News & Commentary

Content posted in April 2008
Page 1 / 4   >   >>
You're Infected With Malware. And You Don't Care.
Commentary  |  4/30/2008  | 
Could it be true? Could there be thousands, if not more, Internet users infected with botnets, who know they're infected, and don't care enough to do anything about it?
Google Warns Users About Phishing
News  |  4/30/2008  | 
In advising users to be wary of clicking on links in e-mail messages or responding to requests for personal information, Google is trying to protect its own business.
Former UCLA Health Employee Charged With Selling Celeb Records To Media
News  |  4/30/2008  | 
The U.S. District Court indictment against a former administrative assistant does not appear related to leaks of Britney Spears' health information this year.
XP Service Pack Delay: What Else Is New?
Commentary  |  4/30/2008  | 
Microsoft's on-again/off-again extension of support for XP may or may not be on-again, but the latest delay of the latest long-awaited XP Service Pack delay may strike some of us as the last straw.
Large Businesses Wrestle With Web 2.0
News  |  4/30/2008  | 
New capabilities turn security policies and practices on end, panelists say
Software Lets Enterprises Encrypt, Restrict Use of CD/DVD Media
Quick Hits  |  4/30/2008  | 
New technology from Lumension encrypts data on CDs, prevents reading and writing without network authorization
When Bots Don't Care - Or Don't Know Enough to
News  |  4/30/2008  | 
Misguided apathy among consumers could be contributing to botnet proliferation
Will Code Viruses For Beer
Commentary  |  4/29/2008  | 
A controversial contest at this year's Defcon hacker conference promises to reward the most successful virus writers.
Webroot to Launch Enterprise Web Filtering Service
News  |  4/29/2008  | 
Content filtering will be marketed alongside email management service
Microsoft Adds Two to Forefront Family
News  |  4/29/2008  | 
Remote access, edge security products now under Forefront umbrella
'USB Hacksaw' Still Sharp, Expert Says
Quick Hits  |  4/29/2008  | 
Exploit allows hackers to dump data from thumb drives and email it to a remote location
Avoiding a Mesh Mess
News  |  4/29/2008  | 
Factor in security with Microsoft's new Live Mesh
New Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
Commentary  |  4/28/2008  | 
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.
Microsoft Blames Poor Coding Practices For Massive SQL Injection Attack
News  |  4/28/2008  | 
U.S. CERT recommends disabling JavaScript and ActiveX because of attacks that have compromised legitimate Web sites using Microsoft IIS Web Server and Microsoft SQL Server.
Windows XP Service Pack 3
Commentary  |  4/28/2008  | 
While there's not a lot of big news or fanfare surrounding the imminent release of Windows XP Service Pack 3, there are a number of interesting security enhancements.
Those Social Networking Apps? Not as Safe as Your Employees Think
Commentary  |  4/28/2008  | 
There's lots of talk about the time-wasting element inherent in social networking sites like MySpace and Facebook. Along comes yet another reason for a smaller business to block these sites: Security, or lack thereof.
Wireless Vulnerabilities Present Enterprise-Wide Threats, Expert Says
News  |  4/28/2008  | 
Wireless is the greatest threat to corporate networks since the emergence of the Internet, AirPatrol CEO says
'Long-Term' Phishing Attack Underway
News  |  4/28/2008  | 
New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
Societe Generale Goat Gets IT Consulting Job
Quick Hits  |  4/28/2008  | 
Man who singlehandedly cost financial services firm more than $7B is now giving advice
Interop Founder Dan Lynch Invests in Hot Security Startups
News  |  4/28/2008  | 
He was hacked by Kevin Mitnick in the '80s and recently had his identity stolen - but Lynch still has hope for making security strong and usable
Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
News  |  4/25/2008  | 
Security consultancy GNUCitizen says an attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution.
Astaro Survey Sez Your Security Spending Seems Recession-Proof. Really?
Commentary  |  4/25/2008  | 
The results of a recent survey of small and midsize business IT security spending plans are being interpreted/marekted as signs that your security spending is "recession proof." A closer look suggests something quite different.
Exostar Set to Launch Federated Identity Service for Aerospace
News  |  4/25/2008  | 
Service vets and authenticates customers and trading partners for its members
Tech Insight: DIY Penetration Testing
News  |  4/25/2008  | 
When to conduct your own penetration test or to farm it out to a third party
Men More Likely Than Women to Fall for Internet Fraud
Quick Hits  |  4/25/2008  | 
Guys lose $1.67 to every $1 lost by gals, ICCC says
Quick! Unplug Your Internet Connection!
Commentary  |  4/24/2008  | 
According to the security vendor Sophos, one Web page is infected with malicious software every five seconds. Yeah, but it's probably mom-and-pop and porn Web sites with all of the infections, you say. Think again.
Small And Midsize Businesses' IT Security Budgets 'Recession-Proof'
News  |  4/24/2008  | 
Despite overall economic difficulties, survey respondents say they still plan to invest in technology this year.
McAfee And PlumChoice DoubleTeam For Remote Business Tech Services
Commentary  |  4/24/2008  | 
The latest alliance targeting small and midsize business tech-needs is McAfee's just-announced linkup with PlumChoice to provide on-demand tech services to, well, to you.
Securing the Internet's DNS
News  |  4/24/2008  | 
Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Tape Loss Stuns UK Retail Giant
News  |  4/24/2008  | 
It's a tale of the (stolen) tapes over at major British pharmacist Boots
Dish Says Hacker Hired to Break Into Its Network
Quick Hits  |  4/24/2008  | 
Satellite TV drama unfolds in lawsuit over piracy
Focus On Managing Risk, Not Gruntwork
Commentary  |  4/23/2008  | 
With large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter?
Are EMC And IBM Reliable Storage Bellwethers?
Commentary  |  4/23/2008  | 
Their success is no guarantee of success for other vendors, but dismal results from these two companies would augur poorly for the rest of the storage industry, to say the least. And quite apart from my glass half-empty outlook, I'm not sure how much weight to give the recent positive financial performance from EMC and IBM.
Hard Drive Encryption Becomes Loaded-Laptop Hard Drive Feature
Commentary  |  4/23/2008  | 
With nearly three-quarters of a million laptop and notebook computers lost or stolen each year, there's a better than good argument for equipping yourself and your remote staff with encrypted disks on their portable gear.
Border Agents Can Search Laptops Without Cause, Court Rules
News  |  4/23/2008  | 
The 3-0 decision is likely to extend to cell phones and other personal electronic devices.
Companies May Be Held Liable for Deals With Terrorists, ID Thieves
News  |  4/23/2008  | 
New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
Researchers Infiltrate and 'Pollute' Storm Botnet
News  |  4/23/2008  | 
European botnet experts devise a method that disrupts stubborn peer-to-peer botnets like Storm
JavaScript Injection Attack Infects 'Hundreds of Thousands' of Websites
Quick Hits  |  4/23/2008  | 
United Nations, UK government sites are among the victims
Market's Message to Security Pros: Adapt or Die
News  |  4/23/2008  | 
Shifts in economy, business are forcing re-prioritization in the IT security department, studies say
Physical Security Breaches Trump Vulnerabilities
Commentary  |  4/22/2008  | 
When it comes to publicly disclosed breaches, chances are the root cause was a stolen system, not a hack.
Security Vulnerabilities Reported At Obama, Clinton Web Sites
News  |  4/22/2008  | 
Researchers said cross-site scripting problems found on the sites could result in anything from a harmless pop-up window to exposure to malicious software.
Infected Web Pages Nearly Triple
News  |  4/22/2008  | 
Sophos says that it discovered a new infected Web page every 5 seconds. In 2007, the company says, it saw new infected Web pages every 14 seconds.
New Malware Page Every Five Seconds: Sophos
Commentary  |  4/22/2008  | 
Sophos released its Q1 2008 threat report today, and the news ain't good. In fact, it's three times as bad as last year -- that's how fast the threats are increasing. And increasing every five seconds.
Microsoft Report: Physical Data Theft, Trojans Up; Bug Disclosure Down
News  |  4/22/2008  | 
Trojan attacks jump by 300 percent, but publicly disclosed vulnerabilities reach three-year ebb
eBay Turns Up the Heat on Fraudsters
Quick Hits  |  4/22/2008  | 
Special cookies will help online marketplace separate legitimate sellers from identity thieves
Crank Up The Volume
Commentary  |  4/22/2008  | 
If storage were an audio receiver, we'd be flirting with that "9" or "10" mark on that big black dial. But we're talking capacity here (and maybe speed), as vendors appear to bend the rules of physics by cramming more bytes than any space or drive should be able to accommodate.
Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better
Commentary  |  4/21/2008  | 
Microsoft can, and should, provide more insight into how well its security development life cycle is working.
Ooops -- Microsoft Nags More Office Users Than It Meant To
Commentary  |  4/21/2008  | 
Microsoft's latest attempt to track down illegitimate copies of its programs -- in this case Office -- went a bit (and way more than a bit) farther than the company intended last week when it released an Office piracy detector worldwide, instead of to the four countries the program targeted.
New Tool Lets Enterprises Manage Security on Multiple Linux Servers
News  |  4/21/2008  | 
Trusted Computer Solutions readies software that can 'lock down' servers running Red Hat, CentOS, or Oracle Enterprise Linux
Page 1 / 4   >   >>


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...