News & Commentary

Content posted in May 2008
Page 1 / 4   >   >>
Hey: They're Gonna Confiscate Your iPod
Commentary  |  5/30/2008  | 
From border guards to copyright cops. Get busted with ripped music at the border, and you just may have your iPod, notebook, or smartphone confiscated on the spot. Maybe even if you acquired the music legally.
Speed's Dead
Commentary  |  5/30/2008  | 
In my recent article on data deduplication on InformationWeek's sister site, Byte and Switch, a question of speed impact came up. As we talk to customers throughout the storage community about backup priorities, a surprising trend continues: the importance of shrinking the backup window has become less of a priority for disk to disk backup solutions. Why?
Are Your Employee's Phones Secure? All Of Them? Really?
Commentary  |  5/30/2008  | 
Can a single unsecured smartphone compromise your business's security? Looks that way -- and that should make you look hard at who's got phones in your company, and how they're using them.
Comcast Outage Traced to Teenage Hackers
News  |  5/30/2008  | 
DNS attack left service provider down for five hours
Man Arraigned for Setting Up 58,000 Brokerage Accounts
Quick Hits  |  5/30/2008  | 
Comic book and cartoon characters got their own portfolios
Stanford Medical School's Rx: Anomaly Detection
News  |  5/30/2008  | 
Appliance helps minimize bot, malware infections
Die, Comment Spam. Die
Commentary  |  5/29/2008  | 
Blogging software and services provider Six Apart (known for MovableType and TypePad) has unleashed a new anti-comment spam filter, creatively dubbed TypePad AntiSpam. Now how will I get the latest stock-trading tips, body-enhancing drugs, and pharma deals?
Revision3 Denial Of Service Attack Traced To Anti-Piracy Company
News  |  5/29/2008  | 
Company CEO Jim Louderback says the FBI is investigating, and he is critical of MediaDefender's vigilante approach to fighting copyright piracy.
Secure Computing Tells Where Your Biggest Insecurity Is: Inside Your Company, That's Where!
Commentary  |  5/29/2008  | 
What are IT security professionals most scared of? Their companies' own employees, that's what.
Gartner Forecasts the Next Big Threats
News  |  5/29/2008  | 
A peek at some of the types of attacks on the horizon that Gartner will reveal at next week's Security Summit
Gas Station ATM/Card Reader Likely Rigged in New ID Theft Case
Quick Hits  |  5/29/2008  | 
California's South Bay area is reeling from yet another wave of ID theft from ATM/card reader machines
Bullying & the Enterprise
News  |  5/29/2008  | 
Protecting your employees and your brand from cyber-bullies and inappropriate behavior requires a zero-tolerance policy
Finding The Needle, Part One - Saving Money
Commentary  |  5/28/2008  | 
In the last week another new storage startup is launching a new product, another just received another round of founding, and still another announced it was being purchased. This happens almost every day with technology startup companies, especially in storage.
Adobe Flash Player Under Attack
Commentary  |  5/28/2008  | 
Security researchers are warning that an in-the-wild exploit within the Adobe Flash Player has been planted in from 20,000 to 250,000 Web pages. If that wide range of potentially affected Web pages isn't enough disparity for you, try this on: it's not entirely clear what versions of Flash are at risk. Read on...
Societe Generale Offers Findings on Breach Investigation
News  |  5/28/2008  | 
Trader's creativity, lack of proper controls combined to create perfect storm that lost the company $7 billion
New SQL Injection Attacks Exploit Adobe Flash Flaw
News  |  5/28/2008  | 
And it's not just online gamers who are at risk
Identity Fraudsters Improve Aim on the Wealthy
Quick Hits  |  5/28/2008  | 
UK study shows that those who make more than $100,000 are almost three times more likely to be victims
Cloud Security
Commentary  |  5/28/2008  | 
Making use of cloud computing resources like Google's App Engine, or Salesforce.com, or Amazon S3, while all the rage, still makes some folks nervous. In particular, heads of enterprise development organizations who feel the need to tell their developers, "Nah-ah. Unless it's behind our firewall, you can't use it."
Infrastructure Virtualization
Commentary  |  5/27/2008  | 
Server virtualization helped justify and broaden the use of the SAN by leveraging networked storage to enable features like server motion. In similar fashion, companies such as Scalent Systems are using infrastructure virtualization to further justify and broaden the use of a SAN by bringing those server virtualization capabilities to nonvirtualized systems: the ability to move or start new application instances in a matter of minutes after powering on and bo
New York To Issue Enhanced Drivers Licenses For Cross-Border Travel
News  |  5/27/2008  | 
The enhanced licenses are expected to ease commerce and long lines at New York-Canada border crossings.
Yahoo Sues 'Lottery Spammers'
News  |  5/27/2008  | 
The suit accuses the defendants of sending spam e-mails trying to trick people into divulging personal information by claiming they had won a prize from Yahoo.
Mob Making Cyber Moves: Organized Crime Versus Disorganized Defenses
Commentary  |  5/27/2008  | 
The news that organized crime is now a bigger cyber-havoc player than independent hackers isn't surprising: as Willie Sutton said of banks in the last century, the Net is now "where the money is."
RIM To Indian Government: No Crypto Keys For You
Commentary  |  5/27/2008  | 
Just last week it looked like RIM was ready to hand over its BlackBerry message encryption to the Indian authorities. Now, it seems as if, to quote singer/songwriter Tom Petty, RIM has had a "Change Of Heart."
Deutsche Telecom Spied on Employees, Journalists
News  |  5/27/2008  | 
Major German service provider violated privacy laws by analyzing phone records in an attempt to stop leaks to the press
New Smart Phone Hack Could Expose Cell Network
News  |  5/27/2008  | 
Researchers to release hacking tool that gathers information about the cellular network to which a smart phone is connected
Hackers Take Down Russian Nuclear Power Websites
Quick Hits  |  5/27/2008  | 
Attacks play off of rumors of nuclear accident and prevent customers from checking online radiation reports in their area
Do iSCSI-Only Systems Make Sense?
Commentary  |  5/23/2008  | 
When iSCSI first began to appear, there were several companies -- LeftHand Networks, EqualLogic (now owned by Dell), and others -- which developed storage solutions based solely on the protocol. But what these companies had really developed was a storage software solution that probably could have run on any protocol, although they choose iSCSI. My opinion is that this was as mu
Vulnerabilities Found In IBM Lotus Sametime And Cisco Gear
News  |  5/23/2008  | 
Cisco alerted users to vulnerabilities in several of its products while IBM says it has a patch ready for its software.
Facebook Vulnerable To Serious XSS Attack
Commentary  |  5/23/2008  | 
If you can't trust your friends, who can you trust? On Facebook, you better think before you click that link, a security researcher warns ...
TVA 's Scary Security Lapses Have Big Lessons For Small And Midsize Businesses
Commentary  |  5/23/2008  | 
The news that the Tennessee Valley Authority (TVA) -- the largest U.S. public electric utility -- is riddled with security lapses should give pause to cybersecurity watchers and worriers everywhere. And the nature of those lapses should be a reminder to every business in the country.
Tech Insight: Debian Linux Flaw Threatens SSL Encryption
News  |  5/23/2008  | 
Vulnerability in Debian OpenSSL could allow attackers to decrypt 'secure' Web sessions
Passport to the Web
News  |  5/23/2008  | 
Our system for authenticating international travelers' identities is solid. Why can't we create a similar process online?
Connecticut Attorney General Blasts Bank Of New York Mellon
Commentary  |  5/22/2008  | 
It's happened again. Another backup tape with millions of customers' information has gone missing. The tape was lost on Feb. 27, and the Connecticut authorities want to know more.
Power Company Slammed For Weak Cyber Security
News  |  5/22/2008  | 
Almost all of the workstations and servers that GAO examined on the TVA's corporate network lacked key security patches or had inadequate security settings.
Apple's iCal Vulnerable To Hackers
News  |  5/22/2008  | 
In order for an attacker to exploit these vulnerabilities, he or she would have to convince an iCal user to open an .ics file sent via e-mail or hosted on a Web server.
Building Better Branch-Office Wireless
News  |  5/22/2008  | 
One rogue access point at a remote site can make for a potentially huge security mess. The answer? Extend the corporate wireless LAN safely and efficiently. We'll show you how.
CompTIA Survey: What Causes Most Breaches Is The Same Thing The Road To Hell Is Paved With
Commentary  |  5/22/2008  | 
Findings from a new survey indicate that most security breaches aren't the result of malicious intent. Problem is, more than a few are the result of good intentions.
Unitrends Takes Hold of $9M
News  |  5/22/2008  | 
Data protection startup completes its Series C, and eyes a multitude of product enhancements
New Google Service Helps Infected Websites Clean Up
News  |  5/22/2008  | 
Diagnostic page details nature of sites flagged as dangerous by Google
Microsoft Wins Patent on Proactive Anti-Malware Technology
Quick Hits  |  5/22/2008  | 
New scheme creates virtual environment where malware can be detected by its behavior
Research In Motion May Hand Crypto Keys To Indian Government
Commentary  |  5/21/2008  | 
Apparently, the Indian government can't crack 256-bit encryption to read protected e-mails on RIM BlackBerrys. It appears RIM is willing to lend a hand, by handing over its (your) keys.
Rolling Review: Patch Up Your Windows
News  |  5/21/2008  | 
Kaseya targets Microsoft shops that need reliable patch management but are on tight budgets.
An Inconvenient Data Retention Policy
Commentary  |  5/21/2008  | 
I recently met with a client that had a 45-day retention policy for ALL data. I've heard of this kind of policy for e-mail, but I don't recall ever hearing of it for all the data in the enterprise. Is this realistic and can you get away with that short of a data retention policy? Not really, and here's why.
Regulatory Holes Could Leave US Power Grid Open to Attack
News  |  5/21/2008  | 
Utility commissions tell Congress they don't have the authority to quickly respond to cyber threats
'Hack-and-Pier' Phishing on the Rise
News  |  5/21/2008  | 
More and more phishers are hacking legitimate Websites, reports say
Page 1 / 4   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...