News & Commentary

Content posted in August 2008
Page 1 / 3   >   >>
BNY Mellon Data Breach Potentially Massive
Commentary  |  8/29/2008  | 
It was in May when we noted an investigation launched by the authorities in the state of Connecticut into a backup tape lost by the Bank of New York Mellon. The results of that investigation are in, and they don't look good.
Storage Acquisitions
Commentary  |  8/29/2008  | 
Brocade's purchase of Foundry Networks seems like a smart move, but technology acquisitions in general and storage acquisitions in specific never seem to pay off well. OK, never is a bit extreme, but it does seem rare and failure here hurts everyone. It distracts the buying company, often ruins the software from the bought company, and leaves users hanging in the balance.
Who Infected the International Space Station?
Quick Hits  |  8/29/2008  | 
W32.Gammima.AG found on orbiting network, but nobody's saying how it got there
Bank's Lost Backup Tapes Contained IDs of 12 Million Clients
News  |  8/29/2008  | 
Headcount for Bank of New York Mellon's lost backup tapes rises from 4.2 million to 12 million personal identities
Procter & Gamble Taps IBM ISS For Cybersecurity Contract
News  |  8/28/2008  | 
The five-year deal includes monitoring and maintaining P&G's four existing IBM ISS Proventia SiteProtector management consoles used in Asia, Europe, and North America.
Best Western CIO Scott Gibson On The Data Breach That Wasn't
News  |  8/28/2008  | 
Gibson has been dealing with a small data breach that somehow snowballed into eight million records stolen and tagged as "one of the most audacious cyber-crimes ever."
Space Station Laptop Virus: This Isn't Rocket Science!
Commentary  |  8/28/2008  | 
Then again maybe anti-virus precautions are rocket science, or should be, as witness a worm problem in a laptop onboard the International Space Station.
Report: Email Address Dictates Spam Volume
News  |  8/28/2008  | 
The first letter of your email address is one factor in your spam risk, a researcher says
Feds Shift Gears & Mandate DNSSEC for All Agencies
Quick Hits  |  8/28/2008  | 
US government takes a harder line on securing DNS infrastructure, but DNSSEC still hotly debated
Web Application Hacks: Upping The Arms Race
Commentary  |  8/27/2008  | 
It doesn't seem that long ago since Web applications attacks supplanted network and worm attacks. But they have, and now the attackers are finding ways to obfuscate these attacks. It's an ever-evolving arms race. And we have an updated Top 10 Web site vulnerabilities list.
NASA Security Badge Poses Safety Risk
News  |  8/27/2008  | 
The badge's metal clasps, if installed backwards, will become a projectile when the badge is opened creating a potential eye injury hazard.
Virus Found On Computer In Space Station
News  |  8/27/2008  | 
Citing security policies, NASA would not disclose details about how the virus got on a laptop on the International Space Station.
Spammers Use 'Hijacked' Babies To Lure Victims
News  |  8/27/2008  | 
The social engineering campaign includes an attached file, purportedly a photo of the recipient's child, but which is, of course, malware.
The 'Poor Man's Traffic Intercept'
News  |  8/27/2008  | 
A weakness in the Border Gateway Protocol makes the Internet's core infrastructure look about as watertight as a screen door.
Cloud Storage Migrations
Commentary  |  8/27/2008  | 
Finishing up the migration series, let's talk about how you would migrate out of a storage cloud. With public storage clouds in particular, this can be a critical issue. These services are all in their infancy. What if you pick the wrong one, how can you get your data back?
Report: Popular Web Attacks Go Stealth
News  |  8/27/2008  | 
Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
Microsoft Offers Details on Privacy Features in IE8
News  |  8/27/2008  | 
New browser will allow user to better control access to surfing history, cookies
Hack Lets Researchers Silently Eavesdrop on IP Networks
Quick Hits  |  8/27/2008  | 
New twist on an old BGP routing vulnerability could change the face of data theft, researchers say
Security Breach: More Laws Needed. Let's Add Health Care
Commentary  |  8/26/2008  | 
Earlier this week, colleague Thomas Claburn covered the unfortunate trend that the tally of data breaches this year already has surpassed all breaches recorded for the entire year in 2007. This isn't entirely bad news, as I'll explain.
FAA Computer Glitch Causes National Flight Delays
News  |  8/26/2008  | 
The problems began when an Atlanta facility that processes flight plan information went down due to a software malfunction, FAA officials said.
Online Pharmacy Risks Rising, Report Finds
News  |  8/26/2008  | 
Criminals are trying to take advantage of consumer interest in low-cost medicines by offering counterfeit drugs and spamming to drive sales at online pharmacies.
National Cybersecurity Responsibilty: Public v. Private. Where Do You Stand?
Commentary  |  8/26/2008  | 
A long article in today's Los Angeles Times raises -- and examines -- what should be a key national issue: who's most responsible for cybersecurity? The government or the private sector?
The Seven Deadliest Social Networking Hacks
News  |  8/26/2008  | 
Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks
User Buys Millions of Bank Records (& a PC) on eBay
Quick Hits  |  8/26/2008  | 
Used computer reveals sensitive customer data that should have been wiped clean, eBay buyer says
This Year's Data Breaches Surpass 2007 Totals
News  |  8/25/2008  | 
The rising number of reported data breaches in the last eight months may just mean corporate security auditors are better at finding compromised systems, ITRC researchers suggest.
