Content posted in February 2008
Page 1 / 2   >   >>
F-Secure Survey Shows Misplaced Security Confidence
Commentary  |  2/29/2008
A new computer-use survey from security firm F-Secure shows that the majority of more than 1,000 respondents understands the importance of updating virus definitions. Yet less than 20 percent understood the need for frequent definition updates.
Stimulating Choices
Commentary  |  2/29/2008
OK, so you can't take yourself public like Visa. But how much thought have you given to that big, fat check coming your way in May? You know, the "Spend our way out of this nonrecession" check?
Sourcefire's Earnings Not So Hot. CEO Jackson Ousted.
Commentary  |  2/28/2008
Network security provider Sourcefire announced its earnings yesterday. The less-than-spectacular results show a company fighting numerous headwinds. So can it set its sail straight?
Stomping On Your Carbon Footprint
Commentary  |  2/28/2008
The "greening" of IT is very à la mode right now, especially in storage. But this umbrella term suffers from overuse, and near as I can tell, is a euphemism for using less electricity. It's also a "feature" that enables some vendors to bump up their prices. So what exactly is the fuss again?
VMware Moves To Protect Applications Living On The Hypervisor
Commentary  |  2/27/2008
On the heels of a file sharing flaw uncovered earlier this week by a security firm, and the announcement of a number of security patches, virtualization leader VMware says it plans to release an API for third-party security applications.
From 'Energized' To Not So Interested
Commentary  |  2/27/2008
The little do-si-do between Congress and the White House over missing e-mails is apparently over. Cynics might predict the next steps will be a digging in of heels, followed quickly by threats to launch (and bungle) an investigation, or worse, appoint a special prosecutor.
An Ounce Of Virtual Prevention
Commentary  |  2/26/2008
Security researchers found/punched a new hole in one of VMware's products this week, and from some quarters, it's being written about as if virtual machinery had never been a target for malicious code before. Those in the data center know differently.
Surprise, Surprise. Federal Agencies Not Protecting The Information They Collect About You
Commentary  |  2/26/2008
There are many policies, mandates, and laws that govern personally identifiable and financial information for federal agencies. So just how many federal agencies are living up to their responsibilities?
Cell Phone Device Detects Deleted Data
Commentary  |  2/26/2008
Cell phone users whose phones use SIM (Subscriber Identity Module) strips need to know that a new device that reads those strips can also retrieve deleted text messages. It's called, appropriately enough, Cell Phone Spy.
Challenges From The Vendor View
Commentary  |  2/26/2008
Vendors see the world of technical challenges a bit differently -- and no surprise here: The items they cite often tend to play to the vendor's strengths or ongoing market initiatives. But here are how big thinkers at some storage vendors view the biggest engineering challenges ahead.
Virtualization: Just Another Layer Of Software To Patch?
Commentary  |  2/25/2008
Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.
A Bad Day at Pakistan Telecom
Commentary  |  2/24/2008
Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I
Up To The Challenge?
Commentary  |  2/23/2008
Mask complexity, improve performance, and automate every last function possible -- those, in a giant nutshell, are the biggest engineering challenges for storage in the next several years, according to some big thinkers who've deployed a SAN or two in their time.
Where Storage Gets Innovative
Commentary  |  2/21/2008
There are lots of good barometers out there -- the Dow Jones Industrial Average comes to mind, as does the Consumer Confidence Index. A little closer to home, this gauge of where VCs and angel investors are placing their bets tells you a lot about where storage is headed in the next 12 months.
Encrypted Disks At (Some) Risk To Eavesdroppers
Commentary  |  2/21/2008
Whether you are using Windows Vista BitLocker, Mac OS X FileVault, Linux-based dm-crypt, or open source disk encryption software TrueCrypt - your data could be at risk to snoops, researchers have found. While it is troubling news, all is not lost.
Learn To Hack -- Ethically!
Commentary  |  2/21/2008
Know your enemy means knowing how your enemy works. That's the philosophy behind McAfee's Foundstone Professional Services Ethical Hacking course. You, too, can learn how to find and exploit network vulnerabilities -- but only if you pledge to use the knowledge for good.
Big Challenges Ahead
Commentary  |  2/20/2008
Late last week, the National Academy of Engineering issued a list of the biggest technical challenges of the 21st century, some real thorny knots like reverse-engineer the human brain and prevent nuclear terrorism. It got me wondering how the some of brightest minds in storage might answer the same question. So I asked them.
Microsoft Moves To Squash 'Friendly' Worm
Commentary  |  2/20/2008
Last week, NewScientist ran a story about Microsoft's researching how worms -- really, really effective worms -- could be used to disseminate software patches. Today, Microsoft seems to be backing away from the idea.
That Didn't Take Long
Commentary  |  2/19/2008
And mercifully so -- the battle over the next-gen DVD came to a close as Toshiba threw in the high-def towel today. But as quickly as data and media formats are evolving, does it really matter?
When Good Intentioned Users Do Harm
Commentary  |  2/19/2008
Minneapolis-based data recovery and forensic software maker Kroll Ontrack published a list of what the company estimates to be some of most common mistakes end users make when trying to save data from a failing drive.
Security And (Or) Regulatory Compliance
Commentary  |  2/18/2008
Anyone who knows me knows that I don't believe achieving regulatory compliance is a technology problem. Sure, good tech will help you get there. But at it's core, compliance is a processes problem. And a pet peeve of mine has been how the mad dash toward regulatory compliance has, in many organizations, forced CISOs to take their eye off of security.
Safety In Numbers
Commentary  |  2/15/2008
There's a great movie I hope they still show in math and science classes called something like "Powers of 10." It begins with a shot of an earthbound human, then zooms out 100 feet, then 10,000 feet, racking up the exponents til we're out in Carl Sagan country. It then reverses itself into the subatomic realm. It blew my 10-year old mind, such that when the discussion turns to
A (Potentially) Bad Idea Is Resurrected At Microsoft
Commentary  |  2/14/2008
The software maker is researching ways to use worms as a software patch distribution mechanism. Not on any of my machines.
'Pleased To Put This Matter Behind Us'
Commentary  |  2/14/2008
As a journalist, it makes me wince to witness reporters getting all sanctimonious when in reality they're doing little more than burnishing their reputations. But the roles got reversed as Hewlett-Packard settled one of two sets of pretexting and spying claims yesterday, acting and speaking with a smugness and neutrality that don't really put the matter behind anyone.
Valentine's Virus-Mail-- Anything But Romantic
Commentary  |  2/14/2008
Won't you be my Valentine? Won't you be my VirusTime is more like it, as a storm of malicious e-cards and messages breaks across the Net. Don't click on any unexpected e-cards or messages, however Cupid-cute -- and warn your employees not to, either.
Now, That's Service
Commentary  |  2/13/2008
Six weeks into the year and you're finally remembering that sinuous "8" when you write a new check. And it's been barely a week since the Year of the Rat celebrations ended. No matter -- in Storageville, it's pretty safe if we just go ahead and label this the Year of Storage Services.
Zero-Day Attacks Trend Down? I Don't Give A Flying Hoot
Commentary  |  2/13/2008
Security researchers and the press like to parse vulnerability trends. They like to argue (among themselves) as to whether zero-day attacks are on the rise, and if the underground is selling or sandbagging the security flaws these black hats uncover. I say: So what? None of this should matter to you.
Google Warns Of Search Fraud Surge
Commentary  |  2/13/2008
As search engines become the default starting point for many if not most Web activities, they're increasingly targeted by crooks. That's what Google's finding, and pretty grim findings they are.
The Changing Role Of The CISO?
Commentary  |  2/12/2008
Just a few years ago, the chief information security officer's focus was to defend business-technology systems from the continuous barrage of viruses, worms, denials-of-service, and many other types of attacks that placed system availability and information at risk. For many, I suspect, this role has changed dramatically.
Partners That Compete
Commentary  |  2/12/2008
I know cooperative competition is supposed to be a cornerstone of business today. Still, I have to wonder how much further down the path to recovery will Dell get before its primary storage partner EMC complains?
Microsoft Office, Internet Explorer At Greatest Risk
Commentary  |  2/12/2008
Microsoft unleashed 11 security bulletins today, as part of its monthly patch cycle. Six of the bulletins are rated by the software vendor as "Critical," and five are ranked as "Important." You'll want to patch yourself right away, but if you had to prioritize . . .
Apple Fixes Security Holes, Updates Leopard
Commentary  |  2/11/2008
Where last week finished up with having to patch my Firefox browser with two handfuls of security patches, Apple has released its first batch of security updates for this year. And it's a biggie.
Pleading The E-Fifth
Commentary  |  2/11/2008
It's probably not the career most storage professionals might have envisioned -- data forensic specialist, law enforcement agent, and archivist/go-fer. But with recent incidents that span from Detroit to Paris, here's why storage
Following Bevy Of Patches, The Firefox Browser Is Still Vulnerable
Commentary  |  2/11/2008
On Friday, Feb. 8, Mozilla released an updated version of its Firefox Web browser that aimed to fix 10 vulnerabilities. Now, at least one security researcher says flaws still remain.
Malware Getting Worse: 11 Trends To Watch
Commentary  |  2/11/2008
Half a million malwares (and then some) and counting -- that's McAfee Avert Labs' prediction for this year. That's a more than 50 percent jump over '07, and the scarier thing is that the prediction may be conservative.
Storm Worm Makers Reaping Millions A Day In Profit
Commentary  |  2/10/2008
That's the scoop from a U.K. PC publication quoting an IBM Internet Security Systems' security expert during a debate at NetEvents Forum in Barcelona.
Backup That's Off The Hook
Commentary  |  2/8/2008
"Unfortunately, it's a huge file and it's taking a long time," says a Verizon spokesman in this report about a database gone astray. Unfortunately, the file problem left 750,000 landline customers here in Southern California without any voice mail service for two days.
PCI Web Application Security Deadline Looms
Commentary  |  2/8/2008
If you're a Web merchant, you're (or had better be) familiar with the Payment Card Industry Data Security Standard, or PCI DSS. What you may not know is that this June some new rules apply.
Enough With The Patches Already!
Commentary  |  2/7/2008
I'm growing increasingly grateful for those quiet days when I can actually use my computer systems, for work or fun, rather than have to patch them. Is it really too much to ask?
Socially Challenged
Commentary  |  2/7/2008
You'd think I might have taken the hint the year someone gave me Miss Manners' Guide to Excruciatingly Correct Behavior for Christmas. But in the real world or online, I can't seem to get that whole social graces things right. Which is why I'm such a zero with social networks.
Online Shoppers Increasingly Fed Up With Data Breaches
Commentary  |  2/7/2008
For anyone who needs even more evidence that security is critical to keeping online shoppers happy: read on.
Spam Across The Waters: Europe Grabs Junkmail Lead
Commentary  |  2/7/2008
This month's Symantec Spam Report brings some interesting -- and surprising -- information about the nature of the spam that clogs our queues and pipelines. Spam filesize is shrinking and more of it's coming from Europe than anywhere else.
Total Cost Of Lead Generation
Commentary  |  2/6/2008
I know at least four vendors who'd be more than willing to help you calculate it, but does anyone really know the total cost of ownership (TCO) of their storage? Too often, these calculations have about the same gravitas as when someone starts describing what they're worth "on paper."
Free Encryption For All
Commentary  |  2/6/2008
Sure, you can keep your files secure with BitLocker, available for certain versions of Vista. And Mac users have FileVault, which is free with Mac OS X. Personally, I like TrueCrypt. Here's why.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.