Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in July 2008
Page 1 / 2   >   >>
Credit Card Compliance And Security: New PCI Information Resource Worth A Visit
Commentary  |  7/31/2008  | 
How much do you know about your business's compliance and security responsibilities for credit card data and other information involved in the transactions that your bank executes for you? Think compliance is completely the responsibility of the financial institution? Think again.
Cisco Won't Buy EMC, Will It?
Commentary  |  7/30/2008  | 
Analyst Kaushik Roy with Choi and Pacific Growth Equities really stoked the fire of a longstanding rumor (repeat rumor) that Cisco would just love to buy storage king EMC. And while this won't happen, there are kernels of truth in there.
Radware Reveals Critical Vulnerability In Firefox 3
Commentary  |  7/30/2008  | 
Well, not exactly "critical." But there is a flaw. And there is no patch. And so Radware demonstrates how many security vendors push their gear by spreading fear, uncertainty, and doubt on the user community.
The Reality Of Private Clouds
Commentary  |  7/30/2008  | 
In his blog "Clouds Are Only in the Sky" yesterday, Richard Martin suggested that a cloud must be on the public Internet for it to truly be a cloud and that if something resembling a cloud is used internally then it must be utility computing. He makes a very good point; however, I respectfully disagree.
Websense Warns: Legit Sites Top Hack Targets
Commentary  |  7/30/2008  | 
Another midyear security overview is out now, this one from Websense, and if the year-to-date is looking bad, the six months to come are looking worse.
Oracle WebLogic Servers Vulnerable To Attacks
Commentary  |  7/29/2008  | 
When it comes to security vulnerabilities, this flaw is as ugly as it gets -- but, in this case, it's not all because of anything Oracle did wrong.
IBM Midyear Security Report: A Bad Year That's Getting Worse
Commentary  |  7/29/2008  | 
Time flies when you're having fun, and flies even faster when the bad guys are having their "fun." Already more than halfway through 2008 and a new security report let's us know in detail just how insecure a year it is.
Apple And Security: Long Road Still Ahead
Commentary  |  7/29/2008  | 
Apple's trying to pick up its game with iPhone security, recently listing an iPhone Security Engineer position. Assuming the job is really about helping users -- and not just thwarting pesky unlockers -- it's a good move, but some corporate inertia might need to be overcome before security is a true priority. Just take a look at the official iPhone Enterprise Deployment tools.
Modeling IT Attacks
Commentary  |  7/28/2008  | 
Every day IT managers have to contend with an ever-changing risk environment. That's where good risk modeling can help.
Password Security: With Prosecutors Like This, Who Needs Rogue Administrators?
Commentary  |  7/28/2008  | 
So the San Francisco District Attorney, building a case against the rogue administrator who shut down city network access, decided to include actual passwords as evidence. Bonehead decisions may not get much more boneheaded than this.
Beating Up Storage Vendors
Commentary  |  7/28/2008  | 
An analyst firm recently published a report suggesting that the No. 1 priority in reducing IT costs was to beat up your storage vendor for lower costs. I would like to give a dissenting opinion.
Vibrations Part II
Commentary  |  7/25/2008  | 
In my last entry we opened up a can of worms around drive vibration, discussing what it is and how it occurs. Vibration exists, but why should you, the IT professional, care? This stuff is all on RAID 5, right? Why do you care if a drive fails?
DNS Woes: How Worried Should You Be? Pretty Dang Worried!
Commentary  |  7/25/2008  | 
Yesterday's news that the first DNS attack strategies are circulating was no surprise: once a vulnerability -- large, small or in-between -- is discovered, the exploit code follows like rats nipping at the heels of the Pied Piper. The question is, how worried should you be about this particular vulnerability? Pretty worried, is my take.
Disclosure Isn't Working
Commentary  |  7/24/2008  | 
After a decade of writing about IT security, I don't know how anyone would think this current system of disclose and patch is working. It's not.
Are Lock-Picking Demos On YouTube A Bad Idea?
Commentary  |  7/24/2008  | 
Amateur lock hackers who share their techniques may be improving security -- or endangering your life and property.
DNS Flaw Attacks Coming: Patch Now!!!
Commentary  |  7/24/2008  | 
The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)
DNS Poisoning Vulnerability: If You Haven't Yet Patched, It May Be Too Late
Commentary  |  7/23/2008  | 
If you've ignored the urge to patch Dan Kaminsky's DNS cache poisoning flaw, you could be on the verge of big trouble: Exploit code has just been published in a popular penetration testing tool.
McAfee Says Small, Midsize Business Sweats Security Too Little. You Agree?
Commentary  |  7/23/2008  | 
A new survey from security firm McAfee warns that small and midsize businesses don't consider themselves to be targets for cybercrime. Do their findings match your feelings? Let's hope not.
Good, Good, Good…Good Vibrations
Commentary  |  7/23/2008  | 
Its summertime, time for a little Beach Boys? No, Good Vibrations is the beginning of a series of entries that I will be posting on increasing physical hard drive unit life. In recent briefings, manufacturers like Copan Systems and Xiotech have been raising the issue on the impact of drive vibration. While I was aware of drive vibration, it is not discussed much, so I decided to take a deeper dive.
Brocade Buys Foundry For $3B - Let The FCOE Battles Begin
Commentary  |  7/22/2008  | 
After the close of trading yesterday, Brocade announced that it was going to buy Foundry Networks for $19.75 in cash and stock or a total of $3 billion dollars. This acquisition puts Brocade in a much better position in the coming data center network wars, as just being the dominant Fibre Channel switch vendor isn't worth much as large enterprise data centers move from separate storage and communications networks to a converged Ethernet.
Has The Time Arrived For iPhone Antivirus Software?
Commentary  |  7/21/2008  | 
Apple antivirus and privacy software maker Intego thinks so. The security vendor last week announced its software is the first AV to scan the iPhone and iPod Touch for malware. I wouldn't rush out to install it, just yet.
Private Clouds
Commentary  |  7/21/2008  | 
Last night, Sunday, July 20, Amazon S3 went down for more than two hours. Last weekend, Apple struggled its way through its MobileMe transition and it is still having some issues with its iDisk service. Both of these companies provide a high quality cloud service, but scaling these types of technology for the masses isn't an easy task and as we have seen in the case of Apple, upgrades or transitio
There'll Always Be An England -- It Just Won't Have Any Secure Laptops
Commentary  |  7/21/2008  | 
The news that more than 650 of the British Ministry of Defence's laptop computers have been stolen over the past four years, along with dozens of thumb drives over the last few months, all containing sensitive information, offers a startling reminder of just how mobile your mobile devices can unfortunately be.
iPhone Is Owned Again; Yawn
Commentary  |  7/20/2008  | 
A little more than a week after Apple's shiny new iPhone 3G went on sale, a team of programmers say they've, once again, gained control over the highly coveted gadget.
Utilities Ready To Put IT Security Efforts In Place
Commentary  |  7/18/2008  | 
The North American Electric Reliability Corp. (NERC) announced this week that it's improving its ability to better manage IT security and critical infrastructure protection efforts to North America's bulk power system.
The Problem With Power-Efficient Drives
Commentary  |  7/18/2008  | 
Power-efficient drives are drives that slow down and go into a standby or idle mode and do exactly what they say they will do -- they save power. The challenge with these drives is that many manufacturers are putting these drives into standard array shelves, typically with the same power supplies and the same fans. The array shelf still has to be designed to assume that the drives will spin up at full power, because at some point they probably will.
State Of Spam: Illinois Tops Badmail Target List
Commentary  |  7/17/2008  | 
A new study claims that Illinois receives more spam traffic than any other state in the union. But a close look at the data shows that the other 49 aren't doing all that well either (with one interesting exception.)
TrueCrypt: No Cloaking Crypto For You
Commentary  |  7/17/2008  | 
Researchers say the steganography feature, also known as the Deniable File System (DFS), in TrueCrypt may not provide the "security by obscurity" users hoped for.
Power Rationing--Green Gets Serious
Commentary  |  7/16/2008  | 
As part of my normal routine I try to speak with as many data center managers as possible. A trend has appeared lately that I believe we are on the front end of. I am calling the trend power rationing. We have been told several times now over the past few weeks that data center managers are being given a hard limit as to how much power they can use. This is a shift from the more common "Reduce power consumption by x%" to "You can use X watts of power."
San Francisco Network Lockout: Who Controls System Access -- And Who Controls The Controllers?
Commentary  |  7/16/2008  | 
San Francisco's misadventures (to put it mildly) of being locked out of part of its own computer network by a disgruntled but password/access-controlling employee raises one of IT security's oldest and still thorniest questions: who has the authority to grant or deny system access, and who has authority over the authorizers?
Target's Swipe At Privacy, An Update
Commentary  |  7/15/2008  | 
A representative from retailing company Target explained why they're scanning customers' driver's licenses, and exactly what information they are collecting.
Crooks Making Less From Bank Data Look To Steal From Other Businesses (Including Yours)
Commentary  |  7/15/2008  | 
Things are tough all over, as a new report on the drop in the value of stolen bank data shows. But as stolen bank info drops in price, you can bet that the crooks are going to be looking elsewhere to make up the difference. And small and midsize business data is definitely one of the elsewheres.
Ready, Set, Patch Your Oracle Software
Commentary  |  7/14/2008  | 
On Tuesday, Oracle is set to release a bevy of patches for Oracle Database and a handful of other Oracle software.
Block-Level Tiered Storage
Commentary  |  7/14/2008  | 
Tiered storage no longer has the hype surrounding it that it did a few years ago. The concept was simple -- move data from expensive Fibre drives to inexpensive SATA drives. SATA drive technology was just coming into its own and the price and modest capacity made it a good fit for the concept. As a result, every storage manufacturer on the planet was proposing a tiered storage strategy. There were seminars, Webinars, white papers (guilty as charged, I wrote more than a few of them), yet only a f
Why Isn't Internet Infrastructure Security A Bigger Issue?
Commentary  |  7/14/2008  | 
The ongoing debate and discussion about the domain name server vulnerability disclosed last week may be getting a bit of traction in the world beyond IT, but the size and potential seriousness of the problem ought to raise other questions: Namely, why the security of the Net itself, as well as its users, doesn't loom larger (or at all) on the campaign trails.
Securing Your Wireless Internet Connection (You Know You Should)
Commentary  |  7/13/2008  | 
Well, it's not really breaking news, security firm Kaspersky Lab is pointing out the obvious: that most home and small business wireless networks run at a low, or no, level of security. Kaspersky Lab also listed a handful of steps that could be taken to enhance your wireless security. And while it's all good advice, it left out one of the most important.
First Steps Into The Cloud
Commentary  |  7/11/2008  | 
Storage will be one of the first steps many will make in using cloud services. In fact, many users have already taken that first step without even knowing it. They are using services like online storage, backup, and archive. Online backup is there, because of block-level incremental and data deduplication technologies; sending backup data over a network connection is not the impossibility that it was even a few years ago. Also, these companies have been in existence for quite some time, so there
New Media Trojan Exploits Bad Old Piracy, P2P Habits
Commentary  |  7/11/2008  | 
A particularly aggressive new Trojan takes advantage of the oldest of vulnerabilities -- human nature. Hiding in pirate software sites, the Trojan infects the music and video files of illegal software seekers, then spreads when those files are peer-shared.
EMP Risk Follow-Up: Blather O'Plenty, No Action
Commentary  |  7/10/2008  | 
As we discussed yesterday, it's been four years since Congress was fully briefed on our nation's vulnerability to an Electromagnetic Pulse (EMP) Attack, and the debilitating impact it would have on our electro-dependent society.
Justice Breyer's Data Exposure A Reminder Of P2P File Risks
Commentary  |  7/10/2008  | 
The news that Supreme Court Justice Stephen Breyer's personal information was among thousands of other personal data files compromised as a result of a file-sharing snafu raises a couple of issues, chief among them whether or not peer-to-peer file sharing via public programs is ever appropriate for business info.
Cell Phone Security? Speak Up
Commentary  |  7/10/2008  | 
Cell phone security? Try selling that to a bunch of kids in middle school, each with his or her own cell phone. To them, security is a word that means "don't let my parents know that I'm loaning you my cell phone so you can call your friend  vacationing in Europe."

It's Time To Defend The U.S. Against The Ultimate Denial Of Service (DOS) Attack
Commentary  |  7/9/2008  | 
Thursday, Congress will be hearing testimony on a potential attack that could shut down most every electronic device, everywhere, and render the entire U.S. power grid dysfunctional for months, if not for more than a year.
Server Hijack Problem Prompts Unified Industry Response
Commentary  |  7/9/2008  | 
The show of patch-unity displayed by many of the industry's major players in addressing a domain name sever flaw is gratifying -- and annoying too. Nice to see them working together. Nicer if we knew more about the problem they're working to fix.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-02-06
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
PUBLISHED: 2023-02-06
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
PUBLISHED: 2023-02-06
A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fa...
PUBLISHED: 2023-02-06
A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The na...
PUBLISHED: 2023-02-06
A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The n...