News & Commentary

Content posted in May 2009
Page 1 / 3   >   >>
Report Identifies The Most Dangerous -- And Safest -- Search Terms
Quick Hits  |  5/29/2009  | 
"Viagra" is surprisingly safe, but "screensaver" is a dangerous search, McAfee report says
Tech Insight: To Go Deep On Security, Get Past The Surface
News  |  5/29/2009  | 
Reducing the "attack surface" of your Microsoft apps and systems could improve your organization's overall security
Obama Puts Cybersecurity Front And Center As An Economic, Public Safety, And National Security Concern
News  |  5/29/2009  | 
President says he will "personally select" a White House-based cybersecurity coordinator, and ensures privacy and civil liberties will be maintained as U.S. cybersecurity efforts intensify
Cybersecurity Review Finds U.S. Networks 'Not Secure'
News  |  5/29/2009  | 
The report dovetails with President Obama's call for the creation of a cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas.
Obama Cybersecurity Plan: What's In It For SMBs?
Commentary  |  5/29/2009  | 
New cyberczar (though no names yet), management from the top, calls for more coordinated cybersecurity efforts, privacy protection -- same old same old, or does the unveiling of the Obama administration's cybersecurity plan promise real changes in the government's approach to scuring cyberspace. More importantly, what's in the plan for small and midsized businesses?
Obama Administration's IT Security Review
Commentary  |  5/29/2009  | 
Today the White House released its 60-day review on cybersecurity policy, and the report -- as well as the administration's plan -- consists of five primary prongs: top-down leadership, education, distributed responsibility, information sharing, and encouraging innovation.
Storage CAPEX VS. OPEX
Commentary  |  5/29/2009  | 
Wrapping up our series on choosing storage projects, part of the conversation has to be what is more important, CAPEX or OPEX? Almost every storage project you decide to embark on will have to be brought to management as something that is going to either reduce your capital expenditures or lower your operational expenditures. Which part of these projects are more important?
Cybercriminals: More Obvious Than They Think?
Commentary  |  5/29/2009  | 
Attackers often use and abuse security by obscurity, which can lessen the likelihood that they will be caught. From them we can learn a lot about profiling attackers on our networks, and how they work to achieve better operational security. Take their use of encryption.
Microsoft Warns Of 'Browse-And-Get-Owned' DirectX Flaw
News  |  5/28/2009  | 
The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.
Snort To Go Virtual
News  |  5/28/2009  | 
Open source IDS/IPS celebrates its tenth year with an all-new platform in the works, a new release candidate, and plans for a commercial a virtual appliance
Members Of Legendary '90s Hacker Group Relaunch Password-Cracking Tool
Quick Hits  |  5/28/2009  | 
L0phtCrack is back: Former members of L0pht Heavy Industries retool their tool after buying it back from Symantec
Security Alliances Partner To Work On Cloud Computing
Quick Hits  |  5/27/2009  | 
Jericho Forum, Cloud Security Alliance agree to align their best practices for secure collaboration in the cloud
Selecting Your Next Storage Project - Big Projects
Commentary  |  5/27/2009  | 
In a prior entry we discussed how to select your next storage project and suggested that most IT professionals are going to focus on smaller projects. Basically filling in pot holes as opposed to paving a new road. There are times however, even when staffing is scarce and money is tight that you need to undertake a big storage project to fix the problem, essentially putting a new road in.
More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites
News  |  5/27/2009  | 
New research from the Anti-Phishing Working Group shows how phishers are better covering their tracks -- and what to do when phishers compromise your Website
U.S. Cyber Czar On The Horizon; New Legislation, Too?
Commentary  |  5/27/2009  | 
The buzz surrounding President Obama's efforts at securing our cyber-infrastructure is audible. The release of a 60-day review of the government's cybersecurity efforts, which started back in February, is expected soon, along with the naming of a new White House official -- a "cyber czar," as some are calling the position -- who will reportedly have purview over developing a strategy for securing both government and private networks.
Spam Surge: 9 Out Of 10 E-mails Can't Be Good!
Commentary  |  5/27/2009  | 
90% of all email was spam last month, according to Symantec's MessageLabs Intelligence Report, just released. The figure is up more than 5% in the last month. Good news, I guess, is that things can't get much more than 10% worse from here.
Security Benchmarks For Apple iPhone Released
Commentary  |  5/27/2009  | 
Today the Center for Internet Security released a set of benchmarks designed to help consumers and businesses alike communicate using their favorite toy. Whoops, I meant smartphone. The guidance is worth a look.
Security Experts Raise Alarm Over Insider Threats
News  |  5/26/2009  | 
Economic troubles raising the stakes on potential threats, FIRST members say
Cybersecurity Czar Announcement Imminent
Commentary  |  5/26/2009  | 
President Obama is set to announce, sometime this week, that the post of a cyber czar will be created. So far, the news creates more questions than answers.
NSA-Funded 'Cauldron' Tool Goes Commercial
News  |  5/26/2009  | 
Vulnerability analysis tool aggregates, correlates, and visually maps attack patterns and possibilities
Summer Security: Don't Put Backups In The Trunk
Commentary  |  5/26/2009  | 
Temperatures are starting to rise outside -- and when they do, you can bet they're rising even faster in trunks and locked cars. Which are two of the places you should never put media you're transporting. And according to a data recovery specialist, they're also two of the most common locations for media in transit -- and two of the most common sources of data damage.
When Your Security Career Gets Hacked
Commentary  |  5/26/2009  | 
Security professionals like to think they're immune from the economic woes plaguing the rest of the business world, but, unfortunately, many are finding out the hard way that their jobs aren't any more secure than their apps. So career coaches Lee Kushner and Michael Murray today launched an "incident response" podcast series to help security professionals whose careers have been hacked and their jobs lost get back into the job market.
Report: Obama To Announce Plans For Cybersecurity Czar This Week
Quick Hits  |  5/26/2009  | 
President's announcement will be in conjunction with the release of the long-awaited cybersecurity review by Melissa Hathaway, according to Monday's Washington Post
Secure64's DNS, DNSSEC Products Receive IPv6 Gold Certification
News  |  5/26/2009  | 
Security solutions now compliant with IPv4-to-IPv6 transition already under way
Google I/O Developer Conference: Where's The Security Love?
Commentary  |  5/24/2009  | 
At the Google I/O developer conference this week, Google Inc. will host more than 80 technical sessions on all of the Google apps and platforms we've come to know -- Android, Chrome, App Engine, Web Toolkit, AJAX and others. When reviewing the Google I/O Schedule this morning, I was disappointed by what could not be easily found.
Facebook Falls Victim To Another Phishing Attack
Quick Hits  |  5/22/2009  | 
Phishers use cryptic message to lure users into giving up their account information
20 SMB Security Products Worth A Look
Commentary  |  5/22/2009  | 
Take a few minutes this holiday weekend -- always assuming there's such a thing as holiday weekends for small and midsized businesses -- and check out twenty of the hottest and most budget-savvy (rarely the same thing) new security products.
Adobe Owns Up To Security Issues
Commentary  |  5/22/2009  | 
The discussion surrounding how to make software vendors accountable for hacked systems and data breaches due to security problems in their products is, at best, an effort in futility. As much as we'd like to have Microsoft, Oracle, and Adobe take responsibility for software vulnerabilities that have caused us headaches and cost us money, we are stuck in an endless loop of dependence on their products.
Tech Insight: How To Protect Your Organization From Malicious Insiders
News  |  5/22/2009  | 
New report offers insights on how to keep the bad apples from spoiling your company's whole barrel of data
Study: 'Secret Security Questions' Can Be Guessed By Insiders
Quick Hits  |  5/21/2009  | 
Ability to guess the answers to second-level security questions goes up significantly if the guesser knows the account holder, study says
Center For Internet Security Issues Free Security Metrics
News  |  5/21/2009  | 
Global coalition of enterprises, government, and vendors looks to its vendor members to automate collection of new metrics in their products
Lessons From Fighting Cybercrime, Part 2
Commentary  |  5/21/2009  | 
In this article we'll examine three basic guidelines on how to implement solutions into social systems, learned from the fight against spam.
