News & Commentary
Content posted in May 2008
|
Hey: They're Gonna Confiscate Your iPod
From border guards to copyright cops. Get busted with ripped music at the border, and you just may have your iPod, notebook, or smartphone confiscated on the spot. Maybe even if you acquired the music legally.
Speed's Dead
In my recent article on data deduplication on InformationWeek's sister site, Byte and Switch, a question of speed impact came up. As we talk to customers throughout the storage community about backup priorities, a surprising trend continues: the importance of shrinking the backup window has become less of a priority for disk to disk backup solutions. Why?
Are Your Employee's Phones Secure? All Of Them? Really?
Can a single unsecured smartphone compromise your business's security? Looks that way -- and that should make you look hard at who's got phones in your company, and how they're using them.
Comcast Outage Traced to Teenage Hackers
DNS attack left service provider down for five hours
Man Arraigned for Setting Up 58,000 Brokerage Accounts
Comic book and cartoon characters got their own portfolios
Stanford Medical School's Rx: Anomaly Detection
Appliance helps minimize bot, malware infections
Die, Comment Spam. Die
Blogging software and services provider Six Apart (known for MovableType and TypePad) has unleashed a new anti-comment spam filter, creatively dubbed TypePad AntiSpam. Now how will I get the latest stock-trading tips, body-enhancing drugs, and pharma deals?
Revision3 Denial Of Service Attack Traced To Anti-Piracy Company
Company CEO Jim Louderback says the FBI is investigating, and he is critical of MediaDefender's vigilante approach to fighting copyright piracy.
Secure Computing Tells Where Your Biggest Insecurity Is: Inside Your Company, That's Where!
What are IT security professionals most scared of? Their companies' own employees, that's what.
Gartner Forecasts the Next Big Threats
A peek at some of the types of attacks on the horizon that Gartner will reveal at next week's Security Summit
Gas Station ATM/Card Reader Likely Rigged in New ID Theft Case
California's South Bay area is reeling from yet another wave of ID theft from ATM/card reader machines
Bullying & the Enterprise
Protecting your employees and your brand from cyber-bullies and inappropriate behavior requires a zero-tolerance policy
Finding The Needle, Part One - Saving Money
In the last week another new storage startup is launching a new product, another just received another round of founding, and still another announced it was being purchased. This happens almost every day with technology startup companies, especially in storage.
Adobe Flash Player Under Attack
Security researchers are warning that an in-the-wild exploit within the Adobe Flash Player has been planted in from 20,000 to 250,000 Web pages. If that wide range of potentially affected Web pages isn't enough disparity for you, try this on: it's not entirely clear what versions of Flash are at risk. Read on...
Societe Generale Offers Findings on Breach Investigation
Trader's creativity, lack of proper controls combined to create perfect storm that lost the company $7 billion
New SQL Injection Attacks Exploit Adobe Flash Flaw
And it's not just online gamers who are at risk
Identity Fraudsters Improve Aim on the Wealthy
UK study shows that those who make more than $100,000 are almost three times more likely to be victims
Cloud Security
Making use of cloud computing resources like Google's App Engine, or Salesforce.com, or Amazon S3, while all the rage, still makes some folks nervous. In particular, heads of enterprise development organizations who feel the need to tell their developers, "Nah-ah. Unless it's behind our firewall, you can't use it."
Infrastructure Virtualization
Server virtualization helped justify and broaden the use of the SAN by leveraging networked storage to enable features like server motion. In similar fashion, companies such as Scalent Systems are using infrastructure virtualization to further justify and broaden the use of a SAN by bringing those server virtualization capabilities to nonvirtualized systems: the ability to move or start new application instances in a matter of minutes after powering on and bo
New York To Issue Enhanced Drivers Licenses For Cross-Border Travel
The enhanced licenses are expected to ease commerce and long lines at New York-Canada border crossings.
Yahoo Sues 'Lottery Spammers'
The suit accuses the defendants of sending spam e-mails trying to trick people into divulging personal information by claiming they had won a prize from Yahoo.
Mob Making Cyber Moves: Organized Crime Versus Disorganized Defenses
The news that organized crime is now a bigger cyber-havoc player than independent hackers isn't surprising: as Willie Sutton said of banks in the last century, the Net is now "where the money is."
RIM To Indian Government: No Crypto Keys For You
Just last week it looked like RIM was ready to hand over its BlackBerry message encryption to the Indian authorities. Now, it seems as if, to quote singer/songwriter Tom Petty, RIM has had a "Change Of Heart."
