Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in November 2010
Verizon's VERIS Aims To Push Security Beyond Fuzzy Numbers
Commentary  |  11/30/2010  | 
When it comes to sharing data in IT security the bad guys always seem to be way ahead. They employ far-flung networks used for sharing stolen data, buying and selling exploits, and information on how to launch successful attacks. However, when it comes to enterprises sharing attack and breach incident data there has not been a lot of sharing going on.
Do Password Crackers Help Database Security?
Commentary  |  11/29/2010  | 
Password 'crackers' determine if passwords are strong or compliant with company policies, but do they improve database security?
Are You Ready For High Speed Storage Interfaces?
Commentary  |  11/29/2010  | 
A new wave of high speed storage interfaces is on the way offering improved storage I/O performance To see the expected performance improvement you have to do more than simply add drives with the new interface and install a host bus adapter in the server, you have to make sure every link in the I//O chain is ready.
Confirmation? Chinese Government May Have Been Behind Operation Aurora Hacks
Commentary  |  11/29/2010  | 
We suspected there would be some interesting cyber security related news to come out of the thousands of cables released by WikiLeaks over the weekend. We were not disappointed.
Healthcare Breach Highlights Need For More Security Insight
Commentary  |  11/29/2010  | 
Triple-S Management, a managed care services provider in Puerto Rico, suffered a security breach that could have exposed the personal health care information of more than 400,000 customers.
Wolfe's Den: Airport Scanner Patents Promise Not To Show Your 'Junk'
Commentary  |  11/29/2010  | 
Rapiscan, the company supplying the controversial x-ray backscatter screeners, has won a patent for a machine which detects threats "with minimum display of anatomical details." Its competitors, and body scanner pioneer Martin Annis, are also pursuing enhanced privacy approaches. Here are the technology details.
Taming the Beast: Preventing/Detecting Insider Threat
Commentary  |  11/27/2010  | 
While many companies deal with the problem of insider threat, there are some practical things that can be done to both prevent and detect insider threat. Always remember, prevention is ideal but detection is a must.
Schwartz On Security: China's Internet Hijacking Misread
Commentary  |  11/24/2010  | 
Core Internet security concerns aren't as sexy as hyping Chinese attacks, but concern over the potential assault is misplaced and distracts from the need to fix what's really broken.
Sophos Sees Macs OS Infected With Windows Sludge
Commentary  |  11/23/2010  | 
Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.
Thanksgiving IT Help
Commentary  |  11/23/2010  | 
Tips for helping family members secure their computers for safe internet browsing and online shopping
What About Biometrics?
Commentary  |  11/22/2010  | 
Integrating fingerprints in a standard way so that Web and enterprise applications can take advantage of them
Does SSD Make Sense In The Small Data Center?
Commentary  |  11/22/2010  | 
Solid State Storage is often thought of as being used in one of two extremes. Either in the high end enterprise to acceleration databases or in the consumer netbook, smartphone market. The truth is that solid state storage can be used in a wide variety of applications in businesses of all sizes. The small data center with two to three servers should not exclude SSD from it's consideration.
Researchers: Be Wary Of New Trojan Attacks
Commentary  |  11/21/2010  | 
A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.
Server Virtualization's Encapsulation And Its Impact On Backup
Commentary  |  11/19/2010  | 
In our last entry we discussed how the encapsulation of the millions of files that make up a single server into a single file has changed what we expect from storage and the network infrastructure. The same encapsulation may have an even more dramatic impact on data protection that will fundamentally change the way you protect and recover data. It may also change who the 'go to' data protection vendors a
Dark Reading Switches To New App Platform; Please Pardon Our Dust
Commentary  |  11/18/2010  | 
New PHP environment will make site more flexible -- sorry for the bumps!
Dangerous Safari Bugs Patched
Commentary  |  11/18/2010  | 
Just days after Apple Inc. patched about 150 vulnerabilities in OS X, the company is releasing yet another batch of security updates for Safari that runs on both OS X and Windows.
Server Virtualization's Encapsulation And Its Impact On Storage
Commentary  |  11/18/2010  | 
To say that server virtualization changes everything is an understatement. In storage though I don't think we understand or give credit to just how much of a game changer storage virtualization really is. For storage managers and backup administrators it has brought new capabilities, new requirements and new problems to solve.
Survey Provides Peek Inside Database Security Operations
Commentary  |  11/17/2010  | 
Database security budgets on the rise, 20 percent expect to suffer a data breach in the next 12 months
Emergency Patch From Adobe Arrives
Commentary  |  11/16/2010  | 
Adobe today released a patch designed to patch a number of critical flaws in Adobe Reader. You'll want to patch this one, quickly.
Larry Ellison's Mistress, And Security As A Blame Game
Commentary  |  11/16/2010  | 
Focus on security, not on finger-pointing
Profiling The Evil Insider
Commentary  |  11/16/2010  | 
How to sniff out a rogue insider
When To Change Passwords
Commentary  |  11/16/2010  | 
Knowing when to change your password depends mainly on what your password is for
SSD Lessons From The iPad
Commentary  |  11/15/2010  | 
In their latest quarterly filings Apple stated that they have sold over 4.2 million iPads, exceeding most people's expectations. So popular is the iPad that Apple is taking some of the lessons learned on the product and incorporating them into their next generation of notebooks starting with the MacBook Air. One of those lessons is how Apple is integrating Solid State Disk (SSD) into the product line. Enterprise storage manufacturers need to pay attention and learn a lesson.
Forget FCoE - The War Is About Convergence
Commentary  |  11/12/2010  | 
There has been a lot written about Fibre Channel over Ethernet (FCoE) the last few years but FCoE was merely an initial skirmish in the battle for the infrastructure. The major systems manufacturers are all placing their bets on everything over Ethernet and that is were the battle will be waged. 2011 may not be the year that you implement a converged infrastructure but it may be the year you decide which vendors you are going to use for convergence.
Security M&A: Where Innovation (Too Often) Goes To Die
Commentary  |  11/11/2010  | 
Following a handful of high profile security acquisitions this year, the ever-simmering topic of security industry consolidation has once again surfaced.
Feds Respond To Air Safety Threats
Commentary  |  11/10/2010  | 
A series of recent incidents have prompted air transportation officials in the United States to outline new security measures, just as millions of people book flights and begin packing for the Thanksgiving travel rush.
Schwartz On Security: Reaching The M&A Tipping Point
Commentary  |  11/9/2010  | 
The jury is out on whether businesses will benefit from Intel buying McAfee or from Symantec, IBM and Microsoft sucking up everything in sight.
BlackSheep Sounds Alarm Against Firesheep
Commentary  |  11/9/2010  | 
Zscaler tool alerts users when it detects Firesheep, because the latter has made it easy to steal identities over a shared network.
A True Second Factor
Commentary  |  11/9/2010  | 
I'm sure some of you remember a time when you actually used to telephone the bank to do a transaction. Do you remember all the questions they would ask to verify that you were, in fact, the account owner?
Enterprise Lessons From New ADT Home Security System
Commentary  |  11/9/2010  | 
I've run physical security groups in a variety of firms over the years -- from a small real estate firm to a large enterprise, and my family owned one of the largest electronic security firms in the state when I was growing up.
The Politics Of Malware
Commentary  |  11/8/2010  | 
I recently saw a provocative tweet from @mikkohypponen that reminded me malware is still quite often politically motivated.
Microsoft Internet Explorer Zero-Day Under Attack
Commentary  |  11/8/2010  | 
The risk surrounding a new zero-day Microsoft Internet Explorer vulnerability increased significantly over the weekend and could prompt an emergency patch release from the software company at any time.
How To Get High Performance Cloud Storage
Commentary  |  11/8/2010  | 
One of the challenges with cloud storage is the connection between you and the storage. For almost everyone it is going to be slower than what is available within the data center. This performance difference does not mean a more limited use of cloud storage, it means that greater intelligence is needed to load data into the cloud. With that intelligence cloud storage could be leveraged for even the most demanding of applications.
InformationWeek State of Storage Survey
Commentary  |  11/6/2010  | 
I will be writing InformationWeek's annual State of Storage report in the next few weeks and in preparation InformationWeek Analytics is conducting its third annual storage survey on data management technologies and strategies. We are surveying IT pros to understand your storage usage and challenges. We're also interested in what our readers think are the major trends, both from a technology and business perspective, in the storage world this year.
Don't Be A Sheep
Commentary  |  11/6/2010  | 
Thanks to the new Firefox plug-in dubbed Firesheep, snoops and attackers now have an easier shot at hijacking some of your Internet sessions. Don't let this opportunity go to waste.
An Optimize Once Storage Optimization Strategy
Commentary  |  11/5/2010  | 
Storage optimization technologies like compression and deduplication have reduced the capacity requirements of many processes within the data center, most noticeably backup. When these data sets need to move between storage types though much of this optimization is lost. For storage optimization to achieve broad adoption it must move beyond just saving hard drive space. It has to increase data center efficiency and only optimize once.
NoSQL: Not Much, Anyway
Commentary  |  11/4/2010  | 
I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.
Blekko Search Fails To Inspire
Commentary  |  11/4/2010  | 
The beta service that uses slashtags to narrow your search's sites and topics has some good ideas but too many shortcomings.
Is Cloud Storage Fluffy?
Commentary  |  11/3/2010  | 
Before continuing with our look at how to use cloud storage in your business, we need to take a quick detour and discuss if cloud storage is a legitimate platform to begin with. The term in a recent comment that was used to describe cloud storage is fluffy. I find that not only is cloud storage a tangible technology, it is something that businesses of all sizes should be leveraging in some form.
SMB Guide To Credit Card Regulations, Part 2: The Low-Hanging Fruit
Commentary  |  11/2/2010  | 
The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.
Firesheep Simplifies Stealing Logins
Commentary  |  11/1/2010  | 
Firefox extension created to shine a light on the problem of unencrypted websites fails, because rather than offering a solution, it only makes it worse.
RAID Rebuilds Will Kill The Hard Disk
Commentary  |  11/1/2010  | 
We've written about it before as have others. RAID rebuild times continue to increase and as they do the very technology that made the hard drive safe for the enterprise thirty years ago may now be its undoing. The time it takes to rebuild a drive, measured in double digit hours if not days, has a critical impact on performance and data reliability. The work arounds may lead you to solid state disk faster than you originally planned.
HP And The Scary Corporate Fifth Column Concept
Commentary  |  11/1/2010  | 
HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file