Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2010
<<   <   Page 4 / 4
Researchers Throw Down Vulnerability-Disclosure Gauntlet
News  |  8/4/2010  | 
TippingPoint's Zero Day Initiative (ZDI) program institutes deadline of six months for vendors to fix bugs -- or else the bugs get published
EEMBC Undertakes Design Of Industry-Standard Network Security Performance Benchmarks
News  |  8/4/2010  | 
Industry lacks common method to test and validate DPI throughput for network security products
Data Retention Policies Absent Or Partially Implemented
News  |  8/4/2010  | 
Almost 90% of IT and legal pros value data retention plans, but less than half their organization have them and many fail to follow through with required technology, finds Applied Research survey.
Majority Of IS Pros OK With Government Online Spying: Sophos
News  |  8/4/2010  | 
In addition, 49% think "crippling denial of service attacks against another country's communication or financial websites" is OK during wartime
Cyveillance Finds AV Vendors Detect Less Than 19 Percent Of Malware
News  |  8/4/2010  | 
Further testing reveals that even after 30 days, detection rates averaged only 61.7%
Holy Zeus! Popular Botnet Rules As New Exploits Come Online
News  |  8/4/2010  | 
Trusteer, AVG identify new botnets with different features, both built on Zeus technology
DHS Ramping Up Defense Of Critical Control Systems
News  |  8/4/2010  | 
The discovery of the first worm to target networks controlling power plants points has prompted an expansion of specialized forensic teams to combat the cybersecurity threat.
ID Fraudsters Tapping Children's Social Security Numbers, Report Says
Quick Hits  |  8/4/2010  | 
New scam often goes undetected until minors' credit ratings are wrecked, report says
Cloud-Based Denial Of Service Attacks Looming, Researchers Say
News  |  8/4/2010  | 
Two consultants use a handful of virtual servers in Amazon's EC2 cloud to take down an SMB's network
Commerce Department Seeks Advice On Cybersecurity
News  |  8/4/2010  | 
Businesses, academics and the general public have been asked for input on cybersecurity's economic impact, authentication and identity-management technologies, research and development priorities and more.
Advocates Propose Child ID Theft Prevention Database
News  |  8/4/2010  | 
Database, to be shared with credit reporting agencies, would verify if a social security number belongs to a minor.
The Truth About iSCSI
Commentary  |  8/4/2010  | 
Over the next several entries we are going to explore several of the protocols that are available to IT managers as they try to select a protocol for use in their environments. First up is iSCSI. The protocol it seems most will look to first because it is believed to be both cost effective and easier to use then the currently more commonplace fibre channel. The truth about iSCSI though is that it is a real storage protocol and it needs to be treated like one.
On iPhone, Jailbreaking, And Security
Commentary  |  8/3/2010  | 
It may not be the fashionable decision, but I choose not to jailbreak my iPhone. That's primarily out of security concerns. However, it turns out that Jailbreaking (read: pwning) an iPhone is now as simple as visiting a web page.
iPhone Jailbreak Worries Security Experts
News  |  8/3/2010  | 
Security firms are expressing concern that the first Web-based "jailbreak" for the iOS devices relies on two security vulnerabilities.
Building Botnets For Fun And Profit
News  |  8/3/2010  | 
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says
Researcher Reads RFID Tag From Hundreds Of Feet Away
News  |  8/3/2010  | 
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses
CipherOptics Simplifies PCI Compliance Over Public Networks And Internet
News  |  8/3/2010  | 
CipherOptics’ Virtual IP technology allows customers to secure PCI regulated data over public and private networks simultaneously
IT Pros Use Personal Email, Storage Devices To Move Company Files
Quick Hits  |  8/3/2010  | 
New survey shows how convenience typically wins over security
U.S. Challenged By Global Cybersecurity
News  |  8/3/2010  | 
Federal government must coordinate efforts across agencies to provide a united front on policy, standards, and strategy, says Government Accountability Office.
Ghost In The Machine: Database Weaknesses Expose SAP Deployments
News  |  8/3/2010  | 
Attacker can create a nearly undetectable user account in SAP once he gains unauthorized access, Black Hat USA researcher says
SonicWall Launches Simpler, More Affordable Remote Access
News  |  8/3/2010  | 
The Secure Remote Access 1200 offers users and IT administrators manageable connections between the office and remote desktops, laptops and mobile devices.
Using The 36 Stratagems For Social Engineering
Commentary  |  8/3/2010  | 
I attended several great presentations during last week's BSides and Defcon. HD's VxWorks, egyp7's phpterpreter, and David Kennedy's SET talks were a few of my favorites, with great content and demos, but one that I found especially refreshing and fun was Jayson Street's "Deceiving the Heavens to Cross the Sea: Using the 36 Stratagems for Social Engineering."
Metasploit To Get More Powerful Web Attack Features
News  |  8/2/2010  | 
Rapid7 sponsors open-source w3af Web assessment and exploit project
Design Flaws Make All Browsers Vulnerable, Black Hat Speaker Says
Quick Hits  |  8/2/2010  | 
In series of hacks, researcher demonstrates inherent flaws in currently-used browsers
UK Government Stays With IE6
News  |  8/2/2010  | 
Experts say Microsoft Internet Explorer 6 is a security risk and should be replaced with newer browser.
Managing The Mixed Storage Environment
Commentary  |  8/2/2010  | 
In my last entry we covered the value of just having one device to manage. What if that is not realistic for your environment? Either you selected a storage system that won't scale, you have business reasons for multiple units or the environment is just too large, it needs to diverse to put everything on one storage platform. You need tools to allow the different systems to be managed more easily.
VxWorks Vulnerability Tools Released
Commentary  |  8/2/2010  | 
If you haven't started scanning your network for UDP port 17185, then you better start now. This past week at BSides Las Vegas and Defcon, HD Moore, CSO of Rapid7 and Metasploit chief architect for the Metasploit project, demonstrated an exploit against VxWorks that affects hundreds of products from many different manufacturers.
<<   <   Page 4 / 4


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.