Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in August 2009
Page 1 / 2   >   >>
Data Breach Silence Breached: 5 Good Security Tips
Commentary  |  8/31/2009  | 
For every high profile big headline data breach, there are plenty of others that are kept quiet. A good piece in Informationweek takes a peek behind the curtain of quiet and offers some solid lessons in how to avoid having your data compromised.
The Foundation Of The Data Asset
Commentary  |  8/31/2009  | 
In my last entry we discussed Making Data an Asset. This entry will focus on where that data asset should be stored. What is needed is a strong storage foundation, one that is designed to last for years, if not decades, but also one that will store that data efficiently and of course be complimentary to the enterprise class indexing that we described in our last entry.
Snow Leopard's Toothless Trojan Defense
Commentary  |  8/31/2009  | 
Snow Leopard is the strongest business offering that Apple has ever fielded, but Apple remains in the dark ages when it comes to protection against malware and its unwillingness to work with third-party vendors to minimize the risk of bringing an Apple machine into a large business.
Hacking Oil Rigs
Commentary  |  8/30/2009  | 
When it comes to cyberwar, real cyberwar, perhaps the most damaging attacks won't come in the form of denial-of-service attacks, but be aimed directly at our energy supply.
Snow Leopard's Anti-Malware Lacks Roar
Commentary  |  8/29/2009  | 
A security firm's assessment of the malware protection capabilities that was leaked prior to Friday's release shows that Apple's Snow Leopard won't be chasing down much malware.
Lessons From The Credit Union Penetration-Test Debacle
Commentary  |  8/28/2009  | 
Determining who is "in the loop" during a penetration test is an important step not always properly planned during the beginning phases of an engagement. The recent media release from the National Credit Union Association (NCUA) provides an excellent example of what can go wrong.
Is Your Wi-Fi Network Open to Intrusion?
Commentary  |  8/27/2009  | 
Security has been an ongoing concern among wireless LANs users since their emergence in the middle 1990s. While vendors have worked diligently to close up any holes, new ones seem to emerge on a regular period, and one is now coming to light that could impact many small and medium businesses.
Cybercriminals: Taking The Road Less Traveled
Commentary  |  8/27/2009  | 
If you were a criminal, what data would you be looking for? The most obvious answer is to look for the types of data that give you direct access to cash: bank accounts, brokerage accounts, credit cards. Like Willie Sutton, you'd go where the money is, right? And that's why some of the stiffest security defenses surround this sort of account data.
Making Data An Asset
Commentary  |  8/27/2009  | 
Data is often looked at as a liability; something that has to be stored, protected and preserved. Data storage has led to massively expanding storage environments and such initiatives as archive. Protection has led to incredibly elaborate backup and recovery schemes and preservation has led to eDiscovery and compliance. All of these processes are reactive, how can the view of data be changed to proactive, to using data as an asset?
Printer Security? Yep: Printer Security!
Commentary  |  8/27/2009  | 
The news that IEEE has released new standards for networked printer security is a good reminder that it's not just the computers and servers on your network that pose risks.
Attacking Customers, Employees With SQL Injection
Commentary  |  8/26/2009  | 
In the security world, providing "what-if" scenarios can be good, but real-world examples are often required to get people to sit up and listen.
OOOPS Factors: Accidental Data Leaks Are Biggest Business Threat
Commentary  |  8/26/2009  | 
A new IDC/RSA report shows that the the accidental data leak is the insider threat businesses feel is most likely to happen. Not a lot of comfort in that, if you think about it.
Is Snow Leopard Coming With Antivirus?
Commentary  |  8/25/2009  | 
Apple security firm Intego posted a hint that Snow Leopard, the new Macintosh operating system that is due for release this Friday, may contain some level of anti-malware detection.
When Mass SQL Injection Worms Evolve...Again
Commentary  |  8/24/2009  | 
In the past, I've described how mass SQL injection worms took the Web completely by storm. Two years ago, SQL injection attacks evolved from sentient, one-off, targeted data-stealing exploits, like in the breaches at Hannaford Brothers and Heartland, to fully automated, unauthenticated
Government Finalizing Medical Data Breach Notification Rules
Commentary  |  8/24/2009  | 
Medical data breaches are on the rise. Much in the same way that credit card breach notifications skyrocketed following California's enactment of SB 1386, California's medical breach laws are doing the same now with patient data. Unlike financial breaches, however, federal rules are now coming into play.
Your Cloud Insurance Policy
Commentary  |  8/24/2009  | 
Security is all about managing risk -- looking at the threats, evaluating the likelihood that they will affect you, and determining what the impact would be. But in the end, do the numbers really make us feel warm and fuzzy? I didn't think so.
Getting To The Last Copy Of Data
Commentary  |  8/24/2009  | 
One of the storage management challenges we see every day in customer data centers is there are too many copies of data in circulation. Ironically its this fact that built much of the value and motivation behind data deduplication. It should not be this way. Why should you get to a last copy of data?
What Are Botmasters Thinking?
Commentary  |  8/21/2009  | 
They're thinking that bots are where the money is, according to a fascinating piece over at Dark Reading. Did you know, for instance, that the average bot is worth between a dime and quarter on the market? You gotta sell a lotta bots at that price to make real money -- and people are making real money doing just that.
Rapid Triage To Stop The Data Bleed
Commentary  |  8/20/2009  | 
The SANS Internet Storm Center on Tuesday questioned whether an exploit was out in the wild for MS09-039 due to increased scanning for TCP port 42. That same afternoon, a notice went out to the EDUCAUSE Security mailing list with the subject: "CRITICAL: Active exploitation of MS09-039 in the EDU sector." It's not often we get to see a preauthentication attack against a Windows service like WINS that makes an easy jumping-off point to compromise an entire Microsoft Active Directory. Can you imagi
Cloud Storage As An On Demand Data Archive
Commentary  |  8/20/2009  | 
The challenge that most archive systems have is they are too big for the job. Some organizations, especially in the small to medium sized business market, may not want or need to move all their inactive data to a secondary storage tier, yet they know they have specific electronic documents that from time to time need to be retained and locked down.
Why I Refuse to Update My Website Certificate
Commentary  |  8/20/2009  | 
Every year or so, someone reports a supposed security vulnerability in a site that I run, warning me that the certificate has expired. I always respond that I would be happy to update it when I get a free moment, but that it is far from a priority.
Option Emerges to Secure Google Android SmartPhones
Commentary  |  8/19/2009  | 
One of the first signs in growing acceptance of a new technology is an influx of security products. An Israeli startup, DroidSecurity, thinks the time has come for companies to try and secure their Android smartphones, so the company has delivered an anti-malware and physical security package for the device.
Hacker Indictments Highlight Application Security
Commentary  |  8/18/2009  | 
As you probably know, A federal grand jury has indicted Albert Gonzales, 28, of Miami, Fla., for allegedly hacking into computers belonging to retail and financial companies and stealing more than 130 million credit and debit cards. And the hacking didn't involve anything more than standard SQL injection attacks.
One Storage Solution For Everyone?
Commentary  |  8/18/2009  | 
There is a dizzying array of storage solutions available to storage managers today. Whether its backup, archive or primary storage there are multiple options available. Many times manufacturers try to position themselves as a single source of storage solutions for a data center. Be careful of this approach, seldom is one manufacturer able to provide best of breed solutions in every product category.
Qualys Report Shows Disturbing Persistence Of Critical Vulns
Commentary  |  8/17/2009  | 
In my recent Tech Insight on vulnerability management, I covered a few of the major components for having a successful program to address vulnerabilities as they are disclosed by vendors and researchers. I've known for a while that patching desktop applications is lagging behind, but for some reason companies just aren't taking it seriously enough to resolve quickly -- even when confronted wit
Twitterbot Tweets Malware Orders
Commentary  |  8/17/2009  | 
The discovery of a Twitter profile being used to tweet botnet updates and link is one more indication (not that we needed one) that cybercriminals are using the same tools that we are.
Who Are These Followers And Followees of the Twitter Botnet?
Commentary  |  8/17/2009  | 
Social networks really do bring people together, don't they? Old friends. Long-lost relatives. Bots and bot-herders. Warms the heart.
Banks, Credit Card Companies Take Swipe At New Encryption Method
Commentary  |  8/16/2009  | 
Visa Inc. and Fifth Third Bancorp are testing a novel technique at authenticating in-person credit and debit card transactions by using a fingerprint created by the individual magstripe on each card.
Physical Penetration Testing Tells All
Commentary  |  8/14/2009  | 
Rob Enderle had a great post here on Dark Reading on the discrepancies between physical and system security and what happens when they don't match up. The problem is most companies just don't understand physical security and how it can fail. They often think they do, but then they end up putting in flawed physical security controls that can't keep out even the mo
Data Center Revolution Or Evolution
Commentary  |  8/14/2009  | 
I recently read a claim by one major supplier of Fiber Channel over Ethernet (FCoE) technology that it would be the dominant infrastructure in use in data centers in two to three years! Are you kidding me? Other than impossible that is just not the speed at which the data center moves. The data center evolves, it does not revolt.
Reclaiming The Email Channel
Commentary  |  8/14/2009  | 
Financial institutions and ecommerce sites use email as a marketing platform, training users to trust email -- essentially blazing a trail for the phishers.
E-Voting Takes Another Hit
Commentary  |  8/13/2009  | 
A group of computer scientists have shown how voting results, held in electronic voting machines, can be changed using a novel hacking technique. It's yet another reason why we need to have a verifiable, auditable, paper-trail for electronic voting machines.
Specialization Inevitable In Infosec
Commentary  |  8/13/2009  | 
Specialization in the information security field is key. Plenty of blogs have been written during the past few months with infosec career advice, but none has hit the nail on the head like two recent posts from Richard Bejtlich and Anton Chuvakin.
