Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2010
Page 1 / 2   >   >>
Wiping Out Wimpy Passwords
Commentary  |  1/29/2010  | 
Recent breaches at Rockyou.com and Hotmail illustrate the consistency of human behavior: Since the dawn of access control systems, users continue to choose easily guessed passwords.
Phishing Attacks Steadily Rise
Commentary  |  1/28/2010  | 
A report this week shows the number of phishing attacks continue to climb, year over year. Ditto for the number of Web servers dishing out malware. And the country that hosts the most phishing sites? That one just may surprise you.
Report: SMBs To Spend More On Security
Commentary  |  1/27/2010  | 
According to a new survey from Forrester Research, businesses of all sizes plan to spend more on security -- especially network security -- in 2010.
IE 6 Aftermath: Time To Review Your Browser Strategy
Commentary  |  1/27/2010  | 
The latest update for Internet Explorer is out, and organizations are busy applying or at least certifying the patch on their testbeds.
Global CIO: After Google Cyber Attack, CIOs Must Find The Body
Commentary  |  1/26/2010  | 
The Aurora attacks from China are incredibly advanced and malicious, says McAfee's CTO: "Where's the body?"
Global CIO: UPS Provides Peek Into Future Of Wireless
Commentary  |  1/25/2010  | 
Watching what UPS is doing with its wireless devices has been a good indicator of where the industry is headed
BBB Offers SMB Security Info
Commentary  |  1/25/2010  | 
The Better Business Bureau, working with technology and financial companies, unveiled a new online educational resource intended to help small businesses get a grip on data and online security. Based on the BB's numbers, it's past time for plenty of those businesses and their staffs to go back to school.
Cost of Data Breaches Continue Their Rise
Commentary  |  1/25/2010  | 
Businesses that suffered a data breach in 2009 paid a higher price for the incident than any previous year, according to a study released today. Also, the average cost for a data breach reached an eye-opening $6.75 million.
Get Data Out Of The Cloud
Commentary  |  1/25/2010  | 
As the Cloud Compute and Cloud Storage markets continue to mature, some of those vendors are going to go out of business. It is the natural order of things. The strong (or well funded) survive. You either need to be very sure that the cloud vendor is not going to be one of those that does or you need to make sure you are getting your data out of the cloud on a regular basis.
Global CIO: Salesforce.com CEO Benioff On IT Scams And Cloud Power
Commentary  |  1/25/2010  | 
In Part 2 of our Salesforce.com analysis, Benioff describes the power of the cloud and proves it with his company's incredibly lean IT infrastructure.
Operating In An Insecure World
Commentary  |  1/22/2010  | 
I've heard of the idea of operating day-to-day with the assumption that your organization is already compromised, and I just saw it reiterated in the Tenable Security Blog, but I think it's a tough one to swallow for most organizations. There has to be some level of trust within an organization, otherwise, how could you get any business done. But as tough as it is to accept, there is value in taking this approach.
Privacy Network Tor Suffers Breach
Commentary  |  1/22/2010  | 
The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.
Global CIO: Will Steve Jobs Ban Google From AppleWorld?
Commentary  |  1/21/2010  | 
An imaginative Apple investor says Steve Jobs is preparing to rock Google's world.
Avoiding ATM "Skimmer" Threats
Commentary  |  1/21/2010  | 
A security expert has posted photos of a device that could cost your small business dearly if you fall prey to it: an ATM "skimmer."
Sloppy Software Dev Exposes Google Hacker Holes
Commentary  |  1/21/2010  | 
I've ranted on the subject before, but it's worth sounding off again in light of the recent China hacker breaches of Gmail: Poor software development procedures are the big reason major firms are apparently running around scared witless that their products are vulnerable to cyberattacks. (The corollary, about which we haven't read anything, is that firms with buttoned-down dev rules are likely feeling, if not entirely safe, then at least free of the panic which plagues the cluelessly unprepared.
Google/China Reality Check Amid The Fog Of Cyberwar
Commentary  |  1/21/2010  | 
We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.
Microsoft IE Patch Due Today -- Once It's Out, Do The Microsoft IE Patch Today
Commentary  |  1/21/2010  | 
The fact that the patch for the high-buzz IE vulnerability is being released "out-of-band" is an indication of Microsoft's concern -- both for the vulnerability and no doubt for the rising negative buzz chorus as well. Either way, it's up to you to get your browsers patched, the sooner the better.