Verizon Beefs Up Handset Security
News  |  5/21/2009  | 
The over-the-air authentication service enables workers to securely access business networks from handsets nearly anywhere in the world.
Tech Road Map: 3G Security Is Getting Better, But It's Still Incomplete
News  |  5/21/2009  | 
Safeguarding wireless traffic in transit is only part of the equation. Pay attention to devices and endpoints, too.
Web 2.0 For Business Requires Web 2.0-Level Security: Websense
Commentary  |  5/21/2009  | 
The various elements and components and approaches that comprise Web 2.0 offer large business promise. But they also create large business risk and exposure. Better make sure your security and especially your security policies are up to the challenges.
NetApp Buys Data Domain - User Impact
Commentary  |  5/21/2009  | 
With yesterdays announcement of NetApp's intention to buy Data Domain, a question that needs to be answered by IT professionals is how does this affect them? In our blog on Information Week's sister publication Byte and Switch we looked at the industry impact, but what about the users? There are current customers, c
Hardened OS Vendor Builds Secure Virtual Layer For Network Devices
News  |  5/21/2009  | 
"Tier one" networking equipment vendors are adopting Green Hills Software's secure virtualization platform as an extra layer of protection for their devices, company says
Adobe (Finally) Getting Security Religion
Commentary  |  5/20/2009  | 
In the past number of years Adobe Systems hasn't seemed to have its act together when it comes to mitigating security risks in its PDF. Hopefully, that's about to change.
Web 2.0 Conquers The Workplace, But Many Security Departments Aren't Ready
Quick Hits  |  5/20/2009  | 
Many enterprises are lacking key tools for protecting Web 2.0 data, study says
Ruminating on CSI SX
Commentary  |  5/20/2009  | 
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets! Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.
Virtualization Could Collide With PCI, But Help Forensics
News  |  5/20/2009  | 
Security experts at CSI/SX and Interop warn that PCI-regulated apps and virtualization may not mix right now; say virtualization can help with incident response
Educating Our Clients Is Part Of Our Responsibility
Commentary  |  5/20/2009  | 
Have you ever had a client (or your own employer) say, "There's no way a user could hack our internal Web apps; they can't run anything but authorized applications like a Web browser and e-mail client." Happens all the time, right? Guess what -- you're not alone.
Tippett: Use Application Logs To Catch Data Breaches
News  |  5/19/2009  | 
At CSI/SX, Verizon Business' Peter Tippett talks trends and lessons learned in data breaches
Enterprises Still Struggling To Get Results From SIEM, Log Management
Quick Hits  |  5/19/2009  | 
Most survey respondents still haven't achieved quantifiable benefits, study says
Microsoft Issues IIS Security Advisory
News  |  5/19/2009  | 
An exploit of the vulnerability could give an attacker access to a directory that normally requires authentication.
Selecting Your Next Storage Project - Edge Projects
Commentary  |  5/19/2009  | 
Unfortunately the reality is often that the storage project you are going to work on next is based on the one that users are screaming the loudest for that you can also afford and it usually contains "add capacity". Is there a better way to go about selecting your next storage project?
Trend Micro Adds USB To "Worry Free" SMB Security List
Commentary  |  5/19/2009  | 
Announced today, the latest version of Trend Micro's small and midsized business "Worry Free" Business Security Suite includes enhanced URL filtering as well as USB device monitoring.
Microsoft Offers Free Template For Secure Software Development Process
News  |  5/19/2009  | 
SDL Process Template plugs directly into development tools
On Prison And Corporate Data Escapes
Commentary  |  5/18/2009  | 
In its broadest sense, social engineering is deception to manipulate or exploit people. That's exactly how more than 50 Mexican inmates were freed this weekend. How much proprietary corporate data is "liberated" in much the same way?
Watch Your Website Even As You Watch Out For Others
Commentary  |  5/18/2009  | 
Businesses rightly spend much time and effort seeking to protect their employees from malicious Web sites and the havoc those sites can wreak. A new report reminds us not to neglect vulnerabilities on our own sites, 60% of which contain the sorts of vulnerabilities the malware makers love to exploit.
Page 1 / 3   >   >>


SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I told him all that cryptomining would crash his system."
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.