Commentary

Content posted in September 2006
Quick, Encrypt Everything!
Commentary  |  9/22/2006  | 
On the surface, it seems like a good idea. Convert all your corporate information into a form unreadable by anyone except the intended recipient. Very straightforward and not terribly difficult to do. But there's a dark side to encryption. Just like anesthesiologists like to joke that putting you under is free, it's waking you up that costs so much money, decrypting your data is the part of the process where things get hairy. In this era of epidemically stolen and lost laptops and mobile devices
Spinach Woes Portend Repercussions Of Cyberattack
Commentary  |  9/19/2006  | 
Wonder what the aftereffect of a terrorist attack on the Internet would look like? The way we're responding to contaminated spinach provides a clue.
Data Protection: It Doesn't Get Any Better Than This
Commentary  |  9/13/2006  | 
Corporate America's efforts at data protection--in particular, protecting sensitive personal information about customers--have in many cases failed miserably. There's a long and dubious list of data breaches, losses, thefts, and mishandlings from the past 20 months, with the total number of records containing sensitive personal information involved in security breaches now topping 93 million. Time and again, we've taken to task
HP Must Rebuild The Damage To Its Image
Commentary  |  9/11/2006  | 
Like most everyone, I've been thinking about the victims of Sept. 11, 2001, in the past few days. I'm also remembering former Hewlett-Packard Chairman Lew Platt, who died on Sept. 8 of last year, as his former company faces a criminal investigation into tactics used to hunt down the source of media leaks.
Post 9/11: Five Years Of IT Promise And Failure
Commentary  |  9/8/2006  | 
Sept. 11, 2001, spurred IT innovation and integration like no other event in history. Driven by fear, defiance, and inspiration, industry and government quickly promised to correct the conditions--including siloed data repositories, incompatible communications systems, and lax security practices--that allowed the terrorist attacks to be executed with such deadly precision. How far have we come in five years? Let's put it this way: We've got a long way to go.
Airing Dirty Security Laundry
Commentary  |  9/5/2006  | 
We all need to be smart, stay informed, and understand our systems well enough to figure out what needs fixing first, or risk being out of business. No vendor, well-intentioned or not, can make these decisions for us; we need to take this responsibility for ourselves.


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.