Global CIO: Salesforce.com CEO Benioff On Beating Microsoft & SAP In The Cloud
Commentary  |  1/20/2010  | 
Part 1 of 2: The cloud's foremost evangelist and highest achiever opines on those two rivals plus partner/competitor Oracle.
Denial-of-Service Attack Intensity Grows
Commentary  |  1/20/2010  | 
A survey of 132 network operators and telecommunication providers reveal that Distributed Denial-of-Service (DDoS) attacks is the top day-to-day security challenge facing service providers.
User Security After The Google Hack
Commentary  |  1/20/2010  | 
Last week's news about the Google hack has really raised some eyebrows. Doe-eyed users have learned the harsh truth that anyone can be hacked. The news of 20 or more other companies also being targeted along with Google made the impact that much worse.
Automated Tiering Methods
Commentary  |  1/20/2010  | 
A few entries ago we opened up the subject of Automated Tiering with an explanation of why the technology is becoming so needed. As this series of entries continues we will review various storage vendors specific approach to automated tiering, but first it is helpful to understand the common methods that are employed.
Global CIO: IBM CFO Offers 7 Key Insights In Earnings Analysis
Commentary  |  1/20/2010  | 
IBM's CFO sheds light on atypical opportunities, applications outsourcing, retail resurgence, business analytics, and more.
Global CIO: Dell And The Pursuit Of Google
Commentary  |  1/20/2010  | 
Huge buyers such as search engines have reshaped the top end of the server market. That's forced Dell to turn its traditional mass-market business model on its head.
What Data Discovery Tools Really Do
Commentary  |  1/20/2010  | 
Data discovery tools are becoming increasingly necessary for getting a handle on where sensitive data resides. When you have a production database schema with 40,000 tables, most of which are undocumented by the developers who created them, finding information within a single database is cumbersome. Now multiply that problem across financial, HR, business processing, testing, and decision support databases -- and you have a big mess.
Was Novell Too Quick To Use China/Google Incident To Disparage Cloud Computing?
Commentary  |  1/19/2010  | 
Had Novell's director of public relations Ian Bruce not responded to my blog post about Google's choice to change Gmail's default transmission mode from the less secure HTTP (Web) to the more secure and encrypted HTTPS (Secure Web), I would have never seen his own blog post on Novell's Web site entitled On Google, e-mail security, and cloud. But I'm gla
Wolfe's Den: IBM Patenting Airport Security Profiling Technology
Commentary  |  1/19/2010  | 
A dozen "secret" patent applications define a sophisticated scheme for airport terminal and perimeter protection, incorporating potential support for computer implementation of passenger behavioral profiling to detect security threats.
Global CIO: Oracle Foes Scurry To Curry Favor With Dictatorships
Commentary  |  1/17/2010  | 
Spurned by his former heartthrob heroes in the EU, MySQL's founder now sings the praises of Russia and China.
Global CIO: IBM Iowa's Birthday: IBM Gets $52M, But What Does Iowa Get?
Commentary  |  1/17/2010  | 
IBM promised 1,300 jobs for incentives of $52M but isn't releasing hiring figures. That's not right.
How Many (Sub) Zero-Day Attacks?
Commentary  |  1/17/2010  | 
We now know that one of the vectors used in the series of attacks against U.S. businesses was a zero-day vulnerability in Internet Explorer. Apparently, the way most of the world learned of this particular flaw was when it was actually used in these attacks. That's some powerful form of "disclosure," but how common is it?
Nothing New In Aurora Hack
Commentary  |  1/16/2010  | 
Attackers targeting victims through phishing e-mails that lure users to maliciously crafted Web sites is nothing new. But it does highlight the sophistication of the modern attacker.
Share Your New Security Innovations
Commentary  |  1/15/2010  | 
I am working with InformationWeek Analytics to create an analysis of the year's top five technology innovations in the security arena. If you are a vendor and believe you have the next big thing, then you should contact us.
Disposing Of Primary Storage
Commentary  |  1/15/2010  | 
Every few years you are going to need to replace your enterprise storage system. A challenge that many storage managers face is what to do with the old system. Today you have laws that require you to make sure information is not readable when that storage leaves your walls and you have individuals that want to see what trouble they can dig up by resurrecting old systems.
IE Hole Enables "Most Sophisticated" Attacks Yet
Commentary  |  1/15/2010  | 
The latest critical vulnerability in Microsoft's Internet Explorer, tagged as the key vector in a series of corporate attacks over the past three weeks, is being exploited in what one security expert calls "the most sophisticated" attacks ever committed against commercial targets.
