Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in May 2010
Cisco Warns Of Security Flaws In Building Management System
News  |  5/27/2010  | 
Multiple vulnerabilities could enable attackers to access power, HVAC, and physical security systems
Payment Systems Group Issues End-To-End Encryption Guidelines
News  |  5/27/2010  | 
POS vendor group rolls out requirements for encrypting card data, ahead of PCI group
Security's Top 4 Social Engineers Of All Time
Commentary  |  5/26/2010  | 
My team here at Secure Network was recently discussing who we considered the best social engineers of all time. My colleagues and I each made a list and defended our candidates based on the creativity, innovation, and the public impact they had made. Here are our final top four social engineers from number four to number one, and why we chose them.
Not Too Late To Learn From Defcon CTF Qualifiers
Commentary  |  5/26/2010  | 
This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.
Sourcefire Expands Real-Time Application Awareness
News  |  5/25/2010  | 
Capability provides users with increased network visibility
Defense-In-Depth Via Cloud Security Services
Commentary  |  5/24/2010  | 
Repeat after me: defense in depth. It's an archaic concept that hasn't gone out of style. The fact is it's even more critical to enterprises now than ever before. The proliferation of Web-borne threats is making IT shops everywhere re-evaluate their security strategies to deal with malware infections happening on systems that were "locked down" and running updated antivirus.
What Oracle Gets In The Secerno Buy
Commentary  |  5/24/2010  | 
One key takeaway from Oracle's acquisition of Secerno is that the database giant now has a database activity monitoring (DAM) solution, closing a big gap in its current security capabilities.
Other Facebook Privacy Problems You May Not Know About
Commentary  |  5/23/2010  | 
While people are busy discussing Facebook's privacy policies about user data, it's the less-direct privacy issues that constantly nag at me. I haven't seen these discussed before, although I'm sure I'm not the only one to notice them.
Hacking The Security Infrastructure
News  |  5/19/2010  | 
Researchers at Black Hat USA will demonstrate vulnerabilities, proof-of-concept attacks on popular firewalls, security management consoles
Big New Features In New Metasploit Framework
Commentary  |  5/19/2010  | 
The penetration testing world saw a couple of exciting announcements yesterday. The first one I want to mention because it's one of my favorite tools -- Burp Suite Professional. It's a great tool for Web application penetration testing, and a new update was just released. But of course the big news that has everyone talking are the Metasploit releases.
Hardware Lockdown Initiative Cracks Down On Cloning, Counterfeiting
News  |  5/18/2010  | 
Cisco joins seven other vendors in new Hardware Intrinsic Security (HIS) effort
When Social Engineering Tests Fail
Commentary  |  5/18/2010  | 
Our company, Secure Network, has performed numerous security assessments and penetration tests, many of which involved social engineering. That's when we test our clients' employees to see if they adhere to security policies. Even with all of the planning that goes on beforehand, these engagements sometimes can go wrong.
Product Watch: Sourcefire Rolls Out SSL Appliance
News  |  5/18/2010  | 
Hardware device works with IPS to inspect SSL-encrypted traffic for malicious intent, data leakage
Goldman Sachs Lawsuit Shows Need For DAM
Commentary  |  5/18/2010  | 
When Goldman Sachs was hit with a lawsuit by Ipreo Networks, I got a call from Dark Reading contributor Ericka Chickowski to talk about the alleged misuse of the "BigDough" database. Specific details on this case remain scarce, but threats to Customer Relationship Management (CRM) systems and SaaS based data services are well known.
Lessons From The Volcano
Commentary  |  5/17/2010  | 
I had a chance to fly rather close to Iceland's Eyjafjallajokull volcano last week. On a flight back from Frankfurt, the pilot somehow got permission to divert from the scheduled flight path as we crossed Iceland to give us a closer look of the volcano.
Build-A-Botnet Kits Let Anyone Steal Data
Commentary  |  5/17/2010  | 
At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, "You don't need to be tech savvy" to steal data. It's a sad but true reality that isn't much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware. We've seen the results of easy-to-use exploit toolkits.
Microsoft Security In 140 Characters Or Less
Commentary  |  5/14/2010  | 
When Microsoft's JG Chirapurath said he would stick to Twitter's maximum capacity of 140 characters for his responses in our twitterview last week, he wasn't kidding.
