Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in September 2007
Would You Hire This Hacker?
Commentary  |  9/28/2007  | 
Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?
No Excuse: Security Lessons From T.J. MAXX Data Breach
Commentary  |  9/28/2007  | 
Maybe the company should change its name to T.J. LAX -- lax security practices let the hacked retailer's data breach go from bad to worse to bad beyond belief while nobody did anything to remedy the situation.
Disaster Recovery: Plan for Recovery, Not for Disaster
Commentary  |  9/27/2007  | 
So many elements to business IT operations -- so many elements that can get sliced, diced, slammed, flooded, flamed, hacked, attacked, smashed and just plain hammered that your disaster recovery plan has to be universal to be effective.
Is Your Domain Name Safe From Porn Pirates?
Commentary  |  9/27/2007  | 
Avast. Pirates be boldly thievin' for themselves any toothsome domain name what puts a glint in their good eye. Recall the pair of scurvy dogs who battled for years over the rights to sex.com.
Getting to the Real Endpoint of Endpoint Security
Commentary  |  9/26/2007  | 
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.
Good News: Attacks Are Down; Bad News: Attacks Are Worse
Commentary  |  9/24/2007  | 
Fewer but fiercer attacks -- that's the word from a new study of business IT security trends over the past year. Today's breaches are reportedly twice as severe as those of just a couple of years ago.
Secure Computer Recycling II
Commentary  |  9/21/2007  | 
The first step (admittedly paranoid but also, I think, practical) in recycling computers is to physically remove any storage devices. The second is to smash those devices to smithereens. The third step is to find the right place to drop off the now storage-less (and business data-less) remains of the computer.
What ISPs Are Scared Of
Commentary  |  9/20/2007  | 
A new study of Internet service providers (ISP) and their top security concerns lets us know what they're most scared of: armies of zombie computers mounting huge distributed denial of service (DDoS) attacks.
Cybercrooks Outpacing Cybercops: McAfee
Commentary  |  9/19/2007  | 
It's that time of year when the major security vendors release updates, upgrades... and public statements. McAfee's CEO this week pointed out that cybercrime is now bigger than the illegal drug trade -- and continues to grow.
Government Prodding Biometrics into the Mainstream?
Commentary  |  9/18/2007  | 
Biometrics has been a market segment that seems to under perform consistently. To date, use of the technology has limited to select applications, such as securing laptops, but Uncle Sam may soon help to change that.
Cybercrime Gets More Organized
Commentary  |  9/17/2007  | 
The increasingly organized -- and commoditized -- nature of cybercrime should make all of us more alert than ever to the risks our information, and our customers' information, face on our networks.
Don't Do As TD Ameritrade Does -- And Don't Do As They Say, Either
Commentary  |  9/14/2007  | 
The security breach that let spammers get hold of as many as 6.3 million TD Ameritrade customer names, phone numbers and e-mail addresses is being spun as a "Well, they didn't get Social Security numbers, account numbers, PINs or other confidential info; still we apologize for any inconvenience or annoyance," sort of problem. Mistake. Big mistake.
QuickTime Patch Procrastination Poses Firefox Problems
Commentary  |  9/13/2007  | 
Said it before, say it again: Bad enough to have flawed and vulnerable software out there, but probably unavoidable as code gets more and more complex. Completely unavoidable and equally inexcusable is letting a known vulnerability languish for any amount of time, much less a full year. Yet that's exactly what Apple's done with a QuickTime media player security hole that's been known of for at least that long.
Company Computers Not Safe At Home
Commentary  |  9/12/2007  | 
A warning from Computer Associates that home computers are increasingly vulnerable and threatened -- surprise! -- set me to wondering how many of those computers aren't really home computers at all, but business computers used at home... and, more critically, used at home by people other than the authorized employee.
Do Not Ask Your Customers for Their Social Security Numbers
Commentary  |  9/11/2007  | 
Do you want to make potential and existing customers feel secure? If so, one item that you need to avoid is asking them for their social security numbers. A poll by Consumer Reports National Research found that close to nine of every ten Americans want state and federal lawmakers to pass laws restricting the use of Social Security numbers. So if you want consumers coming back and ordering products
Skype Worm Bubbles Up
Commentary  |  9/11/2007  | 
The latest worm wriggling from Skype (for Windows) user to Skype user by way of the network's chat function gives a good opportunity to remind employees not to click on unexpected messages or images on free VoIPware any more than they should anywhere else.
Botnet Storm Surge: Insecurity In Numbers
Commentary  |  9/10/2007  | 
Whatever the summer heavy weather season has been like in your neck of the woods, the cyber-season saw the explosive growth of a monster security storm. After building strength all year, the Storm botnet worm has created a zombie grid so large that it could be a threat to... pretty much whatever the hackers who created it want it to be a threat to.
Bandwidth Is A Business Security Matter, Too
Commentary  |  9/7/2007  | 
The more we can get, the more want to get -- nowhere truer than on the Internet, and getting truer by the day as rich video, audio, effects and extras become an expected part of the traffic. Not just entertainment traffic -- more and more small to midsized businesses are taking advantage of rich media and Web 2.0-ish techniques to send sophisticated sales, marketing and communications signals. But is their richness a business risk? It may be if your customers are Comcast customers.
Time to Guard Your Instant Messaging Traffic
Commentary  |  9/6/2007  | 
One downside with popular IT technologies is they attract unsavory elements. Akonix Systems Inc. , a vendor specializing in instant messaging security products, reported that the number of instant messaging specific viruses doubled from July to August. The change could mean a shift in hacker priorities, so therefore small and medium enterprises need to take a closer look at protecting their IM traffic.
Counting The Cost Of Business Data Theft
Commentary  |  9/6/2007  | 
Just how much does it cost to deal with a data theft or resolve a security breach? Insurance company Darwin Professional Underwriters has a free on-line calculator to help you find out.
Recycle Your Computers -- Not Your Business Info
Commentary  |  9/4/2007  | 
The news that Sony's opening a number of electronics recycling centers across the country is good news for businesses that have stacks and scads of old, outdated, underpowered and otherwise unused computers and other electronic devices cluttering their closets and storage spaces. (It's even better news for landfills, which do not need the toxic materials the devices contain.) Just be sure that what you're putting into the system is the equipment, not your business data.


Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark Reading,  1/14/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14629
PUBLISHED: 2020-01-17
Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-17125
PUBLISHED: 2020-01-17
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
CVE-2019-17127
PUBLISHED: 2020-01-17
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
CVE-2020-3940
PUBLISHED: 2020-01-17
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
CVE-2020-6862
PUBLISHED: 2020-01-17
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.