Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in April 2010
Sending Email, Web Security To The Cloud
Commentary  |  4/30/2010  | 
E-mail and Web security outsourcing are gaining more momentum as resource-strapped companies look for ways to tighten their IT belts. IT shops are constantly being asked to do more with less, and it's often security that gets more budget cuts since it's an IT area that doesn't contribute directly to a company making money.
Al Qaeda Implicated In Cyberattacks
Commentary  |  4/30/2010  | 
Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.
Symantec Takes $370 Million Plunge Into Encryption Market
News  |  4/29/2010  | 
Acquisitions of PGP, GuardianEdge will make security giant an immediate player, experts say
Product Watch: BreakingPoint To Roll Out 'Cyber Tomography Machine'
News  |  4/29/2010  | 
New testing platform scores the security of an organization's overall infrastructure and its resiliency to attack
Microsoft SIR, Dissected
Commentary  |  4/28/2010  | 
Microsoft published Version 8 of its Security Intelligence Report (SIR) this week. The report covers the second half of 2009 and is a massive piece of information with almost 250 pages.
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments
Quick Hits  |  4/27/2010  | 
Ponemon Institute/Thales survey PCI DSS security assessment firms about next version of PCI
Security Services Improve, But Bargains Few
News  |  4/27/2010  | 
Enterprises more focused on quality and functionality of services than on cost, experts say
Trusting 'Trusted' Sites Again
Commentary  |  4/27/2010  | 
I've been teaching a user security awareness and training course to faculty and staff at our university. One of the great aspects of the class is the discussions that develop out of the participants' questions, like the security of social networks and how to use wireless securely while on the road. Lately, I've been getting one question more and more often: How do I know if a site is safe?
WinMagic eStore Sells SecureDoc FDE For $99
News  |  4/23/2010  | 
eStore protects all data on Windows or Mac desktops, laptops, tablets and removable media
More Than One-Third Of Network Devices Show Vulnerabilities, Study Says
Quick Hits  |  4/21/2010  | 
Average device shows more than 40 configuration violations, according to research
CSRF Attacks Get New PoC Creation Tool
Commentary  |  4/21/2010  | 
Cross site request forgery (CSRF) is a powerful attack that can have devastating consequences. It's not a new attack, but new tools are released every year because Web developers don't always write secure code that can prevent these attacks. Often, CSRF vulnerabilities go undetected because automated scanners have difficulty detecting them.
PCI: Data Token Alternatives
Commentary  |  4/20/2010  | 
When a merchant cannot -- or will not -- replace credit card numbers with tokens provided by its payment processor, how does it secure it database to be PCI-compliant?
Log Review Checklist For Responders Under Fire
Commentary  |  4/19/2010  | 
Checklists are one of the most important things for first responders to have access to when responding to an incident. The reasons are many, and most of them tend to fall back on the human nature of the first responder. Incident response can impose a lot of stress on an individual, whether from management or the sheer criticality of the potentially hacked resource, it can be easy to miss a step or remember a command incorrectly when under fire.
Researcher To Demonstrate Uncrackable Encryption Key
Quick Hits  |  4/16/2010  | 
Scientist at Tel Aviv University builds key transmission system based on lasers, fiber optics
New Full Disclosure, Website Vulnerabilities Database
Commentary  |  4/16/2010  | 
The biggest news in security circles in the past day or so is the new full disclosure site, Vulnerable Sites DB database.
Attacking Electronic Door Access Control Systems
Commentary  |  4/16/2010  | 
A friend recently pointed me to some research he has been doing with embedded door access control systems, as well as some of the vulnerabilities he has uncovered. Some of his findings were recently disclosed at Carolinacon, with more to come during his presentation at Hack in the Box.
Bridging The Gap Between Training And Operations
Commentary  |  4/15/2010  | 
The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.
NSA Director On The Cyber-Counterattack
Commentary  |  4/15/2010  | 
According to an Associated Press report, the director of the National Security Agency told Congress the U.S. should respond in force to computer-based attacks -- even when the attacker is not known. Is that possible, and is it a good idea?
Nmap Does Much More Than Network Discovery
Commentary  |  4/12/2010  | 
Nmap is among a network penetration tester's best friends, sitting high on a pedestal with the Metasploit Framework. I've been using the tool my entire career for network mapping and host discovery, typically on a weekly basis.
Flat-File Databases Often Overlooked In Security Schemes
News  |  4/9/2010  | 
Popular method of creating and exchanging database files could leave sensitive data vulnerable, experts say
Stop Counting Bots
Commentary  |  4/9/2010  | 
How many bots are on the Internet, and why should we care? This is an argument I've been making since the late 1990s, and it is high time I got it in writing outside of closed circles.
Cisco WLAN Flaws May Be Typical Of Many Proprietary Systems, Researcher Says
News  |  4/9/2010  | 
Black Hat Europe presentation to offer view into Cisco WLAN vulnerabilities -- and a warning to users of other proprietary products
In SSL We Trust? Not Lately
Commentary  |  4/7/2010  | 
In the past two weeks we have seen multiple problems with SSL, which is used in our Web browsers to protect the privacy and integrity of our electronic transactions.
PCI Database Security Primer
Commentary  |  4/6/2010  | 
I have written a lot about compliance in that past three months, but most of the guidance has been generic. Now I want to talk about database security specifically in relation to the Payment Card Industry (PCI) Data Security Standard, and consider compliance more from an architectural standpoint as opposed to a tools- or policy-based perspective.
Share -- Or Keep Getting Pwned
Commentary  |  4/2/2010  | 
Forget the bad guys: Sometimes it seems like the security industry doesn't trust itself. There's too much internal hoarding of intelligence for privacy or competitive reasons and too little sharing of information among researchers, victims, and law enforcement about real attacks. All this does is give the cybercriminals an edge.
Password Brute Forcing Tool Gets Major Update
Commentary  |  4/2/2010  | 
Brute-force password guessing attacks are very common. If you operate a publicly accessible SSH server, then you know firsthand just how common it is with constant poking for weak passwords on accounts like root, admin, and test. When the attackers do find a weak password and gain access, they will typically download their tools and start scanning for more weak passwords from the newly compromised server.
'MULE' Prototype Uses Location For Authentication
Quick Hits  |  4/1/2010  | 
CMU research creates Mobile User Location-Specific Encryption


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd