News & Commentary

Content posted in September 2010
Page 1 / 5   >   >>
In Software We (Can't) Trust
Commentary  |  9/30/2010  | 
I can't think of more than a few attacks in the past decade that involved stolen certificates as part of the malware or exploit code. However, recent attacks, and new research highlights the increasing danger of trusting signed digital certificates.
Trust No One, Monitor Everyone?
News  |  9/30/2010  | 
'Zero Trust' model strikes a chord with user-borne attack concerns but could be overkill, experts say
More Than 80 Arrested In Alleged Zeus Banking Scam
News  |  9/30/2010  | 
Eastern European cybercriminals teamed with foreign students who opened accounts in the U.S., authorities say
IE, Windows XP Users Vulnerable To DLL Hijacking
News  |  9/30/2010  | 
Clicking a link to a remote shared folder on a web page will open this share in Windows Explorer without a warning for 67% of all Internet Explorer users on Windows XP, according to Acros Security.
Federal Government Imposes New IPv6 Deadlines
Quick Hits  |  9/30/2010  | 
'Native' IPv6 by FY 2012 for public-facing servers and services
Spam Campaign Targeting LinkedIn Users Called 'Largest Ever'
Quick Hits  |  9/29/2010  | 
Fake social networking message leads users to Zeus infection
User Authentication In E-Commerce
Commentary  |  9/29/2010  | 
When we designed SSL to enable e-commerce on the Web, we had to solve two issues. One was the Web's openness -- the fact that anybody can read anything -- and the other was how parties might authenticate with one another.
Army Awards $1.2 Billion NSA Data Center Contract
News  |  9/29/2010  | 
The facility to be built in Utah will support the agency's Comprehensive National Security Initiative, aimed at bolstering cybersecurity across federal agencies.
U.S. Public, Private Cyber Defenses Being Tested In Simulated Attacks
News  |  9/29/2010  | 
Cyber Storm III under way; biennial cybersecurity exercise aims to test preparedness
VoIP Abuse Project Blacklists Attackers
News  |  9/29/2010  | 
Fraudsters target, hack VoIP servers mainly as a vehicle for stealing financial data
Ready For Primary Cloud Storage?
Commentary  |  9/29/2010  | 
Cloud storage has moved out of the experimental mode and into some form of production for many organizations. To date most of the use cases are either to backup data to the cloud or to archive data to the cloud. Now though the move is on to provide leverage the cloud for primary data storage. If successful it could change the way many businesses buy storage.
Google To Warn Admins Of Malware Infestations
Commentary  |  9/29/2010  | 
It's been made very clear that one of the greatest threats to Web safety is reputable Web sites getting nailed with malware - and their web masters don't even know it. That malware then infects users - who also go unaware that they've been pwned. This week, Google is taking steps to try to turn that tide.
LinkedIn Attack Spreads Zeus Financial Malware
News  |  9/29/2010  | 
Infection related emails accounted for almost 25% of the world's spam at its peak Monday.
Microsoft Beefs Up Hotmail Security
News  |  9/29/2010  | 
Raft of new features aimed at blocking email hijackers and helping users reclaim compromised accounts.
Security Researcher Wins Prestigious MacArthur "Genius" Grant
News  |  9/29/2010  | 
Dawn Song, head of the Berkeley lab that developed BitBlaze, will get $500,000 for more research
In Wake Of Attacks, Enterprises Look To Plug Browser Security Hole
News  |  9/28/2010  | 
Even a fully patched browser can expose enterprises to threats, experts say
Why The Insider Threat Is Ignored
Commentary  |  9/28/2010  | 
The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.
Amazon Launches Kindle For The Web
News  |  9/28/2010  | 
The browser-based app makes it possible for people to read the first chapter of an e-book on Amazon without having to install special software.
Social Networks For Patients Stir Privacy, Security Worries
News  |  9/28/2010  | 
Facebook-like profiles and posts by patients put medical information at risk of theft, abuse
Americans Oppose Mandatory FM Radios In Cell Phones
News  |  9/28/2010  | 
A Consumer Electronics Association survey also found that 75% of U.S. adults believe manufacturers, not government agencies, should design consumer electronics products.
VoIP Hacker Sentenced To 10 Years
News  |  9/28/2010  | 
The scheme involved defrauding Internet phone service providers to the tune of $1.4 million.
Government Puts The Hurt On The Internet
Commentary  |  9/28/2010  | 
There are a lot of problems that face the Internet and technology today, from major security flaws to increasing infrastructure demands, you name it. But by far the biggest threats are the regular attempts by government and special interests to control the Internet and technology, attempts which would usually end up causing severe damage.
Web 2.0 Expo: Katie Couric Blends Old And New Media
News  |  9/28/2010  | 
Network news veteran says traditional media can still thrive in the age of blogs and Facebook, as long as it's willing to adapt.
Chinese iPhone 4 Forces Censored Maps
News  |  9/28/2010  | 
Apple's Maps application on the Chinese iPhone 4 will only show government-approved maps, unlike previous models.
NSA Official Says Cybersecurity Starts At The Top
News  |  9/28/2010  | 
Information management, not hygiene and patching, is the most important piece of cybersecurity according to NSA's vulnerability analysis chief.
Google Embraces OAuth Authentication For Apps
News  |  9/28/2010  | 
Adoption parallels security moves at other sites, including Twitter, Salesforce.com, and Microsoft Azure.