Deutsche Telecom Spied on Employees, Journalists
Major German service provider violated privacy laws by analyzing phone records in an attempt to stop leaks to the press
New Smart Phone Hack Could Expose Cell Network
Researchers to release hacking tool that gathers information about the cellular network to which a smart phone is connected
Hackers Take Down Russian Nuclear Power Websites
Attacks play off of rumors of nuclear accident and prevent customers from checking online radiation reports in their area
Do iSCSI-Only Systems Make Sense?
When iSCSI first began to appear, there were several companies -- LeftHand Networks, EqualLogic (now owned by Dell), and others -- which developed storage solutions based solely on the protocol. But what these companies had really developed was a storage software solution that probably could have run on any protocol, although they choose iSCSI. My opinion is that this was as mu
Vulnerabilities Found In IBM Lotus Sametime And Cisco Gear
Cisco alerted users to vulnerabilities in several of its products while IBM says it has a patch ready for its software.
Facebook Vulnerable To Serious XSS Attack
If you can't trust your friends, who can you trust? On Facebook, you better think before you click that link, a security researcher warns ...
TVA 's Scary Security Lapses Have Big Lessons For Small And Midsize Businesses
The news that the Tennessee Valley Authority (TVA) -- the largest U.S. public electric utility -- is riddled with security lapses should give pause to cybersecurity watchers and worriers everywhere. And the nature of those lapses should be a reminder to every business in the country.
Tech Insight: Debian Linux Flaw Threatens SSL Encryption
Vulnerability in Debian OpenSSL could allow attackers to decrypt 'secure' Web sessions
Passport to the Web
Our system for authenticating international travelers' identities is solid. Why can't we create a similar process online?
Connecticut Attorney General Blasts Bank Of New York Mellon
It's happened again. Another backup tape with millions of customers' information has gone missing. The tape was lost on Feb. 27, and the Connecticut authorities want to know more.
Power Company Slammed For Weak Cyber Security
Almost all of the workstations and servers that GAO examined on the TVA's corporate network lacked key security patches or had inadequate security settings.
Apple's iCal Vulnerable To Hackers
In order for an attacker to exploit these vulnerabilities, he or she would have to convince an iCal user to open an .ics file sent via e-mail or hosted on a Web server.
Building Better Branch-Office Wireless
One rogue access point at a remote site can make for a potentially huge security mess. The answer? Extend the corporate wireless LAN safely and efficiently. We'll show you how.
CompTIA Survey: What Causes Most Breaches Is The Same Thing The Road To Hell Is Paved With
Findings from a new survey indicate that most security breaches aren't the result of malicious intent. Problem is, more than a few are the result of good intentions.
Unitrends Takes Hold of $9M
Data protection startup completes its Series C, and eyes a multitude of product enhancements
New Google Service Helps Infected Websites Clean Up
Diagnostic page details nature of sites flagged as dangerous by Google
Microsoft Wins Patent on Proactive Anti-Malware Technology
New scheme creates virtual environment where malware can be detected by its behavior
Research In Motion May Hand Crypto Keys To Indian Government
Apparently, the Indian government can't crack 256-bit encryption to read protected e-mails on RIM BlackBerrys. It appears RIM is willing to lend a hand, by handing over its (your) keys.
Rolling Review: Patch Up Your Windows
Kaseya targets Microsoft shops that need reliable patch management but are on tight budgets.
An Inconvenient Data Retention Policy
I recently met with a client that had a 45-day retention policy for ALL data. I've heard of this kind of policy for e-mail, but I don't recall ever hearing of it for all the data in the enterprise. Is this realistic and can you get away with that short of a data retention policy? Not really, and here's why.
Regulatory Holes Could Leave US Power Grid Open to Attack
Utility commissions tell Congress they don't have the authority to quickly respond to cyber threats
'Hack-and-Pier' Phishing on the Rise
More and more phishers are hacking legitimate Websites, reports say
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Ben saw that management takes locked-down situations very seriously.
Latest Comment: Ben saw that management takes locked-down situations very seriously.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-5798
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
From DHS/US-CERT's National Vulnerability Database CVE-2019-5798
PUBLISHED: 2019-05-23
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5799PUBLISHED: 2019-05-23
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5800PUBLISHED: 2019-05-23
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5801PUBLISHED: 2019-05-23
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5802PUBLISHED: 2019-05-23
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This