Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in September 2010
Trust No One, Monitor Everyone?
News  |  9/30/2010  | 
'Zero Trust' model strikes a chord with user-borne attack concerns but could be overkill, experts say
User Authentication In E-Commerce
Commentary  |  9/29/2010  | 
When we designed SSL to enable e-commerce on the Web, we had to solve two issues. One was the Web's openness -- the fact that anybody can read anything -- and the other was how parties might authenticate with one another.
Why The Insider Threat Is Ignored
Commentary  |  9/28/2010  | 
The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.
Top Excuses For Foregoing Security Monitoring, Logging
Commentary  |  9/28/2010  | 
Monitoring for security incidents can be tough. It's tougher when you don't know what to look for. Now imagine trying to investigate an incident when you don't have any logs to analyze.
Five Main Causes Of SMB Security Incidents
Commentary  |  9/27/2010  | 
Like you, I have read many articles covering small business security, the authors of which have made up various lists of "top X threats" or "this year's biggest vulnerabilities," etc. So I thought it would be interesting to dig into a sampling of the data breach reports and collect some real data on causes of breaches and other security incidents in SMBs.
Lock-Picking Popularity Grows
Commentary  |  9/24/2010  | 
As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.
The Top Five Ways Attackers Target Small Businesses -- And What You Can Do About It
News  |  9/24/2010  | 
SMBs are becoming a favorite target for cybercriminals. Is your organization taking the right steps to stop them?
'Here You Have' A Lesson
Commentary  |  9/24/2010  | 
It's been interchangeably called spam, or a targeted attack that spun out of control, or a form of cyber-jihad with alleged geopolitical implications. But regardless of what you call it, the "Here You Have" email worm is an excellent example of just how well today's security can work. Here are a few justifications for that optimism.
Different Flavors Of The Insider Threat
Commentary  |  9/22/2010  | 
There are different categories of insider threats, based on the level of access the employee has. There are four types: pure insider, insider associate, insider affiliate, and outside affiliate. Each of these categories also has different motives. Understanding each is a key to building proper preventive and detective defenses.
Web-Based Spam Detection With Google Alerts
Commentary  |  9/22/2010  | 
Search engines are great, powerful tools. They can help find an answer when you've tried everything you can think of. They can also help find information about a company you may be performing a penetration test on.
The What And The Why Of Professional Penetration Testing
Commentary  |  9/20/2010  | 
Welcome to the first in a series of posts on professional penetration testing. During the course of the next few entries, I will shed light on the often confusing and rarely straightforward world of penetration testing based on my experience during the past decade as both a professional penetration tester and a manager of penetration testing teams.
Missing The Insider Threat
Commentary  |  9/20/2010  | 
"I trust everyone. It is the devil inside that I do not trust" is a great line from the movie "The Italian Job." Every single person has the potential to do harm if the right circumstances occur. Yes, this includes employees.
Protegrity Gets Aggressive
Commentary  |  9/20/2010  | 
Last week Protegrity announced it had filed patent infringement suits against NuBridges and Voltage Security Inc., its main competitors. Patent infringements suits are nothing new with technology companies, but this one was a little odd in that the suits were actually filed in May.
Google Bolsters Apps With Two-Step Verification
News  |  9/20/2010  | 
Protection will be available first to Google Apps Premiere, Government, and Education edition users, at no extra charge
A Lesson From Steve Jobs' Email
Commentary  |  9/20/2010  | 
We've all had one of these moments: You get an email and quickly respond without putting much thought into it. Then you end up wishing you'd taken more time.
Forrester Pushes 'Zero Trust' Model For Security
News  |  9/17/2010  | 
New security approach would view internal network traffic as untrusted, as well as closely monitor and analyze all traffic inside and outside of the organization
Taking USB Attacks To The Next Level
Commentary  |  9/15/2010  | 
USB devices have many benign, legitimate uses. But put a USB-based device in the hands of a savvy hardware hacker, and that USB device can go from good to evil in no time.
Dark Reading Launches Tech Center On Security Monitoring
Commentary  |  9/14/2010  | 
Today Dark Reading launches a new feature: the Security Monitoring Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of security data monitoring and analysis.
Relying On Tools Makes You Dumber
Commentary  |  9/13/2010  | 
It takes a lot of time and effort to stay up on the latest vulnerabilities, attacks, and tools. Often, we in the security field rely on tools to automate parts of a vulnerability assessment or penetration test, but our testing should never rely only on the tools. If all we ran were some tools and blindly trusted their output,then we would be no better than your average script kiddie.
State Of Cybercrime Legislation Around The World
Commentary  |  9/13/2010  | 
The main problem with international law enforcement on cybercrime is that even with efforts by the FBI and others, international communication between different agencies around the world is extremely slow.
'Virus Crashes Plane' And Poor Safety Protocols
Commentary  |  9/10/2010  | 
Now that people are done making noise about how a "virus crashes a plane," the subject can be discussed reasonably.
Authentication A Problem That Needs a Solution -- Yesterday
Commentary  |  9/8/2010  | 
A number of distinct developments brought about the current authentication schemes we see in networks today.
Ownage By USB Keyboard
Commentary  |  9/8/2010  | 
When was the last time Windows asked you for permission before adding your new hardware -- say, a mouse?
Seven Features To Look For In Database Assessment Tools
Commentary  |  9/7/2010  | 
As a follow-up to my "Essentials of Database Assessment" post, I want to go over some of the basic features and functions to look for in a database assessment product. Many features differentiate one tool from another, but I'll focus in on the top seven items you should review.
Keep Your Browser Updated
Commentary  |  9/7/2010  | 
During the Labor Day weekend, I got pulled in by friends and relatives (some remotely) to take care of their computer-related problems.
Anticipating The First Car Virus
Commentary  |  9/7/2010  | 
I've been thinking a lot about Intel's acquisition of McAfee, and recently spent the afternoon with the company reviewing its strategy. Intel doesn't want to repeat the mistake made with the PC in regard to malware as we move to more common interfaces, operating systems, and network-connected TVs, appliances, manufacturing equipment, air conditioning and heating systems -- and, yes, automobiles and motorcycles. While a virus or an attack on a PC or server is certainly painful, the same attack on
Firewalls Top Purchase Priority In 2010, Survey Says
Quick Hits  |  9/2/2010  | 
Mobile computing, social networks, cloud computing named as the top three threats
IPv6 Transition Poses New Security Threats
News  |  9/2/2010  | 
Next-generation IP protocol comes with more security as well as some potential flaws of its own
Networked Scanners Offer A Window Into The Enterprise, Researcher Says
News  |  9/1/2010  | 
Emerging Web-based features make it possible to capture document contents remotely, Zscaler's Sutton warns
Misconfigured Networks Are Easiest Prey, Hacker Survey Says
Quick Hits  |  9/1/2010  | 
Network vulnerabilities are simple to find, easy to attack, DEFCON survey respondents say
Finding Exposed Devices On Your Network
Commentary  |  9/1/2010  | 
When browsing through SHODAN, it never ceases to amaze me what I can find. How is it that people think it's okay to leave their printers, routers, fiber channel switches, and industrial control systems completely open to the Internet?


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd