Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2009
<<   <   Page 2 / 3   >   >>
Trusted Computing Group Widens Security Specs Beyond Enterprise Networks
News  |  5/18/2009  | 
New specs include support for SCADA systems, physical access control systems, guest PCs, printers, and VOIP phones
Report: Growth Of Digital Data Could Overwhelm Security
Quick Hits  |  5/18/2009  | 
IDC "Digital Universe" study says volume of data is vastly outgrowing the resources available to protect it
Zero-Day IIS Vuln Bypasses Authentication
Commentary  |  5/18/2009  | 
Windows sysadmins responsible for servers running Microsoft Internet Information Services (IIS) received an unexpected surprise last Friday afternoon--or first thing this morning--in the form of a zero-day vulnerability. The vulnerability is reminiscent of the well-known IIS unicode path traversal issue from 2001, but instead of path traversal, this allows attackers to access and upload files on WebDAV-enabled IIS 6 servers. Nicolas Rangos (aka Kincope) released information about the vulnerabili
Schools' Cybersecurity Needs Improvement
News  |  5/18/2009  | 
While more than half of surveyed schools reported a breach last year, 75% say their security infrastructure is adequate.
Report: Over 60 Percent of Websites Contain Serious Vulnerabilities
News  |  5/17/2009  | 
Newly released client data from White Hat Security finds organizations are slow to close known security holes in their Websites
Lessons From Fighting Cybercrime
Commentary  |  5/17/2009  | 
The history of anti-spam teaches us about half-baked ideas and how people succeeded or failed to implement them. The analogy of evolution, while limited, demonstrates how reactionary solutions can achieve strategic goals before they are made obsolete by countermeasures.
Security Is Part Of The Cost Of Doing Business
Commentary  |  5/15/2009  | 
Looking for ROI on a security investment is misguided -- how do you measure the cost of something that doesn't happen? But nothing happening is exactly the return you hope for when you invest in securing your business IT.
Tech Insight: Keeping Server Virtualization Secure
News  |  5/15/2009  | 
Don't let security worries stop you from virtualizing your servers -- but know the risks and ways to protect your systems and data
McAfee Acquires App Whitelisting Vendor Solidcore For $33M
Quick Hits  |  5/15/2009  | 
Buyout will set the stage for end-to-end compliance offering, security giant says
'Kramer' Is In The Building
Commentary  |  5/15/2009  | 
My firm, Secure Network Technologies, was recently hired by a large healthcare provider to perform a security assessment. As part of the job, my partner, Bob Clary, posed as an employee, similar to the "Seinfeld" episode in which Kramer shows up and works at a company where he was never actually hired.
Rapidly Spreading 'Gumblar' Attack Redirects Users' Web Searches
News  |  5/14/2009  | 
Malware scripts morph from site to site, and even from page to page, within the same site, ScanSafe researchers say
U.S. Defense Department Official Charged With Espionage
News  |  5/14/2009  | 
A civilian employee at the Pentagon has been charged with conspiring to provide classified information to an agent with ties to the People's Republic of China.
SMBs Can Trim Costs With Remote Workers, But Do It Securely
Commentary  |  5/14/2009  | 
If you're looking at ways to trim operating costs without trimming staff, sending employees home to work may be near the top of your list. Just be sure, before you do, that the employees' home workspace is as secure (or more!) as your business facility.
DoD Official Charged With Handing Over Classified Data To China
News  |  5/14/2009  | 
User with classified data access sold Defense Department information, documents
So, You Want To Build an Effective Application Security Program? How Good Are You At Politics?
Commentary  |  5/14/2009  | 
Being that the tagline of the Secure360 Conference was Evolving Threats, Practical Solutions I figured a session on How To Build an Effective Application Security Program would be appropriate. Fewer areas of information security have more evolving threats, or are in more need of practical, applied, solutions.
Tippett To Discuss Verizon Breach Report
Commentary  |  5/14/2009  | 
Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.
Deloitte: Tech, Media, And Telecom Industries Reduce Security Spending
Quick Hits  |  5/14/2009  | 
Six out of 10 firms worldwide say they're falling behind or trying to catch up with threats
DHS Disaster Recovery Plans Lacking, Report Finds
News  |  5/14/2009  | 
Eight of the Department of Homeland Security's 27 critical systems don't have an identified alternate processing site.