You're Always Just Two Clicks Away From Malware
Quick Hits  |  9/28/2010  | 
New study shows correlation between top 1,000 visited websites and proximity to malware
Malware Targeting Top News Sites, Message Boards
News  |  9/28/2010  | 
By poisoning popular sites with malicious content, attackers ensure that web surfers are never more than two clicks away from a threat, says Websense report.
Top Excuses For Foregoing Security Monitoring, Logging
Commentary  |  9/28/2010  | 
Monitoring for security incidents can be tough. It's tougher when you don't know what to look for. Now imagine trying to investigate an incident when you don't have any logs to analyze.
Q1 Labs Releases SIEM For Social Media
News  |  9/27/2010  | 
QRadar 7.0 uses deep packet inspection technology for real-time monitoring of web-based malware and extends Security Information and Event Management to social media usage.
Five Reasons SIEM Deployments Fail
News  |  9/27/2010  | 
Security information and event management deployments are often plagued by ease-of-use, scalability, and even organizational problems
Stuxnet Attack Exposes Inherent Problems In Power Grid Security
News  |  9/27/2010  | 
Worm sheds light on ongoing targeted attacks against critical infrastructure, and Iranian news reports infections among nuclear power plant's employee machines
Network Monitoring Can Provide Key Clues To Security Problems, Study Says
News  |  9/27/2010  | 
Done properly, traffic analysis and log review can help administrators identify threats they might not recognize otherwise
Brazilian Army Joins Forces With Panda Security To Combat Cyber-Warfare
News  |  9/27/2010  | 
Panda to train Army’s operational agents in the fight against cyber terrorism, digital crime and strategic preparation for cyber-warfare
Integrating The SSD Appliance
Commentary  |  9/27/2010  | 
The SSD Appliance or Memory Array applies to storage systems that are designed from the ground up to only be used with solid state storage. They are often focused on storage I/O performance and solid state integrity more so than providing storage services like snapshots or replication. In this entry we will look at when does it make sense to use these products instead of adding SSD to an existing storage system or going all out and buying a new solid state storage system.
Security Is Chief Inhibitor To Web 2.0 Implementation, Study Finds
Quick Hits  |  9/27/2010  | 
Malware, viruses are key reasons why companies don't use Web 2.0 apps more widely, researchers say
Iran Denies Stuxnet Worm Hurt Nuclear Plant
News  |  9/27/2010  | 
The malware appears to have been designed to target a specific facility or control process.
DHS Launches Cyber Attack Exercise
News  |  9/27/2010  | 
Cyber Storm III, the largest simulated cyber attack to date, aims to test a new national cyber response plan and stretch the limits of collaborative cybersecurity.
USB Drive Plugs Into Military Missions
News  |  9/27/2010  | 
The fast-booting BlackJack device aims to securely and quickly extract data without leaving a footprint behind.
Stuxnet Pwned Iran. Are We Next?
Commentary  |  9/27/2010  | 
For the past few weeks rumors had run rampant about the purported targets of the Stuxnet worm. One of those rumors was that the worm was targeting Iran's controversial nuclear sites. Now, according to news reports that hit yesterday, those rumors may very well be right. There's a warning in all of this for the United States.
Cybersecurity Chief Touts Private Sector Collaborations
News  |  9/27/2010  | 
Public-private partnerships are crucial to tackling Internet security challenges, says federal cybersecurity coordinator Howard Schmidt.
Five Main Causes Of SMB Security Incidents
Commentary  |  9/27/2010  | 
Like you, I have read many articles covering small business security, the authors of which have made up various lists of "top X threats" or "this year's biggest vulnerabilities," etc. So I thought it would be interesting to dig into a sampling of the data breach reports and collect some real data on causes of breaches and other security incidents in SMBs.
Zeus Targeting Mobile Phone Authentication
Commentary  |  9/26/2010  | 
A new variant of the Zeus botnet aims to circumvent an increasingly popular mode of two-factor authentication among financial institutions and other enterprises.
EnterpriseDB Adds Integrated Replication, Hot Standby
News  |  9/24/2010  | 
Postgres Plus gains features from updated open source database PostgreSQL 9.0.
Lock-Picking Popularity Grows
Commentary  |  9/24/2010  | 
As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.
Alleged Phishers Who Targeted eBay Employees Arrested
Quick Hits  |  9/24/2010  | 
Romanian authorities apprehend men suspected of using stolen credentials to access eBay client database
Malfunction Delays Space Station Astronauts' Return to Earth
News  |  9/24/2010  | 
A malfunction with the Soyuz TMA-18's docking mechanism has been repaired and undocking of the spacecraft rescheduled for Friday night.
Top Five Reasons Database Security Fails In The Enterprise
News  |  9/24/2010  | 
Independent Oracle Users Group survey reveals common database security missteps made by enterprises
Google Chrome Web Store Prepares To Open
News  |  9/24/2010  | 
Developers can now open Google Checkout merchant accounts in preparation for the debut of the Chrome Web Store.
Spectrum Bridge Trials Show Promise Of 'White Spaces'
News  |  9/24/2010  | 
Four deployments, in Calif., N.C., Ohio, and Va., point to the versatility and power of the broadband technology approved by the FCC Thursday.
Page 1 / 5   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11354
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-11355
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11356
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11357
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11358
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.