Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in March 2013
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
Commentary  |  3/28/2013  | 
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
BlackBerry Balance: The Real Reason To Buy It
Commentary  |  3/28/2013  | 
BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
Follow The Dumb Security Money
Commentary  |  3/26/2013  | 
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Commentary  |  3/25/2013  | 
Compliance, like security, is not a constant
Putting Out Fires With Gasoline
Commentary  |  3/25/2013  | 
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
Database Security Restart
Commentary  |  3/25/2013  | 
How to restart your database security program
Cisco Reports Some IOS Passwords Weakly Hashed
Commentary  |  3/20/2013  | 
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
Samsung? BlackBerry? Who Will Win The Containerization Wars?
Commentary  |  3/19/2013  | 
The chaos of multiple container formats won't last
On Security Awareness Training
Commentary  |  3/19/2013  | 
The focus on training obscures the failures of security design
Your Password Is The Crappiest Identity Your Kid Will Ever See
Commentary  |  3/18/2013  | 
Ever watch an episode of 'Mad Men' and see everyone smoking? Some kid in 2045 will look at their parent and ask, did you really have to enter a password that many times?
With Biometrics, Can Fingers Do Password Management's Work?
Commentary  |  3/18/2013  | 
Biometrics are one way end users can, literally, "give the finger," to cumbersome password management systems. But it wont be cheap.
Managing The Local Admin Password Headache
Commentary  |  3/15/2013  | 
Forcing and managing unique passwords on Windows systems in an enterprise network can be challenging, but many tools are out there to help
Outsource Your Monitoring To The Business
Commentary  |  3/14/2013  | 
Don't keep all of the fun to yourself
Database Security Operations
Commentary  |  3/14/2013  | 
Process -- not tools -- is important
You've Been Hacked, But For How Long?
Commentary  |  3/13/2013  | 
One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your ‘Mean Time To Know’ (MTTW) about an intrusion is with profile-based network monitoring
Defending Local Admin Against Physical Attacks
Commentary  |  3/13/2013  | 
Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
Better Patching Priority
Commentary  |  3/11/2013  | 
What to consider when prioritizing risks
Samsung Knox Raises Android Security Game
Commentary  |  3/11/2013  | 
Following the BlackBerry announcement of BES 10 as a general-purpose mobile management solution, Samsung has expanded its SAFE program to include EMM features like MAM and business/personal partitioning. These companies are advancing the technology for customers. Where are Microsoft and Apple in this?
Cerberus, White Courtesy Phone, Please
Commentary  |  3/8/2013  | 
Why you need two opposing styles of monitoring
Password Police Cite Evernote Mistakes
Commentary  |  3/7/2013  | 
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
The Great Lie Of Compliance
Commentary  |  3/6/2013  | 
If you believe you are fully compliant, then you are not
BlackBerry Can Set EMM Standard With BES 10
Commentary  |  3/5/2013  | 
The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the central console for managing all mobile devices
Evernote Resets Everyone's Passwords After Intrusion
Commentary  |  3/2/2013  | 
After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords
Kill Passwords: Hassle-Free Substitute Wanted
Commentary  |  3/1/2013  | 
Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe.
Open Public Wi-Fi: How To Stay Safe
Commentary  |  3/1/2013  | 
One day our systems will be built to default always to secure configurations, but we're not there yet
Defending Local Administrator Accounts
Commentary  |  3/1/2013  | 
One compromised desktop is all is usually takes for complete network ownership by an attacker; local admin accounts are often the mechanism for that escalation


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...