News & Commentary

Content posted in April 2008
Page 1 / 4   >   >>
You're Infected With Malware. And You Don't Care.
Commentary  |  4/30/2008  | 
Could it be true? Could there be thousands, if not more, Internet users infected with botnets, who know they're infected, and don't care enough to do anything about it?
Google Warns Users About Phishing
News  |  4/30/2008  | 
In advising users to be wary of clicking on links in e-mail messages or responding to requests for personal information, Google is trying to protect its own business.
Former UCLA Health Employee Charged With Selling Celeb Records To Media
News  |  4/30/2008  | 
The U.S. District Court indictment against a former administrative assistant does not appear related to leaks of Britney Spears' health information this year.
XP Service Pack Delay: What Else Is New?
Commentary  |  4/30/2008  | 
Microsoft's on-again/off-again extension of support for XP may or may not be on-again, but the latest delay of the latest long-awaited XP Service Pack delay may strike some of us as the last straw.
Large Businesses Wrestle With Web 2.0
News  |  4/30/2008  | 
New capabilities turn security policies and practices on end, panelists say
Software Lets Enterprises Encrypt, Restrict Use of CD/DVD Media
Quick Hits  |  4/30/2008  | 
New technology from Lumension encrypts data on CDs, prevents reading and writing without network authorization
When Bots Don't Care - Or Don't Know Enough to
News  |  4/30/2008  | 
Misguided apathy among consumers could be contributing to botnet proliferation
Will Code Viruses For Beer
Commentary  |  4/29/2008  | 
A controversial contest at this year's Defcon hacker conference promises to reward the most successful virus writers.
Webroot to Launch Enterprise Web Filtering Service
News  |  4/29/2008  | 
Content filtering will be marketed alongside email management service
Microsoft Adds Two to Forefront Family
News  |  4/29/2008  | 
Remote access, edge security products now under Forefront umbrella
'USB Hacksaw' Still Sharp, Expert Says
Quick Hits  |  4/29/2008  | 
Exploit allows hackers to dump data from thumb drives and email it to a remote location
Avoiding a Mesh Mess
News  |  4/29/2008  | 
Factor in security with Microsoft's new Live Mesh
New Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
Commentary  |  4/28/2008  | 
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.
Microsoft Blames Poor Coding Practices For Massive SQL Injection Attack
News  |  4/28/2008  | 
U.S. CERT recommends disabling JavaScript and ActiveX because of attacks that have compromised legitimate Web sites using Microsoft IIS Web Server and Microsoft SQL Server.
Windows XP Service Pack 3
Commentary  |  4/28/2008  | 
While there's not a lot of big news or fanfare surrounding the imminent release of Windows XP Service Pack 3, there are a number of interesting security enhancements.
Those Social Networking Apps? Not as Safe as Your Employees Think
Commentary  |  4/28/2008  | 
There's lots of talk about the time-wasting element inherent in social networking sites like MySpace and Facebook. Along comes yet another reason for a smaller business to block these sites: Security, or lack thereof.
Wireless Vulnerabilities Present Enterprise-Wide Threats, Expert Says
News  |  4/28/2008  | 
Wireless is the greatest threat to corporate networks since the emergence of the Internet, AirPatrol CEO says
'Long-Term' Phishing Attack Underway
News  |  4/28/2008  | 
New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
Societe Generale Goat Gets IT Consulting Job
Quick Hits  |  4/28/2008  | 
Man who singlehandedly cost financial services firm more than $7B is now giving advice
Interop Founder Dan Lynch Invests in Hot Security Startups
News  |  4/28/2008  | 
He was hacked by Kevin Mitnick in the '80s and recently had his identity stolen - but Lynch still has hope for making security strong and usable
Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
News  |  4/25/2008  | 
Security consultancy GNUCitizen says an attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution.
Astaro Survey Sez Your Security Spending Seems Recession-Proof. Really?
Commentary  |  4/25/2008  | 
The results of a recent survey of small and midsize business IT security spending plans are being interpreted/marekted as signs that your security spending is "recession proof." A closer look suggests something quite different.
Exostar Set to Launch Federated Identity Service for Aerospace
News  |  4/25/2008  | 
Service vets and authenticates customers and trading partners for its members
Tech Insight: DIY Penetration Testing
News  |  4/25/2008  | 
When to conduct your own penetration test or to farm it out to a third party
Men More Likely Than Women to Fall for Internet Fraud
Quick Hits  |  4/25/2008  | 
Guys lose $1.67 to every $1 lost by gals, ICCC says
Quick! Unplug Your Internet Connection!
Commentary  |  4/24/2008  | 
According to the security vendor Sophos, one Web page is infected with malicious software every five seconds. Yeah, but it's probably mom-and-pop and porn Web sites with all of the infections, you say. Think again.
Small And Midsize Businesses' IT Security Budgets 'Recession-Proof'
News  |  4/24/2008  | 
Despite overall economic difficulties, survey respondents say they still plan to invest in technology this year.
McAfee And PlumChoice DoubleTeam For Remote Business Tech Services
Commentary  |  4/24/2008  | 
The latest alliance targeting small and midsize business tech-needs is McAfee's just-announced linkup with PlumChoice to provide on-demand tech services to, well, to you.
Securing the Internet's DNS
News  |  4/24/2008  | 
Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Tape Loss Stuns UK Retail Giant
News  |  4/24/2008  | 
It's a tale of the (stolen) tapes over at major British pharmacist Boots
Dish Says Hacker Hired to Break Into Its Network
Quick Hits  |  4/24/2008  | 
Satellite TV drama unfolds in lawsuit over piracy
Focus On Managing Risk, Not Gruntwork
Commentary  |  4/23/2008  | 
With large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter?
Are EMC And IBM Reliable Storage Bellwethers?
Commentary  |  4/23/2008  | 
Their success is no guarantee of success for other vendors, but dismal results from these two companies would augur poorly for the rest of the storage industry, to say the least. And quite apart from my glass half-empty outlook, I'm not sure how much weight to give the recent positive financial performance from EMC and IBM.
Hard Drive Encryption Becomes Loaded-Laptop Hard Drive Feature
Commentary  |  4/23/2008  | 
With nearly three-quarters of a million laptop and notebook computers lost or stolen each year, there's a better than good argument for equipping yourself and your remote staff with encrypted disks on their portable gear.
Border Agents Can Search Laptops Without Cause, Court Rules
News  |  4/23/2008  | 
The 3-0 decision is likely to extend to cell phones and other personal electronic devices.
Companies May Be Held Liable for Deals With Terrorists, ID Thieves
News  |  4/23/2008  | 
New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
Researchers Infiltrate and 'Pollute' Storm Botnet
News  |  4/23/2008  | 
European botnet experts devise a method that disrupts stubborn peer-to-peer botnets like Storm
JavaScript Injection Attack Infects 'Hundreds of Thousands' of Websites
Quick Hits  |  4/23/2008  | 
United Nations, UK government sites are among the victims
Market's Message to Security Pros: Adapt or Die
News  |  4/23/2008  | 
Shifts in economy, business are forcing re-prioritization in the IT security department, studies say
Physical Security Breaches Trump Vulnerabilities
Commentary  |  4/22/2008  | 
When it comes to publicly disclosed breaches, chances are the root cause was a stolen system, not a hack.
Security Vulnerabilities Reported At Obama, Clinton Web Sites
News  |  4/22/2008  | 
Researchers said cross-site scripting problems found on the sites could result in anything from a harmless pop-up window to exposure to malicious software.
Infected Web Pages Nearly Triple
News  |  4/22/2008  | 
Sophos says that it discovered a new infected Web page every 5 seconds. In 2007, the company says, it saw new infected Web pages every 14 seconds.
New Malware Page Every Five Seconds: Sophos
Commentary  |  4/22/2008  | 
Sophos released its Q1 2008 threat report today, and the news ain't good. In fact, it's three times as bad as last year -- that's how fast the threats are increasing. And increasing every five seconds.
Microsoft Report: Physical Data Theft, Trojans Up; Bug Disclosure Down
News  |  4/22/2008  | 
Trojan attacks jump by 300 percent, but publicly disclosed vulnerabilities reach three-year ebb
eBay Turns Up the Heat on Fraudsters
Quick Hits  |  4/22/2008  | 
Special cookies will help online marketplace separate legitimate sellers from identity thieves
Crank Up The Volume
Commentary  |  4/22/2008  | 
If storage were an audio receiver, we'd be flirting with that "9" or "10" mark on that big black dial. But we're talking capacity here (and maybe speed), as vendors appear to bend the rules of physics by cramming more bytes than any space or drive should be able to accommodate.
Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better
Commentary  |  4/21/2008  | 
Microsoft can, and should, provide more insight into how well its security development life cycle is working.
Ooops -- Microsoft Nags More Office Users Than It Meant To
Commentary  |  4/21/2008  | 
Microsoft's latest attempt to track down illegitimate copies of its programs -- in this case Office -- went a bit (and way more than a bit) farther than the company intended last week when it released an Office piracy detector worldwide, instead of to the four countries the program targeted.
New Tool Lets Enterprises Manage Security on Multiple Linux Servers
News  |  4/21/2008  | 
Trusted Computer Solutions readies software that can 'lock down' servers running Red Hat, CentOS, or Oracle Enterprise Linux
Page 1 / 4   >   >>

Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-01-21
Teradata Viewpoint before 14.0 and contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.
PUBLISHED: 2019-01-21
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
PUBLISHED: 2019-01-21
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...