Content posted in March 2011
NSA Investigating Nasdaq Hack
Commentary  |  3/31/2011
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Schwartz On Security: Online Privacy Battles Advertising Profits
Commentary  |  3/30/2011
Do businesses have the right to make money from the unregulated buying and selling of personal information?
(Slightly) More Organizations Proactively Managing Security Efforts
Commentary  |  3/30/2011
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
Collecting The SSD Garbage
Commentary  |  3/28/2011
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
"Trusted" Sites Fail To Clean Malvertising Scourge
Commentary  |  3/27/2011
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
Commentary  |  3/26/2011
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Understanding SSD Vendor Talk
Commentary  |  3/25/2011
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Are Industrial Control Systems The New Windows XP
Commentary  |  3/24/2011
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
McAfee's DAM Acquisition
Commentary  |  3/23/2011
Sentrigo acquisition fills data center security hole in McAfee's offerings
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
RSA Breach Leaves Customers Bracing For Worst
Commentary  |  3/18/2011
RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.
Trojan Attacks Remain Most Popular
Commentary  |  3/16/2011
Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.
Table Stakes
Commentary  |  3/15/2011
For years we wanted a seat at the executive table. Now that we have it, it's time to play the game or head home.
Storage Performance Challenges In Virtualized Environments
Commentary  |  3/15/2011
The storage infrastructure that supports a virtualized server environment can quickly become a roadblock to expansion. As the project grows, server virtualization places new performance and scaling demands on storage that many IT professionals have not had to deal with in the past. In this entry we will cover some of the causes of the problems and in upcoming entries we will discuss how to overcome those problems.
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011
New subsite will offer more in-depth news coverage, analysis on next-generation threats
NERC Creates Cyber Assessment Task Force
Commentary  |  3/12/2011
The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.
Botnet Threat: More Visibility Needed
Commentary  |  3/11/2011
According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.
The Promise -- And Danger -- Of Social Networking During Disaster
Commentary  |  3/11/2011
It's time to consider a social networking-based Emergency Broadcast System
The Truth About Malvertising
Commentary  |  3/10/2011
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Watch Where You Swipe
Commentary  |  3/10/2011
We tend to focus attention toward online data and identity theft and forget that we can be targeted just as easily offline.
How I've Become One With The Rest Of The World
Commentary  |  3/10/2011
I'm not quitting the security game, but I want to get experience outside of the choir
Establishing Tiered Recovery Points
Commentary  |  3/9/2011
Our last entry introduced the concept of tiered recovery points. In this entry we will go into more detail about tiered recovery points. There are typically three types of recovery points you want; instant or close to it, also know as high availability. Within a few hours via some sort of disk or tape backup and finally recovering something old, an archive. Each of these tiers need to be established and
Database Lockdown In The Cloud
Commentary  |  3/9/2011
In the cloud, we turn things around a bit and focus on data security rather than the database container
Dealing With Recovery Transfer Time
Commentary  |  3/7/2011
In our last entry we discussed lessons to be learned from the Gmail crash. In an upcoming entry we'll cover establishing the tiered recovery points. These three tiers of recovery; high availability (HA), backup and archive provide a similar goal; application availability. What separates them is the time it takes to put the data back in place so the application can return to service. Dealing with recove
Hypervisor Security: Don't Trust, Verify
Commentary  |  3/4/2011
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
A New Spin On Fraud Prevention
Commentary  |  3/3/2011
Most online fraud stems from electronic transactions not associating the identity of the user with the card or account
What We Can Learn From The Gmail Crash
Commentary  |  3/2/2011
Google's Gmail had a glitch introduced that caused 30,000 users or so to loose email, chat and contacts from their Gmail accounts. The cause appears to be a bug in a software update. The current piling on by some storage vendors is humorous. As my mother used to say "people in glass houses shouldn't throw stones". Instead of doing that, lets learn from this experience so we can keep this from
Security Certifications: Valuable Or Worthless?
Commentary  |  3/2/2011
New survey asks information security pros whether certifications have shaped their careers
Why I'm Quitting Security (Part 1)
Commentary  |  3/1/2011
In hacker-on-hacker attacks, the security community turns on itself, which breeds distrust
Automatic Storage Optimization
Commentary  |  3/1/2011
It will come as no shock to any storage manager that the capacity of the data that you need to store is growing. The problem is that your budget is not, or at least not as fast as your need for storage. The speed of growth also means that traditional techniques may no longer be effective. You need the storage system to just handle it, in other words storage optimization needs to be automatic.

The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/20/2018
City of Atlanta Hit with Ransomware Attack
Dark Reading Staff 3/23/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.