Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2009
Page 1 / 3   >   >>
Report Identifies The Most Dangerous -- And Safest -- Search Terms
Quick Hits  |  5/29/2009  | 
"Viagra" is surprisingly safe, but "screensaver" is a dangerous search, McAfee report says
Tech Insight: To Go Deep On Security, Get Past The Surface
News  |  5/29/2009  | 
Reducing the "attack surface" of your Microsoft apps and systems could improve your organization's overall security
Obama Puts Cybersecurity Front And Center As An Economic, Public Safety, And National Security Concern
News  |  5/29/2009  | 
President says he will "personally select" a White House-based cybersecurity coordinator, and ensures privacy and civil liberties will be maintained as U.S. cybersecurity efforts intensify
Cybersecurity Review Finds U.S. Networks 'Not Secure'
News  |  5/29/2009  | 
The report dovetails with President Obama's call for the creation of a cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas.
Obama Cybersecurity Plan: What's In It For SMBs?
Commentary  |  5/29/2009  | 
New cyberczar (though no names yet), management from the top, calls for more coordinated cybersecurity efforts, privacy protection -- same old same old, or does the unveiling of the Obama administration's cybersecurity plan promise real changes in the government's approach to scuring cyberspace. More importantly, what's in the plan for small and midsized businesses?
Obama Administration's IT Security Review
Commentary  |  5/29/2009  | 
Today the White House released its 60-day review on cybersecurity policy, and the report -- as well as the administration's plan -- consists of five primary prongs: top-down leadership, education, distributed responsibility, information sharing, and encouraging innovation.
Commentary  |  5/29/2009  | 
Wrapping up our series on choosing storage projects, part of the conversation has to be what is more important, CAPEX or OPEX? Almost every storage project you decide to embark on will have to be brought to management as something that is going to either reduce your capital expenditures or lower your operational expenditures. Which part of these projects are more important?
Cybercriminals: More Obvious Than They Think?
Commentary  |  5/29/2009  | 
Attackers often use and abuse security by obscurity, which can lessen the likelihood that they will be caught. From them we can learn a lot about profiling attackers on our networks, and how they work to achieve better operational security. Take their use of encryption.
Microsoft Warns Of 'Browse-And-Get-Owned' DirectX Flaw
News  |  5/28/2009  | 
The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.
Snort To Go Virtual
News  |  5/28/2009  | 
Open source IDS/IPS celebrates its tenth year with an all-new platform in the works, a new release candidate, and plans for a commercial a virtual appliance
Members Of Legendary '90s Hacker Group Relaunch Password-Cracking Tool
Quick Hits  |  5/28/2009  | 
L0phtCrack is back: Former members of L0pht Heavy Industries retool their tool after buying it back from Symantec
Security Alliances Partner To Work On Cloud Computing
Quick Hits  |  5/27/2009  | 
Jericho Forum, Cloud Security Alliance agree to align their best practices for secure collaboration in the cloud
Selecting Your Next Storage Project - Big Projects
Commentary  |  5/27/2009  | 
In a prior entry we discussed how to select your next storage project and suggested that most IT professionals are going to focus on smaller projects. Basically filling in pot holes as opposed to paving a new road. There are times however, even when staffing is scarce and money is tight that you need to undertake a big storage project to fix the problem, essentially putting a new road in.
More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites
News  |  5/27/2009  | 
New research from the Anti-Phishing Working Group shows how phishers are better covering their tracks -- and what to do when phishers compromise your Website
U.S. Cyber Czar On The Horizon; New Legislation, Too?
Commentary  |  5/27/2009  | 
The buzz surrounding President Obama's efforts at securing our cyber-infrastructure is audible. The release of a 60-day review of the government's cybersecurity efforts, which started back in February, is expected soon, along with the naming of a new White House official -- a "cyber czar," as some are calling the position -- who will reportedly have purview over developing a strategy for securing both government and private networks.
Spam Surge: 9 Out Of 10 E-mails Can't Be Good!
Commentary  |  5/27/2009  | 
90% of all email was spam last month, according to Symantec's MessageLabs Intelligence Report, just released. The figure is up more than 5% in the last month. Good news, I guess, is that things can't get much more than 10% worse from here.
Security Benchmarks For Apple iPhone Released
Commentary  |  5/27/2009  | 
Today the Center for Internet Security released a set of benchmarks designed to help consumers and businesses alike communicate using their favorite toy. Whoops, I meant smartphone. The guidance is worth a look.
Security Experts Raise Alarm Over Insider Threats
News  |  5/26/2009  | 
Economic troubles raising the stakes on potential threats, FIRST members say
Cybersecurity Czar Announcement Imminent
Commentary  |  5/26/2009  | 
President Obama is set to announce, sometime this week, that the post of a cyber czar will be created. So far, the news creates more questions than answers.
NSA-Funded 'Cauldron' Tool Goes Commercial
News  |  5/26/2009  | 
Vulnerability analysis tool aggregates, correlates, and visually maps attack patterns and possibilities
Summer Security: Don't Put Backups In The Trunk
Commentary  |  5/26/2009  | 
Temperatures are starting to rise outside -- and when they do, you can bet they're rising even faster in trunks and locked cars. Which are two of the places you should never put media you're transporting. And according to a data recovery specialist, they're also two of the most common locations for media in transit -- and two of the most common sources of data damage.
When Your Security Career Gets Hacked
Commentary  |  5/26/2009  | 
Security professionals like to think they're immune from the economic woes plaguing the rest of the business world, but, unfortunately, many are finding out the hard way that their jobs aren't any more secure than their apps. So career coaches Lee Kushner and Michael Murray today launched an "incident response" podcast series to help security professionals whose careers have been hacked and their jobs lost get back into the job market.
Report: Obama To Announce Plans For Cybersecurity Czar This Week
Quick Hits  |  5/26/2009  | 
President's announcement will be in conjunction with the release of the long-awaited cybersecurity review by Melissa Hathaway, according to Monday's Washington Post
Secure64's DNS, DNSSEC Products Receive IPv6 Gold Certification
News  |  5/26/2009  | 
Security solutions now compliant with IPv4-to-IPv6 transition already under way
Google I/O Developer Conference: Where's The Security Love?
Commentary  |  5/24/2009  | 
At the Google I/O developer conference this week, Google Inc. will host more than 80 technical sessions on all of the Google apps and platforms we've come to know -- Android, Chrome, App Engine, Web Toolkit, AJAX and others. When reviewing the Google I/O Schedule this morning, I was disappointed by what could not be easily found.
Facebook Falls Victim To Another Phishing Attack
Quick Hits  |  5/22/2009  | 
Phishers use cryptic message to lure users into giving up their account information
20 SMB Security Products Worth A Look
Commentary  |  5/22/2009  | 
Take a few minutes this holiday weekend -- always assuming there's such a thing as holiday weekends for small and midsized businesses -- and check out twenty of the hottest and most budget-savvy (rarely the same thing) new security products.
Adobe Owns Up To Security Issues
Commentary  |  5/22/2009  | 
The discussion surrounding how to make software vendors accountable for hacked systems and data breaches due to security problems in their products is, at best, an effort in futility. As much as we'd like to have Microsoft, Oracle, and Adobe take responsibility for software vulnerabilities that have caused us headaches and cost us money, we are stuck in an endless loop of dependence on their products.
Tech Insight: How To Protect Your Organization From Malicious Insiders
News  |  5/22/2009  | 
New report offers insights on how to keep the bad apples from spoiling your company's whole barrel of data
Study: 'Secret Security Questions' Can Be Guessed By Insiders
Quick Hits  |  5/21/2009  | 
Ability to guess the answers to second-level security questions goes up significantly if the guesser knows the account holder, study says
Center For Internet Security Issues Free Security Metrics
News  |  5/21/2009  | 
Global coalition of enterprises, government, and vendors looks to its vendor members to automate collection of new metrics in their products
Lessons From Fighting Cybercrime, Part 2
Commentary  |  5/21/2009  | 
In this article we'll examine three basic guidelines on how to implement solutions into social systems, learned from the fight against spam.
Verizon Beefs Up Handset Security
News  |  5/21/2009  | 
The over-the-air authentication service enables workers to securely access business networks from handsets nearly anywhere in the world.
Tech Road Map: 3G Security Is Getting Better, But It's Still Incomplete
News  |  5/21/2009  | 
Safeguarding wireless traffic in transit is only part of the equation. Pay attention to devices and endpoints, too.
Web 2.0 For Business Requires Web 2.0-Level Security: Websense
Commentary  |  5/21/2009  | 
The various elements and components and approaches that comprise Web 2.0 offer large business promise. But they also create large business risk and exposure. Better make sure your security and especially your security policies are up to the challenges.
NetApp Buys Data Domain - User Impact
Commentary  |  5/21/2009  | 
With yesterdays announcement of NetApp's intention to buy Data Domain, a question that needs to be answered by IT professionals is how does this affect them? In our blog on Information Week's sister publication Byte and Switch we looked at the industry impact, but what about the users? There are current customers, c
Hardened OS Vendor Builds Secure Virtual Layer For Network Devices
News  |  5/21/2009  | 
"Tier one" networking equipment vendors are adopting Green Hills Software's secure virtualization platform as an extra layer of protection for their devices, company says
Adobe (Finally) Getting Security Religion
Commentary  |  5/20/2009  | 
In the past number of years Adobe Systems hasn't seemed to have its act together when it comes to mitigating security risks in its PDF. Hopefully, that's about to change.
Web 2.0 Conquers The Workplace, But Many Security Departments Aren't Ready
Quick Hits  |  5/20/2009  | 
Many enterprises are lacking key tools for protecting Web 2.0 data, study says
Ruminating on CSI SX
Commentary  |  5/20/2009  | 
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets! Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.
Virtualization Could Collide With PCI, But Help Forensics
News  |  5/20/2009  | 
Security experts at CSI/SX and Interop warn that PCI-regulated apps and virtualization may not mix right now; say virtualization can help with incident response
Educating Our Clients Is Part Of Our Responsibility
Commentary  |  5/20/2009  | 
Have you ever had a client (or your own employer) say, "There's no way a user could hack our internal Web apps; they can't run anything but authorized applications like a Web browser and e-mail client." Happens all the time, right? Guess what -- you're not alone.
Tippett: Use Application Logs To Catch Data Breaches
News  |  5/19/2009  | 
At CSI/SX, Verizon Business' Peter Tippett talks trends and lessons learned in data breaches
Enterprises Still Struggling To Get Results From SIEM, Log Management
Quick Hits  |  5/19/2009  | 
Most survey respondents still haven't achieved quantifiable benefits, study says
Microsoft Issues IIS Security Advisory
News  |  5/19/2009  | 
An exploit of the vulnerability could give an attacker access to a directory that normally requires authentication.
Selecting Your Next Storage Project - Edge Projects
Commentary  |  5/19/2009  | 
Unfortunately the reality is often that the storage project you are going to work on next is based on the one that users are screaming the loudest for that you can also afford and it usually contains "add capacity". Is there a better way to go about selecting your next storage project?
Trend Micro Adds USB To "Worry Free" SMB Security List
Commentary  |  5/19/2009  | 
Announced today, the latest version of Trend Micro's small and midsized business "Worry Free" Business Security Suite includes enhanced URL filtering as well as USB device monitoring.
Microsoft Offers Free Template For Secure Software Development Process
News  |  5/19/2009  | 
SDL Process Template plugs directly into development tools
On Prison And Corporate Data Escapes
Commentary  |  5/18/2009  | 
In its broadest sense, social engineering is deception to manipulate or exploit people. That's exactly how more than 50 Mexican inmates were freed this weekend. How much proprietary corporate data is "liberated" in much the same way?
Watch Your Website Even As You Watch Out For Others
Commentary  |  5/18/2009  | 
Businesses rightly spend much time and effort seeking to protect their employees from malicious Web sites and the havoc those sites can wreak. A new report reminds us not to neglect vulnerabilities on our own sites, 60% of which contain the sorts of vulnerabilities the malware makers love to exploit.
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-01-23
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.
PUBLISHED: 2022-01-23
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
PUBLISHED: 2022-01-22
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.