Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in December 2009
Researchers Prepare Practical Demonstration Of GSM Encryption Cracking Technology
News  |  12/29/2009  | 
GSM calls can be intercepted and decoded using low-cost hardware and open-source software, researchers say
Data Masking Primer
Commentary  |  12/26/2009  | 
Data masking is an approach to data security used to conceal sensitive information. Unlike encryption, which renders data unusable until it is restored to clear text, masking is designed to protect data while retaining business functionality.
Fixing The Security Disconnect
Commentary  |  12/24/2009  | 
A disconnect often exits between security teams and the population they service. I'm not referring to just users -- of course, you'll pretty much always find a rift between security and users -- but instead I mean the disconnect that often occurs among network groups, system administrators, developers, and similar groups.
Security PR: How To Disclose A Vulnerability
Commentary  |  12/22/2009  | 
When your team discovers a new security vulnerability in a third-party product, there are ways to handle it correctly to achieve maximum visibility.
Paper-Based Breaches Just As Damaging
Commentary  |  12/21/2009  | 
IT tends to forget about things that aren't electronic. But you remember that stuff called paper, right? Have you considered that printed documents are just as damaging to a company's reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server?
SkyGrabber Is For Porn, Not For Hacking Predator Drones
Commentary  |  12/18/2009  | 
According to a sensationalized news story from late last week, Iraqi insurgents have intercepted live feeds from Predator drones. But the story's facts seem fishy: it claims the $26 off-the-shelf software product, SkyGrabber, was used to intercept live video feeds from U.S. Predator drones. But SkyGrabber does not have this ability.
Making Your IDS Work For You
Commentary  |  12/18/2009  | 
Talk to anyone who knows anything about running an intrusion detection system (IDS), and he will tell you one of the most important processes during the initial deployment is tuning. It's also one of the important operational tasks that go on as new rules are released to make sure they are relevant to the environment you're tasked to protect.
Improved Security In Microsoft Office 2010
Commentary  |  12/17/2009  | 
Microsoft has made Office 2010 available in public beta. After playing around with it for a while, I am not yet sure I need any of the new functionality.
Christmas Wish List: Patching & Whitelisting
Commentary  |  12/16/2009  | 
Christmas is next week, and if I were putting together a wish list of things to help lock down my enterprises, I'd have to put patch management and application whitelisting at the top. Why? It's simple. The two together could deliver the one-two punch to knockout the majority of compromises I've been seeing lately.
Cybercriminals Bypassing Two-Factor Authentication
News  |  12/16/2009  | 
Targeted attacks have resulted in theft of money and/or information, says Gartner
Full Disk Encryption: What It Can And Can't Do For Your Data
News  |  12/14/2009  | 
Protection depends on how implementation -- and user know-how
What It Takes To Have True Visibility Into Web Attacks
Commentary  |  12/14/2009  | 
I'm one of those people who takes extensive notes but rarely goes back and read them. Today was one of those exceptions: I was looking through Evernote for something, and a statement I'd copied some time ago stuck out.
Security PR: How To Talk To Reporters
Commentary  |  12/11/2009  | 
Here are some tips for security professionals and security public relations representatives on how to pitch reporters when you have something new and exciting to share.
Using Facebook To Social-Engineer A Business
Commentary  |  12/10/2009  | 
My firm was recently asked to compromise a company's network infrastructure using intelligence available from the Internet. The client's CIO was worried that social networking sites provided too much information about its employees and the company, so we discussed the possibility of using information gained from social networking sites to social-engineer our way into the customer's facility and, ultimately, into its network.
Detecting Viral Persistence
Commentary  |  12/9/2009  | 
Persistence is something that malware strives to achieve. If malware cannot survive the monthly reboot due to the Microsoft patch cycle or the usual Windows troubleshooting process (reboot first!), then it's going to have a short lifetime and little effectiveness. There are a few exceptions to the rule in terms of persistence.
New Cloud-Based Wireless Password Cracker
Commentary  |  12/9/2009  | 
Security reports have consistently pointed out weak or default passwords as a major source for data breaches, similar to the recent Verizon Data Breach Study. Now there's a new service that tests the strength of passwords used in the encryption of wireless access points.
A Real Insider Threat Story
Commentary  |  12/8/2009  | 
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
'Capture The Flag' Contest Targets End Users
Commentary  |  12/7/2009  | 
Capture the flag (CTF) competitions and similarly organized scenario-based "games" can be a great learning experience for security professionals of all experience levels. Contestants are typically forced to work under pressure and in scenarios that range from real-world situations to extreme, all-out cyber-warfare.
The IPS Goes Virtual
News  |  12/7/2009  | 
Major vendors are adding virtual IPSes and pushing IPSes to virtual computing environments
Product Watch: Voice Encryption Firm Offers $250K In Gold To Hack Its Technology
News  |  12/7/2009  | 
Mobile security firm Gold Lock offers even bigger golden reward for successfully cracking its voice encryption
WinMagic Launches SecureDoc Full-Disk Encryption For Mac OS X Snow Leopard
News  |  12/3/2009  | 
SecureDoc v4.9 supports DoD Common Access Card and Personal Identity Verification Card
Test Drive Of Metasploit's NeXpose Plug-In
Commentary  |  12/2/2009  | 
Rapid7's acquisition of the Metasploit Project caused a lot of heads to turn. Concerns were raised about the project's future, specifically that of the Metasploit Framework. I held back from saying anything at the time because I was hoping for the best. Yesterday marked the first Metasploit Framework release that shows promise of the future by including integration with Rapid7's NeXpose vulnerability scanner.
Product Watch: Snort Maker Rolls Out IPSes For Virtual Environments
News  |  12/2/2009  | 
Sourcefire adds VMware-based virtual appliances, new version of 3D System IPS platform
Firefox On Fire
Commentary  |  12/2/2009  | 
Firefox is hot. The latest numbers show it now owns one-fourth of the browser market right now. But fame, of course, comes with a price: A recent, separate report shows that Firefox accounted for nearly 45 percent of all Web vulnerabilities in the first half of this year.
What IBM's Acquisition Of Guardium Really Means
Commentary  |  12/2/2009  | 
IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.
The Secret Sauce For Security Blogging
Commentary  |  12/1/2009  | 
I recently wrote in my personal blog about how some security blogs manage to engage their audience better than others and make their readers feel more in touch with what's happening -- on top of earning credibility.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd