News & Commentary

Content posted in June 2008
Page 1 / 3   >   >>
Apple Plugs Growing List Of Security Holes
Commentary  |  6/30/2008  | 
If you're an OS X user, and have yet to download today's 59-MB set of security patches, right now would be a good time to run Software Update. The vendor has patched 25 vulnerabilities, and some are fairly nasty at that.
Microsoft Internet Explorer Vulnerability Warning Issued
News  |  6/30/2008  | 
The flaw focuses on IE's inline frames, often used for serving ads, which typically come from a different domain than content that appears on the same Web page.
Part One -- SMB Lessons
Commentary  |  6/30/2008  | 
As I've been following the devastating floods in the Midwest and specifically Iowa, I can't help but say something from a disaster recovery viewpoint. Clearly my heart goes out to the personal losses being suffered by thousands of people in the area, but part of my nature is always to look for ways that companies survive. I have seen a number of stories with company's stock price being affected by not being able to maintain business operations. In some cases, this makes sense, especially in agri
Security Spending: Dollars Up, Safety Down?
Commentary  |  6/30/2008  | 
IT security is spending more to deliver less or, at best, hold the line against a growing threat universe, according to major new Informationweek survey.
Cracking Physical Identity Theft
News  |  6/30/2008  | 
Social engineering expert reveals brick-and-mortar identity theft risks in banks, ISPs, and other firms
Survey: Unstructured Data a Security Nightmare
Quick Hits  |  6/30/2008  | 
New Ponemon Institute report finds organizations don't have a grip on access to data on file servers, network-attached storage
Catalyst Conference 2008: The State Of Federated Identity Management
Commentary  |  6/29/2008  | 
At last week's Catalyst conference in San Diego, I had a chance to sit down with identity management executives from IBM and CA to discuss the state of federated identity management. It appears while the federation of identities hasn't taken off as expected, there is still life in the technology.
Cloud Storage 101 - Part One
Commentary  |  6/27/2008  | 
It seems like the hype-o-meter on cloud computing and cloud storage has been turned up a few notches lately. How real is this emerging market and how will the players begin to settle in? At its most simplistic, cloud storage is disk at the end of a wire that resides outside of your data center. It creates a "storage as a service" model that is delivered over the Internet. Many are positioning this as storage for your older digital assets, essentially an archive.
TV Guide/Comcast Joint Venture Gets NAC
News  |  6/27/2008  | 
GuideWorks adds mobile, visiting users to its network with TippingPoint appliance
How to Control Spam Infiltration in the Enterprise
Quick Hits  |  6/27/2008  | 
New report from Forrester outlines the latest anti-spam best practices for businesses
Catalyst Conference 2008: GRC Is A Four Letter Word
Commentary  |  6/26/2008  | 
If you work anywhere near the risk management functions within your company, whether it be as an executive, manager, auditor, or IT security practitioner, you've probably heard from many vendors trying to sell you a "GRC solution." Burton Group analysts say you just may be better off covering your ears.
Hacking the Call Center
News  |  6/26/2008  | 
PCI, breach fears shine light on dark corners of call center insecurity
ISPs Join Hands to Battle Botnet-Driven Spam
Quick Hits  |  6/26/2008  | 
Messaging Anti-Abuse Working Group (MAAWG) maps out best practices for nailing spam without accidentally blocking legitimate email
TPM: A Matter Of Trust
News  |  6/25/2008  | 
The Trusted Platform Module never releases its internal key outside itself, so it becomes its own root of trust.
A Tipping Point For The Trusted Platform Module?
News  |  6/25/2008  | 
To achieve widespread adoption, TPM must overcome challenges to encryption key management.
NAC Plus Smart Switches Equals Better Control
News  |  6/25/2008  | 
New capabilities make the technology better than ever for access control and compliance reporting.
Tech Road Map: EKMI
News  |  6/25/2008  | 
Oasis' open Enterprise Key Management Infrastructure initiative promises less-complex encryption. But will vendors get on board?
Catalyst Conference 2008: Virtualization Security, Myths Vs. Reality
Commentary  |  6/25/2008  | 
At Burton Group's Catalyst Conference, here in San Diego, security and virtualization analyst Alessandro Perilli explained what he sees as some of the greatest challenges to securing virtualized environments.
Central Office IT Neglects Mobile Security: CDW Survey
Commentary  |  6/25/2008  | 
Mobile security is very much a moving target -- one that too many businesses are either missing or not aiming at altogether, according to a newly released study.
3 Ways That Storage Virtualization Can Save You Money
Commentary  |  6/25/2008  | 
Storage virtualization is often billed as what I call a "Time To" product, meaning that it reduces the time it takes IT to respond to demands on the business. Virtualization shortens the amount of time that it takes to respond to a provisioning request, allowing for more rapid deployment of storage assets. IT departments also should consider storage virtualization if they need to flatten or shrink their budget.
Another Security Threat Aimed At Macs Found On The Web
News  |  6/25/2008  | 
Security vendor Intego said the latest malware masquerading as a program for Mac OS X is called "PokerGame."
