Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in October 2006
HSPD-12's Toothless Deadline
News  |  10/27/2006  | 
US federal government's mandate for physical and logical security plagued by confusion, lack of funding
'Crimeware' Defined
News  |  10/25/2006  | 
Anti-Phishing Working Group and Department of Homeland Security explain most prevalent forms of online attacks
Zero Day Flaw Found in MySpace
News  |  10/24/2006  | 
A variant of an XSS vulnerability opens the door for worms, phishing, and port scans via the popular social networking site
Mutating Email Bugs Swarm
News  |  10/23/2006  | 
New variants of two old email-borne exploits illustrate how today's messaging bugs are becoming harder to kill
Database Threat Intensifies
News  |  10/20/2006  | 
Attackers are pulling out the stops to break into Oracle databases
Spammers Turn the Tables Again
News  |  10/20/2006  | 
SpamThru trojan pirates AV software, encrypts it, then uses P2P to keep sophisticated botnet alive
Phishers' Catch: Better Than Expected
News  |  10/19/2006  | 
A new study from the University of Indiana indicates that phishers are more successful at catching users than most industry estimates suggest
ISPs Plan Security Push
News  |  10/18/2006  | 
New opportunities, public criticism drive service providers to develop more comprehensive security services
A-Listing Your Apps
News  |  10/12/2006  | 
Enterprises enlist app whitelisting to combat malware and unauthorized tools, but the approach has a dark side
Corporate Ethics are 'Situational'
News  |  10/11/2006  | 
Dark Reading's Security Scruples survey finds that many companies talk the talk, but don't walk the walk
Diebold Disses Democracy
News  |  10/9/2006  | 
Technologists may be surprised by how far things can get off track when the law embraces bad security ideas for no apparent reason
A Secure Channel for Customers
News  |  10/6/2006  | 
A startup is developing the means to bypass phishers and hackers with a secure link to clients
Security's Rotten Apples
News  |  10/4/2006  | 
Dark Reading's 'Security Scruples' survey finds that most IT and security people maintain a strong code of ethics, but there are 'alternative views' that paint a scary picture
Startup Secures Data for Audits
News  |  10/3/2006  | 
Kinamik offers third-party certification, encryption, and storage of data, making it unassailable by hackers -- or auditors
Phishers Launch Zero-Day Exploits
News  |  10/2/2006  | 
Phishers are moving to the bleeding edge, and the new PhishTank will let companies observe their behavior
Researcher Secures Grid Computing
News  |  10/2/2006  | 
New tool could help administrators quickly identify possible abuse in meshed computer environments


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.