Commentary

Content posted in October 2007
Security Threats Meet Business Treats
Commentary  |  10/31/2007  | 
Having written so much about the horrors small and midsized businesses face for our two-part Halloween business terrors feature, I couldn't resist the temptation to give some thought to technology treats.
Free Security Tech Support: Treat Yourself (And Your Computer) On Halloween
Commentary  |  10/30/2007  | 
Security Company CyberDefender's offering free phone-in technical support for one day only -- and that day's tomorrow, October 31. How's that for a Halloween treat?
How Dumb Is Too Dumb To Operate a Computer?
Commentary  |  10/26/2007  | 
Over at GnuCitizen.org, Petko D. Petkov makes it clear that computer users are the weak link in Internet security. In a blog post, Petkov points out that the term "drive-by download," as defined by Wikipedia, doesn't quite work.
Net Security Woes Grows
Commentary  |  10/25/2007  | 
A new report that focuses on the security challenges facing small and midsized businesses shines a light on just how big those challenges are -- and which ones you may be overlooking.
Interop Winners: Desktop Conferencing, Deep Security
Commentary  |  10/25/2007  | 
It's a purely unscientific and anecdotal perspective, but here are my picks for most interesting and most needed technologies from Interop this week, plus the most startling stat I heard in my New York City travels.
Shallow Victory for the Federal Government
Commentary  |  10/25/2007  | 
Whether you realize it or not, John Zuccarini, a notorious scam artist, represents a threat to your online business. His cyberspace businesses illustrate the problems that the government must overcome to make it a safe haven for reputable enterprises.
World Series Ticketing System Crashes, Rebounds
Commentary  |  10/24/2007  | 
The Colorado Rockies were felled by "an external malicious attack" that crashed its online system Monday.
Internet Security Hall Of Shame
Commentary  |  10/22/2007  | 
What are the ten biggest -- and, alas, most common -- Internet security mistakes made by small and midisized businesses, their employees, vendors, family and friends?
Security Threats Rise -- And So Do Security Budgets
Commentary  |  10/19/2007  | 
Is your security budget increasing? Most small and midsized businesses are growing theirs.
Can The RIAA Close Down Usenet?
Commentary  |  10/18/2007  | 
Those of us who remember the Internet before the Web -- and yes, Virginia, there was an Internet before the Web -- will remember when Usenet was one of the major destinations for discussion and file-sharing. It's still there, in a quiet corner where the cognizanti hoped it would go unnoticed by the great unwashed. No more.
Personal Data Protection Legislation: Readers Have Their Say
Commentary  |  10/17/2007  | 
Reader comments on my post about the California governor's veto of a bill that would increase the state's data protection standards included some points warranting further discussion and some intriguing ideas. A related poll shows readers share my skepticism about businesses' will and capacity to fix the data loss problem.
Schwarzenegger Trusts Businesses To Protect Your Data; Do You?
Commentary  |  10/16/2007  | 
Gov. Arnold Schwarzenegger's veto of a California bill aimed at increasing the state's data protection standards, in part based on his view that the marketplace is handling consumer data protection, raises a troubling question: What planet is this guy living on?
Symantec To Buy Vontu?
Commentary  |  10/15/2007  | 
Symantec may be close to announcing the acquisition of Vontu, a company that helps businesses control information on their networks. Given that Symentec already licenses Vontu's data loss prevention technology, the rumored deal isn't entirely unexpected.
Mobile Security: The Data, Not The Notebook Is The Asset
Commentary  |  10/15/2007  | 
Stolen laptops and notebooks continue to get a lot of attention when a lot of confidential data gets stolen along with the device.
Employee Security: Don't Let Layoffs Go From Bad To Worse
Commentary  |  10/12/2007  | 
Layoffs, terminations and firings are never easy -- but they also shouldn't expose your company, network and equipment to more risk than they have to.
Microsoft Security Patches: 4 Critical, 2 Important
Commentary  |  10/10/2007  | 
Yesterday was Patch Day at Microsoft and a Big Day it was, with both Vista and Internet Explorer getting some fixes.
Security Costs: Are You Spending Enough? Too Much?
Commentary  |  10/9/2007  | 
The average company spends 20 percent of its technology budget on security. Does that finding match your security outlay?
Websense Emerging as Viable Security Supplier
Commentary  |  10/9/2007  | 
Are you a bit insecure about your security supplier? In this highly volatile marketplace, Websense is emerging as a vendor that medium and small businesses may want to take a closer look at.
Business Security Requires Network Security Requires Employee Security Requires Job Security
Commentary  |  10/8/2007  | 
The employee security I'm talking about here is your technical team's -- and your ability to hold onto them.
Network Security Problems? Blame The Boss!
Commentary  |  10/4/2007  | 
A recent pre-prison interview with a convicted hacker offers some surprising and important lessons in network and computer security.
Consumers May "Get" Cyber Security -- But That Doesn't Mean They've Got It
Commentary  |  10/3/2007  | 
More than 90 percent of consumers think their PCs -- and their computing habits -- are safe. Half of them are wrong.
Laptop Security: Mind The Gap
Commentary  |  10/1/2007  | 
More big retailer cyber security lessons for small to midsize businesses: This time a security gap hit The Gap.


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.