Commentary

Content posted in August 2007
Mobile Computing Makes For Risky Business
Commentary  |  8/30/2007  | 
Here's one we all already know -- mobile computer users take more security risks than office-bound computer users. A new survey shows just how risky their behavior is.
Small Business Lessons From Big Monster's Big Security SNAFU
Commentary  |  8/29/2007  | 
How you handle news of a security breach can be as important to your business as how you handle the breach itself. And how you handle perception of your handling ranks just as high.
Most Small Businesses Are Security Over-Confident
Commentary  |  8/28/2007  | 
That's what a new study says, anyway -- 80 percent of small to midsize businesses don't block (or, by implication, monitor) employee use of computers for file-sharing or use of USB devices, three-quarters allow unfettered Instant Messenging, nearly half don't even have spyware controls installed, and a staggering percentage don't regularly update what security software they do have. Yet most feel confident that their companies are protected.
Talking Trash
Commentary  |  8/27/2007  | 
Shred up those papers and that trash! Or crooks can grab your business cash! And identities, trade secrets and anything else that's not micro-shredded or broken down into its component atoms.
Advice On Building A Better Password
Commentary  |  8/24/2007  | 
We're always hearing that we need stronger passwords, but many people don't know how to craft a better, stronger password or they simply don't take the time to come up with some crazy complex string that they have no chance of remembering. I was just talking with someone who gave me some great advice.
Weathering The Weather
Commentary  |  8/24/2007  | 
Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?
A Monster Of A Security Problem
Commentary  |  8/23/2007  | 
Ever hire anybody via Monster.com? Ever look for a job there yourself? You may have an identity problem.
Facebook 'em, Danno!
Commentary  |  8/21/2007  | 
Did you hear the one about how Facebook is costing the Australian economy $5 billion a year? And that's just lost productivity -- not the security risks Facebook exposes companies to.
Ready to Lock Up Your Employees iPods?
Commentary  |  8/21/2007  | 
If you thought that you had your companys security concerns under control, you may have to think again. The widespread success of Apple's iPod is creating new security concerns for enterprises. Because it is equipped with 1G byte (or more) of memory and includes software to synch with a local PC, the handy little device has become a new entry way for hackers. Chances are that it has become just that at your company; securi
Pods Pose Possible Problems
Commentary  |  8/20/2007  | 
Got employees? Then you've got iPods -- and you may have some security problems you haven't considered.
Take That Thumb Drive Out Of Your...
Commentary  |  8/16/2007  | 
employees' hands. Not really, of course, the big-storage/small-bucks devices are just too convenient, too portable, too easy to use. All of which makes them too dangerous to use indiscriminately.
Beware IE and Excel Users!
Commentary  |  8/16/2007  | 
With the exception of email, there are two applications most of us can't live without: an internet browser and a spreadsheet. With Microsoft's latest release of security patches, one must ask will they ever get it right? How does a small business manage their IT environment without constant fear?
MAXXED-Out
Commentary  |  8/15/2007  | 
There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.
Steal This Notebook
Commentary  |  8/14/2007  | 
I was sitting in a Chinese buffet restaurant the other day, dividing my attention between the potsickers on my plate and the activities of the businessman at a table across the room. We were the only two customers, although he was far from alone. Bluetooth-budded and Wi-Fi connected, he was carrying on conversations and speedtyping dat
Heads Up!
Commentary  |  8/13/2007  | 
Turns out that one of the biggest computer vulnerabilities is all in your head. And your employees'.
And The Winnah Is!
Commentary  |  8/10/2007  | 
Actually, the results of Wednesday's night's ClamAV Anti-Virus Fight club should read: And The Winnahs Are...
Security Slugfest TONITE!!!
Commentary  |  8/8/2007  | 
The open source folks at Clam AntiVirus are taking all commercial comers in an anti-virus test-off at Linuxworld tonight.
SMB -- Security Means Bucks
Commentary  |  8/7/2007  | 
How much is your business spending on information/computer/communications security? Odds are it's more than last year, maybe lots more, and not just because of inflation.
PDFs: Not Mighty
Commentary  |  8/6/2007  | 
I hate PDFs. Always have. Probably always will. Actually, I don't hate all PDFs. Printed-out PDFs are fine. Printing is what PDFs are for. But on the Web, PDFs are almost always a poor choice of format. I thought I was pretty much alone in my "PDFobia", but apparently I've got company. Chris Nerney at Datamation has his own reasons for despising them.
IBM Lost His Data... A Follow Up Story
Commentary  |  8/6/2007  | 
George is an ID theft victim whose personal data was potentially exposed after an incident involving IBM. While IBM has graciously extended its hand to help fix the problem, George hasn't been completely happy with how things are turning out. His story may have lessons for the rest of us.
CSO Heartland
Commentary  |  8/6/2007  | 
Good news for security pros: salaries are up -- and they're up in the real world, not just Silicons Valley, Northeast, Northwest.
Bridge To Security
Commentary  |  8/3/2007  | 
How many bridges, overpasses, tunnels do you and your employees drive over, under, through every day? That's been on my mind the last couple of days as the Minneapolis bridge collapse and its physical infrastructure implications for other bridges, overpasses, buildings and everything dominated the news.
What Richard Clarke Was Really Saying At Black Hat
Commentary  |  8/1/2007  | 
Don't let politics get in the way of progress. That was one of the key messages former U.S. counterterrorism advisor Richard Clarke delivered during his Black Hat keynote. Of course, Clarke has a colorful way of putting things.
One Degree Of Vulnerability Separation
Commentary  |  8/1/2007  | 
No aspect of your business data is more than one degree removed from theft, cybercrime or compromise, and maybe it can't ever be.


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...