Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in January 2011
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
Security Researcher Targets SCADA, Releases Exploit
Commentary  |  1/13/2011  | 
Another exploit for SCADA software emphasizes the need for organizations to review their network design and device exposure before they become a victim.
Password Reset
Commentary  |  1/13/2011  | 
The downside of crafting a strong password is that while it's harder to guess or crack, it's also harder to remember and then use
Product Watch: Blue Coat Systems Moves Into SMB Market
News  |  1/12/2011  | 
Longtime enterprise security gateway vendor takes product line downmarket
A Textbook Case For Monitoring
Commentary  |  1/11/2011  | 
Vodafone's customer database leak demonstrates dangers of not properly monitoring database activity
Cloud-Based Crypto-Cracking Tool To Be Unleashed At Black Hat DC
News  |  1/10/2011  | 
European researcher will share new 'Cloud Cracking Suite' that leverages GPU processing power in Amazon EC2 cloud to decrypt passwords, break into wireless networks
Anonymity And Nonversations
Commentary  |  1/9/2011  | 
One sure result of the whole Wikileaks thing is security researchers, whistleblowers, and government officials talking past each other.
Going Out With A Bang
Commentary  |  1/4/2011  | 
We like to think that most firms have 'gotten the memo' that hackers hack databases, yet the flurry of breaches at years end suggests otherwise
Mining Web Proxy Logs For Interesting, Actionable Data
Commentary  |  1/4/2011  | 
Simple statistical analysis of Web proxy logs provides wealth of information and incidents missed by AV


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.