Commentary

Content posted in January 2010
Page 1 / 2   >   >>
Wiping Out Wimpy Passwords
Commentary  |  1/29/2010  | 
Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.
Phishing Attacks Steadily Rise
Commentary  |  1/28/2010  | 
A report this week shows the number of phishing attacks continue to climb, year over year. Ditto for the number of Web servers dishing out malware. And the country that hosts the most phishing sites? That one just may surprise you.
Report: SMBs To Spend More On Security
Commentary  |  1/27/2010  | 
According to a new survey from Forrester Research, businesses of all sizes plan to spend more on security -- especially network security -- in 2010.
IE 6 Aftermath: Time To Review Your Browser Strategy
Commentary  |  1/27/2010  | 
The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.
Global CIO: After Google Cyber Attack, CIOs Must Find The Body
Commentary  |  1/26/2010  | 
The Aurora attacks from China are incredibly advanced and malicious, says McAfee's CTO: "Where's the body?"
Global CIO: UPS Provides Peek Into Future Of Wireless
Commentary  |  1/25/2010  | 
Watching what UPS is doing with its wireless devices has been a good indicator of where the industry is headed
BBB Offers SMB Security Info
Commentary  |  1/25/2010  | 
The Better Business Bureau, working with technology and financial companies, unveiled a new online educational resource intended to help small businesses get a grip on data and online security. Based on the BB's numbers, it's past time for plenty of those businesses and their staffs to go back to school.
Cost of Data Breaches Continue Their Rise
Commentary  |  1/25/2010  | 
Businesses that suffered a data breach in 2009 paid a higher price for the incident than any previous year, according to a study released today. Also, the average cost for a data breach reached an eye-opening $6.75 million.
Get Data Out Of The Cloud
Commentary  |  1/25/2010  | 
As the Cloud Compute and Cloud Storage markets continue to mature, some of those vendors are going to go out of business. It is the natural order of things. The strong (or well funded) survive. You either need to be very sure that the cloud vendor is not going to be one of those that does or you need to make sure you are getting your data out of the cloud on a regular basis.
Global CIO: Salesforce.com CEO Benioff On IT Scams And Cloud Power
Commentary  |  1/25/2010  | 
In Part 2 of our Salesforce.com analysis, Benioff describes the power of the cloud and proves it with his company's incredibly lean IT infrastructure.
Operating In An Insecure World
Commentary  |  1/22/2010  | 
I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.
Privacy Network Tor Suffers Breach
Commentary  |  1/22/2010  | 
The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.
Global CIO: Will Steve Jobs Ban Google From AppleWorld?
Commentary  |  1/21/2010  | 
An imaginative Apple investor says Steve Jobs is preparing to rock Google's world.
Avoiding ATM "Skimmer" Threats
Commentary  |  1/21/2010  | 
A security expert has posted photos of a device that could cost your small business dearly if you fall prey to it: an ATM "skimmer."
Sloppy Software Dev Exposes Google Hacker Holes
Commentary  |  1/21/2010  | 
I've ranted on the subject before, but it's worth sounding off again in light of the recent China hacker breaches of Gmail: Poor software development procedures are the big reason major firms are apparently running around scared witless that their products are vulnerable to cyberattacks. (The corollary, about which we haven't read anything, is that firms with buttoned-down dev rules are likely feeling, if not entirely safe, then at least free of the panic which plagues the cluelessly unprepared.
Google/China Reality Check Amid The Fog Of Cyberwar
Commentary  |  1/21/2010  | 
We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.
Microsoft IE Patch Due Today -- Once It's Out, Do The Microsoft IE Patch Today
Commentary  |  1/21/2010  | 
The fact that the patch for the high-buzz IE vulnerability is being released "out-of-band" is an indication of Microsoft's concern -- both for the vulnerability and no doubt for the rising negative buzz chorus as well. Either way, it's up to you to get your browsers patched, the sooner the better.
Global CIO: Salesforce.com CEO Benioff On Beating Microsoft & SAP In The Cloud
Commentary  |  1/20/2010  | 
Part 1 of 2: The cloud's foremost evangelist and highest achiever opines on those two rivals plus partner/competitor Oracle.
Denial-of-Service Attack Intensity Grows
Commentary  |  1/20/2010  | 
A survey of 132 network operators and telecommunication providers reveal that Distributed Denial-of-Service (DDoS) attacks is the top day-to-day security challenge facing service providers.
User Security After The Google Hack
Commentary  |  1/20/2010  | 
Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.
Automated Tiering Methods
Commentary  |  1/20/2010  | 
A few entries ago we opened up the subject of Automated Tiering with an explanation of why the technology is becoming so needed. As this series of entries continues we will review various storage vendors specific approach to automated tiering, but first it is helpful to understand the common methods that are employed.
Global CIO: IBM CFO Offers 7 Key Insights In Earnings Analysis
Commentary  |  1/20/2010  | 
IBM's CFO sheds light on atypical opportunities, applications outsourcing, retail resurgence, business analytics, and more.
Global CIO: Dell And The Pursuit Of Google
Commentary  |  1/20/2010  | 
Huge buyers such as search engines have reshaped the top end of the server market. That's forced Dell to turn its traditional mass-market business model on its head.
What Data Discovery Tools Really Do
Commentary  |  1/20/2010  | 
Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.
Was Novell Too Quick To Use China/Google Incident To Disparage Cloud Computing?
Commentary  |  1/19/2010  | 
Had Novell's director of public relations Ian Bruce not responded to my blog post about Google's choice to change Gmail's default transmission mode from the less secure HTTP (Web) to the more secure and encrypted HTTPS (Secure Web), I would have never seen his own blog post on Novell's Web site entitled On Google, e-mail security, and cloud. But I'm gla
Wolfe's Den: IBM Patenting Airport Security Profiling Technology
Commentary  |  1/19/2010  | 
A dozen "secret" patent applications define a sophisticated scheme for airport terminal and perimeter protection, incorporating potential support for computer implementation of passenger behavioral profiling to detect security threats.
Global CIO: Oracle Foes Scurry To Curry Favor With Dictatorships
Commentary  |  1/17/2010  | 
Spurned by his former heartthrob heroes in the EU, MySQL's founder now sings the praises of Russia and China.
Global CIO: IBM Iowa's Birthday: IBM Gets $52M, But What Does Iowa Get?
Commentary  |  1/17/2010  | 
IBM promised 1,300 jobs for incentives of $52M but isn't releasing hiring figures. That's not right.
How Many (Sub) Zero-Day Attacks?
Commentary  |  1/17/2010  | 
We now know that one of the vectors used in the series of attacks against U.S. businesses was a zero-day vulnerability in Internet Explorer. Apparently, the way most of the world learned of this particular flaw was when it was actually used in these attacks. That's some powerful form of "disclosure," but how common is it?
Nothing New In Aurora Hack
Commentary  |  1/16/2010  | 
Attackers targeting victims through phishing e-mails that lure users to maliciously crafted Web sites is nothing new. But it does highlight the sophistication of the modern attacker.
Share Your New Security Innovations
Commentary  |  1/15/2010  | 
I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.
Disposing Of Primary Storage
Commentary  |  1/15/2010  | 
Every few years you are going to need to replace your enterprise storage system. A challenge that many storage managers face is what to do with the old system. Today you have laws that require you to make sure information is not readable when that storage leaves your walls and you have individuals that want to see what trouble they can dig up by resurrecting old systems.
IE Hole Enables "Most Sophisticated" Attacks Yet
Commentary  |  1/15/2010  | 
The latest critical vulnerability in Microsoft's Internet Explorer, tagged as the key vector in a series of corporate attacks over the past three weeks, is being exploited in what one security expert calls "the most sophisticated" attacks ever committed against commercial targets.
