Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Wiping Out Wimpy Passwords
Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.
IE 6 Aftermath: Time To Review Your Browser Strategy
The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.
Operating In An Insecure World
I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.
Google/China Reality Check Amid The Fog Of Cyberwar
We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.
Enterprise Data Taken To The Cleaners -- Literally
Study of 100 U.K. dry cleaners finds more than 4,500 storage devices left in clothes in one year
User Security After The Google Hack
Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.
What Data Discovery Tools Really Do
Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.
Report: DDoS Attacks Still Growing, But At Slower Rate
Distributed denial-of-service attacks against network operators are becoming less brawny, more stealthy
Share Your New Security Innovations
I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.
The Cybersecurity Czar's First Big Test
I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.
Discovery And Your Database
Database discovery is the act of locating databases on a network. Years ago, this was simple because companies had only one or two databases. Now just about every application created relies on database services to provide data integrity and transactional consistency.
2010 Could Be The Year For Security Outsourcing, Forrester Says
'Co-sourcing' concept could help mend the rift between security departments and service providers, research firm says
We Have Nothing To Say -- Or Do We?
The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?
The Inconvenient Truth Behind Security
A co-worker forwarded me an e-mail in which the original sender was asking about running vulnerability scans on his own and stated he was concerned about the scans causing downtime while the servers were being tested.
When PDFs And Flash Files Attack
It's getting harder to protect our users from threats coming at them from seemingly trusted places. The Websites they've been using for years are suddenly the source of attacks through malicious advertisements being pushed to the "trusted" site by a third-party advertising service. File format attacks against Adobe's Flash and Acrobat are becoming the exploit du jour for attackers.
Critical Juniper Router Flaw Triggers Prompt Patching
Vulnerability causes routers to crash and reboot
Adobe Reader's Patch Tuesday
Next Tuesday, Jan. 12, is Microsoft Patch Tuesday. Beyond the usual patches from Microsoft, we will also get a critical update for a piece of software that increasingly plays a role in exploiting desktop systems -- the Adobe Reader from Adobe Systems.
New Year Will Put New Pressure On Security Services Decisions
Security, as many consumers have recently discovered, is a matter of perspective. Many consumers carefully lock their houses each night and turn off their computers. They keep their AV products up to date, their wireless connections encrypted, and their passwords in their heads.
Hack Pinpoints Victim's Physical Location
'Samy worm' writer publishes proof-of-concept that gleans home router GPS coordinates
Detecting DNS Hijacks Via Network Monitoring
Last year saw a slew of different DNS attacks. The most recent incident was the hijacking of Twitter's DNS records to redirect to a Website stating, "This site has been hacked by the Iranian Cyber Army." Though the impact to a company's public image can be large, DNS redirection attacks have the potential to be even more devastating than a tarnished image.
Facebook's Security Team Frustrates Cybercriminals
Though Facebook is one of the potentially most virulent platforms on the Internet, its security team is very talented, which makes life for cybercriminals all the more difficult.
Secure USB Flaw Exposed
USBs go under the microscope as vulnerability discovered in SanDisk secure USB leads to recall of Kingston USBs and updates to SanDisk, Verbatim USBs
How Obama Could Fix Airline Security
Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to
|
Latest Comment: This comment is waiting for review by our moderators.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