Global CIO: SAP Blows Huge Opportunity With Timid Support Changes
Commentary  |  1/15/2010  | 
SAP is overblowing its new support plan, which gives customers only marginally more choice.
Spam Tips For SMBs
Commentary  |  1/14/2010  | 
Sure, even the smallest companies need some sort of anit-spam solution. But that doesn't mean there aren't things you can do to reduce the amount of spam you get in the first place.
Gmail Traffic Now Encrypted By Default, But Will Organizations Heed The Shift?
Commentary  |  1/14/2010  | 
Kudos to the folks at Gmail who, in defaulting to a secure browser setting (as opposed to the previous insecure default) for sending and retrieving email, have decided to help users who may not know enough to help themselves. The new default (see screenshot below) tells the browser to access the Gmail service over HTTPS instead of the prior default, HTTP. This significant shift by Google is a reminder th
The Cybersecurity Czar's First Big Test
Commentary  |  1/14/2010  | 
I'm still waiting for Howard Schmidt, the new cybersecurity czar, to weigh in on the Chinese cyberattacks revealed this week. Sure, Chinese hackers going after American interests and human rights activists is nothing new to the IT security world, but this latest development is big, and it could be a defining moment for Schmidt's new post.
Global CIO: IBM CEO Palmisano Challenges IT Industry Via Smarter Planet 2
Commentary  |  1/13/2010  | 
Palmisano raises the bar for IT companies by pushing the intelligent potential of IT far beyond products and services.
Russian Researcher Sets Vulnerabilities Free
Commentary  |  1/13/2010  | 
Intevydis, a previously little-known Russian security firm, is making a name for itself by releasing details of unpatched zero day exploits at the rate of one a day for the rest of this month.
Discovery And Your Database
Commentary  |  1/13/2010  | 
Database discovery is the act of locating databases on a network. Years ago, this was simple because companies had only one or two databases. Now just about every application created relies on database services to provide data integrity and transactional consistency.
Global CIO: Cisco's Top 10 Predictions Intriguing But Lack Context
Commentary  |  1/12/2010  | 
A top Cisco voice exec's views aren't startling but should give CIOs plenty to think about.
Introduction To Automated Tiering
Commentary  |  1/12/2010  | 
The concept of multiple tiers of storage has been around for almost as long as there has been storage, but the subject became more discussed in early 2000 when Serial Advanced Technology Attachment (SATA) hard drives began to come to market. They were higher capacity and less expensive than their fibre channel counterparts but not as fast. The question that still plagues storage managers is how to get data to them.
Big Patch Day
Commentary  |  1/12/2010  | 
Microsoft is releasing only one security update today. Security teams hoping for a break today: forget it. Adobe is expected to release a patch of its own, and Oracle is releasing two dozen of its own software updates.
We Have Nothing To Say -- Or Do We?
Commentary  |  1/12/2010  | 
The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?
Global CIO: 5 More CIO Imperatives For 2010
Commentary  |  1/11/2010  | 
A media-company CIO calls passionately for more R&D, mobile, insights, simplification, and speed.
Global CIO: iPhone Users Stupid And Steve Jobs Greedy, Says WSJ
Commentary  |  1/11/2010  | 
Steve Jobs is not serving shareholders well, but Apple zealots don't get it, says a Journal columnist.
Attaining Security In The Name Of Compliance?
Commentary  |  1/11/2010  | 
Security managers have to fight for - and justify - every nickel in their budget coffers. Unfortunately, many security managers have a tough time winning the funds they feel are necessary to reduce business risk. And many end up relying on instilling the fear of bad regulatory audit findings and fines to win funds. While often a successful tactic, does wielding the compliance hammer-of-fear pose risks of its own to an IT security program?
The Inconvenient Truth Behind Security
Commentary  |  1/11/2010  | 
A co-worker forwarded me an e-mail in which the original sender was asking about running vulnerability scans on his own and stated he was concerned about the scans causing downtime while the servers were being tested.
Global CIO: 5 Points To Make When Your CEO Cries Cloud
Commentary  |  1/11/2010  | 
The questions inevitably will come: 'Why aren't we doing more of that cloud computing?' Here are your answers.
Global CIO: 5 More Things Microsoft Must Do
Commentary  |  1/10/2010  | 
Make some spicy acquistions (SAP? Tibco?) and seriously commit to cloud, data centers, and mobile.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file