Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in August 2008
Report: Email Address Dictates Spam Volume
News  |  8/28/2008  | 
The first letter of your email address is one factor in your spam risk, a researcher says
Feds Shift Gears & Mandate DNSSEC for All Agencies
Quick Hits  |  8/28/2008  | 
US government takes a harder line on securing DNS infrastructure, but DNSSEC still hotly debated
Report: Popular Web Attacks Go Stealth
News  |  8/27/2008  | 
Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
Hack Lets Researchers Silently Eavesdrop on IP Networks
Quick Hits  |  8/27/2008  | 
New twist on an old BGP routing vulnerability could change the face of data theft, researchers say
Fedora, Red Hat Servers Compromised
Quick Hits  |  8/25/2008  | 
Popular Linux implementation will require changes in signing keys
Is This the End of the Pre-Recorded Telemarketing Call?
News  |  8/21/2008  | 
New FTC rules redefine consumers' privacy rights
Device Shields Implant Patients From 'Body Hacking'
Quick Hits  |  8/21/2008  | 
Cloaking device can prevent pacemakers from remote tampering, hacking
Linux Users Speculate Over Fedora Outage
Quick Hits  |  8/20/2008  | 
Could the popular Red Hat Linux implementation have been breached? Fedora's architects aren't telling
Princeton Review Exposes Data on More Than 100,000 Students
News  |  8/19/2008  | 
Website configuration error left data accessible for seven weeks
Attacks Continue on Retail Stores, Restaurants
News  |  8/18/2008  | 
Criminals exploit wireless vulnerabilities, social engineering to collect large volumes of customer data
Spear Phishing Attack Unleashes 1.5M Spam Messages
Quick Hits  |  8/18/2008  | 
New Zealand university is exploited after convincing ruse fools four staffers
Hat World Tops Off EVDO Rollout With Security
News  |  8/15/2008  | 
Retailer initially found EVDO security solutions few and far between
'Surf Jacking' Threatens Secure Browser Sessions
Quick Hits  |  8/14/2008  | 
Researcher launches proof of concept to show vulnerability in HTTPS
MIT Presentation on Subway Hack Leaks Out
News  |  8/12/2008  | 
In ironic twist, court documents that argue for suppression of Defcon presentation help distribute data about the hack
Georgian Government, News Sites Under Cyber Attack
News  |  8/12/2008  | 
Attacks attributed to Russia take many key information sources offline
Some AV Tools Detect Less Than Half of Active Malware Attacks
Quick Hits  |  8/11/2008  | 
In test, some popular antivirus packages miss almost two thirds of malware thrown at them
Researchers: There's Gold in Them Thar Hacks
News  |  8/8/2008  | 
Black Hat presentation shows some simple methods hackers have used to get rich or die trying
Fuzzing Nips Static Analysis in 'Iron Chef' Contest
Quick Hits  |  8/8/2008  | 
Both teams find exploits in under an hour at Black Hat contest
'Bringing Sexy Back' to Hacking
News  |  8/7/2008  | 
DefCon session will feature iPhones running WiFi scans and sophisticated spear-phishing tricks
Feds: Foreign Attackers 'Knocking on Our Door Every Day'
News  |  8/7/2008  | 
Attacks on US government systems are frequent and serious, top officials say
CNN, Olympics Spam Put Botnet in First Place
Quick Hits  |  8/7/2008  | 
Rustock botnet edges Srizbi as number one spamming botnet, according to Marshal's TRACE team
Kaminsky: DNS Vulnerability Will Affect Email, Internal Systems, Too
News  |  8/6/2008  | 
If you think the now-infamous flaw is limited to browsers and the Web, think again, pioneer researcher says
Malicious Botnet Stole Bank, Credit Union Credentials
News  |  8/6/2008  | 
New report says the 50 GB of data stolen were only one fourth of the data harvested
Feds Arrest Hackers of TJX, Other Retailers in Huge Conspiracy Bust
News  |  8/5/2008  | 
Eleven perpetrators held responsible for online theft and sale of more than 40 million credit and debit cards
Apple Puts Kibosh on Two Sessions at Black Hat
Quick Hits  |  8/4/2008  | 
Revelations about vulnerabilities, security practices are disallowed by Apple's legal and PR departments
Freezing the Cold-Boot Attack
News  |  8/1/2008  | 
Researcher reveals new technologies he built to combat attacks that crack disk encryption on machines
Bringing Science to the Debate
News  |  8/1/2008  | 
It's time to get an account of whether proof-of-concept/exploit code actually helps or hurts users
Survey: 90% of Security Incidents Went Unreported Last Year
Quick Hits  |  8/1/2008  | 
Storm only affected 14 percent of organizations last year, according to a newly released survey of RSA Conference attendees


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.