Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in July 2008
Page 1 / 2   >   >>
Credit Card Compliance And Security: New PCI Information Resource Worth A Visit
Commentary  |  7/31/2008  | 
How much do you know about your business's compliance and security responsibilities for credit card data and other information involved in the transactions that your bank executes for you? Think compliance is completely the responsibility of the financial institution? Think again.
Cisco Won't Buy EMC, Will It?
Commentary  |  7/30/2008  | 
Analyst Kaushik Roy with Choi and Pacific Growth Equities really stoked the fire of a longstanding rumor (repeat rumor) that Cisco would just love to buy storage king EMC. And while this won't happen, there are kernels of truth in there.
Radware Reveals Critical Vulnerability In Firefox 3
Commentary  |  7/30/2008  | 
Well, not exactly "critical." But there is a flaw. And there is no patch. And so Radware demonstrates how many security vendors push their gear by spreading fear, uncertainty, and doubt on the user community.
The Reality Of Private Clouds
Commentary  |  7/30/2008  | 
In his blog "Clouds Are Only in the Sky" yesterday, Richard Martin suggested that a cloud must be on the public Internet for it to truly be a cloud and that if something resembling a cloud is used internally then it must be utility computing. He makes a very good point; however, I respectfully disagree.
Websense Warns: Legit Sites Top Hack Targets
Commentary  |  7/30/2008  | 
Another midyear security overview is out now, this one from Websense, and if the year-to-date is looking bad, the six months to come are looking worse.
Oracle WebLogic Servers Vulnerable To Attacks
Commentary  |  7/29/2008  | 
When it comes to security vulnerabilities, this flaw is as ugly as it gets -- but, in this case, it's not all because of anything Oracle did wrong.
IBM Midyear Security Report: A Bad Year That's Getting Worse
Commentary  |  7/29/2008  | 
Time flies when you're having fun, and flies even faster when the bad guys are having their "fun." Already more than halfway through 2008 and a new security report let's us know in detail just how insecure a year it is.
Apple And Security: Long Road Still Ahead
Commentary  |  7/29/2008  | 
Apple's trying to pick up its game with iPhone security, recently listing an iPhone Security Engineer position. Assuming the job is really about helping users -- and not just thwarting pesky unlockers -- it's a good move, but some corporate inertia might need to be overcome before security is a true priority. Just take a look at the official iPhone Enterprise Deployment tools.
Modeling IT Attacks
Commentary  |  7/28/2008  | 
Every day IT managers have to contend with an ever-changing risk environment. That's where good risk modeling can help.
Password Security: With Prosecutors Like This, Who Needs Rogue Administrators?
Commentary  |  7/28/2008  | 
So the San Francisco District Attorney, building a case against the rogue administrator who shut down city network access, decided to include actual passwords as evidence. Bonehead decisions may not get much more boneheaded than this.
Beating Up Storage Vendors
Commentary  |  7/28/2008  | 
An analyst firm recently published a report suggesting that the No. 1 priority in reducing IT costs was to beat up your storage vendor for lower costs. I would like to give a dissenting opinion.
Vibrations Part II
Commentary  |  7/25/2008  | 
In my last entry we opened up a can of worms around drive vibration, discussing what it is and how it occurs. Vibration exists, but why should you, the IT professional, care? This stuff is all on RAID 5, right? Why do you care if a drive fails?
DNS Woes: How Worried Should You Be? Pretty Dang Worried!
Commentary  |  7/25/2008  | 
Yesterday's news that the first DNS attack strategies are circulating was no surprise: once a vulnerability -- large, small or in-between -- is discovered, the exploit code follows like rats nipping at the heels of the Pied Piper. The question is, how worried should you be about this particular vulnerability? Pretty worried, is my take.
Disclosure Isn't Working
Commentary  |  7/24/2008  | 
After a decade of writing about IT security, I don't know how anyone would think this current system of disclose and patch is working. It's not.
Are Lock-Picking Demos On YouTube A Bad Idea?
Commentary  |  7/24/2008  | 
Amateur lock hackers who share their techniques may be improving security -- or endangering your life and property.
DNS Flaw Attacks Coming: Patch Now!!!
Commentary  |  7/24/2008  | 
The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)
DNS Poisoning Vulnerability: If You Haven't Yet Patched, It May Be Too Late
Commentary  |  7/23/2008  | 
If you've ignored the urge to patch Dan Kaminsky's DNS cache poisoning flaw, you could be on the verge of big trouble: Exploit code has just been published in a popular penetration testing tool.
