Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in December 2010
Three 2011 Security Resolutions (for the uninitiated)
Commentary  |  12/31/2010  | 
Chances are, when it comes to keeping your data safe, you aren't doing many of the things that you should. In fact, most of us don't do the good data hygiene things we should. Here's a short list of three essential things you need to be doing if you are not already.
New Snort Front-End Adds Speedy Analysis, Ease Of Use
Commentary  |  12/30/2010  | 
Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable
Meet The "SMS of Death"
Commentary  |  12/30/2010  | 
If a pair of German security researchers are correct, a successful SMS attack could cripple vast segments of mobile networks.
Information Security Predictions 2011
Commentary  |  12/29/2010  | 
Here's my take on what big events will shape information security in the year ahead. (Or, maybe not).
As More SMBs Engage Online Security Concerns Grow
Commentary  |  12/27/2010  | 
Almost three quarters of small and midsize businesses were victims of cyberattacks in the past year; these tips on Web hosting and cloud security can help boost your businesses defenses.
Why SMBs Aren't Buying DLP
Commentary  |  12/27/2010  | 
Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.
SCADA Security Heats Up
Commentary  |  12/27/2010  | 
The use of Supervisory Control and Data Acquisition (SCADA) devices is growing. That growth is expected to continue to soar. According to research firm Frost & Sullivan SCADA revenues will grow from $4.6 billion last year to nearly $7 billion in 2016. Question is: What about security?
Microsoft Moves To Block Zero Day Attack
Commentary  |  12/22/2010  | 
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
Why All The Big Deals?
Commentary  |  12/22/2010  | 
Have you noticed that there seems to be a lot more "big" deals when it comes to storage acquisitions lately? Dell-Compellent, EMC-Isilon, HP-3PAR, EMC-Data Domain. This is not to say that there hasn't been smaller deals and part of the reason for the increase in big deals is perception, there is more to discuss which generates more press. There is however strategic reasoning behind the increase in larger deals.
'Tis Attack Season: 5 Ways To Fight Back
Commentary  |  12/22/2010  | 
For most of us, it's time for sleeping in, spending time with family, and ignoring e-mail. For criminals, it's time to go to work. Scammers are looking to exploit e-card traffic, sales promotions, and the general jolliness of Internet users. What better time to attack unwatched enterprise systems, siphon out data, and dig deeper into networks?
Schwartz On Security: Don't Get Hacked For the Holidays
Commentary  |  12/22/2010  | 
The Gawker data breach highlights how few companies employ passwords for security, and how many Web site users treat them as little more than a nuisance.
What If Data Services Were Free?
Commentary  |  12/21/2010  | 
Data services is my term for the storage software that most storage hardware vendors include to make their hardware a solution. The capabilities of these software applications include the basics like volume provisioning and advanced features like file services, snapshots, thin provisioning and replication. What if you could get these software functions for free and apply them to the hardware of your choice?
Security Design Fail
Commentary  |  12/19/2010  | 
It's common for routers to enable an HTTPS interface so that the device can be remotely administered. However, as was made clear this weekend, many routers are secured with hard-coded SSL keys that can be extracted and used by others.
Hacked: A Reformed Victim's Story
Commentary  |  12/17/2010  | 
What I learned as a hacking victim and how you could prevent something similar from happening to you or a loved one
Take A Deep Breath
Commentary  |  12/17/2010  | 
In the midst of the recent surge of security hype and angst, a dose of perspective
Reputation Can't Be Delegated
Commentary  |  12/16/2010  | 
A massive e-mail breach affecting Walgreens, McDonald's and others proves that while services can be outsourced, and responsibility delegated - reputation stays with you.
Why Chrome OS Will Succeed
Commentary  |  12/15/2010  | 
Google's "third choice" of operating system will sell itself to businesses and schools.
What Disaster Are You Planning For?
Commentary  |  12/14/2010  | 
When the subject of disaster recovery comes up many IT professionals' minds immediately flash to an epic event like a fire, hurricane, tornado or earthquake. While this is fine for a point of reference, what about planning for the more mundane disaster? These simple disasters can often cost you as much in revenue and brand reputation than their larger alternatives.
Gawker Goof
Commentary  |  12/13/2010  | 
Sometimes it helps knowing what not to do with database security to clarify why you need database security -- and sometimes somebody else goofs up real bad and sheds light on the little security details you need to get right
Patch Tuesday: Too Big To Ignore?
Commentary  |  12/13/2010  | 
Any IT administrators hoping to get an early jump on the holidays this week face a big disappointment: 40 software updates coming from Redmond this month.
What The Gawker Compromise Really Reveals
Commentary  |  12/13/2010  | 
Passwords are only half of the defense against compromise --unfortunately, the other half is being crippled by the login policies of many online providers.
On To 2011
Commentary  |  12/13/2010  | 
2011 will be the year we catch the first glimpse of the biometric movement
Researchers: Major Ad Networks Serving Malware
Commentary  |  12/11/2010  | 
Researchers at web security firm Armorize Technologies recently discovered that DoubleClick and Microsoft ad networks were serving (for a brief time) a banner ad tainted with malware. The attack could had of impacted millions, the researchers day.
The Hazards Of Bot Volunteerism
Commentary  |  12/10/2010  | 
Not only can you get caught, you can also get 0wned if the bot software is malicious
Is The Storage Industry Consolidated?
Commentary  |  12/10/2010  | 
There have long been predictions that the storage industry would consolidate down to three or four vendors. A few weeks ago EMC made a bid to buy Isilon and yesterday Dell made a bid to buy Compellent for $876 million dollars. These deals come on the heels of the dramatic HP - Dell bidding war over 3PAR. Is the storage industry consolidated? Not even close.
Monitoring Challenges For NERC/FERC Environments
Commentary  |  12/10/2010  | 
Many vendors claim to be entrenched within NERC and FERC regulated critical infrastructure clients, but few understand where the real goldmine of data resides
Why 2010 Will Make 2011 The Year Of SSD
Commentary  |  12/8/2010  | 
In technology we are always looking for next year to be the year of something. Reality is that most technologies don't establish themselves in a single year, but 2011 could be the year that solid state storage makes significant inroads into the enterprise data center and that work will be because of what was done in 2010.
California Does Health Care Data Breaches Right
Commentary  |  12/7/2010  | 
Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.
Avast, Ye Pirates: It's Free
Commentary  |  12/7/2010  | 
Pirated installations of free Avast software included two in Vatican City
What Appliances Should Be Virtualized?
Commentary  |  12/3/2010  | 
In our last entry we discussed the value of virtual appliances and how they might be a better option for the data center than stand alone appliances are today. If you agree that there is value in leveraging the virtual infrastructure for appliances then the next step is to decide which appliances make the most sense to be virtualized.
Wikileaks: The Canary In The Coal Mine For DLP
Commentary  |  12/2/2010  | 
The supposedly confidential State Department memos ('cables' in the quaint, antiquated parlance of diplomats) oozing out in dribs and drabs this week prompts many questions, but for the IT professional none is more acute than "how could something like this even happen?" This marks the third time in the last six months that the Web's premier whistleblower outlet has release dsensitive government reports. Admittedly, most of these aren't highly classified (and none are "top secret), nor even all t
The Value Of Virtual Appliances
Commentary  |  12/1/2010  | 
Vendors created the appliance market by delivering their software applications pre-installed on standalone servers. The goal was to simplify installation for the users and to make support easier thanks to the consistent hardware platform. The downside to appliances is that there is an added hardware cost and when performance needs to be upgraded it often requires a new appliance. These issues can be addressed by leveraging server virtualization to create virtual appliances.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...