Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2009
<<   <   Page 2 / 3   >   >>
Oracle Users Struggle With Patch Management
News  |  6/18/2009  | 
Despite new tools that speed deployment, many administrators are still far behind
Microsoft Security Essentials Beta Coming Tuesday
News  |  6/18/2009  | 
Previously code-named "Morro," the free software will replace Windows Live OneCare, which included both security and utility services for $49.95 per year.
Microsoft To Launch Free Antivirus Product Next Week
News  |  6/18/2009  | 
Public beta of the much-anticipated 'Morro' tool debuts June 23, replacing OneCare Live for consumers
MessageLabs Launches IM Security Service
Commentary  |  6/18/2009  | 
Symantec's MessageLabs has unveiled an Instant Messaging security service in response to a sharp increase in the number of malicious urls in IMs.
'Ardilla' Automatically Roots Out SQL Injection And XSS, Generates Attacks
Quick Hits  |  6/18/2009  | 
MIT, Stanford, Syracuse researchers create technique, tool for finding and demonstrating common Web application flaws
Database Servers: Candy For Hackers
News  |  6/18/2009  | 
Sensitive information and poor security administration make tempting targets.
1 In 5 Companies Cutting IT Security Spending, Our Survey Finds
News  |  6/18/2009  | 
Budget woes, increased regulation, and new challenges for sensitive data are on the menu for risk managers.
Webfusion To Resell GlobalSign SSL Security Solutions
News  |  6/18/2009  | 
U.K. hosting company joins the GlobalSign Partner Program
The Biggest Threat? It May Be You
News  |  6/18/2009  | 
When it comes to virtual server security, you might just be the weak link. Or, more precisely, your lack of planning, maintenance, and governance of that VM server farm.
New Company Targets Web-Based Malware And Blacklists
Commentary  |  6/17/2009  | 
Dasient, a security startup started up by former Google engineers, among others, is targeting malware that has your Web sites targeted, as well as monitoring your sites for their presence on blacklists. That last, as any business that's been blacklisted can attest, can be deadly.
Hactivist DDoS Attacks In Iran Trigger Worries Of Wider Internet Crackdown
News  |  6/17/2009  | 
Experts warn that protest distributed denial-of-service attacks could backfire
Government Takes Action On Internet Badness
Commentary  |  6/17/2009  | 
Sources of online criminal activity, such as Atrivo/Intercage and McColo, are no longer around. While I am not quite willing to share the full story behind these takedowns just yet, I can say that community action was the key.
Developers Often Left Out Of Security Training
Commentary  |  6/17/2009  | 
A good friend was telling me recently about a risk assessment he was involved with in which his organization found some vulnerabilities in the Web application. When they asked the developer about them, the response was, "What is cross site scripting?" Wow -- how is it that in this day and age that someone, who probably considers themselves to be a competent Web developer, doesn't know XSS? Ask them about SQL injection, and the response would probably be the same.
New Injection Attack Compromises More Than 40,000 Websites
News  |  6/17/2009  | 
'Nineball' exploit is distinct from Gumblar, Beladen, researchers say
ITRC Report: Malicious Attacks Increased In First Half Of 2009
Quick Hits  |  6/17/2009  | 
Insider attacks, external breaches make up a higher percentage of compromises
China Making Green Dam Internet Filter Optional
News  |  6/16/2009  | 
The government's edict prompted widespread derision from Chinese bloggers, objections from Chinese academics and lawyers, and criticism from security experts.
Data-Encryption Critics Play A Dangerous Game
Commentary  |  6/16/2009  | 
Is encryption "overrated" as a data-security tool? Only if your company has a death wish.
Researchers To Unleash New SMS Hacking Tool At Black Hat
News  |  6/16/2009  | 
iPhone-based auditing tool tests mobile phones for vulnerabilities to SMS-borne attacks
Ex-Google Engineers Launch Web Security Startup
Quick Hits  |  6/16/2009  | 
Dasient to offer real-time anti-malware monitoring service for Websites -- including a free service
Twitter Security Flaws: One A Day For A Month!
Commentary  |  6/16/2009  | 
Twitter may be taking the world by tweetstorm (or it may be doomed) but one security researcher says that the social network carries a mess of vulnerabilities. A month's worth, in fact, and he intends to prove it, once a day, this July.
Dark Reading Launches Database Security Tech Center
Commentary  |  6/16/2009  | 
Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.
Despite High Value Of Information, Many Companies Lag On Database Security
News  |  6/16/2009  | 
Administrators often fail to patch promptly, configure securely
Former Google Employees Launch Web Malware Startup
News  |  6/15/2009  | 
The company will address changing malware distribution patterns and to provide a way to respond to Web security threats using automated techniques.
Apple Issues Java Security Updates For OS X 10.4, 10.5
Commentary  |  6/15/2009  | 
Apple released security updates today for Java for Mac OS X for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later. The unfortunately reality is that Sun fixed these flaws more than six months ago. Why did Apple take so long?
Researchers Build Anonymous, Browser-Based 'Darknet'
News  |  6/15/2009  | 
Black Hat USA presentation will demonstrate how the latest browser technology makes underground, private Internet communities simpler to form, more secretive
Twitter Security Heating Up In July
News  |  6/15/2009  | 
In an effort to raise awareness of browser security flaws, one researcher wants to post a vulnerability every day that shows the soft underside of the Fail Whale.
