Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2008
Page 1 / 3   >   >>
Apple Plugs Growing List Of Security Holes
Commentary  |  6/30/2008  | 
If you're an OS X user, and have yet to download today's 59-MB set of security patches, right now would be a good time to run Software Update. The vendor has patched 25 vulnerabilities, and some are fairly nasty at that.
Microsoft Internet Explorer Vulnerability Warning Issued
News  |  6/30/2008  | 
The flaw focuses on IE's inline frames, often used for serving ads, which typically come from a different domain than content that appears on the same Web page.
Part One -- SMB Lessons
Commentary  |  6/30/2008  | 
As I've been following the devastating floods in the Midwest and specifically Iowa, I can't help but say something from a disaster recovery viewpoint. Clearly my heart goes out to the personal losses being suffered by thousands of people in the area, but part of my nature is always to look for ways that companies survive. I have seen a number of stories with company's stock price being affected by not being able to maintain business operations. In some cases, this makes sense, especially in agri
Security Spending: Dollars Up, Safety Down?
Commentary  |  6/30/2008  | 
IT security is spending more to deliver less or, at best, hold the line against a growing threat universe, according to major new Informationweek survey.
Cracking Physical Identity Theft
News  |  6/30/2008  | 
Social engineering expert reveals brick-and-mortar identity theft risks in banks, ISPs, and other firms
Survey: Unstructured Data a Security Nightmare
Quick Hits  |  6/30/2008  | 
New Ponemon Institute report finds organizations don't have a grip on access to data on file servers, network-attached storage
Catalyst Conference 2008: The State Of Federated Identity Management
Commentary  |  6/29/2008  | 
At last week's Catalyst conference in San Diego, I had a chance to sit down with identity management executives from IBM and CA to discuss the state of federated identity management. It appears while the federation of identities hasn't taken off as expected, there is still life in the technology.
Cloud Storage 101 - Part One
Commentary  |  6/27/2008  | 
It seems like the hype-o-meter on cloud computing and cloud storage has been turned up a few notches lately. How real is this emerging market and how will the players begin to settle in? At its most simplistic, cloud storage is disk at the end of a wire that resides outside of your data center. It creates a "storage as a service" model that is delivered over the Internet. Many are positioning this as storage for your older digital assets, essentially an archive.
TV Guide/Comcast Joint Venture Gets NAC
News  |  6/27/2008  | 
GuideWorks adds mobile, visiting users to its network with TippingPoint appliance
How to Control Spam Infiltration in the Enterprise
Quick Hits  |  6/27/2008  | 
New report from Forrester outlines the latest anti-spam best practices for businesses
Catalyst Conference 2008: GRC Is A Four Letter Word
Commentary  |  6/26/2008  | 
If you work anywhere near the risk management functions within your company, whether it be as an executive, manager, auditor, or IT security practitioner, you've probably heard from many vendors trying to sell you a "GRC solution." Burton Group analysts say you just may be better off covering your ears.
Hacking the Call Center
News  |  6/26/2008  | 
PCI, breach fears shine light on dark corners of call center insecurity
ISPs Join Hands to Battle Botnet-Driven Spam
Quick Hits  |  6/26/2008  | 
Messaging Anti-Abuse Working Group (MAAWG) maps out best practices for nailing spam without accidentally blocking legitimate email
TPM: A Matter Of Trust
News  |  6/25/2008  | 
The Trusted Platform Module never releases its internal key outside itself, so it becomes its own root of trust.
A Tipping Point For The Trusted Platform Module?
News  |  6/25/2008  | 
To achieve widespread adoption, TPM must overcome challenges to encryption key management.
NAC Plus Smart Switches Equals Better Control
News  |  6/25/2008  | 
New capabilities make the technology better than ever for access control and compliance reporting.
Tech Road Map: EKMI
News  |  6/25/2008  | 
Oasis' open Enterprise Key Management Infrastructure initiative promises less-complex encryption. But will vendors get on board?
Catalyst Conference 2008: Virtualization Security, Myths Vs. Reality
Commentary  |  6/25/2008  | 
At Burton Group's Catalyst Conference, here in San Diego, security and virtualization analyst Alessandro Perilli explained what he sees as some of the greatest challenges to securing virtualized environments.
Central Office IT Neglects Mobile Security: CDW Survey
Commentary  |  6/25/2008  | 
Mobile security is very much a moving target -- one that too many businesses are either missing or not aiming at altogether, according to a newly released study.
3 Ways That Storage Virtualization Can Save You Money
Commentary  |  6/25/2008  | 
Storage virtualization is often billed as what I call a "Time To" product, meaning that it reduces the time it takes IT to respond to demands on the business. Virtualization shortens the amount of time that it takes to respond to a provisioning request, allowing for more rapid deployment of storage assets. IT departments also should consider storage virtualization if they need to flatten or shrink their budget.
Another Security Threat Aimed At Macs Found On The Web
News  |  6/25/2008  | 
Security vendor Intego said the latest malware masquerading as a program for Mac OS X is called "PokerGame."
Google, Microsoft Back Security & Privacy Framework for Online Health Data
Quick Hits  |  6/25/2008  | 
The Common Framework for Networked Personal Health Information defines best practices for protecting patient data for online access
Startup Promises to Slow Software Tampering
News  |  6/25/2008  | 
Metaforic says its anti-hacking tools aren't invulnerable, but definitely will make software exploits less fun
Target's (The Retailer) Swipe At Privacy
Commentary  |  6/24/2008  | 
Why don't retailers care more about how they handle your personal information?
