Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Wiping Out Wimpy Passwords
Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.
Phishing Attacks Steadily Rise
A report this week shows the number of phishing attacks continue to climb, year over year. Ditto for the number of Web servers dishing out malware. And the country that hosts the most phishing sites? That one just may surprise you.
Report: SMBs To Spend More On Security
According to a new survey from Forrester Research, businesses of all sizes plan to spend more on security -- especially network security -- in 2010.
IE 6 Aftermath: Time To Review Your Browser Strategy
The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.
Global CIO: After Google Cyber Attack, CIOs Must Find The Body
The Aurora attacks from China are incredibly advanced and malicious, says McAfee's CTO: "Where's the body?"
Global CIO: UPS Provides Peek Into Future Of Wireless
Watching what UPS is doing with its wireless devices has been a good indicator of where the industry is headed
BBB Offers SMB Security Info
The Better Business Bureau, working with technology and financial companies, unveiled a new online educational resource intended to help small businesses get a grip on data and online security. Based on the BB's numbers, it's past time for plenty of those businesses and their staffs to go back to school.
Cost of Data Breaches Continue Their Rise
Businesses that suffered a data breach in 2009 paid a higher price for the incident than any previous year, according to a study released today. Also, the average cost for a data breach reached an eye-opening $6.75 million.
Get Data Out Of The Cloud
As the Cloud Compute and Cloud Storage markets continue to mature, some of those vendors are going to go out of business. It is the natural order of things. The strong (or well funded) survive. You either need to be very sure that the cloud vendor is not going to be one of those that does or you need to make sure you are getting your data out of the cloud on a regular basis.
Global CIO: Salesforce.com CEO Benioff On IT Scams And Cloud Power
In Part 2 of our Salesforce.com analysis, Benioff describes the power of the cloud and proves it with his company's incredibly lean IT infrastructure.
Operating In An Insecure World
I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.
Privacy Network Tor Suffers Breach
The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.
Global CIO: Will Steve Jobs Ban Google From AppleWorld?
An imaginative Apple investor says Steve Jobs is preparing to rock Google's world.
Avoiding ATM "Skimmer" Threats
A security expert has posted photos of a device that could cost your small business dearly if you fall prey to it: an ATM "skimmer."
Sloppy Software Dev Exposes Google Hacker Holes
I've ranted on the subject before, but it's worth sounding off again in light of the recent China hacker breaches of Gmail: Poor software development procedures are the big reason major firms are apparently running around scared witless that their products are vulnerable to cyberattacks. (The corollary, about which we haven't read anything, is that firms with buttoned-down dev rules are likely feeling, if not entirely safe, then at least free of the panic which plagues the cluelessly unprepared.
Google/China Reality Check Amid The Fog Of Cyberwar
We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.
Microsoft IE Patch Due Today -- Once It's Out, Do The Microsoft IE Patch Today
The fact that the patch for the high-buzz IE vulnerability is being released "out-of-band" is an indication of Microsoft's concern -- both for the vulnerability and no doubt for the rising negative buzz chorus as well. Either way, it's up to you to get your browsers patched, the sooner the better.
Global CIO: Salesforce.com CEO Benioff On Beating Microsoft & SAP In The Cloud
Part 1 of 2: The cloud's foremost evangelist and highest achiever opines on those two rivals plus partner/competitor Oracle.
Denial-of-Service Attack Intensity Grows
A survey of 132 network operators and telecommunication providers reveal that Distributed Denial-of-Service (DDoS) attacks is the top day-to-day security challenge facing service providers.
User Security After The Google Hack
Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.
Automated Tiering Methods
A few entries ago we opened up the subject of Automated Tiering with an explanation of why the technology is becoming so needed. As this series of entries continues we will review various storage vendors specific approach to automated tiering, but first it is helpful to understand the common methods that are employed.
Global CIO: IBM CFO Offers 7 Key Insights In Earnings Analysis
IBM's CFO sheds light on atypical opportunities, applications outsourcing, retail resurgence, business analytics, and more.
Global CIO: Dell And The Pursuit Of Google
Huge buyers such as search engines have reshaped the top end of the server market. That's forced Dell to turn its traditional mass-market business model on its head.
What Data Discovery Tools Really Do
Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.
Was Novell Too Quick To Use China/Google Incident To Disparage Cloud Computing?
Had Novell's director of public relations Ian Bruce not responded to my blog post about Google's choice to change Gmail's default transmission mode from the less secure HTTP (Web) to the more secure and encrypted HTTPS (Secure Web), I would have never seen his own blog post on Novell's Web site entitled On Google, e-mail security, and cloud. But I'm gla
Wolfe's Den: IBM Patenting Airport Security Profiling Technology
A dozen "secret" patent applications define a sophisticated scheme for airport terminal and perimeter protection, incorporating potential support for computer implementation of passenger behavioral profiling to detect security threats.
Global CIO: Oracle Foes Scurry To Curry Favor With Dictatorships
Spurned by his former heartthrob heroes in the EU, MySQL's founder now sings the praises of Russia and China.
Global CIO: IBM Iowa's Birthday: IBM Gets $52M, But What Does Iowa Get?
IBM promised 1,300 jobs for incentives of $52M but isn't releasing hiring figures. That's not right.
How Many (Sub) Zero-Day Attacks?
We now know that one of the vectors used in the series of attacks against U.S. businesses was a zero-day vulnerability in Internet Explorer. Apparently, the way most of the world learned of this particular flaw was when it was actually used in these attacks. That's some powerful form of "disclosure," but how common is it?
Nothing New In Aurora Hack
Attackers targeting victims through phishing e-mails that lure users to maliciously crafted Web sites is nothing new. But it does highlight the sophistication of the modern attacker.
Share Your New Security Innovations
I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.
Disposing Of Primary Storage
Every few years you are going to need to replace your enterprise storage system. A challenge that many storage managers face is what to do with the old system. Today you have laws that require you to make sure information is not readable when that storage leaves your walls and you have individuals that want to see what trouble they can dig up by resurrecting old systems.
IE Hole Enables "Most Sophisticated" Attacks Yet
The latest critical vulnerability in Microsoft's Internet Explorer, tagged as the key vector in a series of corporate attacks over the past three weeks, is being exploited in what one security expert calls "the most sophisticated" attacks ever committed against commercial targets.
Global CIO: SAP Blows Huge Opportunity With Timid Support Changes
SAP is overblowing its new support plan, which gives customers only marginally more choice.
Spam Tips For SMBs
Sure, even the smallest companies need some sort of anit-spam solution. But that doesn't mean there aren't things you can do to reduce the amount of spam you get in the first place.
Gmail Traffic Now Encrypted By Default, But Will Organizations Heed The Shift?
Kudos to the folks at Gmail who, in defaulting to a secure browser setting (as opposed to the previous insecure default) for sending and retrieving email, have decided to help users who may not know enough to help themselves. The new default (see screenshot below) tells the browser to access the Gmail service over HTTPS instead of the prior default, HTTP. This significant shift by Google is a reminder th
The Cybersecurity Czar's First Big Test
I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.
Global CIO: IBM CEO Palmisano Challenges IT Industry Via Smarter Planet 2
Palmisano raises the bar for IT companies by pushing the intelligent potential of IT far beyond products and services.
Russian Researcher Sets Vulnerabilities Free
Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.
Discovery And Your Database
Database discovery is the act of locating databases on a network. Years ago, this was simple because companies had only one or two databases. Now just about every application created relies on database services to provide data integrity and transactional consistency.
Global CIO: Cisco's Top 10 Predictions Intriguing But Lack Context
A top Cisco voice exec's views aren't startling but should give CIOs plenty to think about.
Introduction To Automated Tiering
The concept of multiple tiers of storage has been around for almost as long as there has been storage, but the subject became more discussed in early 2000 when Serial Advanced Technology Attachment (SATA) hard drives began to come to market. They were higher capacity and less expensive than their fibre channel counterparts but not as fast. The question that still plagues storage managers is how to get data to them.
Big Patch Day
Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.
We Have Nothing To Say -- Or Do We?
The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?
Global CIO: 5 More CIO Imperatives For 2010
A media-company CIO calls passionately for more R&D, mobile, insights, simplification, and speed.
Global CIO: iPhone Users Stupid And Steve Jobs Greedy, Says WSJ
Steve Jobs is not serving shareholders well, but Apple zealots don't get it, says a Journal columnist.
Attaining Security In The Name Of Compliance?
Security managers have to fight for - and justify - every nickel in their budget coffers. Unfortunately, many security managers have a tough time winning the funds they feel are necessary to reduce business risk. And many end up relying on instilling the fear of bad regulatory audit findings and fines to win funds. While often a successful tactic, does wielding the compliance hammer-of-fear pose risks of its own to an IT security program?
The Inconvenient Truth Behind Security
A co-worker forwarded me an e-mail in which the original sender was asking about running vulnerability scans on his own and stated he was concerned about the scans causing downtime while the servers were being tested.
Global CIO: 5 Points To Make When Your CEO Cries Cloud
The questions inevitably will come: 'Why aren't we doing more of that cloud computing?' Here are your answers.
Global CIO: 5 More Things Microsoft Must Do
Make some spicy acquistions (SAP? Tibco?) and seriously commit to cloud, data centers, and mobile.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
