Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2011
Data Leak Vulnerability In Android Gingerbread
Commentary  |  1/31/2011  | 
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Backup Deduplication 2.0 Needs Better RAID
Commentary  |  1/31/2011  | 
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Is Apple (Finally) Stepping Up Its Security Game?
Commentary  |  1/29/2011  | 
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Commentary  |  1/29/2011  | 
Four out of five of the victims were so clever that they didn't need a firewall
Internet 'Kill' Switch: Balancing Security And Freedom
Commentary  |  1/28/2011  | 
Why it's important to have controls in place before deploying such a powerful tool
Russia To NATO: Investigate Stuxnet
Commentary  |  1/27/2011  | 
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Commentary  |  1/26/2011  | 
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Deduplication 2.0 - Recovery Performance
Commentary  |  1/25/2011  | 
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
Commentary  |  1/24/2011  | 
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
WikiLeaks Targeting P2P Networks?
Commentary  |  1/23/2011  | 
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
How Careful Do You Need To Be With Cloud Storage? - Security
Commentary  |  1/21/2011  | 
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
Commentary  |  1/19/2011  | 
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Backup Deduplication 2.0 - Density
Commentary  |  1/19/2011  | 
As we continue our requirements for the next era of backup deduplication, the next important area for improvement is in the denseness of systems. This means more raw capacity in less physical space. While getting sufficient power to the data center is a problem for some data centers, the lack of available data center floor space is becoming a problem for even more of them. Backup deduplication systems need to help address that pain by increasing density.
The Relative Risk Of Malware
Commentary  |  1/18/2011  | 
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
Backup Deduplication 2.0 - Power Savings
Commentary  |  1/17/2011  | 
In our last entry we opened a discussion of what is needed as we move into the next era of backup deduplication and focused on integration to backup software. Another area that is becoming increasingly important is to be able to lower the power requirements that disk backup deduplication hardware requires. Power is a pressing issue in the data center and disk backup systems need to address those concerns
Report: Stuxnet Joint Israeli-U.S. Operation
Commentary  |  1/16/2011  | 
A story published this weekend adds evidence to what many have suspected all along: that the Stuxnet worm was nation-state designed and developed to set-back Iran's nuclear ambitions.
Kudos To Tucson University Medical Center For Firing Alleged Snoops
Commentary  |  1/13/2011  | 
The Tucson University Medical Center reportedly has let go three employees for accessing the medical records of those involved in the Tuscon shooting tragedy without authorization.
Security Researcher Targets SCADA, Releases Exploit
Commentary  |  1/13/2011  | 
Another exploit for SCADA software emphasizes the need for organizations to review their network design and device exposure before they become a victim.
Backup Deduplication 2.0 - Integration
Commentary  |  1/13/2011  | 
Deduplication has moved from a risky hard to explain technology to one that is almost expected by customers from a disk backup device. Next generation backup deduplication systems are going to require a new set of capabilities to make them more than just disk backup. They will have to integrate with the backup software, begin to provide power management, and there needs to be a greater focus on recovery performance.
Password Reset
Commentary  |  1/13/2011  | 
The downside of crafting a strong password is that while it's harder to guess or crack, it's also harder to remember and then use
Schwartz On Security: Hack My Ride
Commentary  |  1/12/2011  | 
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
A Textbook Case For Monitoring
Commentary  |  1/11/2011  | 
Vodafone's customer database leak demonstrates dangers of not properly monitoring database activity
Security Doesn't Matter To Brands: A Counter Point
Commentary  |  1/10/2011  | 
A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.
Desktop Virtualization And Local Storage - Just Say No
Commentary  |  1/10/2011  | 
There is an ongoing debate about what type of storage is best to use to support desktop virtualization solutions, especially in small to medium sized implementations. Storage is one of the most expensive parts of a desktop virtualization project and as a result anything you can do to drive cost out of the storage purchase is going to make desktop virtualization economics work better. This leads some to advocate local storage.
AT&T Mocks Verizon iPhone, Unlimited Data Plans Possible
Commentary  |  1/10/2011  | 
An AT&T executive is talking trash about the Verizon iPhone, and reports indicate that Verizon may bring back unlimited data plans for the iPhone.
Anonymity And Nonversations
Commentary  |  1/9/2011  | 
One sure result of the whole Wikileaks thing is security researchers, whistleblowers, and government officials talking past each other.
Virtual WAN Optimization
Commentary  |  1/6/2011  | 
Returning to our discussion on virtual appliances one of the areas where we are seeing a lot of use of virtual appliance technology is in the WAN optimization market. WAN optimization has been atop the project list whiteboard for many data center managers. WAN connectivity is expensive. By optimizing utilization of the WAN you can either lower your WAN connectivity bill or at least delay the need to upgr
Schwartz On Security: First, Know You've Been Breached
Commentary  |  1/5/2011  | 
Spain's national aeronautics institute found three Mariposa botnet infections on internal PCs, thanks to constant testing. But when it comes to breaches, many organizations still have their heads in the sand.
Japan To Ban Virus Creation? Bad Idea
Commentary  |  1/5/2011  | 
The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.
Going Out With A Bang
Commentary  |  1/4/2011  | 
We like to think that most firms have 'gotten the memo' that hackers hack databases, yet the flurry of breaches at years end suggests otherwise
Dell Adds Security To Its Acquisition Binge
Commentary  |  1/4/2011  | 
Dell today entered an agreement to acquire managed security services provider SecureWorks for an undisclosed sum. I didn't see this one coming, but I should have.
Mixing Tiers And Mixing Vendors In A Virtualized Environment
Commentary  |  1/4/2011  | 
VMware's Storage VMotion is a tool that brings the capabilities of virtual server migration to storage. Without interrupting users virtual machine data can be moved from one storage platform to another. It allows you to mix storage tiers and vendors more easily than in a non-virtualized environment. The missing link with this capability is all it can do is move data you need to know where to put that virtual machine.
7 Ways To Save Microsoft In 2011
Commentary  |  1/4/2011  | 
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
Mining Web Proxy Logs For Interesting, Actionable Data
Commentary  |  1/4/2011  | 
Simple statistical analysis of Web proxy logs provides wealth of information and incidents missed by AV


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.