Google, Microsoft Back Security & Privacy Framework for Online Health Data
Quick Hits  |  6/25/2008  | 
The Common Framework for Networked Personal Health Information defines best practices for protecting patient data for online access
Startup Promises to Slow Software Tampering
News  |  6/25/2008  | 
Metaforic says its anti-hacking tools aren't invulnerable, but definitely will make software exploits less fun
Target's (The Retailer) Swipe At Privacy
Commentary  |  6/24/2008  | 
Why don't retailers care more about how they handle your personal information?
Sybase Adds To Mobile Security Line
News  |  6/24/2008  | 
Sybase iAnywhere has expanded its mobile security portfolio to include handheld antivirus and firewall capabilities.
Watch Those Wikis: Small Public Posts Can Cause Big Business Problems
Commentary  |  6/24/2008  | 
Inside knowledge, much less insider knowledge can be a dangerous business thing. Just ask the wiki-poster who got fired for leaking early news of Tim Russert's death.
Malicious Spam Traffic Triples in One Week
News  |  6/24/2008  | 
Sudden massive bot recruitment campaign by Srizbi botnet drives malicious spam up 9.9%, according to researchers at Marshal
Report: China Hosts Most Malware-Infected Sites
News  |  6/24/2008  | 
StopBadware.org report shines new light on where the world's malware-ridden sites reside
DNS Alerts-as-a-Service
Quick Hits  |  6/24/2008  | 
New DNS alert service lets organizations customize, control notification of DNS problems and vulnerabilities
Citect Doesn't Get 'IT' When It Comes To Application Security
Commentary  |  6/23/2008  | 
Citect, the Sydney, Australia-based maker of Supervisory Control And Data Acquisition (SCADA) software, CitectSCADA, doesn't seem to understand IT security, or why applications that run things like pharmaceutical plants, water treatment facilities, and natural gas pipelines should be inherently secure.
Agent-Based Data Movers
Commentary  |  6/23/2008  | 
In last week's entry I discussed Global Name Spaces as a data mover for moving data to and from a disk-based archive. In addition to a Global Name Space there are other tools to move data to and archive. I find that the other solutions typically fall into one of two camps; Agent-based data movers or crawl-based data movers. There's also another category of monitoring tools that don't actually move the da
New Web Threats Imperil OS, Other Apps
News  |  6/23/2008  | 
IBM researchers release proof of concept for new cross-environment hopping (CEH) attack methods
Microsoft, Novell, Oracle, PayPal, Others Launch New Digital ID Forum
Quick Hits  |  6/23/2008  | 
Nonprofit Information Card Forum established to unite various industry efforts for building online information identities to replace the username/password model
Failing The Basics Will Get You Hacked
Commentary  |  6/22/2008  | 
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.
Microsoft Reissues Critical Security Fix For Windows XP
News  |  6/20/2008  | 
The original patch worked on Windows Vista, but failed to accomplish its task in Windows XP SP2 and SP3, the Microsoft Security Response Center said.
Apple Fixes Security Flaw In Windows Version Of Safari
News  |  6/20/2008  | 
The patch changes Safari so it will first seek permission from a user before downloading an application from a Web site to the desktop.
Global Name Spacing
Commentary  |  6/20/2008  | 
In speaking with an IT manager the other day, he was complaining about running out of drive letters and the difficulty that moving away from using drive letters was causing his users. He was looking into Microsoft DFS and was looking for other solutions since he had a mixed environment of Unix and Windows. Global Name Space solutions like those available from Acopia or built into OnStor NAS products are ideal for solving the
Security Staff Snoops: Who's Watching Your Watchers (And What Are Your Watchers Watching?)
Commentary  |  6/20/2008  | 
Fully a third of IT staffers recently surveyed admitted to taking unauthorized, inappropriate, and often illegal looks at confidential files and e-mails. Maybe that lets them get their peeping Tom jollies off -- but it may also leave your business on very shaky and un-jolly legal ground.
Filling Out Forms: Still a Dangerous Game
News  |  6/20/2008  | 
Despite upgrades and fixes, most browsers are still vulnerable to attacks via Web forms, researcher says
Tech Insight: Finding Security-Sensitive Data - on a Shoestring Budget
News  |  6/20/2008  | 
Thanks to open-source tools, discovering the heart of your data doesn't always mean paying an arm and a leg
New Worm Spawns More Than 8M Spam Messages
Quick Hits  |  6/20/2008  | 
Fake news come-ons lead to infected porn site
Mozilla Confirms TippingPoint's Cheap Shot (Whoops. I Meant Vulnerability Announcement)
Commentary  |  6/20/2008  | 
Mozilla security chief Window Snyder says that there is, in fact, a security flaw in the foundation's just-released Firefox 3.0 Web browser. Her announcement confirms the sucker-punch swung by TippingPoint Technologies just hours after Firefox's release.
Court Rules Employee Text Messages Are Private
News  |  6/19/2008  | 
A Court of Appeals ruled in favor of a police officer and others who claimed that the city of Ontario, Calif., violated their Fourth Amendment rights.
Fraud-Fighting Community Launches in US
News  |  6/19/2008  | 
Subscribers share information about fraudulent online transactions in online service
Neocleus Nabs $11M for Virtual Security
News  |  6/19/2008  | 
Startup takes aim at virtual desktops with Xen-based software
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.