News & Commentary

Content posted in July 2008
Page 1 / 4   >   >>
Most Security Breaches Go Unreported
News  |  7/31/2008  | 
An RSA survey found the e-mail-borne malware and phishing that affected 69% of respondents' companies, may not have led to serious consequences in every instance.
Credit Card Compliance And Security: New PCI Information Resource Worth A Visit
Commentary  |  7/31/2008  | 
How much do you know about your business's compliance and security responsibilities for credit card data and other information involved in the transactions that your bank executes for you? Think compliance is completely the responsibility of the financial institution? Think again.
IBM Bulks Up Data Protection
News  |  7/31/2008  | 
Vendor aims its Tivoli Storage Manager at Windows-based CDP
Startup Promises More Accurate Fraud Detection
News  |  7/31/2008  | 
Guardian Analytics's new 'fraud modeling' technology recognizes activity that goes outside user norm
Survey Highlights Telecommuter Troubles
Quick Hits  |  7/31/2008  | 
Telecommuting security, privacy risks often put on the back burner, according to a new survey by Ernst & Young
Cisco Won't Buy EMC, Will It?
Commentary  |  7/30/2008  | 
Analyst Kaushik Roy with Choi and Pacific Growth Equities really stoked the fire of a longstanding rumor (repeat rumor) that Cisco would just love to buy storage king EMC. And while this won't happen, there are kernels of truth in there.
Radware Reveals Critical Vulnerability In Firefox 3
Commentary  |  7/30/2008  | 
Well, not exactly "critical." But there is a flaw. And there is no patch. And so Radware demonstrates how many security vendors push their gear by spreading fear, uncertainty, and doubt on the user community.
Phishing Kits Widely Compromised To Steal From Phishers
News  |  7/30/2008  | 
From 21 different distribution sites, the authors of the Usenix Conference paper identified 379 distinct phishing kits, 129 of which contained back doors.
The Reality Of Private Clouds
Commentary  |  7/30/2008  | 
In his blog "Clouds Are Only in the Sky" yesterday, Richard Martin suggested that a cloud must be on the public Internet for it to truly be a cloud and that if something resembling a cloud is used internally then it must be utility computing. He makes a very good point; however, I respectfully disagree.
Websense Warns: Legit Sites Top Hack Targets
Commentary  |  7/30/2008  | 
Another midyear security overview is out now, this one from Websense, and if the year-to-date is looking bad, the six months to come are looking worse.
The Real Dirt on Whitelisting
News  |  7/30/2008  | 
The choice for blacklisting versus whitelisting isn't really black and white
Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat
Quick Hits  |  7/30/2008  | 
A presidential 'playbook' for cyberware is among the issues under discussion by the group
Chinese Authorities Order Olympic Hotels To Install Spy Gear
News  |  7/29/2008  | 
Kansas Sen. Sam Brownback claims foreign-owned hotels have been asked to install Internet monitoring equipment to spy on hotel guests during the Beijing Games.
Oracle WebLogic Servers Vulnerable To Attacks
Commentary  |  7/29/2008  | 
When it comes to security vulnerabilities, this flaw is as ugly as it gets -- but, in this case, it's not all because of anything Oracle did wrong.
Oracle Issues Alert For WebLogic Plugin Vulnerability
News  |  7/29/2008  | 
The exploit code was released July 17, two days after Oracle issued its second-quarter Critical Patch Update.
Most Malicious Code Launched From Legitimate Web Sites
News  |  7/29/2008  | 
The proliferation of user-generated content on popular Web 2.0 sites has opened the door for hackers to plant malware, says Websense report.
IBM Midyear Security Report: A Bad Year That's Getting Worse
Commentary  |  7/29/2008  | 
Time flies when you're having fun, and flies even faster when the bad guys are having their "fun." Already more than halfway through 2008 and a new security report let's us know in detail just how insecure a year it is.
Hacking Without Exploits
News  |  7/29/2008  | 
Black Hat researchers will demonstrate how the bad guys are quietly raking in big bucks without ninja hacking skills, tools, or exploit code
Report: From Bug Disclosure to Exploit in 24 Hours
Quick Hits  |  7/29/2008  | 
New IBM ISS report shows fast and furious nature of Web browser vulnerability finds and attacks
Apple And Security: Long Road Still Ahead
Commentary  |  7/29/2008  | 
Apple's trying to pick up its game with iPhone security, recently listing an iPhone Security Engineer position. Assuming the job is really about helping users -- and not just thwarting pesky unlockers -- it's a good move, but some corporate inertia might need to be overcome before security is a true priority. Just take a look at the official iPhone Enterprise Deployment tools.
Modeling IT Attacks
Commentary  |  7/28/2008  | 
Every day IT managers have to contend with an ever-changing risk environment. That's where good risk modeling can help.
Password Security: With Prosecutors Like This, Who Needs Rogue Administrators?
Commentary  |  7/28/2008  | 
So the San Francisco District Attorney, building a case against the rogue administrator who shut down city network access, decided to include actual passwords as evidence. Bonehead decisions may not get much more boneheaded than this.