Sybase Adds To Mobile Security Line
News  |  6/24/2008  | 
Sybase iAnywhere has expanded its mobile security portfolio to include handheld antivirus and firewall capabilities.
Watch Those Wikis: Small Public Posts Can Cause Big Business Problems
Commentary  |  6/24/2008  | 
Inside knowledge, much less insider knowledge can be a dangerous business thing. Just ask the wiki-poster who got fired for leaking early news of Tim Russert's death.
Malicious Spam Traffic Triples in One Week
News  |  6/24/2008  | 
Sudden massive bot recruitment campaign by Srizbi botnet drives malicious spam up 9.9%, according to researchers at Marshal
Report: China Hosts Most Malware-Infected Sites
News  |  6/24/2008  | 
StopBadware.org report shines new light on where the world's malware-ridden sites reside
DNS Alerts-as-a-Service
Quick Hits  |  6/24/2008  | 
New DNS alert service lets organizations customize, control notification of DNS problems and vulnerabilities
Citect Doesn't Get 'IT' When It Comes To Application Security
Commentary  |  6/23/2008  | 
Citect, the Sydney, Australia-based maker of Supervisory Control And Data Acquisition (SCADA) software, CitectSCADA, doesn't seem to understand IT security, or why applications that run things like pharmaceutical plants, water treatment facilities, and natural gas pipelines should be inherently secure.
Agent-Based Data Movers
Commentary  |  6/23/2008  | 
In last week's entry I discussed Global Name Spaces as a data mover for moving data to and from a disk-based archive. In addition to a Global Name Space there are other tools to move data to and archive. I find that the other solutions typically fall into one of two camps; Agent-based data movers or crawl-based data movers. There's also another category of monitoring tools that don't actually move the da
New Web Threats Imperil OS, Other Apps
News  |  6/23/2008  | 
IBM researchers release proof of concept for new cross-environment hopping (CEH) attack methods
Microsoft, Novell, Oracle, PayPal, Others Launch New Digital ID Forum
Quick Hits  |  6/23/2008  | 
Nonprofit Information Card Forum established to unite various industry efforts for building online information identities to replace the username/password model
Failing The Basics Will Get You Hacked
Commentary  |  6/22/2008  | 
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.
Microsoft Reissues Critical Security Fix For Windows XP
News  |  6/20/2008  | 
The original patch worked on Windows Vista, but failed to accomplish its task in Windows XP SP2 and SP3, the Microsoft Security Response Center said.
Apple Fixes Security Flaw In Windows Version Of Safari
News  |  6/20/2008  | 
The patch changes Safari so it will first seek permission from a user before downloading an application from a Web site to the desktop.
Global Name Spacing
Commentary  |  6/20/2008  | 
In speaking with an IT manager the other day, he was complaining about running out of drive letters and the difficulty that moving away from using drive letters was causing his users. He was looking into Microsoft DFS and was looking for other solutions since he had a mixed environment of Unix and Windows. Global Name Space solutions like those available from Acopia or built into OnStor NAS products are ideal for solving the
Security Staff Snoops: Who's Watching Your Watchers (And What Are Your Watchers Watching?)
Commentary  |  6/20/2008  | 
Fully a third of IT staffers recently surveyed admitted to taking unauthorized, inappropriate, and often illegal looks at confidential files and e-mails. Maybe that lets them get their peeping Tom jollies off -- but it may also leave your business on very shaky and un-jolly legal ground.
Filling Out Forms: Still a Dangerous Game
News  |  6/20/2008  | 
Despite upgrades and fixes, most browsers are still vulnerable to attacks via Web forms, researcher says
Tech Insight: Finding Security-Sensitive Data - on a Shoestring Budget
News  |  6/20/2008  | 
Thanks to open-source tools, discovering the heart of your data doesn't always mean paying an arm and a leg
New Worm Spawns More Than 8M Spam Messages
Quick Hits  |  6/20/2008  | 
Fake news come-ons lead to infected porn site
Mozilla Confirms TippingPoint's Cheap Shot (Whoops. I Meant Vulnerability Announcement)
Commentary  |  6/20/2008  | 
Mozilla security chief Window Snyder says that there is, in fact, a security flaw in the foundation's just-released Firefox 3.0 Web browser. Her announcement confirms the sucker-punch swung by TippingPoint Technologies just hours after Firefox's release.
Court Rules Employee Text Messages Are Private
News  |  6/19/2008  | 
A Court of Appeals ruled in favor of a police officer and others who claimed that the city of Ontario, Calif., violated their Fourth Amendment rights.
Fraud-Fighting Community Launches in US
News  |  6/19/2008  | 
Subscribers share information about fraudulent online transactions in online service
Neocleus Nabs $11M for Virtual Security
News  |  6/19/2008  | 
Startup takes aim at virtual desktops with Xen-based software
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-24
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing o...
PUBLISHED: 2022-05-24
GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0...
PUBLISHED: 2022-05-24
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or...
PUBLISHED: 2022-05-24
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of ...
PUBLISHED: 2022-05-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.