8 Million-Record Data Breach Claim 'Grossly Unsubstantiated,' Says Best Western
News  |  8/25/2008  | 
The hotel chain says that only 13 customer records may have been exposed, not the millions that a Scotland newspaper reported.
Best Western Disputes Depth Of Suspected Breach
Commentary  |  8/25/2008  | 
Dispute the depth of the breach is an understatement. A Best Western spokeswoman just issued a statement to InformationWeek stating that the breach, so far, has only been confirmed to involve 13 guests at a single hotel.
Survey Says You Sweat Security More Than Cost. Do You?
Commentary  |  8/25/2008  | 
A new survey of midsize businesses finds that while IT costs are important to you, security is even more so. In fact, security was ranked as the top IT concern for midmarket players.
Migration Relief
Commentary  |  8/25/2008  | 
In my last entry on migration migraines we discussed the challenges of moving from one primary storage provider to another and went through a few solutions. One of the best methods to make migrations easier is to keep the amount of data on primary storage at a minimum, but what do you do about archives that will grow to petabytes in size?
Best Western Denies Report of Massive Data Breach
News  |  8/25/2008  | 
Scottish newspaper says flaw exposed personal records of 8M hotel chain customers since 2007; Best Western says report is 'grossly unsubstantiated'
Fedora, Red Hat Servers Compromised
Quick Hits  |  8/25/2008  | 
Popular Linux implementation will require changes in signing keys
UPDATE: Best Western Refutes (Some) Claims Of Hacker Compromise
Commentary  |  8/24/2008  | 
Shortly after our post, Best Western Hotel Chain Pwned, which is based on the story that appeared here, Best Western e-mailed us a response that raises more questions than it answers. That statement, which is available
Best Western Hotel Chain Pwned
Commentary  |  8/24/2008  | 
According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.
Radio Implants And GPS To Thwart Kidnappers? Don't Think So
Commentary  |  8/23/2008  | 
In the face of rising kidnappings in Mexico, a number of more affluent Mexicans are opting to have minute radio transmitters implanted under their skin so they can, presumably, be located by the authorities if they're ever kidnapped. This is a bad idea.
Poisoned DNS Woes Grow
Commentary  |  8/22/2008  | 
It's been weeks since Dan Kaminsky revealed that the Domain Name System (DNS) that underlies the Internet's address routing system was dangerously flawed. It's been a slightly shorter time since patches were released, and yet unpatched DNS vulnerabilities still exist and are beginning to be exploited. Why aren't we surprised?
Memory Stick With 84,000 Prisoner Records Lost In U.K.
News  |  8/22/2008  | 
U.K. Home Secretary Jacqui Smith blames PA Consulting, a contractor that stored the data on the memory stick in violation of its contract.
Migration Migraines
Commentary  |  8/22/2008  | 
Moving data between tiers of storage has gotten easier as a result of global file systems and simplified archive software, but upgrading to a new platform ... that is just plain ugly.
Life Insurer Takes New Approach to Two-Factor Authentication
News  |  8/22/2008  | 
Cryptocard technology helps Kansas City Life get the handle on a thorny access problem
ID Theft Ringleader Gets Three Days in Jail
Quick Hits  |  8/22/2008  | 
Man convicted of leading Canada's largest identity theft conspiracy is virtually sentenced to time served
Survey: Mid-Sized Firms Shape Up for Security
News  |  8/22/2008  | 
Security outweighs cost reduction as firms' biggest concern
Brazilian Indicted For Operating Shadow Botnet
News  |  8/21/2008  | 
Rather the taking advantage of a software vulnerability, the botnet grew using social engineering -- IM recipients downloaded the malicious files willingly.
FEMA's Phone System Hacked
News  |  8/21/2008  | 
Someone with unauthorized access placed over 400 calls through FEMA's National Emergency Training Center in Emmitsburg, Md. to several countries in the Middle East.
DNS Flaw Used To Poison Chinese ISP's Server
News  |  8/21/2008  | 
China Netcom subscribers who mistype a Web address are redirected to a page with malicious code.
FEMA Phones Get Hacked
Commentary  |  8/21/2008  | 
If you are going to hack a phone system, do you really want to hack DHS? That's what happened this weekend when someone made hundreds of illegal calls from a Federal Emergency Management Agency (FEMA) Private Branch Exchange (PBX) to the Middle East and Asia. It appears that it was the usual culprits of poor change control and misconfigurations that left FEMA's digital doors open.
Is This the End of the Pre-Recorded Telemarketing Call?
News  |  8/21/2008  | 
New FTC rules redefine consumers' privacy rights
Device Shields Implant Patients From 'Body Hacking'
Quick Hits  |  8/21/2008  | 
Cloaking device can prevent pacemakers from remote tampering, hacking
The Security And Privacy Of Healthcare Data
Commentary  |  8/20/2008  | 
Despite the aim of the Health Insurance Portability and Accountability Act to bolster the security and privacy of patient information, a majority of health-care providers believe more should -- and can -- be done. And a newly formed consortium of industry leaders plans to do something about it.
Page 1 / 3   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11506
PUBLISHED: 2018-05-28
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer.
CVE-2018-11507
PUBLISHED: 2018-05-28
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.