Commentary

Content posted in July 2006
Network Security Courtesy Of A Fist Full Of Chips
Commentary  |  7/25/2006  | 
Why pay tens of thousands of dollars on a firewall or other network security device when you can get comparable protection from one at a fraction of the cost? That's the promise behind security system-on-chip technology that embeds virtual private network, firewall, and other capabilities into network appliances at the silicon level, eliminating the need for the software and integrated circu
Dude! Wanna Be In The National Student Database?
Commentary  |  7/18/2006  | 
It's been a while since I've been in college or hung around with anyone who is, but I distinctly recall that no matter who was paying the freight, a student's grades were delivered only to the student. Even paying parents had no right to see the results. In the weird halfway house of adulthood that makes up the college experience, students are considered adults in some areas, children in others. Grades fell into the adult side of the class. And my guess is this goes for student health and other
Same Old Security Song And Dance? Yes And No
Commentary  |  7/10/2006  | 
The results of InformationWeek's annual Global Security Survey got me to thinking that the more things change, the more they stay the same.
The 5 Biggest Surprises From The 2006 InformationWeek Global Security Survey
Commentary  |  7/10/2006  | 
A tip of the hat to all the InformationWeek readers who participated in this year's Global Security Survey. In this week's issue, I wrote a story analyzing the survey's results and drilling down beyond the numbers by speaking with a few of you who took the survey and other security pros who likewise had interesting things to say. Th
The March Of Malware
Commentary  |  7/6/2006  | 
A friend called me the other day. She's an independent bookkeeper who works for many small businesses, usually in their offices on their computers. She's often their first line of tech support, even though that falls way outside her job description. One of her clients' computers had been acting funny. She loaded up some anti-virus software, and sure enough it told her the machine had a Trojan. She cleaned it, restarted, and there was the Trojan again. A few attempts later, the Trojan was still


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
CVE-2018-11096
PUBLISHED: 2018-05-21
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
CVE-2018-11320
PUBLISHED: 2018-05-21
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.