Return On Efficiency
Commentary  |  5/14/2009  | 
What if "do more with less" was more than a marketing phrase? What if you really could do more with less? There are storage solutions available now that really let you improve efficiency but one of the key components of deciding if a do more with less project is successful, is to measure the return on efficiency. For the dollars invested are you X more effective at your job?
Insider May Have Breached More Than 10,000 Patient Records At Johns Hopkins
News  |  5/13/2009  | 
Employee had access to patient database as part of her job, report says
Detecting Malware Through Configuration Management
Commentary  |  5/13/2009  | 
Malware analysis has two basic approaches that fall into either the static or dynamic analysis category. The static approach analyzes the malicious executable itself by disassembling it to determine its true nature. Dynamic analysis involves execution of the malware and analyzing it's behavior.
Researchers Hack Web Application Firewalls
News  |  5/13/2009  | 
OWASP Europe presentation demonstrates tools that fingerprint the brand of WAF, as well as bypass it altogether
Many IT Risk Management Projects Go Unfunded
Quick Hits  |  5/13/2009  | 
Seventeen percent of companies say it's only a matter of time before an internal breach occurs
Aruba Remote Network Products Include $99 Device
News  |  5/13/2009  | 
The Virtual Branch Network products take a page from the virtualization playbook to simplify the management of branch and remote locations while lowering costs for users.
3 Disaster Recovery Tips (Or Risks!) You May Have Overlooked
Commentary  |  5/13/2009  | 
You've got your Disaster Recovery plan in place (don't you?) and, if disaster should strike, you're ready to bounce back quickly. Or are you? Take a look at these three good -- and in case of disaster, critical -- tips to make sure your plan works.
Microsoft Patches PowerPoint Flaws, But Not For Mac
News  |  5/12/2009  | 
One of the 14 Patch Tuesday bulletins is rated "critical" and the rest are rated "important." All of them could lead to remote code execution.
SIEM Case Study: Israeli E-Government ISP
Commentary  |  5/12/2009  | 
Want a case study on the slings and arrows of outrageous SIEM implementation? Sure you do. (Really. You do. Trust me on this one.)
SIEM Case Study: Israeli e-government ISP
Commentary  |  5/12/2009  | 
Want a case study on the slings and arrows of outrageous SIEM implementation? Sure you do. (Really. You do. Trust me on this one.) Assaf Keren, information security manager at the Israeli e-government recently briefed me on the challenges and lessons he is learning whilst implementing a SIEM center in the Israeli e-government ISP Project (called "Tehila")--a topic he first told us about during the SIEM Summit at the CSI Annual 2008 conf
Pirated Windows 7 OS Comes With Trojan, Builds A Botnet
News  |  5/12/2009  | 
At its peak, the Trojan-infested counterfeit version of Microsoft's prerelease version of Windows 7 was infecting more than 200 PCs an hour
Secure360: The Triumph Of Politics (Over Security)
Commentary  |  5/12/2009  | 
While listening to former special adviser for cyberspace security for the White House this morning, Howard Schmidt, talk candidly about information security at the Secure360 conference here in Saint Paul, MN - I began wondering: why didn't we implement the original National Strategy To Secure Cyberspace?
Report: ATM/Debit Card Fraud On The Rise
Quick Hits  |  5/12/2009  | 
Half of financial institutions experienced fraud complaints as a result of major data breaches
DAS VS. SAN - High Capacity
Commentary  |  5/12/2009  | 
Continuing our examination of the resurgence of direct attached storage (DAS), in this entry we look at the ever-increasing internal capacity of DAS in servers. One of the key reasons users begin looking at a SAN or NAS is when the capacity demands of a single server outpace its internal storage capabilities. This may no longer be justification enough to make the move to networked storage or to continue to expand the network storage you have.
Report: Zeus Flips Kill Switch On More Than 100,000 PCs
Quick Hits  |  5/11/2009  | 
Botnet reportedly triggered a little-used capability called "Kill OS," rendering a blue screen on 100,000-plus PCs and making them difficult to reboot
Porn Leads To Conviction Under 'Hacker Law'
Commentary  |  5/11/2009  | 
Did you know that by looking online for an "adult friend" and uploading nude pictures of yourself while at work, you could be convicted using the same law that was designed for prosecuting malicious hackers?
