Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Comcast Goes DNSSEC, OpenDNS Adopts Alternative DNS Security
DNS provider OpenDNS selects DNSCurve over DNSSEC, but experts say the two technologies could eventually play together
Fight Malware With Software Restriction Policies
Good news for Department of Defense folks. They can now start using USB flash drives again -- provided there's absolutely no other way to transfer the data from point A to point B. OK, so maybe it isn't time to rejoice just yet.
Firewalls And DIY Plug-Ins
Let's face it: Users love the concept of adding free plug-ins and apps to customize and empower the base software tool, whether it's in a smartphone or browser. Doing so is fun, it's cool, and it lets them personalize their software to augment or shape how they use it. Even firewall management has joined the plug-in party.
PGP Launches Multivendor Key Management Platform
New tool set is designed to provide a single framework for administering multiple encryption keys
Enhancing Botnet Detection With Manpower
The average computer user (a.k.a. most of my family) doesn't have a fighting chance. I hate to say it, but the malware we're seeing on a daily basis makes this scary fact evermore true. There is absolutely no way that most home users are going to be able to protect themselves against modern malware like Zeus. Malware authors have become extremely good and proficient at what they do because it's making them money.
Defense Agencies Drop Ban On Portable Storage Devices
Critics say new policies, practices may not be enforced
Boosting Your Defenses Against Botnet Infections
In the past few weeks since the Google/China incident, we have seen a number of interesting blog posts and white papers that provide further details on some of the techniques used by the attackers.
Will Cyber Shockwave Make Some Waves?
With March Madness coming up, I recently spent the morning in some rather distinguished company simulating the effect of a March Madness smartphone app that turned out (within the confines of the simulation) to be malware.
Mozilla's Add-On Policies And Spyware Surprises
I've been using FlashGot on and off for years. It is a useful plug-in that helps you download multiple files from the same Web page "automagically." So when Firefox informed me about a new update for an add-on I've used for years, I clicked "OK" and updated it, only to find a surprise the next time I used Google.
Penetration Testing Is Sexy, But Mature?
The buzz generated from Core Security's move to integrate with the Metasploit Framework has left me a little puzzled. Don't get me wrong: I love Metasploit. It's a fantastic tool that has certainly been put through its paces as a pen-testing tool -- it's free, open source, and extremely accessible to aspiring security professionals. And, of course, I've heard great things about Core's flagship product, Impact Pro. But the deal just seems like an odd move.
Measuring Database Security
How much does it cost to secure your database, and how do you calculate that? One of the more vexing problems in security is the lack of metrics models for measuring and optimizing security efforts. Without frameworks and metrics to measure the efficiency and effectiveness of security programs, it's difficult both to improve processes and to communicate our value to nontechnical decision makers.
Oracle 0-Days
During BlackHat, David Litchfield disclosed a security issue with the Oracle 10g and 11g database platforms. The vulnerability centers on the ability to exploit low security privileges to compromise Oracle's Java implementation, resulting in a total takeover of the database. While the issue appears relatively easy to address, behind the scenes this disclosure has raised a stir in database security circles. The big issue is not the bug or misconfiguration issue, or whatever you want to call it.
Virtualization Vulnerabilities Up And Coming
Microsoft's February 2010 Patch Tuesday was one of the bigger releases for Microsoft and its clients in the past two years -- 13 bulletins addressing 26 vulnerabilities.
Sights, Sounds (And Snow) Of ShmooCon 2010
There are hacker conferences, and then there's ShmooCon. The annual East Coast convention was held during a major snowstorm in Washington, D.C., but that didn't stop researchers from sharing their latest exploits, hardware, and software inventions, and huddling over discussions about the latest security issues.
How Much Crypto You Really Need
Last month an international team of researchers announced they had managed to factor a 768-bit RSA key. This raises interesting questions about handling encryption and planning ahead in your security strategy.
Dark Reading Launches New Database Security Newsletter
One of the things we've learned in publishing Dark Reading is that a pretty wide range of people work under the title of "security professional." There are techies and managers, risk managers and privacy people, white hats and black hats. Not surprisingly, they aren't all interested in the same news and information.
Speeding Incident Response With 'Indicators' Of A Compromise
Advanced persistent threat: I like the term -- it sounds evil, and it is...well, at least I think it is. There has been a lot of news, opinions, and genuine FUD on APT since Google went public with news of its breach several weeks ago. Until then, I really don't think anyone ever paid much attention to what APT was, even though well-respected people, like Richard Bejtlich and the folks at Mandiant, have been talking about it for a while.
New SpyEye Trojan Could Challenge Zeus, Researchers Say
Emerging Russian crimeware kit hasn't spread yet -- but it has potential
Amazon's SimpleDB Not Your Typical Database
Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.
New Flaws Pry Lid Off Cloud Frameworks
A new set of vulnerabilities came to light this week at Black Hat DC, and its appearance provides a good look at our bleak "next-gen" security future.
'Brand' Your Employees
You might want your product to be in the news every day, and for your PR to create miracles for you. But if you want attention, then your company must speak out on big security issues and news.
Litchfield's Last Hurrah
Yesterday was David Litchfield's last day at NGS Software, and he commemorated the milestone by dropping a zero-day vulnerability in Oracle's 11g database at Black Hat DC. He also surprised the audience -- and possibly himself -- by awarding Oracle a "B+" final grade for security in 11g, after nearly 10 years of keeping Oracle on its toes by calling out vulnerabilities in its database technology.
Updated Tool Targets Facebook Security
Security issues surrounding social networking sites make me cringe. I understand their practical applications, but they are also the platform for easy delivery of exploits through social engineering. I've seen many systems compromised by the unconscious click on a Facebook link that users' nonchalance on similar sites and their trust in the Internet frustrates me to no end.
IBM ISS Researcher Exposes Holes In Cisco's Internet Surveillance Architecture
Wiretapping architecture could be abused by individuals under surveillance and outside attackers; Cisco reviews recommended fixes
Tool Helps Prepare For Disaster
When I see an event like the Haiti earthquake, I worry that we treat disaster preparedness much like we do data backup -- we don't really think about it until it's too late. We are faced with putting in place a plan to deal with disaster, and then realize we don't aren't properly prepared. But I might have found a tool that can help.
Researcher Cracks Security Of Widely Used Computer Chip
Electron microscopy could enable criminals to develop counterfeit chips, Tarnovsky says at Black Hat DC
When Software Glitches Are Fatal -- Literally
Hearing about how many companies were hacked during the Aurora attacks due to a software vulnerability in Microsoft's Internet Explorer (IE) is frustrating. Now another attack is ready to be unveiled at Black Hat DC that also uses an IE "feature." The thought of what can and has happened because of these flaws is scary -- theft of personal information, espionage, identity theft, etc. -- but what happens when software glitches lead to death?
|
Latest Comment: After several data breaches, management decided to go with a more aggresive DLP strategy.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