McAfee Says Small, Midsize Business Sweats Security Too Little. You Agree?
Commentary  |  7/23/2008  | 
A new survey from security firm McAfee warns that small and midsize businesses don't consider themselves to be targets for cybercrime. Do their findings match your feelings? Let's hope not.
Good, Good, Good…Good Vibrations
Commentary  |  7/23/2008  | 
Its summertime, time for a little Beach Boys? No, Good Vibrations is the beginning of a series of entries that I will be posting on increasing physical hard drive unit life. In recent briefings, manufacturers like Copan Systems and Xiotech have been raising the issue on the impact of drive vibration. While I was aware of drive vibration, it is not discussed much, so I decided to take a deeper dive.
Brocade Buys Foundry For $3B - Let The FCOE Battles Begin
Commentary  |  7/22/2008  | 
After the close of trading yesterday, Brocade announced that it was going to buy Foundry Networks for $19.75 in cash and stock or a total of $3 billion dollars. This acquisition puts Brocade in a much better position in the coming data center network wars, as just being the dominant Fibre Channel switch vendor isn't worth much as large enterprise data centers move from separate storage and communications networks to a converged Ethernet.
Has The Time Arrived For iPhone Antivirus Software?
Commentary  |  7/21/2008  | 
Apple antivirus and privacy software maker Intego thinks so. The security vendor last week announced its software is the first AV to scan the iPhone and iPod Touch for malware. I wouldn't rush out to install it, just yet.
Private Clouds
Commentary  |  7/21/2008  | 
Last night, Sunday, July 20, Amazon S3 went down for more than two hours. Last weekend, Apple struggled its way through its MobileMe transition and it is still having some issues with its iDisk service. Both of these companies provide a high quality cloud service, but scaling these types of technology for the masses isn't an easy task and as we have seen in the case of Apple, upgrades or transitio
There'll Always Be An England -- It Just Won't Have Any Secure Laptops
Commentary  |  7/21/2008  | 
The news that more than 650 of the British Ministry of Defence's laptop computers have been stolen over the past four years, along with dozens of thumb drives over the last few months, all containing sensitive information, offers a startling reminder of just how mobile your mobile devices can unfortunately be.
iPhone Is Owned Again; Yawn
Commentary  |  7/20/2008  | 
A little more than a week after Apple's shiny new iPhone 3G went on sale, a team of programmers say they've, once again, gained control over the highly coveted gadget.
Utilities Ready To Put IT Security Efforts In Place
Commentary  |  7/18/2008  | 
The North American Electric Reliability Corp. (NERC) announced this week that it's improving its ability to better manage IT security and critical infrastructure protection efforts to North America's bulk power system.
The Problem With Power-Efficient Drives
Commentary  |  7/18/2008  | 
Power-efficient drives are drives that slow down and go into a standby or idle mode and do exactly what they say they will do -- they save power. The challenge with these drives is that many manufacturers are putting these drives into standard array shelves, typically with the same power supplies and the same fans. The array shelf still has to be designed to assume that the drives will spin up at full power, because at some point they probably will.
State Of Spam: Illinois Tops Badmail Target List
Commentary  |  7/17/2008  | 
A new study claims that Illinois receives more spam traffic than any other state in the union. But a close look at the data shows that the other 49 aren't doing all that well either (with one interesting exception.)
TrueCrypt: No Cloaking Crypto For You
Commentary  |  7/17/2008  | 
Researchers say the steganography feature, also known as the Deniable File System (DFS), in TrueCrypt may not provide the "security by obscurity" users hoped for.
Power Rationing--Green Gets Serious
Commentary  |  7/16/2008  | 
As part of my normal routine I try to speak with as many data center managers as possible. A trend has appeared lately that I believe we are on the front end of. I am calling the trend power rationing. We have been told several times now over the past few weeks that data center managers are being given a hard limit as to how much power they can use. This is a shift from the more common "Reduce power consumption by x%" to "You can use X watts of power."
San Francisco Network Lockout: Who Controls System Access -- And Who Controls The Controllers?
Commentary  |  7/16/2008  | 
San Francisco's misadventures (to put it mildly) of being locked out of part of its own computer network by a disgruntled but password/access-controlling employee raises one of IT security's oldest and still thorniest questions: who has the authority to grant or deny system access, and who has authority over the authorizers?
Target's Swipe At Privacy, An Update
Commentary  |  7/15/2008  | 
A representative from retailing company Target explained why they're scanning customers' driver's licenses, and exactly what information they are collecting.
Crooks Making Less From Bank Data Look To Steal From Other Businesses (Including Yours)
Commentary  |  7/15/2008  | 
Things are tough all over, as a new report on the drop in the value of stolen bank data shows. But as stolen bank info drops in price, you can bet that the crooks are going to be looking elsewhere to make up the difference. And small and midsize business data is definitely one of the elsewheres.
Ready, Set, Patch Your Oracle Software
Commentary  |  7/14/2008  | 
On Tuesday, Oracle is set to release a bevy of patches for Oracle Database and a handful of other Oracle software.
Block-Level Tiered Storage
Commentary  |  7/14/2008  | 
Tiered storage no longer has the hype surrounding it that it did a few years ago. The concept was simple -- move data from expensive Fibre drives to inexpensive SATA drives. SATA drive technology was just coming into its own and the price and modest capacity made it a good fit for the concept. As a result, every storage manufacturer on the planet was proposing a tiered storage strategy. There were seminars, Webinars, white papers (guilty as charged, I wrote more than a few of them), yet only a f
Why Isn't Internet Infrastructure Security A Bigger Issue?
Commentary  |  7/14/2008  | 
The ongoing debate and discussion about the domain name server vulnerability disclosed last week may be getting a bit of traction in the world beyond IT, but the size and potential seriousness of the problem ought to raise other questions: Namely, why the security of the Net itself, as well as its users, doesn't loom larger (or at all) on the campaign trails.
Securing Your Wireless Internet Connection (You Know You Should)
Commentary  |  7/13/2008  | 
Well, it's not really breaking news, security firm Kaspersky Lab is pointing out the obvious: that most home and small business wireless networks run at a low, or no, level of security. Kaspersky Lab also listed a handful of steps that could be taken to enhance your wireless security. And while it's all good advice, it left out one of the most important.
First Steps Into The Cloud
Commentary  |  7/11/2008  | 
Storage will be one of the first steps many will make in using cloud services. In fact, many users have already taken that first step without even knowing it. They are using services like online storage, backup, and archive. Online backup is there, because of block-level incremental and data deduplication technologies; sending backup data over a network connection is not the impossibility that it was even a few years ago. Also, these companies have been in existence for quite some time, so there
New Media Trojan Exploits Bad Old Piracy, P2P Habits
Commentary  |  7/11/2008  | 
A particularly aggressive new Trojan takes advantage of the oldest of vulnerabilities -- human nature. Hiding in pirate software sites, the Trojan infects the music and video files of illegal software seekers, then spreads when those files are peer-shared.
EMP Risk Follow-Up: Blather O'Plenty, No Action
Commentary  |  7/10/2008  | 
As we discussed yesterday, it's been four years since Congress was fully briefed on our nation's vulnerability to an Electromagnetic Pulse (EMP) Attack, and the debilitating impact it would have on our electro-dependent society.
Justice Breyer's Data Exposure A Reminder Of P2P File Risks
Commentary  |  7/10/2008  | 
The news that Supreme Court Justice Stephen Breyer's personal information was among thousands of other personal data files compromised as a result of a file-sharing snafu raises a couple of issues, chief among them whether or not peer-to-peer file sharing via public programs is ever appropriate for business info.
Cell Phone Security? Speak Up
Commentary  |  7/10/2008  | 
Cell phone security? Try selling that to a bunch of kids in middle school, each with his or her own cell phone. To them, security is a word that means "don't let my parents know that I'm loaning you my cell phone so you can call your friend  vacationing in Europe."

It's Time To Defend The U.S. Against The Ultimate Denial Of Service (DOS) Attack
Commentary  |  7/9/2008  | 
Thursday, Congress will be hearing testimony on a potential attack that could shut down most every electronic device, everywhere, and render the entire U.S. power grid dysfunctional for months, if not for more than a year.
Server Hijack Problem Prompts Unified Industry Response
Commentary  |  7/9/2008  | 
The show of patch-unity displayed by many of the industry's major players in addressing a domain name sever flaw is gratifying -- and annoying too. Nice to see them working together. Nicer if we knew more about the problem they're working to fix.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file