The Cost Of Fixing An Application Vulnerability
News  |  5/11/2009  | 
Security experts say enterprises spend anywhere from $400 to several thousand dollars to fix a single vulnerability in their internally Web developed applications
Hidden Botnet Costs Hit SMBs Hard
Commentary  |  5/11/2009  | 
While the obvious risks of bots to your business and its data -- harvesting of names, keylog sniffers seeking sensitive data -- rightly receive the most attention, compromised systems carry other risks that can exact a heavy business price. Server capacity, bandwidth and even power consumption are hidden parts of the bot equation.
Maybe Government Should Give Up On Computers, Revert To Paper
Commentary  |  5/8/2009  | 
Governments and their agencies are clearly over their head when it comes to IT security and governance. In fact, a number of recent reports highlight just how poor a job governments perform when it comes to securing our data.
UC Berkeley Health Service Data Stolen By Overseas Criminals
News  |  5/8/2009  | 
The breach went undiscovered for six months, during which time Social Security numbers and health insurance information were stolen.
Researchers Find Missile Defense Data On Used Hard Drive
News  |  5/8/2009  | 
Study also produces sensitive data from Ford Motor, Laura Ashley, and other businesses
Recession Opens Up Opportunities To Innovate
Commentary  |  5/8/2009  | 
Information technology, and especially the area of security, is an ever-changing, dynamic field for work and research. That's one of the reasons I enjoy it so much; if I get bored with one thing, there's a dozen others I can focus on and come back to the previous thing later. But, we are in interesting times. Enterprises are cutting back IT budgets. Layoffs are happening all around us. Companies are consolidating. What does this mean to the infosec community?
Windows 7 Will Mostly Be More Secure Than Leopard
Commentary  |  5/8/2009  | 
Apple's Snow Leopard will be attacked more than any other version of the vendor's platform, and Apple's use of a s"ecurity by obscurity policy" where it does its very best not to actually talk in any depth about the subject will likely bite it in the butt this time.
Thousands of Vulnerabilities Detected In FAA's Air Traffic Control Apps
Quick Hits  |  5/8/2009  | 
Government audit of 70 Federal Aviation Administration Web-based applications finds flaws that could put air traffic, itself, at risk
SMBs In Cyber Criminals' Crosshairs
Commentary  |  5/7/2009  | 
When it comes to IT security, small and midsize businesses are in the unenviable position of being not only more attractive to criminals, but also having fewer resources to defend themselves.
Air Traffic Control System Repeatedly Hacked
News  |  5/7/2009  | 
A security audit finds a total of 763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities, such as weak passwords and unprotected folders.
Mass. Criminal Database Deemed Public Safety Risk
News  |  5/7/2009  | 
The 25-year-old system cannot reconcile arrests with court dispositions or use fingerprints to verify criminal history, state auditor Joe DeNucci finds.
Startup Takes New Spin On Online Fraud Detection
News  |  5/7/2009  | 
Pramana's 'HumanPresent' technology uses stealthy real-time detection of bots and bad guys posing as legitimate users
DAS VS. SAN - Capacity And Performance Management
Commentary  |  5/7/2009  | 
Capacity presents two challenges to the Storage Area Network (SAN) vs. Direct Attached Storage (DAS) debate. A traditional knock against DAS and a reason that many data centers get a SAN is because of these two capacity challenges. The first is can you get enough capacity and the second is can you use that capacity efficiently in a performance sensitive environment? DAS however now has the ability to address both of these issues.
Feds Indict Alleged Cisco, NASA Hacker
Quick Hits  |  5/7/2009  | 
Swedish man known as "Stakkato" accused of stealing Cisco IOS code
Data Loss Prevention Rolling Review: Safend Safeguards At The Endpoint
News  |  5/7/2009  | 
Low-cost endpoint specialist gets the job done -- most of the time.
CouchSurfing: A Working Trust Model
Commentary  |  5/7/2009  | 
Trust. At the beginning we take it on faith. On the Internet, a fortiori, all the more so. While security professionals struggle to establish online trust, CouchSurfing, a social site for tourists who want to borrow your couch and, perhaps -- wink, wink -- make friends, has a working trust model that is cool to boot.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.