Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2009
<<   <   Page 2 / 2
PCI Impact Brings Insurance Protection Offering
Commentary  |  1/12/2009  | 
What does it say about the impact of PCI regulations on small to midsize businesses when an insurance company begins offering "card-compromise" coverage?
Employee Data As Valuable As Customer Info... And Even More At Risk!
Commentary  |  1/12/2009  | 
Crooks are just as interested in your employees' confidential data as they are in your customers'. And according to PricewaterhouseCoopers, worker's info may be even easier to steal.
Microsoft's Light Patch Tuesday Offset By Oracle
Commentary  |  1/9/2009  | 
While Microsoft is slated to issue one patch next week, Oracle announced it will release an eye-popping 41 security vulnerability fixes that touch hundreds of applications. Oh joy.
Campus Net Abuzz With BCS Win
Commentary  |  1/9/2009  | 
Another year, another championship. Now, that's not meant to sound snobbish or trite, but the past few years have been very good for University of Florida athletic programs. Last night was a great example with the Gator football team wrapping up the BCS National Championship with a win against the Oklahoma Sooners. After seeing the preparatory buzz of activity yesterday, I expected to see more visible excitement as I walked a
CNN Gaza Spam Scam: Headlines Make Phishing Lines
Commentary  |  1/9/2009  | 
Spam phishers are at it again, trying to turn headlines and media sources into phish bait. This time it was the Gaza crisis, with supposedly legitimate CNN mail guiding the gullible to Trojan-bearing malware sites.
When It Comes To Development, Doesn't Anyone Learn From History?
Commentary  |  1/8/2009  | 
From the successful microblogging site Twitter to a Web site toll-payment system in New Zealand for a motorway that runs from Orewa to Puhoi, security still remains an afterthought.
Bombshells For The New Year
Commentary  |  1/8/2009  | 
The week after Christmas should be a quiet, reflective time to get organized for the new year while the security industry takes a little winter's rest. Uh -- not so much. This is the security industry, remember? Vendors may not roll out products during the holidays, but hackers never sleep.
Social Net Security: Phishers Fake LinkedIn Profiles
Commentary  |  1/8/2009  | 
Social networks' business potential is running smack into social networks' security issues, as witness this week's problems with Twitter and now, professional network LinkedIn.If your company and employees are using social nets there are some social net security practices they must, well, practice.
Security Spending May Increase In 2009
Commentary  |  1/8/2009  | 
Research firm Forrester predicts security spending, as a percentage of overall IT budgets, is set to rise this year.
You're Not Paranoid, Your Antivirus Just Doesn't Work Well
Commentary  |  1/7/2009  | 
Myth #2 of the "The Five Most Dangerous Security Myths" by PC World's Erik Larkin popped up in my inbox from a family member this morning. The second myth is, "Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a goo
Green Is A 'Nice To Have'
Commentary  |  1/7/2009  | 
2009 is here and for IT, it's ugly. Storage projects will need to be justified with near instant ROI's. Over the next several entries we will look at projects you can undertake which will deliver that near-instant ROI, but first let's look at what Green IT's new role is during the economic downturn.
The Twitter Hack: One Thing You Need To Do
Commentary  |  1/6/2009  | 
As many of you know, the week has been off to a bad start for the Twitter microblogging site. While there's no absolute way to protect yourself when a vendor's security system fails, there is one crucial step you can take to limit your exposure.
People-Hacking
Commentary  |  1/6/2009  | 
My firm was recently hired to perform a network assessment for a fairly large bank. The emphasis on this engagement was circumventing physical controls and gaining access to the bank's internal network infrastructure. As with most financial institutions, we were asked to compromise remote locations (bank branches) and then make an attempt on the main office.
Twitter Hacks Raise Social Net Security Flags
Commentary  |  1/6/2009  | 
If you use Twitter, re-set your password before you do anything else. Then give some thought to what this week's Twitter hack says about how we use social networks, both in business and personally.
DLP Market Continues Its Consolidation
Commentary  |  1/5/2009  | 
CA's data loss prevention (DLP) vendor acquisition today clinches it: DLP vendors must either forge partnerships or be acquired to survive.
Security Spending Rises As Economy Sinks: Forrester
Commentary  |  1/5/2009  | 
The bad economy is good news for small and midsized business security budgets, according to a new report from Forrester. And, judging by some of Forrester's findings, the uptick comes just in time.
Browser Privacy Features Leave Users Exposed
Commentary  |  1/5/2009  | 
When using "private browsing mode" included in many of the current (and beta) Web browsers, do you know just how well it is working at preventing your Internet browsing from being tracked? What about the protection provided when you hit the button to clear your Web browsing history, cookies, and cached files?
Phishing For Tweets
Commentary  |  1/5/2009  | 
A new phishing scam that targets Twitter users is a backhanded compliment to the messaging service.
VeriSign Announced It Has Transitioned To Stronger Crypto
Commentary  |  1/4/2009  | 
Last week the IT security community lit up with the news that a team of researchers demonstrated how they could force digital certificates -- those digitally signed files that make it possible for software to vouch for its publisher -- and Web sites to safely identify themselves.
Are Web Site Defacements Really Cyber War?
Commentary  |  1/3/2009  | 
Almost every time there's a physical conflict, online "attacks" follow. And the recent spate of Palestinian Web site defacements are no exception. This sort of reaction on the Internet is certainly not new. In fact, we can only expect them to escalate.
DLP: An Important Tool In Protecting Data During Mergers & Acquisitions
Commentary  |  1/2/2009  | 
Data loss prevention (DLP) is a topic I've covered in the past because it's important in these times of targeted attacks and accidental data loss. It also tends to be a controversial topic since many people view it differently due to the variation in definitions of what the technology really is. For example, DLP vendors have solutions that range from basic content filtering at the network gateway to complex network- and host-based monitoring solutions, leaving the definition up to the vendor who
Security According To Google: Browser Security Handbook Made Public
Commentary  |  1/2/2009  | 
Google has released its own take on the nature of browser security -- and the ways in which browsers lack it.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.