Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in November 2008
How Are We Doing? Dark Reading Seeks Your Input
Commentary  |  11/26/2008  | 
Dear Readers, If you've been clicking through the pages of Dark Reading regularly for the past several weeks, you've probably noticed lots of changes. As we told you back in October, the site has undergone an overhaul that included moving to a new server and a new production system, and we've implemented a new design that's intended to make the site easier to navigate and use. As with most new releases,
Free Memoryze Tool Gets A Much Needed GUI
Commentary  |  11/25/2008  | 
When software vendors release a "free" version, there is often a catch or some limitation that leaves you wanting for more. Rarely is the release good enough to fill a void that you've been missing. But that's not always the case. A good example is the NetWitness Investigator product that I've been testing and wrote about in Friday's
LiveView: Seeing Is Believing
Commentary  |  11/24/2008  | 
Investigating security incidents is a necessary fact of life for IT shops everywhere. What varies is how each group handles the incident. I read an interesting article over the weekend from Enterprise IT Planet called "Five Essential Forensics Tools." While I wouldn't consider them all "essential," a couple of them are very important, like Wireshark and Helix, and others are just examples of the ki
Internal vs. External Penetration Testing
Commentary  |  11/19/2008  | 
In the past, I've talked about the merits of penetration testing (a.k.a. pen-testing) and several related tools. One thing I've not covered much is the difference between internal and external pen-testing. Today's Webcast, "Zen and the Art of Maintaining an Internal Penetration Testing Program," by Paul Asadoorian of PaulDotCom (which has a great weekly security podcast) is what started me thin
Death of the AV Vendor: Microsoft Offers Free AV
Commentary  |  11/18/2008  | 
The fundamental problem with the AV market is that it makes antivirus vendors as much a part of the problem as they are a part of the solution. They are motivated to promote exposures to create a market for their offerings, and the end result has been a massive increase in malware and an inability by the ecosystem to effectively combat it. This will change that dramatically.
New 'Stealth' Technology Secures Data On Shared Networks
News  |  11/18/2008  | 
Unisys combines encryption and bit-splitting to keep data all in the workgroup
Making a Case For Comprehensive Patch Management
Commentary  |  11/17/2008  | 
The Security Manager's Journal at Computerworld had a good, "real life" story about the effort required to implement a comprehensive patch management program and to have management sign off. J.F. Rice (a pseudonym created to protect the manager and the company) says he used a two-pronged attack to get support and raise awareness by meeting with system admini
New Tool Makes VoIP An Easy Target
Commentary  |  11/14/2008  | 
VoIP isn't something that pops up on my radar too often. We're only now just beginning a deployment at my office that will take place during the next couple of weeks, so I'm slowly becoming more aware of what impact it could have. But what really got me thinking about just how secure the upcoming implementation is going to be is the release of a new VoIP security tool, UCSniff, by the Sipera Viper Lab.
My Spammers Didn't Get the Memo That They Were Toast
Commentary  |  11/13/2008  | 
It has been a week that seemed like the good guys might finally be winning -- something -- in the cybercrime war. First, there were reports of a 65-plus percent drop in spam volume after a Web hosting firm known for hosting botnets, spammers, and child pornography was taken down. Then the Internet Corporation for Assigned Names and Numbers (ICANN) on Wednesday finally
Correlating Many Data Sources Is Often The Key
Commentary  |  11/12/2008  | 
Being able to successfully perform incident response and digital forensics requires having the right tools and, more importantly, the right sources of information. I was assisting a client with a case recently that made this simple fact more apparent the more I dug into the monstrous amount of information they provided me.
Gingrich: Repeal SOX
Commentary  |  11/7/2008  | 
The Republicans may have fallen short in the elections this week, but that didn't stop conservative Newt Gingrich from making news: The erstwhile antiregulator is now calling for the repeal of the Sarbanes-Oxley Act.
Bending Skein Code
Commentary  |  11/6/2008  | 
Few of the submissions to NIST's hash standard contest have been optimized for desktop/server processors. One, though, known as Skein, seems to have considered this. It is designed specifically to run well on Intel Core 2 processors -- without sacrificing speed on other processors or security.
The Importance of Exit Procedures
Commentary  |  11/5/2008  | 
There is an interesting article in the San Francisco Chronicle about a former IT manager turned "vengeful computer hacker" who logged in to his former company's mail server and turned it into an open mail relay for spammers to abuse. He also deleted the Exchange server's mail database and critical system files, preventing the server from being able to boot. After five years, he has fina
E-Voter In a Swing State
Commentary  |  11/4/2008  | 
When I arrived at the polls at 6 a.m. this morning, those of us at the head of the line watched nervously as election officials frantically tried to calibrate my small town's two e-voting machines after they malfunctioned -- just before the first voters were about to cast their votes.
Laptop Security During the Economic Crash
Commentary  |  11/3/2008  | 
Theft rates go up sharply when you have an economic crash. People are looking for items to take from homes and cars that are easy to transport and easy to sell. Laptops fall into this category because they are both small and easily sold -- especially if new, attractive, and one of the more desirable models. This suggests a number of best practices are necessary to ensure they don't walk off and, if they do, don't compromise the business.
Data Leakage Prevention Products Maturing?
Commentary  |  11/3/2008  | 
With new data loss stories cropping up every few days, it's surprising that the data leakage prevention (DLP) market hasn't blown up over the last year with organizations clamoring to get their hands on DLP technology to prevent their sensitive data from walking out the door, or getting left in a cab, or stolen out of a parked car. In the article "DLP Vendors Grow Up," Symantec's senior
The Security Pro's Guide To Thriving In A Down Economy
Commentary  |  11/3/2008  | 
Let's face it: Even if this isn't the worst economic crisis since the Great Depression, the financial engine clearly isn't running on all cylinders. At best we can assume some sort of recovery over the course of the next year or so, and at worst...well, I don't really want to think about that. I think it's safe to say that not only do none of us know where this is headed, but that the picture will remain opaque until after the election and the winners take office. As security professionals, ris


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.