Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in March 2013
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
BlackBerry Balance: The Real Reason To Buy It
Commentary  |  3/28/2013  | 
BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
Follow The Dumb Security Money
Commentary  |  3/26/2013  | 
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Putting Out Fires With Gasoline
Commentary  |  3/25/2013  | 
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
Database Security Restart
Commentary  |  3/25/2013  | 
How to restart your database security program
NASA Tightens Security In Response To Insider Threat
Quick Hits  |  3/21/2013  | 
NASA shuts down database and tightens restrictions on remote access following the arrest of a Chinese contractor on suspicion of intellectual property theft
Cisco Reports Some IOS Passwords Weakly Hashed
Commentary  |  3/20/2013  | 
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
Samsung? BlackBerry? Who Will Win The Containerization Wars?
Commentary  |  3/19/2013  | 
The chaos of multiple container formats won't last
On Security Awareness Training
Commentary  |  3/19/2013  | 
The focus on training obscures the failures of security design
Your Password Is The Crappiest Identity Your Kid Will Ever See
Commentary  |  3/18/2013  | 
Ever watch an episode of 'Mad Men' and see everyone smoking? Some kid in 2045 will look at their parent and ask, did you really have to enter a password that many times?
Managing The Local Admin Password Headache
Commentary  |  3/15/2013  | 
Forcing and managing unique passwords on Windows systems in an enterprise network can be challenging, but many tools are out there to help
Outsource Your Monitoring To The Business
Commentary  |  3/14/2013  | 
Don't keep all of the fun to yourself
Database Security Operations
Commentary  |  3/14/2013  | 
Process -- not tools -- is important
Genesco Sues Visa Over $13 Million In PCI Noncompliance Penalties
Quick Hits  |  3/14/2013  | 
Retailer says noncompliance fines exacted by Visa following breach were out of bounds
You've Been Hacked, But For How Long?
Commentary  |  3/13/2013  | 
One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your ‘Mean Time To Know’ (MTTW) about an intrusion is with profile-based network monitoring
Defending Local Admin Against Physical Attacks
Commentary  |  3/13/2013  | 
Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
Better Patching Priority
Commentary  |  3/11/2013  | 
What to consider when prioritizing risks
Samsung Knox Raises Android Security Game
Commentary  |  3/11/2013  | 
Following the BlackBerry announcement of BES 10 as a general-purpose mobile management solution, Samsung has expanded its SAFE program to include EMM features like MAM and business/personal partitioning. These companies are advancing the technology for customers. Where are Microsoft and Apple in this?
Cerberus, White Courtesy Phone, Please
Commentary  |  3/8/2013  | 
Why you need two opposing styles of monitoring
The Great Lie Of Compliance
Commentary  |  3/6/2013  | 
If you believe you are fully compliant, then you are not
BlackBerry Can Set EMM Standard With BES 10
Commentary  |  3/5/2013  | 
The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the central console for managing all mobile devices
Evernote Resets Everyone's Passwords After Intrusion
Commentary  |  3/2/2013  | 
After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords
Open Public Wi-Fi: How To Stay Safe
Commentary  |  3/1/2013  | 
One day our systems will be built to default always to secure configurations, but we're not there yet
Defending Local Administrator Accounts
Commentary  |  3/1/2013  | 
One compromised desktop is all is usually takes for complete network ownership by an attacker; local admin accounts are often the mechanism for that escalation


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd