Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2011
Data Leak Vulnerability In Android Gingerbread
Commentary  |  1/31/2011  | 
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Backup Deduplication 2.0 Needs Better RAID
Commentary  |  1/31/2011  | 
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Is Apple (Finally) Stepping Up Its Security Game?
Commentary  |  1/29/2011  | 
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
Russia To NATO: Investigate Stuxnet
Commentary  |  1/27/2011  | 
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Deduplication 2.0 - Recovery Performance
Commentary  |  1/25/2011  | 
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
Commentary  |  1/24/2011  | 
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
WikiLeaks Targeting P2P Networks?
Commentary  |  1/23/2011  | 
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
How Careful Do You Need To Be With Cloud Storage? - Security
Commentary  |  1/21/2011  | 
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Backup Deduplication 2.0 - Density
Commentary  |  1/19/2011  | 
As we continue our requirements for the next era of backup deduplication, the next important area for improvement is in the denseness of systems. This means more raw capacity in less physical space. While getting sufficient power to the data center is a problem for some data centers, the lack of available data center floor space is becoming a problem for even more of them. Backup deduplication systems need to help address that pain by increasing density.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
Backup Deduplication 2.0 - Power Savings
Commentary  |  1/17/2011  | 
In our last entry we opened a discussion of what is needed as we move into the next era of backup deduplication and focused on integration to backup software. Another area that is becoming increasingly important is to be able to lower the power requirements that disk backup deduplication hardware requires. Power is a pressing issue in the data center and disk backup systems need to address those concerns
Report: Stuxnet Joint Israeli-U.S. Operation
Commentary  |  1/16/2011  | 
A story published this weekend adds evidence to what many have suspected all along: that the Stuxnet worm was nation-state designed and developed to set-back Iran's nuclear ambitions.
Kudos To Tucson University Medical Center For Firing Alleged Snoops
Commentary  |  1/13/2011  | 
The Tucson University Medical Center reportedly has let go three employees for accessing the medical records of those involved in the Tuscon shooting tragedy without authorization.
Security Researcher Targets SCADA, Releases Exploit
Commentary  |  1/13/2011  | 
Another exploit for SCADA software emphasizes the need for organizations to review their network design and device exposure before they become a victim.
Backup Deduplication 2.0 - Integration
Commentary  |  1/13/2011  | 
Deduplication has moved from a risky hard to explain technology to one that is almost expected by customers from a disk backup device. Next generation backup deduplication systems are going to require a new set of capabilities to make them more than just disk backup. They will have to integrate with the backup software, begin to provide power management, and there needs to be a greater focus on recovery performance.
Password Reset
Commentary  |  1/13/2011  | 
The downside of crafting a strong password is that while it's harder to guess or crack, it's also harder to remember and then use
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
A Textbook Case For Monitoring
Commentary  |  1/11/2011  | 
Vodafone's customer database leak demonstrates dangers of not properly monitoring database activity
Security Doesn't Matter To Brands: A Counter Point
Commentary  |  1/10/2011  | 
A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.
Desktop Virtualization And Local Storage - Just Say No
Commentary  |  1/10/2011  | 
There is an ongoing debate about what type of storage is best to use to support desktop virtualization solutions, especially in small to medium sized implementations. Storage is one of the most expensive parts of a desktop virtualization project and as a result anything you can do to drive cost out of the storage purchase is going to make desktop virtualization economics work better. This leads some to advocate local storage.
AT&T Mocks Verizon iPhone, Unlimited Data Plans Possible
Commentary  |  1/10/2011  | 
An AT&T executive is talking trash about the Verizon iPhone, and reports indicate that Verizon may bring back unlimited data plans for the iPhone.
Anonymity And Nonversations
Commentary  |  1/9/2011  | 
One sure result of the whole Wikileaks thing is security researchers, whistleblowers, and government officials talking past each other.
Virtual WAN Optimization
Commentary  |  1/6/2011  | 
Returning to our discussion on virtual appliances one of the areas where we are seeing a lot of use of virtual appliance technology is in the WAN optimization market. WAN optimization has been atop the project list whiteboard for many data center managers. WAN connectivity is expensive. By optimizing utilization of the WAN you can either lower your WAN connectivity bill or at least delay the need to upgr
Schwartz On Security: First, Know You've Been Breached
Commentary  |  1/5/2011  | 
Spain's national aeronautics institute found three Mariposa botnet infections on internal PCs, thanks to constant testing. But when it comes to breaches, many organizations still have their heads in the sand.
Japan To Ban Virus Creation? Bad Idea
Commentary  |  1/5/2011  | 
The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.
Going Out With A Bang
Commentary  |  1/4/2011  | 
We like to think that most firms have 'gotten the memo' that hackers hack databases, yet the flurry of breaches at years end suggests otherwise
Dell Adds Security To Its Acquisition Binge
Commentary  |  1/4/2011  | 
Dell today entered an agreement to acquire managed security services provider SecureWorks for an undisclosed sum. I didn't see this one coming, but I should have.
Mixing Tiers And Mixing Vendors In A Virtualized Environment
Commentary  |  1/4/2011  | 
VMware's Storage VMotion is a tool that brings the capabilities of virtual server migration to storage. Without interrupting users virtual machine data can be moved from one storage platform to another. It allows you to mix storage tiers and vendors more easily than in a non-virtualized environment. The missing link with this capability is all it can do is move data you need to know where to put that virtual machine.
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
Mining Web Proxy Logs For Interesting, Actionable Data
Commentary  |  1/4/2011  | 
Simple statistical analysis of Web proxy logs provides wealth of information and incidents missed by AV


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file