yesterday Nick Reynolds of the BBC directed me, and many other writers covering this story, to the BBC's official response to allegations that BBC's technology show, Click, violated the U.K.'s Computer Misuse Act when it purchased and used a botnet as part of an investigative report into cybercrime.
Study: Mobile Phones Contain Treasure Trove Of Unprotected Data
Quick Hits  |  3/18/2009  | 
Many users tempt thieves by storing sensitive personal, business information on portable devices
ATMs At Risk
News  |  3/18/2009  | 
Targeted attack on ATMs raises the bar -- as well as concerns -- about security of cash machines
How Private Is Google's Cloud? And Is It Any Of The FTC's Business?
Commentary  |  3/18/2009  | 
Privacy advocacy group The Electronic Privacy Information Center has asked the Federal Trade Commission to investigate Google's security procedures and practices. Should you be more concerned about Google's lapses than you are (or should be) about any other cloud-based service?
Your Storage Has To Do More With Less, Too
Commentary  |  3/18/2009  | 
Sick of the phrase "Do more with less"? How about putting the pressure on your storage system? If you have to do more with less, it should at least carry some of the responsibility.
Authoritatively, Who Was Behind The Estonian Attacks?
Commentary  |  3/17/2009  | 
In the past couple of weeks the press has been humoring a couple of rumors about who was behind the 2007 cyberattacks against Estonia [PDF]. During these attacks, Estonia's infrastructure, which relies heavily on the Internet, nearly collapsed.
Motorola Unveils Public Safety, Video Server Products
News  |  3/17/2009  | 
The hardware, which centers on the 4.9-GHz band, is aimed at providing improved secure wireless connectivity.
U.N. Agency: Cybersquatting On The Rise
News  |  3/17/2009  | 
New data from the World Intellectual Property Organization, as well as from MarkMonitor, highlights problem of brand abuse online
BBC Botnet Experiment IS Illegal, No Matter What They Say
Commentary  |  3/17/2009  | 
Saturday, "Click"--"the BBC's flagship technology programme"--broadcast an investigative report on cybercrime. The exciting thing about this particular program is that they purchased and used a botnet as part of their investigation. The creators of the program are under the impression that their experiment was perfectly legal, because they had
Got 15 Minutes? Get Secure: McAfee
Commentary  |  3/17/2009  | 
An hour a week is what the typical small and midsized business is able to devote to security, according to McAfee. The company's latest outreach aims to show you how 15 minutes can heighten your 24/7 security profile.
BBC Botnet Experiment IS Illegal, No Matter What They Say
Commentary  |  3/17/2009  | 
Saturday, "Click"--"the BBC's flagship technology programme"--broadcast an investigative report on cybercrime. The exciting thing about this particular program is that they purchased and used a botnet as part of their investigation. The creators of the program are under the impression that their experiment was perfectly legal, beca
Binghamton Data Breach Threatens CISO's Position
News  |  3/17/2009  | 
The discovery of documents with students' personally identifying information stored in an unlocked room has launched protests against the university's chief information security officer.
Comcast Customer Usernames, Passwords Exposed In Possible Phishing Attack
Quick Hits  |  3/17/2009  | 
List of accounts was 8,000, but Comcast says only 700 were active customer accounts
Reality Check: Apple's OS X, Safari Security
Commentary  |  3/16/2009  | 
More security researchers are realizing that when it comes to Apple software security: there is no there "there."
White House CIO On Leave Amid Scandal At D.C. Technology Office
News  |  3/16/2009  | 
Acting CSO, technology consultant for D.C. technology office also are arrested on charges of theft and corruption
Microsoft Stands By Its Latest Patch
News  |  3/16/2009  | 
The company is defending against claims that its MS09-008 security fix doesn't work and that the vulnerabilities could be used to hijack network traffic.
Broken Engagement Leads IT Worker To Damage Australian Government Data
Quick Hits  |  3/16/2009  | 
Admin uses ex-fiancee's user ID to delete more than 10,000 government records in Australia's Northern Territory
Startup Secures Mashups
News  |  3/16/2009  | 
New SSL-based technology lets Web applications authenticate to one another
Netbooks A Source Of Data Leaks If Not Properly Supported
Commentary  |  3/16/2009  | 
The eWeek article "Netbooks Offer Hackers Easy Access to Data" caught my eye. It's a couple of weeks old, but the message is no less clear.
Continuity Software Releases Latest Version of RecoverGuard: High Availability As Vital As Data Recovery
Commentary  |  3/16/2009  | 
In terms of business continuity, high availability of resources is as important as the ability to recover resources in the event of a disaster. Availability monitoring -- searching for gaps and inconsistencies in networks -- is at the heart of Continuity Software's latest release of RecoverGuard.
bMighty News Flash: Monday March 16, 2009
News  |  3/16/2009  | 
Today's top tech news for small and midsize businesses: Obama announces SMB lending aid, SMB optimism, Web site best practices, Facebook Connect for iPhone, SMBs want SaaS, explosive mobile commerce growth, Windows 7 changes, Cisco's unified computing, iPhone 3,0, Azaleos merges with M3, Reality Digital launches Harmony platform, MyFax offers free service, Facebook traffic growth...
Cost-Reducing The Backup Infrastructure
Commentary  |  3/16/2009  | 
You are spending too much money on your backup infrastructure. You've built this massive infrastructure specifically to handle one task...The Full Backup. Most enterprises do their entire full backup job over the weekend so they have enough backup-window time to get the job done. We've been doing backups this way for the last 20 years, is it time for change? Could changing it rein in the costs of the backup process?
No Fooling: Conficker Set To Strike April 1
Commentary  |  3/13/2009  | 
Almost two months ago, we noted how antivirus firm F-Secure estimated that the Conficker/Downadup worm had infected nearly 9 million PCs. Today, IT management vendor CA warns that the worm has big plans for April Fools' Day.
Major Cybercrime Busts Take Place In Romania
News  |  3/13/2009  | 
Major bank fraud ring broken up; alleged NASA hacker faces charges
Group Launches New Best Practices For Secure Software Development
Quick Hits  |  3/13/2009  | 
"Building Security In Maturity Model" offers best practices from the real world
DefCon CTF Organizers Chosen
Commentary  |  3/13/2009  | 
DefCon creator and organizer Jeff Moss (aka Dark Tangent) put out a call for proposals in late January looking for a group to design, organize and run this year's Capture the Flag (CTF) event at DefCon in Las Vegas. Late last night, Jeff announced that proposal #1, from a currently unnamed team, was chosen for DefCon 17.
7 Security Tips For Friday The 13th
Commentary  |  3/13/2009  | 
Not that you're superstitious or anything, but why not take Friday the 13th (the second in two months) as an opportunity to tighten up security procedures and remind employees that security is a matter of more than luck?
A Recession Demands Retention
Commentary  |  3/13/2009  | 
As we work our way through the current economic situation, IT staffs are faced with a variety of challenges that are in conflict: maintain or increase services levels, drive out costs and increase efficiency. One of the items that can't be neglected is retention of data. In fact, it may be more critical in tough times than in prosperous times.
Conficker/Downadup Evolves To Defend Itself
News  |  3/12/2009  | 
Worm develops ability to disable antimalware tools, switch domains more frequently
Two Engineers Arraigned For Theft Of Trade Secrets From Goodyear
Quick Hits  |  3/12/2009  | 
Technicians allegedly took photos of proprietary equipment and used them to make equipment for Goodyear's Chinese rival
Acrobat Antics Here To Stay
Commentary  |  3/12/2009  | 
Adobe has a bit of a problem on its hands, and it is sitting in a spotlight usually reserved for a company like Microsoft. Adobe is currently responsible for a vulnerability that could allow mass pwnage of the Internet. Even though the company finally released a patch for version 9 of Acrobat and Acrobat Reader, two more versions are due to be patched. In other words, this is a bug that's going
Feedback: In Defense Of The PCI Data Security Standard
News  |  3/12/2009  | 
Visa responds to InformationWeek's tough criticism of PCI.
See How I Suffer For My Science?
Commentary  |  3/12/2009  | 
Today I saw two fraudulent charges on my bank account, and a few weeks ago I accidentally wiped off all of the data from my BlackBerry. Why? Because I love too much.
Rolling Review: PGP Mobile 9.9.0 For Security On The Go
News  |  3/11/2009  | 
Encryption Platform works with device managers to safeguard data on smartphones.
Finjan Stops Malware At The Gateway
News  |  3/11/2009  | 
SP-6100 midrange appliance spots hidden threats, even in "safe" sources, but it's pricey.
Victims Argue Findings Of Romanian White Hat Hacker Group
News  |  3/11/2009  | 
Impact of HackersBlog's vulnerability discoveries may be overstated, victims say
The Many Shades Of Green...Storage
Commentary  |  3/11/2009  | 
Green storage, or making storage more power efficient, continues to be a hot topic of discussion from storage vendors and for storage consumers. What is interesting and sometimes comical is watching vendors explain how their storage is suddenly green. Let's examine the common claims.
Feds Still Unable To Share Information, Experts Argue
News  |  3/11/2009  | 
A bipartisan group recommends improving government efforts in areas like national defense, energy security, bio-defense, health care, and cybersecurity.
Symantec Code-Signing Mistake Leaves Norton Users PIFTS Off
Quick Hits  |  3/11/2009  | 
Coding error leads to speculation and conspiracy theories -- but no data loss
Crazy Patch Tuesday (And Not Because Of Microsoft, Either)
Commentary  |  3/11/2009  | 
As Microsoft's Patch Tuesdays go, this one struck me as a fairly straightforward day. Yet, what was up with Symantec and Adobe? Patch Tuesdays aren't a good day to make the jobs of IT security and operation teams any more difficult than they already are.
German Intelligence Caught Red-Handed In Computer Spying, Analysis
Commentary  |  3/11/2009  | 
According to German Web site Der Spiegel, the German foreign intelligence agency BND has supposedly been spying on computer systems around the world in the past couple of years. Everyone does it. Why not governments?
Phone-Based Authentication Helps Hunt Cybercriminals
Commentary  |  3/11/2009  | 
Two-factor authentication is the centerpiece of one of the more interesting technologies at FOSE this week, one of those "why-haven't-I-thought-of-that-before" technologies.
One (Weak) Password Is All Many Users Have, No Matter Many Strong Ones They Need: Sophos
Commentary  |  3/11/2009  | 
A new Sophos password survey shows some improvement in the the number of computer users depending on one, generally weak, password for multiple sites and purposes. Only a third or so of respondents admitted to using the same password for multiple sites. Only a third!
Cybersecurity Hearing Prompts Calls For Leadership, Laws
News  |  3/10/2009  | 
A key issue at the hearing was whether cybersecurity should be overseen by the intelligence and military establishment or whether it should also include a role for the private sector.
Government Needs To Get Its Cybersecurity In Gear, Experts Tell Congress
News  |  3/10/2009  | 
Security industry leaders agree that White House should lead revamped cybersecurity effort
10 Million PCs Infected With Malware In 2008, Study Says
Quick Hits  |  3/10/2009  | 
PandaLabs report says more than one-third of the infected machines were running up-to-date antivirus software
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.