Report: What Enterprises Want From DLP, And What It Really Costs
Quick Hits  |  6/15/2009  | 
New InformationWeek Analytics report calculates a 904.5 percent ROI for DLP when the technology prevents a single breach
Incorporating The 'CIA' Triad In Software Purchases
Commentary  |  6/15/2009  | 
When talking to sysadmins and developers about security of the new software they're looking to deploy, I often end up in a discussion in which at least one or two of the CIA (confidentiality, integrity, and availability) triad is left out.
China's Green Dam Software May Pose Legal Risk To U.S. Computer Makers
News  |  6/15/2009  | 
A research report indicates that the Web-filtering software mandated by the Chinese government contains unauthorized, proprietary code from a Green Dam competitor.
Solving Storage Performance Problems
Commentary  |  6/15/2009  | 
When an application is slowing down because of poor storage I/O performance, the first step most IT professionals will take to solve the problem is to increase the physical drive count on the RAID group assigned to that application. How do you know when this will work and what are the best ways to implement this?
China 'Green Dam' Censorware Called Security Risk
News  |  6/12/2009  | 
Chinese authorities claim the software is necessary to protect people from pornography, but the software has been found to block politically sensitive terms.
Working With Security Service Providers: What Every Small Business Should Know
Commentary  |  6/12/2009  | 
Our friends at DarkReading say choosing the right security provider is only the beginning. The real keys lie in setting expectations and building relationships - you can't just hire a security provider and forget about it.
Former Employee Sues Aetna Over May Data Breach
Quick Hits  |  6/12/2009  | 
Class action suit alleges negligence in Website hack
IT Snooping: Too Much Ado About Something?
Commentary  |  6/12/2009  | 
There's been a lot of buzz lately about internal threats, and like most buzz, some of it's on-target. But some of it seems designed to make us paranoid about our employees -- to what end? Do we need to distrust everyone on our IT staffs and, by implication, everyone in our companies? And where does that get us?
Tech Insight: Free SIM Tools Save Money -- And Maybe Your Data
News  |  6/12/2009  | 
A rundown of the range of freebie and low-cost security information management options for the cash-strapped -- or still-shopping -- organization
Working With Security Service Providers: What Every Small Business Manager Should Know
News  |  6/12/2009  | 
Choosing the right provider is only the beginning, experts say. The real key is building a relationship
U.S. Court Weighs E-mail Privacy, Again
News  |  6/11/2009  | 
At issue: whether e-mail messages deserve the same privacy protection as telephone calls.
Mac Users Warned Of Porn Malware Threat
News  |  6/11/2009  | 
Trojan software presents visitors to certain porn sites with a pop-up message to download a Video ActiveX Object; the download carries Mac malware.
Report: No Magic Bullet For Database, Server Security
News  |  6/11/2009  | 
New Forrester report says encryption, data monitoring technologies key tools for now
Thin Provisioning Reduces The Cost Of Failure
Commentary  |  6/11/2009  | 
When vendors talk about thin provisioning you will hear how it reduces CAPEX and how it increases storage admin efficiency. What you don't hear very often is how thin provisioning can reduce the cost of failure.
Survey: Poor Economy Leads To Rise In Sneaky IT Behavior
Quick Hits  |  6/11/2009  | 
More than one-third of IT professionals have used their admin rights to view human resources records, customer databases, M&A plans, layoff lists, and marketing information
China's Internet Filtering Plan Widely Criticized
News  |  6/11/2009  | 
Critics claim "Green Dam Youth Escort" Internet filtering software for PCs violates licensing agreements and anti-monopoly laws.
Microsoft To Launch Morro Antivirus 'Soon'
News  |  6/11/2009  | 
The free offering will replace subscription Windows Live OneCare service.
Rollout: How Much Is Bot Detection Worth To You?
News  |  6/11/2009  | 
Damballa's appliance shows promise, but it still has a lot of ground to cover.
Isilon Debuts New Appliance to Speed Backups
Commentary  |  6/11/2009  | 
The Backup Accelerator appliance works with Isilon's NAS cluster to speed up backups of file-based data.
Flaw In Virtualization App Causes Data Loss On Thousands Of Websites
Quick Hits  |  6/10/2009  | 
VAServ says some customers may never recover data wiped in zero-day attack
Cost Analysis Of Multifactor Authentication
Commentary  |  6/10/2009  | 
A recent article on integrating the YubiKey, a USB token that can provide one-time passwords (OTP), and WordPress reminded me of how few people I know actually use multi-factor authentication to secure their resources. Instead, they rely on the passwords for users to authenticate to Websites and VPNs with nothing in between them and an attacker who might steal that password. The insecurity of passwords is a topic that's b
Researcher Attempts To Dispel Damaging Botnet Myth
News  |  6/10/2009  | 
Enterprises that assume botnets use a single form of malware are the ones being bitten, researcher says
You're Secure. Now What About Your Vendors And Providers?
Commentary  |  6/10/2009  | 
Having spent time and resources securing your own network, shouldn't you make sure that your customers, vendors, and providers have made the same effort?
Researcher: Popular Internal IP Addressing Scheme Could Leave Enterprises Vulnerable
News  |  6/9/2009  | 
Flaws in RFC 1918 could be exploited to gain access to enterprise networks, says Robert "RSnake" Hansen
<<   <   Page 2 / 3   >   >>


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.