Global CIO: SAP Blows Huge Opportunity With Timid Support Changes
Commentary  |  1/15/2010  | 
SAP is overblowing its new support plan, which gives customers only marginally more choice.
Spam Tips For SMBs
Commentary  |  1/14/2010  | 
Sure, even the smallest companies need some sort of anit-spam solution. But that doesn't mean there aren't things you can do to reduce the amount of spam you get in the first place.
Gmail Traffic Now Encrypted By Default, But Will Organizations Heed The Shift?
Commentary  |  1/14/2010  | 
Kudos to the folks at Gmail who, in defaulting to a secure browser setting (as opposed to the previous insecure default) for sending and retrieving email, have decided to help users who may not know enough to help themselves. The new default (see screenshot below) tells the browser to access the Gmail service over HTTPS instead of the prior default, HTTP. This significant shift by Google is a reminder th
The Cybersecurity Czar's First Big Test
Commentary  |  1/14/2010  | 
I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.
Global CIO: IBM CEO Palmisano Challenges IT Industry Via Smarter Planet 2
Commentary  |  1/13/2010  | 
Palmisano raises the bar for IT companies by pushing the intelligent potential of IT far beyond products and services.
Russian Researcher Sets Vulnerabilities Free
Commentary  |  1/13/2010  | 
Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.
Discovery And Your Database
Commentary  |  1/13/2010  | 
Database discovery is the act of locating databases on a network. Years ago, this was simple because companies had only one or two databases. Now just about every application created relies on database services to provide data integrity and transactional consistency.
Global CIO: Cisco's Top 10 Predictions Intriguing But Lack Context
Commentary  |  1/12/2010  | 
A top Cisco voice exec's views aren't startling but should give CIOs plenty to think about.
Introduction To Automated Tiering
Commentary  |  1/12/2010  | 
The concept of multiple tiers of storage has been around for almost as long as there has been storage, but the subject became more discussed in early 2000 when Serial Advanced Technology Attachment (SATA) hard drives began to come to market. They were higher capacity and less expensive than their fibre channel counterparts but not as fast. The question that still plagues storage managers is how to get data to them.
Big Patch Day
Commentary  |  1/12/2010  | 
Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.
We Have Nothing To Say -- Or Do We?
Commentary  |  1/12/2010  | 
The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?
Global CIO: 5 More CIO Imperatives For 2010
Commentary  |  1/11/2010  | 
A media-company CIO calls passionately for more R&D, mobile, insights, simplification, and speed.
Global CIO: iPhone Users Stupid And Steve Jobs Greedy, Says WSJ
Commentary  |  1/11/2010  | 
Steve Jobs is not serving shareholders well, but Apple zealots don't get it, says a Journal columnist.
Attaining Security In The Name Of Compliance?
Commentary  |  1/11/2010  | 
Security managers have to fight for - and justify - every nickel in their budget coffers. Unfortunately, many security managers have a tough time winning the funds they feel are necessary to reduce business risk. And many end up relying on instilling the fear of bad regulatory audit findings and fines to win funds. While often a successful tactic, does wielding the compliance hammer-of-fear pose risks of its own to an IT security program?
The Inconvenient Truth Behind Security
Commentary  |  1/11/2010  | 
A co-worker forwarded me an e-mail in which the original sender was asking about running vulnerability scans on his own and stated he was concerned about the scans causing downtime while the servers were being tested.
Global CIO: 5 Points To Make When Your CEO Cries Cloud
Commentary  |  1/11/2010  | 
The questions inevitably will come: 'Why aren't we doing more of that cloud computing?' Here are your answers.
Global CIO: 5 More Things Microsoft Must Do
Commentary  |  1/10/2010  | 
Make some spicy acquistions (SAP? Tibco?) and seriously commit to cloud, data centers, and mobile.
Page 1 / 2   >   >>


5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.