Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in June 2010
Protecting SSH From The Masses
Commentary  |  6/30/2010  | 
SSH brute-force attacks are not uncommon against computer systems sitting on public IP addresses. Script kiddies and botnet-infected systems are scanning the Internet looking for low-hanging fruit (think: weak passwords) to leverage for additional attacks, website defacements, or attack-tool storage.
Dark Reading Launches New Tech Center On Security For Small And Midsize Enterprises
Commentary  |  6/30/2010  | 
Today Dark Reading launches a new feature: the SMB Security Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of data security in small and midsize businesses.
The Failure Of Cryptography To Secure Modern Networks
Commentary  |  6/30/2010  | 
For a while now, I've pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on.
Busted Alleged Russian Spies Used Steganography To Conceal Communications
News  |  6/29/2010  | 
'Deep-cover' Russian intelligence agents hid electronic messages behind computer images
No PDF Updates Anymore--Anyone Interested?
Commentary  |  6/29/2010  | 
Adobe has published its security updates for Adobe Reader and Adobe Acrobat.
Kyrgyzstan On Verge Of Cyberwar? Not So Much
Commentary  |  6/24/2010  | 
Cyberwarfare has become one of these buzzwords people just like to use. But in most cases -- it isn't used accurately.
Open-Source Database Security
Commentary  |  6/21/2010  | 
A recent article on Dark Reading underscores a growing concern in IT: how to secure open-source databases.
That Was Easy: New Tool For Web Form Password Brute Force Attacks
Commentary  |  6/21/2010  | 
Passwords suck. We all know it, but unless you can afford to provide multifactor authentication to all of your users and business partners, you're stuck with them.
PCI Standards Stretched To Three-Year Cycle
Quick Hits  |  6/20/2010  | 
PCI Standards Council adds an extra year between new payment card security requirements
Researcher 'Fingerprints' The Bad Guys Behind The Malware
News  |  6/20/2010  | 
Black Hat USA researcher will demonstrate how to find clues to help ID actual attackers, plans to release free fingerprinting tool
Looking For Vulns In All The Right Places? Experts Say You Might Be Missing A Few
News  |  6/18/2010  | 
Network-attached devices, paper documents, and your physical plant should be included in vulnerability scans, researchers warn
Cracked Wi-Fi Standards (Finally) Being Phased Out
Quick Hits  |  6/18/2010  | 
Standards groups say WEP, TKIP will no longer be allowed in interoperability tests
BP And The Importance Of Calling Out Corruption
Commentary  |  6/18/2010  | 
A recent article in Rolling Stone shows how the combination of a corrupt process for ensuring the safety of oil rigs, corruption of the information on the risk, the actual BP disaster -- and politics -- has resulted in the biggest environmental disaster in the country's history. It also mirrors a massive problem in IT security where political expediency, short-term financial gains, and personal benefits often trump good business practice.
Juniper Rolls Out Mobile Security Software
News  |  6/18/2010  | 
Junos Pulse is a dynamic, standards-based, integrated multiservice network client that allows the IT staff to enforce consistent endpoint security policies
Real-Life Social Engineering
Commentary  |  6/18/2010  | 
Social engineering attacks are becoming so commonplace that it has become a little easier to educate users about identifying phishing e-mails and websites because they are seeing the attacks firsthand on a more regular basis. What they often don't realize is the damage that can be done, or how similar attacks might come at them, through their personal lives.
Search Google, Surf Facebook Using HTTPS
Commentary  |  6/18/2010  | 
While more and more sites support encryption (Twitter, LinkedIn), sometimes even by default (Gmail), others still send your data in the clear. The new Firefox extension is just what the doctor ordered.
The Next-Generation IPS
News  |  6/16/2010  | 
Intrusion prevention systems get closer to the client -- and, in some cases, further from the internal network
There's A Recipe For That
Commentary  |  6/15/2010  | 
Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.
Snort'ing Out Anomalies
Commentary  |  6/14/2010  | 
Detecting determined attackers focused on getting your data -- and getting away with it is not an easy task. To that end, many security products have been created that attempt everything from separation of privileges and tight access control to full network packet inspection and data loss prevention.
Shed Vulnerabilities With One Simple Rule
Commentary  |  6/14/2010  | 
A couple of months ago, Secunia's Stefan Frei published a great paper about the patching burden that the average PC user faces every week.
The Truth About Vulnerability Scanners
News  |  6/11/2010  | 
Scanning tools can help detect vulnerabilities, but they shouldn't be the only tools on your belt. Here's a look at three areas where scanners fall short
Ways To Slow An Attacker
Commentary  |  6/9/2010  | 
The inevitability of failure in security has been up for discussion a lot during the past couple of years. It's a mentality that a lot of security professionals have subscribed to because of various reasons: proliferation of malware, user behavior, advanced persistent threat (APT), or simply Murphy's Law.
Massachusetts Data Privacy Standard: Comply Or Not?
Commentary  |  6/8/2010  | 
In my previous position at a database security vendor, I was often asked by marketing to explain the applicability of technology to problems: how you could use assessment for PCI compliance, or why database activity monitoring was applicable to privacy laws, for example.
Turkish Hackers Defacing Israeli Facebook Accounts
Commentary  |  6/5/2010  | 
Following the Gaza flotilla incident, Turkish hackers have been defacing Facebook accounts of Israelis and uploading anti-Israeli material to them.
'Dark Side' Uses For Defensive Tools
Commentary  |  6/4/2010  | 
Tools used by system administrators for defensive security can often be turned around and used offensively by attackers. Microsoft Sysinternals' psexec is a great example.
An Industrial Espionage Comeback
Commentary  |  6/3/2010  | 
Apple seems to believe, and likely with good reason, that competitors are aggressively trying to steal its ideas.
Facebook: Screw You, Privacy Hugger
Commentary  |  6/1/2010  | 
As you know, Facebook recently overhauled its privacy controls -- or, well, overhauled the user interface to them. Upshot: Get over the privacy thing. But is that really what we want?


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd