Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in June 2010
Have A Secure Summer Vacation
Commentary  |  6/30/2010  | 
With summer now here officially, many of you are most likely planning vacations, and you probably want to be able to connect to the Internet during your vacation. But how do you do this securely?
Which Platform Is Safer: Android, Blackberry, or iPhone?
Commentary  |  6/30/2010  | 
With the hand-held platform battle over market share heating up, more people are wondering just which platforms may be safer from attackers and snoops.
Protecting SSH From The Masses
Commentary  |  6/30/2010  | 
SSH brute-force attacks are not uncommon against computer systems sitting on public IP addresses. Script kiddies and botnet-infected systems are scanning the Internet looking for low-hanging fruit (think: weak passwords) to leverage for additional attacks, website defacements, or attack-tool storage.
Dark Reading Launches New Tech Center On Security For Small And Midsize Enterprises
Commentary  |  6/30/2010  | 
Today Dark Reading launches a new feature: the SMB Security Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of data security in small and midsize businesses.
Keeping Data Forever vs. Data Retention
Commentary  |  6/30/2010  | 
Keeping data forever vs. data retention is going to become an increasingly fierce battle. In the past data retention strategies always won but as we discussed in our first entry in the series the technology is now available to store data forever and as we discussed in the second entry the technology is there to find it when you need it.
The Failure Of Cryptography To Secure Modern Networks
Commentary  |  6/30/2010  | 
For a while now, I've pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on.
No PDF Updates Anymore--Anyone Interested?
Commentary  |  6/29/2010  | 
Adobe has published its security updates for Adobe Reader and Adobe Acrobat.
Hackers Busted In Online Poker Cheats
Commentary  |  6/28/2010  | 
Korean police nabbed 33 hackers who were using bots to cheat online poker players from November 2009 through May of this year.
Android, iPhone, "Kill Switch" Capabilities
Commentary  |  6/27/2010  | 
The recent security related events surrounding Google Android highlights why users must exercise constant vigilance in the applications they choose to install on their handsets, and raises questions about the ability for vendors to reach into your handset to remove potentially nasty software.
FTC Security Smackdown And Twitter's Hollow Excuses
Commentary  |  6/25/2010  | 
The social networking site Twitter has settled with the U.S. Federal Trade Commission regarding charges that it failed to properly safeguard the data of its users.
There's No (New) Internet Kill Switch
Commentary  |  6/25/2010  | 
The Lieberman-Collins cybersecurity bill passed out of the Senate Homeland Security and Governmental Affairs Committee on Thursday to await consideration by the full Senate. But not everyone is satisfied with what it says.
The Types Of SSD Cache
Commentary  |  6/25/2010  | 
In our last entry we discussed the value of using solid state disk (SSD) as a cache, which provides a simpler on-ramp to the accelerated world of SSD. With SSD cache there are no or limited changes needed to applications and using SSD as a cache does not require a large capacity investment in the more premium priced technology.
iPhone iOS 4 Security
Commentary  |  6/24/2010  | 
Apple iPhone hit the streets today. I happened to be one of the lucky few who had his delivered by FedEx on Wednesday. So I had some time to kick around with it a bit, and took a look at its (lack) of new security features.
Kyrgyzstan On Verge Of Cyberwar? Not So Much
Commentary  |  6/24/2010  | 
Cyberwarfare has become one of these buzzwords people just like to use. But in most cases -- it isn't used accurately.
The Cache Value of SSD
Commentary  |  6/22/2010  | 
When I speak with IT Managers about Solid State Disk (SSD) one of the most common questions is how and where should it be implemented? There are many options but an extremely simple risk free way to get started is using SSD as a large cache in front of a disk array.
Secure Web Surfing With HTTPS Everywhere
Commentary  |  6/22/2010  | 
HTTPS Everywhere is a new Firefox extension that tries to make surfing the Web a little bit safer by ensuring that a secure connection is the default on many popular websites.
Open-Source Database Security
Commentary  |  6/21/2010  | 
A recent article on Dark Reading underscores a growing concern in IT: how to secure open-source databases.
Stock Manipulation Botnet Surfaces
Commentary  |  6/21/2010  | 
A Belgian federal investigation into an electronic bank account heist reveals a sophisticated attack designed to manipulate stock prices, a Belgian newspaper reported over the weekend.
That Was Easy: New Tool For Web Form Password Brute Force Attacks
Commentary  |  6/21/2010  | 
Passwords suck. We all know it, but unless you can afford to provide multifactor authentication to all of your users and business partners, you're stuck with them.
BP And The Importance Of Calling Out Corruption
Commentary  |  6/18/2010  | 
A recent article in Rolling Stone shows how the combination of a corrupt process for ensuring the safety of oil rigs, corruption of the information on the risk, the actual BP disaster -- and politics -- has resulted in the biggest environmental disaster in the country's history. It also mirrors a massive problem in IT security where political expediency, short-term financial gains, and personal benefits often trump good business practice.
Why Aren't Health Organizations Embracing Cloud Storage?
Commentary  |  6/18/2010  | 
As hospitals around the world move from paper-based records to electronic systems, they cited disaster recovery as one of their top priorities. While prepping for disaster is good business, shouldn't something else be a priority on the agenda of those embracing more health IT?
Real-Life Social Engineering
Commentary  |  6/18/2010  | 
Social engineering attacks are becoming so commonplace that it has become a little easier to educate users about identifying phishing e-mails and websites because they are seeing the attacks firsthand on a more regular basis. What they often don't realize is the damage that can be done, or how similar attacks might come at them, through their personal lives.
Search Google, Surf Facebook Using HTTPS
Commentary  |  6/18/2010  | 
While more and more sites support encryption (Twitter, LinkedIn), sometimes even by default (Gmail), others still send your data in the clear. The new Firefox extension is just what the doctor ordered.
Porn Tops Web Watching, Gaming Growing Fast
Commentary  |  6/17/2010  | 
Pornographic Web content accounted for a whopping one-third of all page views, according to security firm Optenet. Online gaming sites are also dramatically growing in popularity. If their popularity is growing with your employees, it's time to review your usage policies.
Keep Everything Forever, Part II - Indexing
Commentary  |  6/17/2010  | 
In our last entry we reintroduced the idea of a keep everything forever storage retention strategy. We also touched on some of the basic capabilities like cost effective storage options and data movement options that can make a forever retention strategy realistic. In this entry we will look at what is one of the most important requirements the ability to find what you have in the archive.
There's A Recipe For That
Commentary  |  6/15/2010  | 
Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.
Revisiting The Keep It All Forever Retention Strategy
Commentary  |  6/15/2010  | 
Each day a seemingly new regulation is being placed on businesses and almost every one of these regulations adds to the data management burden in the data center. In the past I have advised against the keep it all forever mentality of data retention but now it may just be the only way left to protect the business.
Vulnerability Scanners Must Be Used Carefully
Commentary  |  6/14/2010  | 
Automated network and Web app vulnerability scanners can make strengthening your business's defenses a lot simpler -- or a lot more complicated, depending on how much you and your team know about their uses. A new report looks at some of the challenges accompanying vulnerability scanning.
Snort'ing Out Anomalies
Commentary  |  6/14/2010  | 
Detecting determined attackers focused on getting your data -- and getting away with it is not an easy task. To that end, many security products have been created that attempt everything from separation of privileges and tight access control to full network packet inspection and data loss prevention.
Shed Vulnerabilities With One Simple Rule
Commentary  |  6/14/2010  | 
A couple of months ago, Secunia's Stefan Frei published a great paper about the patching burden that the average PC user faces every week.
On AT&T's iPad E-mail Security Snafu
Commentary  |  6/11/2010  | 
While the flaw that made it possible for onlookers to access the e-mail addresses of Apple iPad users wasn't directly Apple's fault, the incident is certainly disrupting the Jobs' Reality Distortion Field and dulling some shine of the successful iPad launch.
Cloud Is Real Culprit In iPad/AT&T Security Hole
Commentary  |  6/11/2010  | 
The recent revelation that over 100,000 iPad users had their email and account information exposed to hackers due to a mistake by AT&T made a lot of news this week and caused no small amount of embarrassment for AT&T and Apple. Bu the big news isn't the security failure itself, it's the reminder that in the modern world of cloud computing, security goes well beyond personal devices.
iPad Email Hack Shows AT&T Security Sloppiness
Commentary  |  6/10/2010  | 
Info on more than 100,000 iPad email addresses grabbed from AT&T by a self-proclaimed security group will cause far more problems for AT&T than for Apple. But Apple's single-mindedness about AT&T deserves more than a bit of the blame, too.
Implementing Storage Capacity Planning In The Modern Era
Commentary  |  6/10/2010  | 
As discussed in our last entry, all the storage optimization strategies will impact how much capacity you will need to purchase in your next upgrade. The problem is that much of the savings are going to be dependent on your data. You will hear vendors state something like "your actual mileage will vary" and that is very true. With that as the backdrop how do you make sure you don't overshoot or worse, un
Ways To Slow An Attacker
Commentary  |  6/9/2010  | 
The inevitability of failure in security has been up for discussion a lot during the past couple of years. It's a mentality that a lot of security professionals have subscribed to because of various reasons: proliferation of malware, user behavior, advanced persistent threat (APT), or simply Murphy's Law.
Massachusetts Data Privacy Standard: Comply Or Not?
Commentary  |  6/8/2010  | 
In my previous position at a database security vendor, I was often asked by marketing to explain the applicability of technology to problems: how you could use assessment for PCI compliance, or why database activity monitoring was applicable to privacy laws, for example.
Does Deduplication Make Storage Capacity Planning Difficult?
Commentary  |  6/8/2010  | 
With all the technologies out now, and it not just deduplication, to optimize the use of primary storage capacity, the guidelines for how you estimate how much capacity you need in a given year needs to change. In some ways storage capacity planning is more difficult than it has been in the past. It has to change to keep up with the new capabilities of storage systems like thin provisioning, compression and deduplication.
Confidela Upgrades Secure Document Solution
Commentary  |  6/7/2010  | 
Watchdox, a cloud-based platform for businesses that need to share sensitive or secure documents, now has enhanced compliance features and the ability to support larger files.
Deepwater Horizon Lessons Parallel IT Risk Management
Commentary  |  6/7/2010  | 
Set aside the magnitude of the loss of life, and the extraordinary costs of the BP Deepwater Horizon catastrophe to the Gulf coast region to the wildlife and the livelihood of millions. Individual IT disasters rarely would have such horrendous reach and impact. However, there are a number of eerie similarities between the BP Deepwater Horizon catastrophe and the failures within IT risk management we see all too often.
Think Your Enterprise Is Under Attack?
Commentary  |  6/5/2010  | 
Well, I'm sure it's probed, prodded, and attacked every day. Sometimes by live criminal attackers, other times by curiosity seeking hackers, and quite often by automated and malicious software. But it's probably not hit as often as the Department of Defense networks. It's tough getting one's mind around these numbers.
Turkish Hackers Defacing Israeli Facebook Accounts
Commentary  |  6/5/2010  | 
Following the Gaza flotilla incident, Turkish hackers have been defacing Facebook accounts of Israelis and uploading anti-Israeli material to them.
'Dark Side' Uses For Defensive Tools
Commentary  |  6/4/2010  | 
Tools used by system administrators for defensive security can often be turned around and used offensively by attackers. Microsoft Sysinternals' psexec is a great example.
An Industrial Espionage Comeback
Commentary  |  6/3/2010  | 
Apple seems to believe, and likely with good reason, that competitors are aggressively trying to steal its ideas.
SANS And RSA Say SMBs Use SIEM For Security, Not Just Compliance
Commentary  |  6/3/2010  | 
According to new reports from SANS and RSA, after years of SMB investment in security information and event management (SIEM) tools as a means of confirming regulatory compliance, businesses are now buying forensic and event management tools in order to use them.
Guided Storage Analysis
Commentary  |  6/2/2010  | 
Software tools that provide storage and data protection analysis are very useful. They can help inventory, monitor and bring to your attention problems in the environment. Typically there are two challenges that I see with these tools however. First, they don't provide recommendations on what to do about a problem and they don't help you prioritize and organized your addressing of the problem.
Kerio Control 7 Expands Network Security Offering
Commentary  |  6/2/2010  | 
Enhanced intrusion detection and prevention, new admin console and embedded Sophos anti-virus are among the new features in Kerio Technologies latest iteration of its Kerio Control network security management product.
Facebook: Screw You, Privacy Hugger
Commentary  |  6/1/2010  | 
As you know, Facebook recently overhauled its privacy controls -- or, well, overhauled the user interface to them. Upshot: Get over the privacy thing. But is that really what we want?
Tabnapping Threat Should Have You on Guard
Commentary  |  6/1/2010  | 
How many tabs do you have open in your browser right now? Potentially, some of them can be tabnapped -- taken over by crooks looking to trick you into re-entering your password and user name.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...