Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in March 2011
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
McAfee's DAM Acquisition
Commentary  |  3/23/2011  | 
Sentrigo acquisition fills data center security hole in McAfee's offerings
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011  | 
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
What Auditors Are Saying About Compliance And Encryption
Quick Hits  |  3/15/2011  | 
Auditors prefer encryption, and many perceive organizations as still seeing security as a 'check-box,' New Ponemon Institute survey finds
Table Stakes
Commentary  |  3/15/2011  | 
For years we wanted a seat at the executive table. Now that we have it, it's time to play the game or head home.
DDoS Attacks Up 22 Percent In Second Half Of 2010, Study Says
Quick Hits  |  3/14/2011  | 
Denial-of-service has become top attack vector, according to Trustwave report
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011  | 
New subsite will offer more in-depth news coverage, analysis on next-generation threats
Backup Files Put Database Information At Risk
News  |  3/11/2011  | 
Cord Blood Registry breach a cautionary tale in the need for encryption, key management, and secure physical transport of database back-up media
The Promise -- And Danger -- Of Social Networking During Disaster
Commentary  |  3/11/2011  | 
It's time to consider a social networking-based Emergency Broadcast System
The Truth About Malvertising
Commentary  |  3/10/2011  | 
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
How I've Become One With The Rest Of The World
Commentary  |  3/10/2011  | 
I'm not quitting the security game, but I want to get experience outside of the choir
Database Lockdown In The Cloud
Commentary  |  3/9/2011  | 
In the cloud, we turn things around a bit and focus on data security rather than the database container
Lessons Learned From WikiLeaks: Not So Much
Quick Hits  |  3/8/2011  | 
IT and security professionals routinely use USBs, smartphones, and tablets to move and back up confidential files, yet their organizations haven't made changes in the wake of the WikiLeaks leaks
A New Spin On Fraud Prevention
Commentary  |  3/3/2011  | 
Most online fraud stems from electronic transactions not associating the identity of the user with the card or account
Security Certifications: Valuable Or Worthless?
Commentary  |  3/2/2011  | 
New survey asks information security pros whether certifications have shaped their careers
Why I'm Quitting Security (Part 1)
Commentary  |  3/1/2011  | 
In hacker-on-hacker attacks, the security community turns on itself, which breeds distrust


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.