Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in February 2007
Innovation's Dead
News  |  2/28/2007  | 
Vendors excel at fear-mongering, but fall well short where technical creativity or capabilities are concerned
HID, IOActive Butt Heads Again
News  |  2/28/2007  | 
Rights and responsibilities of how, when to disclose vulnerabilities get revisited at Black Hat
Government Targets Insider Threat
News  |  2/28/2007  | 
Defense, Justice, and HUD developing new strategies for stopping internal security leaks
Apple Flap Redux
News  |  2/28/2007  | 
David Maynor goes public at Black Hat DC on his side of the Apple wireless exploit story
Black Hat Cancels RFID Demo
News  |  2/27/2007  | 
Badge, smartcard patent holder threatens lawsuit over cloning presentation
ISCorp Augments Security
News  |  2/26/2007  | 
Backup services specialist ISCorp eyes new customers after deploying Decru
Five Myths About Black Hats
News  |  2/26/2007  | 
In our breakout survey of those who break in, black hats attempt to rewrite conventional wisdom about their motives, methods
Here Comes the (Web) Fuzz
News  |  2/26/2007  | 
Black Hat researcher says fuzzing Web applications is the next big thing, will release free tool
RSS Syndicates Malware, Too
News  |  2/23/2007  | 
RSS becoming another delivery mechanism for XSS and other Web-related exploits
Black Hats Focus on Apps
News  |  2/23/2007  | 
DC convention shows security researchers are shifting away from network infrastructure - and toward applications
Top 10 Admin Passwords to Avoid
News  |  2/22/2007  | 
Don't want hackers to guess the password for that critical server or application? Stay away from these
Black Hat: Botnets Go One-on-One
News  |  2/21/2007  | 
Botnets are changing channels and fighting back at researchers
3G Card Secures Laptops
News  |  2/15/2007  | 
3G cellular-based add-on secures data in the event of malware infection, laptop loss, or theft
Digging Into Motivation
News  |  2/15/2007  | 
Or, how to blunt the bad guys' advantage and incent users to make smarter choices
Getting Users Fixed
News  |  2/13/2007  | 
Dark Reading roundtable addresses the value of end-user security training - or lack thereof
10 Signs an Employee Is About to Go Bad
News  |  2/13/2007  | 
Worried that you might have an insider threat? Here are some warning signs
Study: Two Hacks a Minute
News  |  2/13/2007  | 
Researchers at the University of Maryland show firsthand why weak passwords are a hacker's dream come true
Data Destruction, at Your Disposal
News  |  2/12/2007  | 
Regulatory pressure, data leakage force enterprises to look at more secure disposal practices
New Method Traps 'Fast' Worms
News  |  2/12/2007  | 
Penn State researchers devise new technique for ID, prevention of worm attacks
Encryption Set to Go Mainstream
News  |  2/9/2007  | 
Study: Data breaches, new laws drive enterprises to build encryption into infrastructure, processes
DNS Attack: Only a Warning Shot?
News  |  2/7/2007  | 
Yesterday's DDOS attack on the Internet's DNS root servers may have been a trial run for a bigger attack
PayPal CSO: Phishing Threat Overstated
News  |  2/6/2007  | 
Chief security officer at one of phishers' favorite targets says phishing isn't among the top five threats to his company's bottom line
Color-Coding Web Searches
News  |  2/5/2007  | 
New ScanSafe Web filtering feature gives users the green light to visit sites in their search results, providing they are safe
On the Dark Side of ISP Nets
News  |  2/4/2007  | 
Arbor Networks's new Atlas service provides ISPs and enterprises with a global view of botnets, malware, and other threats
Managed Email: Who's Watching?
News  |  2/1/2007  | 
Better yet, who's reading those archived messages? It may just be your managed email provider


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.