It's Time To Integrate Physical And Virtual Security
Commentary  |  8/13/2009  | 
With examples of employee theft and the increasing threat of damage to systems by disgruntled ex-employees, it's time to consider presence-linked polices and implementing the Trusted Computing Group's new Trusted Network Connect (TNC) standard. We have the technology to better support our financial and intellectual property -- and in these hard times, we need to step up and do just that.
Deletion And Reclamation - The Ultimate Deduplication Strategy
Commentary  |  8/12/2009  | 
With all the products that are available today for optimizing storage through deduplication and/or compression, one of the best methods available is deletion and reclamation.
Dasient Offers Free Open Source Anti-Malware For Apache Server
Commentary  |  8/11/2009  | 
New security company Dasient is offering at no charge a limited functionality version of its anti-malware software. The module, for Apache Web server, blocks infected Web pages and aims to help keep companies from finding their site on Internet black lists.
Social Zombies Out For Your Network, Not Brains
Commentary  |  8/10/2009  | 
Last week, I took a shot at the Marines for banning social networks without waiting for the Pentagon to finish looking into the threats posed by members of our armed forces using sites like Facebook and Twitter.
Maximizing IOPS With SSD
Commentary  |  8/10/2009  | 
In a recent series of entries I covered several storage technologies that can help a data center maximize their CAPEX. Most of that series focused on cutting costs by using less primary storage either through archiving or efficiency. Another way to maximize your CAPEX investment is to maximize IOPS with SSD (Solid State Disk) technology.
Lockpicking And The Internet
Commentary  |  8/10/2009  | 
Physical locks aren't very good. They keep the honest out, but any burglar worth his salt can pick the common door lock pretty quickly. It used to be that most people didn't know this. Sure, we all watched television criminals and private detectives pick locks with an ease only found on television and thought it realistic, but somehow we still held onto the belief that our own locks kept us safe from intruders. The Internet changed that.
Big Names, Big Blogs
Commentary  |  8/10/2009  | 
The Dark Reading blog section continues to add new voices from some of the top security researchers and experts in the industry.
Prepare To Patch
Commentary  |  8/10/2009  | 
If you are a Microsoft Windows user, chances are there's a patch waiting for you tomorrow.
Top 3 Bots: Billions (With A B!) Of Spams A Day!
Commentary  |  8/7/2009  | 
How much havoc can a botnet wreak? Too much, according to MessageLabs, which reports that the top 3 bots are spewing 21 billion spams a day.
SecurityBSides: The Best-Kept Vegas Secret
Commentary  |  8/6/2009  | 
Getting to SecurityBSides made me think of all the Vegas movies where a casino boss takes a cheater out into the desert and buries him in the sand.
Twitter Takedown: DDoS Attack Beats Tweets
Commentary  |  8/6/2009  | 
Twitter was shut down for a couple of hours this morning by a Distributed Denial of Service (DDoS) attack; blogsite LiveJournal went down too, and the rumors flew that FaceBook was having traffic troubles of its own.
Marines Jump The Gun On Social Networking
Commentary  |  8/5/2009  | 
Being on the front line of IT security, it often feels like the equivalent of holding a hammer during a game of Whack-A-Mole. One day it's a client-side vulnerability in Adobe Acrobat, and the next, it's an unsubstantiated vulnerability in OpenSSH. At the end of the day, we're just trying to find that balance between usability,productivity, and security. That's why the news that the U.S. Marines are banning social networking sites completely makes me think they're jumping the gun.
The Seedy Side Of Hacking
Commentary  |  8/5/2009  | 
The running joke among seasoned Defcon attendees in Las Vegas every year is to steer clear of ATM machines at the Riviera Hotel, where hackers have known to place a booby-trapped ATM to prove their point that nothing is sacred when hackers are in the house (or worse). Then there's the Wall of Sheep "contest" at both Black Hat USA and Defcon to see who's either clueless or bold enough to jump onto the unsecured WiFi network at the shows. When they do, they get the dubious honor of getting their
Turn Off Auto-Updates Before Hitting the Road
Commentary  |  8/4/2009  | 
The convenience of automatic software updates can create major problems if apps are updated via unsecured public Wi-Fi connections. Hotspots make great hijack spots, and as a result, your mobile employees need to make some adjustments in their update settings.
'FOCA' And The Power Of Metadata Analysis
Commentary  |  8/3/2009  | 
Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat.
New SSL Attacks Don't Change Your Web Risk
Commentary  |  8/3/2009  | 
There's been a a lot of talk about SSL security since last week's Black Hat conference. While these attacks are significant, I don't see them as changing the security posture of the Web.
Secure Certificate Vulnerabilities Revealed
Commentary  |  8/3/2009  | 
The SSL Certificate that tells visitors a site is certified as trustworthy may be easier to fake than previously thought. And that's one more reminder that the whole system of trust authorization is in need of work.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-01-28
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has be...
PUBLISHED: 2023-01-28
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched re...
PUBLISHED: 2023-01-28
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the...
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The expl...