Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Are We In A Tech 'War' With Russia?
I was reading the withering comments Vladimir Putin made to Michael Dell in response to Dell's offer to help Russia. Though Putin is Russia's prime minister, he clearly is also the guy who is running the country. Reading between the lines, I think it is likely he is driving a technology w
Hardware Vendor-Induced Vulnerabilities
During a recent penetration test, a friend encountered some really strange findings that he asked me to review. Several of the desktops located in one of the departments had a process listening on an ephemeral, nonstandard TCP port. He provided his Nmap and Nessus findings, which both reported an Apache Web server was running on this mysterious port. The fact they were all running Apache was cert
How To Celebrate Privacy Day (And How Not To)
Wednesday, Jan. 28, has been designated International Data Privacy Day, and I'm still not sure how to celebrate. Should I invite all of my friends and family over, then go in the bathroom, lock the door, and make an entry in my personal diary? Or maybe we should all put on funny hats and go outside with noisemakers, screaming, "It's none of your friggin' business!!" Ah, those holiday traditions.
Get Your Pentesting Permission Slip
As infosec professionals, we are often tasked with performing duties that would be considered illegal if we did not receive proper authorization beforehand. For example, if you were performing a penetration test against a system that you or your employer doesn't own, or for which you don't have authorization to access, then you could be violating a number of laws leading to termination and possible criminal prosecution.
The Trouble With Phishing
Any person who is familiar with even the basics of modern computer threats will know the term phishing. It is an example of the more generic threat known as social engineering, or using psychology as a primary attack vehicle. In general, people tend to be trusting and helpful (although, of course, we can all quickly bring to mind those who are neither). Phishing and other social engineering attacks make use of these traits to trick computer users into giving up valuable information, fr
Honing Security Skills Outside Of The Workplace
Here at the Sundance Film Festival, I've noticed varying levels of credentialed people. Some work for Sundance directly; others are volunteers. Some are folks who dropped down a couple thousand dollars for a ticket package that includes an extra level of access the public doesn't have. And, of course, we can't forget the cast and crew of the films. In the four years I've been attending, you can count me as part of the rest of the bunc
How Hackers Will Crack Your Password
I've been cracking passwords lately for pen tests, and I'm surprised at how corporate guidelines don't really help people choose passwords. As in many places in security, a disconnect exists between how people secure systems and how hackers break systems. So the following is a brief description of what hackers do (or, at least, what I do when pen-testing systems).
Largest Data Breach In History Tries To Hide Behind Inauguration
Heartland Payment Systems, a credit card processor out of Princeton, N.J., that mostly supports small and midsize businesses, announced during today's presidential inauguration that it was the victim of a massive data breach that could include more than 100 million credit card numbers.
If It Walks Like A Botnet
There's something fishy going on with the Confickr/Downadup worm. So far, it hasn't crossed the line to an official botnet, but this thing is fast becoming a monster that just won't stop spreading, no matter what Microsoft does to warn users to patch (the patch has been available since October, people) or how security vendors scramble to scan for it as it evolves and changes.
Geek Productivity Tough To Measure
Measuring productivity is difficult when it comes to IT security professionals and, in general, most IT geeks. It's not as bad as trying to measure the return on investment (ROI) for security products, but it can be difficult if you focus on the number of hours worked as opposed to employee output.
PCI Impact Brings Insurance Protection Offering
What does it say about the impact of PCI regulations on small to midsize businesses when an insurance company begins offering "card-compromise" coverage?
Campus Net Abuzz With BCS Win
Another year, another championship. Now, that's not meant to sound snobbish or trite, but the past few years have been very good for University of Florida athletic programs. Last night was a great example with the Gator football team wrapping up the BCS National Championship with a win against the Oklahoma Sooners. After seeing the preparatory buzz of activity yesterday, I expected to see more visible excitement as I walked a
Bombshells For The New Year
The week after Christmas should be a quiet, reflective time to get organized for the new year while the security industry takes a little winter's rest. Uh -- not so much. This is the security industry, remember? Vendors may not roll out products during the holidays, but hackers never sleep.
You're Not Paranoid, Your Antivirus Just Doesn't Work Well
Myth #2 of the "The Five Most Dangerous Security Myths" by PC World's Erik Larkin popped up in my inbox from a family member this morning. The second myth is, "Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a goo
People-Hacking
My firm was recently hired to perform a network assessment for a fairly large bank. The emphasis on this engagement was circumventing physical controls and gaining access to the bank's internal network infrastructure. As with most financial institutions, we were asked to compromise remote locations (bank branches) and then make an attempt on the main office.
Hack Simplifies Attacks On Cisco Routers
New technique for hijacking routers reinforces need for regular IOS patching
Browser Privacy Features Leave Users Exposed
When using "private browsing mode" included in many of the current (and beta) Web browsers, do you know just how well it is working at preventing your Internet browsing from being tracked? What about the protection provided when you hit the button to clear your Web browsing history, cookies, and cached files?
DLP: An Important Tool In Protecting Data During Mergers & Acquisitions
Data loss prevention (DLP) is a topic I've covered in the past because it's important in these times of targeted attacks and accidental data loss. It also tends to be a controversial topic since many people view it differently due to the variation in definitions of what the technology really is. For example, DLP vendors have solutions that range from basic content filtering at the network gateway to complex network- and host-based monitoring solutions, leaving the definition up to the vendor who
|
Latest Comment: Becky thought the "Assistant in a Drawer" device was a great idea, until she realized she couldn't stop all the "pop-ups"
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