Beating Up Storage Vendors
Commentary  |  7/28/2008  | 
An analyst firm recently published a report suggesting that the No. 1 priority in reducing IT costs was to beat up your storage vendor for lower costs. I would like to give a dissenting opinion.
Botnets Behind One Fourth of Click Fraud
Quick Hits  |  7/28/2008  | 
Click Fraud Index reports biggest surge of botnet-generated pay-per-click fraud to date in the second quarter
New Video Surveillance Technology 'Recognizes' Abnormal Activity
News  |  7/28/2008  | 
BRS software can establish 'normal' on-camera activity - and alert security staff when something unusual occurs
When Penetration Testers (Almost) Get Caught
News  |  7/25/2008  | 
Sometimes employees really do learn their physical security lessons
Vibrations Part II
Commentary  |  7/25/2008  | 
In my last entry we opened up a can of worms around drive vibration, discussing what it is and how it occurs. Vibration exists, but why should you, the IT professional, care? This stuff is all on RAID 5, right? Why do you care if a drive fails?
DNS Woes: How Worried Should You Be? Pretty Dang Worried!
Commentary  |  7/25/2008  | 
Yesterday's news that the first DNS attack strategies are circulating was no surprise: once a vulnerability -- large, small or in-between -- is discovered, the exploit code follows like rats nipping at the heels of the Pied Piper. The question is, how worried should you be about this particular vulnerability? Pretty worried, is my take.
Ad Agency Keeps the Word From Spreading
News  |  7/25/2008  | 
Access control technology helps Arnold Worldwide protect client data, meet compliance requirements
Small & Mid-Sized Enterprises Living in La-La Land, Study Says
Quick Hits  |  7/25/2008  | 
Many smaller firms kid themselves that they're too little to be targets, McAfee study says
Disclosure Isn't Working
Commentary  |  7/24/2008  | 
After a decade of writing about IT security, I don't know how anyone would think this current system of disclose and patch is working. It's not.
Are Lock-Picking Demos On YouTube A Bad Idea?
Commentary  |  7/24/2008  | 
Amateur lock hackers who share their techniques may be improving security -- or endangering your life and property.
'Spam King' Escapes From Prison
News  |  7/24/2008  | 
Eddie Davidson remains at large after walking away from the Colorado prison where he was serving time for his role in spam scams.
San Francisco Computer Tech Set Booby Trap In City Network
News  |  7/24/2008  | 
Prosecutors say Childs set the network to delete numerous files during a scheduled maintenance of the system.
DNS Flaw Attacks Coming: Patch Now!!!
Commentary  |  7/24/2008  | 
The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)
Report: Website Infection Rate Has Tripled Since 2007
Quick Hits  |  7/24/2008  | 
Malicious Web pages now exceed more than 16,000 per day, Sophos says
Details, Exploits of Web-Wide DNS Vulnerability Revealed
News  |  7/24/2008  | 
Kaminsky outlines flaw, says 'we're in serious trouble'; exploit code posted on Metasploit
DNS Poisoning Vulnerability: If You Haven't Yet Patched, It May Be Too Late
Commentary  |  7/23/2008  | 
If you've ignored the urge to patch Dan Kaminsky's DNS cache poisoning flaw, you could be on the verge of big trouble: Exploit code has just been published in a popular penetration testing tool.
Apple's iPhone Mail, Safari Apps Vulnerable To Attack
News  |  7/23/2008  | 
Apple's iPhone Mail and Safari apps under the iPhone 1.1.4 and 2.0 firmware are vulnerable to URL spoofing, a security researcher said Wednesday.
McAfee Says Small, Midsize Business Sweats Security Too Little. You Agree?
Commentary  |  7/23/2008  | 
A new survey from security firm McAfee warns that small and midsize businesses don't consider themselves to be targets for cybercrime. Do their findings match your feelings? Let's hope not.
Good, Good, Good…Good Vibrations
Commentary  |  7/23/2008  | 
Its summertime, time for a little Beach Boys? No, Good Vibrations is the beginning of a series of entries that I will be posting on increasing physical hard drive unit life. In recent briefings, manufacturers like Copan Systems and Xiotech have been raising the issue on the impact of drive vibration. While I was aware of drive vibration, it is not discussed much, so I decided to take a deeper dive.
Most Bank Sites Are Insecure
News  |  7/23/2008  | 
Security risks caused by basic flaws in Web site design are widespread, according to computer scientists.
S.F. Computer Tech Gives Up Password To City Network
News  |  7/23/2008  | 
Terry Childs has been charged with four felony computer-tampering counts for allegedly locking out system administrators and supervisors from the city's servers.
Red Alert! DNS Flaw Revealed
News  |  7/23/2008  | 
Security researchers warn users to patch immediately, as technical details to exploit a widespread DNS vulnerability were disclosed online.
Researchers Raise Alarm Over New Iteration of Coreflood Botnet
News  |  7/23/2008  | 
Password-stealing Trojan is spreading like a worm - and targeted directly at the enterprise
Page 1 / 4   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.