PCI Streamlines PIN Transaction Security Requirements
News  |  5/12/2010  | 
Look for more 'proactive' PCI in the future, working group member says
Suricata Pushing Intrusion Detection Evolution
Commentary  |  5/12/2010  | 
Advances in intrusion detection systems (IDS) and intrusion prevention systems (IPS) have stayed fairly stagnant, with the exception of the signatures that must change daily to meet current threats. The Suricata project from the Open Information Security Foundation (OISF) looks to change that and bring forth the evolution of the IDS.
A New Way To Choose Database Encryption
Commentary  |  5/12/2010  | 
I can't count how many times I've been in a meeting when someone tosses out the phrase, "Oh, we'll just encrypt the database." Yeah. Right. Good luck with that.
New Services Could Signal Shift In SaaS Security Offerings
News  |  5/12/2010  | 
Symantec, Verizon Business launch new security offerings
The Myth Of Cyberattack Deterrence
Commentary  |  5/10/2010  | 
Deterrence online is one of the biggest idiocies of the past couple of years. There are some interesting research possibilities in the subject matter, but not as it is portrayed today -- a cure-all strategy.
DOJ, DHS Bust Ring Trafficking Counterfeit Cisco Hardware
Quick Hits  |  5/7/2010  | 
Global 'Operation Network Raider' initiative seized phony routers, switches, network cards, secure communication devices made in China
Multifunction Print Devices Under Fire
Commentary  |  5/7/2010  | 
There's nothing like a news story on a major television network (or talk radio) to get your boss asking you odd questions. Ever had that happen? The recent CBS story on digital photocopiers sure generated a buzz and some extra work for IT professionals across all industries.
Dark Reading Celebrates Its Fourth Anniversary
Commentary  |  5/7/2010  | 
Four years ago this week, we flipped the switch on a new website -- Dark Reading -- that was designed to meet a simple goal: to tell you everything you need to know about IT security, right up-to-the-minute that it happens. OK, I said the goal was simple, not easy to achieve.
DOJ, DHS Bust Ring Trafficking Counterfeit Cisco Hardware
Quick Hits  |  5/7/2010  | 
Global 'Operation Network Raider' initiative seized phony routers, switches, network cards, secure communication devices made in China
Product Watch: New DNS Security Service Augments DNSSEC
News  |  5/7/2010  | 
Internet Identity launches DNS monitoring service for 'extended enterprise'
The Idiot Threat
Commentary  |  5/6/2010  | 
It's been interesting to see how the failed bombing in New York's Times Square has been sifted for "lessons."
Alert: Disposable Facebook Apps Installing Adware
Commentary  |  5/6/2010  | 
Just like throwaway domains on the wider Internet, it seems like criminals now use throwaway applications on Facebook. They bring one app online to lure users and potentially infect them, and by the time one is taken down by Facebook, they create yet another.
'Twitterview' With Microsoft
Commentary  |  5/5/2010  | 
I sometimes get a little long-winded when I pose a question to a source during an interview. But I undoubtedly will be pithy tomorrow when I conduct Dark Reading's first-ever "twitterview," or interview via Twitter, where I'll be strictly limited to 140 characters or less for a question.
DLP Gets An Open-Source Boost
Commentary  |  5/5/2010  | 
Data loss, or leakage, prevention (a.k.a. DLP) is a product class that includes data discovery, classification, and monitoring to prevent your sensitive data from falling into the wrong hands. Some implementations are configured to alert instead of block, but the basics are the same. You have sensitive data, you don't always know where it is, so you use DLP tools to find it and keep it safe.
Product Watch: Imation Rolls Out Secure Data Storage Portfolio
News  |  5/3/2010  | 
New data-at-rest line features encryption, authentication, and FIPS compliance
Simple USB Flash-Drive Protection
Commentary  |  5/3/2010  | 
Sneakernet-borne viruses seemed like a thing of the past until we started having Conficker outbreaks. There has been other malware that targeted USB storage devices before Conficker, but for some reason none had been as effective at spreading...something that's likely attributable to the multipronged attack capability.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.