Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in April 2008
Page 1 / 2   >   >>
You're Infected With Malware. And You Don't Care.
Commentary  |  4/30/2008  | 
Could it be true? Could there be thousands, if not more, Internet users infected with botnets, who know they're infected, and don't care enough to do anything about it?
XP Service Pack Delay: What Else Is New?
Commentary  |  4/30/2008  | 
Microsoft's on-again/off-again extension of support for XP may or may not be on-again, but the latest delay of the latest long-awaited XP Service Pack delay may strike some of us as the last straw.
Will Code Viruses For Beer
Commentary  |  4/29/2008  | 
A controversial contest at this year's Defcon hacker conference promises to reward the most successful virus writers.
New Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
Commentary  |  4/28/2008  | 
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.
Windows XP Service Pack 3
Commentary  |  4/28/2008  | 
While there's not a lot of big news or fanfare surrounding the imminent release of Windows XP Service Pack 3, there are a number of interesting security enhancements.
Those Social Networking Apps? Not as Safe as Your Employees Think
Commentary  |  4/28/2008  | 
There's lots of talk about the time-wasting element inherent in social networking sites like MySpace and Facebook. Along comes yet another reason for a smaller business to block these sites: Security, or lack thereof.
Astaro Survey Sez Your Security Spending Seems Recession-Proof. Really?
Commentary  |  4/25/2008  | 
The results of a recent survey of small and midsize business IT security spending plans are being interpreted/marekted as signs that your security spending is "recession proof." A closer look suggests something quite different.
Quick! Unplug Your Internet Connection!
Commentary  |  4/24/2008  | 
According to the security vendor Sophos, one Web page is infected with malicious software every five seconds. Yeah, but it's probably mom-and-pop and porn Web sites with all of the infections, you say. Think again.
McAfee And PlumChoice DoubleTeam For Remote Business Tech Services
Commentary  |  4/24/2008  | 
The latest alliance targeting small and midsize business tech-needs is McAfee's just-announced linkup with PlumChoice to provide on-demand tech services to, well, to you.
Focus On Managing Risk, Not Gruntwork
Commentary  |  4/23/2008  | 
With large enterprises sporting hundreds of applications, firewalls, routers, and other networking devices -- and more than 139 newly announced vulnerabilities each week -- how do they know what vulnerabilities actually matter?
Are EMC And IBM Reliable Storage Bellwethers?
Commentary  |  4/23/2008  | 
Their success is no guarantee of success for other vendors, but dismal results from these two companies would augur poorly for the rest of the storage industry, to say the least. And quite apart from my glass half-empty outlook, I'm not sure how much weight to give the recent positive financial performance from EMC and IBM.
Hard Drive Encryption Becomes Loaded-Laptop Hard Drive Feature
Commentary  |  4/23/2008  | 
With nearly three-quarters of a million laptop and notebook computers lost or stolen each year, there's a better than good argument for equipping yourself and your remote staff with encrypted disks on their portable gear.
Physical Security Breaches Trump Vulnerabilities
Commentary  |  4/22/2008  | 
When it comes to publicly disclosed breaches, chances are the root cause was a stolen system, not a hack.
New Malware Page Every Five Seconds: Sophos
Commentary  |  4/22/2008  | 
Sophos released its Q1 2008 threat report today, and the news ain't good. In fact, it's three times as bad as last year -- that's how fast the threats are increasing. And increasing every five seconds.
Crank Up The Volume
Commentary  |  4/22/2008  | 
If storage were an audio receiver, we'd be flirting with that "9" or "10" mark on that big black dial. But we're talking capacity here (and maybe speed), as vendors appear to bend the rules of physics by cramming more bytes than any space or drive should be able to accommodate.
Microsoft's Security Development Life Cycle (SDL) Metrics: Microsoft Can Do Better
Commentary  |  4/21/2008  | 
Microsoft can, and should, provide more insight into how well its security development life cycle is working.
Ooops -- Microsoft Nags More Office Users Than It Meant To
Commentary  |  4/21/2008  | 
Microsoft's latest attempt to track down illegitimate copies of its programs -- in this case Office -- went a bit (and way more than a bit) farther than the company intended last week when it released an Office piracy detector worldwide, instead of to the four countries the program targeted.
Functional Encryption: Making It Hard for Intruders, Easy for Programmers
Commentary  |  4/20/2008  | 
What's the biggest problem in data security these days? Would you believe it's the widespread use of "trusted servers" to store and secure data, at least according to Amit Sahai, Brent Waters, and Jonathan Katz.

Dedupe's Big Week
Commentary  |  4/18/2008  | 
Data Domain and Quantum get smacked around pretty good over how "in-line" their products really are. IBM bought Diligent. And deduplication-come-latelies ExaGrid and FalconStor add new gear to the mix. Geez, maybe there really is a market here.
E-mail Security System Keeps An Eye Out For You -- But Not On You
Commentary  |  4/18/2008  | 
A new free (for now) mail encryption service uses shared-key question and answer encryption to make sure you and your recipient are the only ones who know what you're corresponding about.
Ever Lose A Smartphone?
Commentary  |  4/17/2008  | 
I've lost a number of them, and each time I've left behind a smartphone or PDA, I've worried not so much about the device -- but the personal data it holds. Kaspersky Lab is offering what could be a viable solution.
Sweets For The Cheats: Like Passwords For Chocolate
Commentary  |  4/17/2008  | 
It's silly -- and sexist -- season again, as a European security conference lets us know, as it does every year, just how easy it is to acquire passwords from workers. Namely, how many passwords can you get in exchange for a bit of chocolate?
What Are Your Employees Doing on the Road?
Commentary  |  4/17/2008  | 
Trust can be a trait that takes long time to develop but can be quickly broken. If your company trusts its employees to use the Internet judiciously on the road, then it may be time to rethink that position.
When You Spring A Wikileak
Commentary  |  4/17/2008  | 
When thinkers of big thoughts talk about the democratizing effect of technology, they needn't look a whole lot further than Wikileaks or LiveLeak. Incendiary anti-Muslim video, copies of documents from Guantanamo -- this stuff leaves the Huffington Post and other Web 2.0 "news" sites in the dust.
Good News: After Breach, Consumers Vote With Their Feet
Commentary  |  4/16/2008  | 
Survey results show that nearly one-third of consumers terminate their relationship with an organization following a security breach.
CEO Spam Scam: Phishing For Big Fish
Commentary  |  4/16/2008  | 
A new targeted spam campaign uses fake federal subpoenas to trick CEOs into clicking on a malware link. One source indicates that 15-20,000 spams went out. And amazingly, about 10 percent of the recipients responded!
Data in Motion, And At Rest
Commentary  |  4/15/2008  | 
As an IT professional, which one worries you more? And what do you do about a technology like RFID that splits the difference between those two conditions -- stationary, yet traveling across the airwaves, and god knows where else?
Is It Time For Security To Go On The Offense?
Commentary  |  4/15/2008  | 
Security researcher Joel Eriksson recently demonstrated how security vulnerabilities within hacker attack tools can be used to turn the tide on online criminals.
CISO: More Strategic Thought Needed
Commentary  |  4/14/2008  | 
The time has come for chief information security officers to become less tactical, more strategic.
E-Ignorance Can Be Bliss
Commentary  |  4/14/2008  | 
I missed something that was staring me in the face. It wasn't something huge or important, like, "Oh, look, Hillary Clinton's really trying to be nice this week." No, what I happily missed were online ads served up by Evite alongside the "Come to dinner" verbiage. This offense apparently is enough for the New York Times to proclaim the site as the ruination of parties in our modern e-times. But what if we forget
Thumbs Down: Flash Drives Are Bigger Threat Than Many Of You Know
Commentary  |  4/14/2008  | 
The sheer convenience and affordability of flash drives is matched -- and more than matched -- by the threat potential they possess. And that's according to one of the drives' leading manufacturers.
Spoofing WiFi Positioning (and the Boss)
Commentary  |  4/14/2008  | 
The boss wants it both ways. On one hand, she doesn't like me hanging around the office, disrupting a normal, pleasant working environment. On the other hand, she wants to know where I am at all times -- right, like I'm going to tell.

The Temperature Of Storage
Commentary  |  4/12/2008  | 
Why can't I look away from the morning weather report, or just turn the page when I come across the odds-makers' lines on the sports section? Maybe it's the control freak in me. Or that I want to believe some mere mortal really knows how this will all turn out. Maybe I just want information, even if it's deemed reliable but not guaranteed. I try to remember all this as I read the temperature taking going on in the storage industry, against a backdrop of bankruptcies, foreclosures, and r
Mirrored Excitement
Commentary  |  4/11/2008  | 
I haven't seen the storage blogosphere this atwitter since Dan Warmenhoven's testy exchange with some analysts or EMC blindsided the industry with its support for solid-state drives. But Atrato and Xiotech have generated real buzz this week ove
Security Is No Longer About The Operating System
Commentary  |  4/10/2008  | 
Now that Adobe has updated its graphics and video software, a near ubiquitous security vulnerability has been fixed.
Down To Business: It's Past Time To Elevate The Infosec Conversation
Commentary  |  4/10/2008  | 
At the RSA conference, the security discussion was about helping customers innovate and deliver business value.
Al Gore's Top Secret Speech At RSA
Commentary  |  4/10/2008  | 
If any RSA Conference attendee wants to loan me his or her RSA badge on Friday afternoon for about an hour, send me an e-mail. I was planning to attend Al Gore's keynote on emerging green technologies that day from 2:15 PM to 3:00 PM, but it turns out that members of the media aren't going to be allowed in. Evidently, Gore will be discussing the ingredients in
Bots Gone Wild: Handful Of Botnets Run A Million Machines
Commentary  |  4/10/2008  | 
How many botnets does it take to grab a million computers and use them to send out billions (and billions and billions) of spams a day? Less than a dozen, according to one security expert.
When Politics And Porn Collide
Commentary  |  4/10/2008  | 
If the measures of effective protest include chaos and noise, then yesterday's anti-Chinese demonstrations in San Francisco were modestly successful. I inadvertently waded into the mayhem late Wednesday morning trying to make my way to the RSA Conference going on at the Moscone Center this week.
Why Did EMC Buy Iomega?
Commentary  |  4/9/2008  | 
By now you've read the news reports that EMC bought Iomega for $213 million. I can't help but wonder what they got that was worth it. Back in the days when 100 MB Zip disks were the easiest way to move more than a floppy's load of data from one place to another, Iomega was a force to be reckoned with. Today it sells USB hard drives, low-end NAS boxes running Windows Storage Server, and the REV removable media hard drive. Why would EMC, king of the services sale, want to enter the low-margin con
Five New Virtualization Security Vendors
Commentary  |  4/9/2008  | 
There are plenty of virtualization security vendors leaping out of the shadows. Here are five new players worth a look.
The Cybercrime Economy
Commentary  |  4/9/2008  | 
Dot-coms daunted by the financial downturn would be well advised to look to the cybercrime economy. Cybercriminals "have very sound business models," said Joe St Sauver, manager of Internet2 Security Programs through the University of Oregon at an RSA Conference panel on Wednesday, "better than many corporate business plans I routinely see."
Symantec Report: Malware Makers Setting Sights Via Trusted Sites
Commentary  |  4/9/2008  | 
Symantec's latest Internet threat report makes clear that the bad guys have shifted the focus of their approach from luring users to malicious sites to placing their malware on legit sites that users know and trust.
Wheeling And Dealing
Commentary  |  4/8/2008  | 
With the RSA conference on the West Coast competing with Storage Networking World in Orlando, Fla., this week, there are just a couple of vendors big enough to straddle both realms. Any guesses? Both have figured prominently in the tech headlines in the last 48 hours.
Online Storage: Security Risk Is Minimal
Commentary  |  4/8/2008  | 
InformationWeek security reporter Thomas Claburn questions the security of online storage services. Do online storage services pose a grave security risk?
Locking Down Stolen Laptops About to Become Simpler
Commentary  |  4/8/2008  | 
Mobility offers small and medium businesses a way to improve productivity. One downside is the difficulty in protecting sensitive information if a laptop computer is stolen or --more likely-- left behind as executives scurry from place to place.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file