Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Snow Leopard's Toothless Trojan Defense
Snow Leopard is the strongest business offering that Apple has ever fielded, but Apple remains in the dark ages when it comes to protection against malware and its unwillingness to work with third-party vendors to minimize the risk of bringing an Apple machine into a large business.
Lessons From The Credit Union Penetration-Test Debacle
Determining who is "in the loop" during a penetration test is an important step not always properly planned during the beginning phases of an engagement. The recent media release from the National Credit Union Association (NCUA) provides an excellent example of what can go wrong.
Filtering Network Attacks With A 'Netflix' Method
University of California at Irvine researchers devise new model for blacklisting network attackers
Cybercriminals: Taking The Road Less Traveled
If you were a criminal, what data would you be looking for? The most obvious answer is to look for the types of data that give you direct access to cash: bank accounts, brokerage accounts, credit cards. Like Willie Sutton, you'd go where the money is, right? And that's why some of the stiffest security defenses surround this sort of account data.
New IEEE Printer Security Standard Calls For Encryption, Authentication, Electronic 'Shredding'
Printers finally getting security attention, but locking them down depends on actual implementation, configuration, experts say
Attacking Customers, Employees With SQL Injection
In the security world, providing "what-if" scenarios can be good, but real-world examples are often required to get people to sit up and listen.
Message From Hackers: Enjoy The Summer Break Because Winter Attacks Will Be Harsh
More than 80 percent are more active over the winter holidays, according to newly released survey of hackers at Defcon17
When Mass SQL Injection Worms Evolve...Again
In the past, I've described how mass SQL injection worms took the Web completely by storm. Two years ago, SQL injection attacks evolved from sentient, one-off, targeted data-stealing exploits, like in the breaches at Hannaford Brothers and Heartland, to fully automated, unauthenticated
Your Cloud Insurance Policy
Security is all about managing risk -- looking at the threats, evaluating the likelihood that they will affect you, and determining what the impact would be. But in the end, do the numbers really make us feel warm and fuzzy? I didn't think so.
Rapid Triage To Stop The Data Bleed
The SANS Internet Storm Center on Tuesday questioned whether an exploit was out in the wild for MS09-039 due to increased scanning for TCP port 42. That same afternoon, a notice went out to the EDUCAUSE Security mailing list with the subject: "CRITICAL: Active exploitation of MS09-039 in the EDU sector." It's not often we get to see a preauthentication attack against a Windows service like WINS that makes an easy jumping-off point to compromise an entire Microsoft Active Directory. Can you imagi
Why I Refuse to Update My Website Certificate
Every year or so, someone reports a supposed security vulnerability in a site that I run, warning me that the certificate has expired. I always respond that I would be happy to update it when I get a free moment, but that it is far from a priority.
Qualys Report Shows Disturbing Persistence Of Critical Vulns
In my recent Tech Insight on vulnerability management, I covered a few of the major components for having a successful program to address vulnerabilities as they are disclosed by vendors and researchers. I've known for a while that patching desktop applications is lagging behind, but for some reason companies just aren't taking it seriously enough to resolve quickly -- even when confronted wit
Who Are These Followers And Followees of the Twitter Botnet?
Social networks really do bring people together, don't they? Old friends. Long-lost relatives. Bots and bot-herders. Warms the heart.
Physical Penetration Testing Tells All
Rob Enderle had a great post here on Dark Reading on the discrepancies between physical and system security and what happens when they don't match up. The problem is most companies just don't understand physical security and how it can fail. They often think they do, but then they end up putting in flawed physical security controls that can't keep out even the mo
Reclaiming The Email Channel
Financial institutions and ecommerce sites use email as a marketing platform, training users to trust email -- essentially blazing a trail for the phishers.
Specialization Inevitable In Infosec
Specialization in the information security field is key. Plenty of blogs have been written during the past few months with infosec career advice, but none has hit the nail on the head like two recent posts from Richard Bejtlich and Anton Chuvakin.
It's Time To Integrate Physical And Virtual Security
With examples of employee theft and the increasing threat of damage to systems by disgruntled ex-employees, it's time to consider presence-linked polices and implementing the Trusted Computing Group's new Trusted Network Connect (TNC) standard. We have the technology to better support our financial and intellectual property -- and in these hard times, we need to step up and do just that.
Denial-Of-Service Attacks Hard To Kill
While tweets went silent last week, hundreds of other DDoS attacks were under way around the globe -- and several more powerful ones
Social Zombies Out For Your Network, Not Brains
Last week, I took a shot at the Marines for banning social networks without waiting for the Pentagon to finish looking into the threats posed by members of our armed forces using sites like Facebook and Twitter.
Lockpicking And The Internet
Physical locks aren't very good. They keep the honest out, but any burglar worth his salt can pick the common door lock pretty quickly. It used to be that most people didn't know this. Sure, we all watched television criminals and private detectives pick locks with an ease only found on television and thought it realistic, but somehow we still held onto the belief that our own locks kept us safe from intruders.
The Internet changed that.
Big Names, Big Blogs
The Dark Reading blog section continues to add new voices from some of the top security researchers and experts in the industry.
SecurityBSides: The Best-Kept Vegas Secret
Getting to SecurityBSides made me think of all the Vegas movies where a casino boss takes a cheater out into the desert and buries him in the sand.
Marines Jump The Gun On Social Networking
Being on the front line of IT security, it often feels like the equivalent of holding a hammer during a game of Whack-A-Mole. One day it's a client-side vulnerability in Adobe Acrobat, and the next, it's an unsubstantiated vulnerability in OpenSSH. At the end of the day, we're just trying to find that balance between usability,productivity, and security. That's why the news that the U.S. Marines are banning social networking sites completely makes me think they're jumping the gun.
The Seedy Side Of Hacking
The running joke among seasoned Defcon attendees in Las Vegas every year is to steer clear of ATM machines at the Riviera Hotel, where hackers have known to place a booby-trapped ATM to prove their point that nothing is sacred when hackers are in the house (or worse). Then there's the Wall of Sheep "contest" at both Black Hat USA and Defcon to see who's either clueless or bold enough to jump onto the unsecured WiFi network at the shows. When they do, they get the dubious honor of getting their
'FOCA' And The Power Of Metadata Analysis
Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat.
Compliance Pressures Fuel Adoption Of Firewall Auditing Tools
PCI, staffing cuts are driving organizations to rein in their firewall policies and change processes with automation tools
Security Vendors That Spam
Every time a security vendor sends spam, an angel's wings get clipped.
|
Latest Comment: After several data breaches, management decided to go with a more aggresive DLP strategy.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
