Commentary

Content posted in March 2011
NSA Investigating Nasdaq Hack
Commentary  |  3/31/2011  | 
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
Commentary  |  3/31/2011  | 
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
Schwartz On Security: Online Privacy Battles Advertising Profits
Commentary  |  3/30/2011  | 
Do businesses have the right to make money from the unregulated buying and selling of personal information?
(Slightly) More Organizations Proactively Managing Security Efforts
Commentary  |  3/30/2011  | 
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
Collecting The SSD Garbage
Commentary  |  3/28/2011  | 
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Microsoft Wins A Botnet Battle
Commentary  |  3/28/2011  | 
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
"Trusted" Sites Fail To Clean Malvertising Scourge
Commentary  |  3/27/2011  | 
Reports indicate that users of Facebook and the European music service, Spotify, have been exposed recently to malvertising attacks.
Shocker! (Not Really): Users Apathetic When It Comes To Mobile Security
Commentary  |  3/26/2011  | 
Survey conducted by the Ponemon Institute shows just how lax users really are when it comes to securing their smartphone devices.
Understanding SSD Vendor Talk
Commentary  |  3/25/2011  | 
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Are Industrial Control Systems The New Windows XP
Commentary  |  3/24/2011  | 
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
McAfee's DAM Acquisition
Commentary  |  3/23/2011  | 
Sentrigo acquisition fills data center security hole in McAfee's offerings
Schwartz On Security: Advanced Threats Persist And Annoy
Commentary  |  3/23/2011  | 
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
A Deep Dive Into The Latest Threats
Commentary  |  3/22/2011  | 
New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it
RSA Breach Leaves Customers Bracing For Worst
Commentary  |  3/18/2011  | 
RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.
Trojan Attacks Remain Most Popular
Commentary  |  3/16/2011  | 
Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.
Table Stakes
Commentary  |  3/15/2011  | 
For years we wanted a seat at the executive table. Now that we have it, it's time to play the game or head home.
Storage Performance Challenges In Virtualized Environments
Commentary  |  3/15/2011  | 
The storage infrastructure that supports a virtualized server environment can quickly become a roadblock to expansion. As the project grows, server virtualization places new performance and scaling demands on storage that many IT professionals have not had to deal with in the past. In this entry we will cover some of the causes of the problems and in upcoming entries we will discuss how to overcome those problems.
Dark Reading Launches New Tech Center On Advanced Threats
Commentary  |  3/13/2011  | 
New subsite will offer more in-depth news coverage, analysis on next-generation threats
NERC Creates Cyber Assessment Task Force
Commentary  |  3/12/2011  | 
The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.
Botnet Threat: More Visibility Needed
Commentary  |  3/11/2011  | 
According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.
The Promise -- And Danger -- Of Social Networking During Disaster
Commentary  |  3/11/2011  | 
It's time to consider a social networking-based Emergency Broadcast System
The Truth About Malvertising
Commentary  |  3/10/2011  | 
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Watch Where You Swipe
Commentary  |  3/10/2011  | 
We tend to focus attention toward online data and identity theft and forget that we can be targeted just as easily offline.
How I've Become One With The Rest Of The World
Commentary  |  3/10/2011  | 
I'm not quitting the security game, but I want to get experience outside of the choir
Establishing Tiered Recovery Points
Commentary  |  3/9/2011  | 
Our last entry introduced the concept of tiered recovery points. In this entry we will go into more detail about tiered recovery points. There are typically three types of recovery points you want; instant or close to it, also know as high availability. Within a few hours via some sort of disk or tape backup and finally recovering something old, an archive. Each of these tiers need to be established and
Database Lockdown In The Cloud
Commentary  |  3/9/2011  | 
In the cloud, we turn things around a bit and focus on data security rather than the database container
Dealing With Recovery Transfer Time
Commentary  |  3/7/2011  | 
In our last entry we discussed lessons to be learned from the Gmail crash. In an upcoming entry we'll cover establishing the tiered recovery points. These three tiers of recovery; high availability (HA), backup and archive provide a similar goal; application availability. What separates them is the time it takes to put the data back in place so the application can return to service. Dealing with recove
Hypervisor Security: Don't Trust, Verify
Commentary  |  3/4/2011  | 
Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.
A New Spin On Fraud Prevention
Commentary  |  3/3/2011  | 
Most online fraud stems from electronic transactions not associating the identity of the user with the card or account
What We Can Learn From The Gmail Crash
Commentary  |  3/2/2011  | 
Google's Gmail had a glitch introduced that caused 30,000 users or so to loose email, chat and contacts from their Gmail accounts. The cause appears to be a bug in a software update. The current piling on by some storage vendors is humorous. As my mother used to say "people in glass houses shouldn't throw stones". Instead of doing that, lets learn from this experience so we can keep this from
Security Certifications: Valuable Or Worthless?
Commentary  |  3/2/2011  | 
New survey asks information security pros whether certifications have shaped their careers
Why I'm Quitting Security (Part 1)
Commentary  |  3/1/2011  | 
In hacker-on-hacker attacks, the security community turns on itself, which breeds distrust
Automatic Storage Optimization
Commentary  |  3/1/2011  | 
It will come as no shock to any storage manager that the capacity of the data that you need to store is growing. The problem is that your budget is not, or at least not as fast as your need for storage. The speed of growth also means that traditional techniques may no longer be effective. You need the storage system to just handle it, in other words storage optimization needs to be automatic.


20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff 10/13/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.