Commentary
Content posted in August 2007
|
Mobile Computing Makes For Risky Business
Here's one we all already know -- mobile computer users take more security risks than office-bound computer users. A new survey shows just how risky their behavior is.
Small Business Lessons From Big Monster's Big Security SNAFU
How you handle news of a security breach can be as important to your business as how you handle the breach itself. And how you handle perception of your handling ranks just as high.
Most Small Businesses Are Security Over-Confident
That's what a new study says, anyway -- 80 percent of small to midsize businesses don't block (or, by implication, monitor) employee use of computers for file-sharing or use of USB devices, three-quarters allow unfettered Instant Messenging, nearly half don't even have spyware controls installed, and a staggering percentage don't regularly update what security software they do have. Yet most feel confident that their companies are protected.
Talking Trash
Shred up those papers and that trash! Or crooks can grab your business cash! And identities, trade secrets and anything else that's not micro-shredded or broken down into its component atoms.
Advice On Building A Better Password
We're always hearing that we need stronger passwords, but many people don't know how to craft a better, stronger password or they simply don't take the time to come up with some crazy complex string that they have no chance of remembering.
I was just talking with someone who gave me some great advice.
Weathering The Weather
Watch the news coverage of the Midwest floods and the toll they've taken on families, homes and holdings, and you can't avoid hearing -- and often -- from flood victims who discovered that their insurance didn't cover flood or landslide/mudslide damage. It's no great leap to extend those personal stories to small and mid-size business stories. How covered are you when a natural disaster strikes your business?
A Monster Of A Security Problem
Ever hire anybody via Monster.com? Ever look for a job there yourself? You may have an identity problem.
Facebook 'em, Danno!
Did you hear the one about how Facebook is costing the Australian economy $5 billion a year? And that's just lost productivity -- not the security risks Facebook exposes companies to.
Ready to Lock Up Your Employees iPods?
If you thought that you had your companys security concerns under control, you may have to think again. The widespread success of Apple's iPod is creating new security concerns for enterprises. Because it is equipped with 1G byte (or more) of memory and includes software to synch with a local PC, the handy little device has become a new entry way for hackers. Chances are that it has become just that at your company; securi
Pods Pose Possible Problems
Got employees? Then you've got iPods -- and you may have some security problems you haven't considered.
Take That Thumb Drive Out Of Your...
employees' hands. Not really, of course, the big-storage/small-bucks devices are just too convenient, too portable, too easy to use. All of which makes them too dangerous to use indiscriminately.
Beware IE and Excel Users!
With the exception of email, there are two applications most of us can't live without: an internet browser and a spreadsheet. With Microsoft's latest release of security patches, one must ask will they ever get it right? How does a small business manage their IT environment without constant fear?
MAXXED-Out
There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.
Steal This Notebook
I was sitting in a Chinese buffet restaurant the other day, dividing my attention between the potsickers on my plate and the activities of the businessman at a table across the room. We were the only two customers, although he was far from alone. Bluetooth-budded and Wi-Fi connected, he was carrying on conversations and speedtyping dat
Heads Up!
Turns out that one of the biggest computer vulnerabilities is all in your head. And your employees'.
And The Winnah Is!
Actually, the results of Wednesday's night's ClamAV Anti-Virus Fight club should read: And The Winnahs Are...
Security Slugfest TONITE!!!
The open source folks at Clam AntiVirus are taking all commercial comers in an anti-virus test-off at Linuxworld tonight.
SMB -- Security Means Bucks
How much is your business spending on information/computer/communications security? Odds are it's more than last year, maybe lots more, and not just because of inflation.
PDFs: Not Mighty
I hate PDFs. Always have. Probably always will.
Actually, I don't hate all PDFs. Printed-out PDFs are fine. Printing is what PDFs are for. But on the Web, PDFs are almost always a poor choice of format.
I thought I was pretty much alone in my "PDFobia", but apparently I've got company. Chris Nerney at Datamation has his own reasons for despising them.
IBM Lost His Data... A Follow Up Story
George is an ID theft victim whose personal data was potentially exposed after an incident involving IBM. While IBM has graciously extended its hand to help fix the problem, George hasn't been completely happy with how things are turning out. His story may have lessons for the rest of us.
CSO Heartland
Good news for security pros: salaries are up -- and they're up in the real world, not just Silicons Valley, Northeast, Northwest.
Bridge To Security
How many bridges, overpasses, tunnels do you and your employees drive over, under, through every day?
That's been on my mind the last couple of days as the Minneapolis bridge collapse and its physical infrastructure implications for other bridges, overpasses, buildings and everything dominated the news.
What Richard Clarke Was Really Saying At Black Hat
Don't let politics get in the way of progress. That was one of the key messages former U.S. counterterrorism advisor Richard Clarke delivered during his Black Hat keynote. Of course, Clarke has a colorful way of putting things.
One Degree Of Vulnerability Separation
No aspect of your business data is more than one degree removed from theft, cybercrime or compromise, and maybe it can't ever be.
|
White Papers
Video
0 Comments
Current Issue
How to Cope with the IT Security Skills ShortageMost enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This