Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Content posted in September 2008
Page 1 / 2   >   >>
End Users Lax With Company Data
Commentary  |  9/30/2008  | 
A new security study shows end users from around the world treat data and corporate systems with little respect for the potential consequences. When it comes to corporate data, which is actually often customer data, there's little regard for security.
New DoS Attack Is a Killer
Commentary  |  9/30/2008  | 
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Can You Prove Compliance In The Cloud?
Commentary  |  9/30/2008  | 
Whether you're in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren't able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.
Scareware Purveyors To Get Legal Thrashing
Commentary  |  9/29/2008  | 
We've previously warned about the rising number of scareware threats attempting to scam Internet users. Now Microsoft and the state of Washington are gnashing their legal teeth. Will it work?
Free Cloudmail Continuity Offer From LiveOffice
Commentary  |  9/29/2008  | 
Snailmail may be immune to rain, sleet snow, etc. but heavy weather can wreak heavy damage -- and outright interruption and downtime -- on your e-mail traffic. A new free service from LiveOffice argues that the solution to storm clouds' potential for disruption lies in the digital Cloud.
The Death Of The Dual Controller Architecture?
Commentary  |  9/29/2008  | 
Clustered storage is everywhere; are we seeing the end of the dual controller architecture?
Mozilla Fixes Password Management Gaffe
Commentary  |  9/28/2008  | 
Just after Mozilla released Firefox version 3.0.02, which fixed a bevy of security problems, the foundation had to issue a notice to users about a flaw that could keep users from accessing and even creating passwords under some conditions.
Archive Needs To Succeed For SSD To Dominate
Commentary  |  9/27/2008  | 
In my last entry I wrote that speed is solid state disk's "killer app," but for SSD to really become the primary storage mechanism in tier one, the archive tier needs to be fully established.
Astaro Debuts E-mail Spam Fighter For SMBs
Commentary  |  9/26/2008  | 
Everybody hates spam. It clogs inboxes and online traffic, cuts productivity, and holds out false hope of riches, romance, and hair. Astaro's new Mail Gateway is designed to help your company deal with spam and other e-mail issues without spending a lot of money.
Senate Committee Approves Updated FISMA Bill
Commentary  |  9/25/2008  | 
The Senate Homeland Security and Government Affairs Committee just approved S.3474, which will update the Federal Information Security Management Act (FISMA), in the hope of lifting federal security efforts beyond what many have deemed a paperwork shuffle that does little to boost security.
One In Ten Computer Users Don't Have A Clue About Security
Commentary  |  9/25/2008  | 
They've got computers, they've got apps and they've almost undoubtedly got confidential data, but a new study from privacy company Steganos found that nearly 10 percent of computer users didn't know if they had anti-virusware installed. And it gets worse...
India's Government Claims BlackBerry Crypto Crack
Commentary  |  9/24/2008  | 
After months of wrangling with Research In Motion to hand over its crypto keys, the country now claims to have attained the ability to snoop on some RIM users in that country.
Speed Is The SSD 'Killer App'
Commentary  |  9/24/2008  | 
In a recent blog entry I provided a time line on when I thought SSD would become the dominant storage type for what is currently the active storage tier. One of the key enablers of this will be the increasing need for speed and mechanical hard drives' lack of ability to deliver it in a cost- effective manner.
North American Companies Embracing Security Outsourcing
Commentary  |  9/23/2008  | 
The U.S. managed security services market is booming, and set to double in size in the next few years? MSSPs have been around, in one iteration or another, for as long as I can remember. Why is the market set to rock now?
Risky Employee Web Use: Cloud Storms Gathering
Commentary  |  9/23/2008  | 
How are you going to keep them on task when they can go to the Web? is not only a productivity question, it's a growing security concern. A new study indicates the concern is growing fast.
Information Cards Are Awesome; But Are Identifying Parties Really Ready To Do This Right?
Commentary  |  9/23/2008  | 
Perhaps the greatest thing about information cards is that they might finally free us from the purpose-defeating and idiotic practice of using Social Security numbers as a nigh-universal identifier. But it won't work unless the Identifying Parties find a way to balance security with portability, and can smartly manage distribution, expiration, and destruction.
McAfee Secures Place In UTM Market With $465 Million Acquisition
Commentary  |  9/22/2008  | 
There's still big demand for unified threat management (UTM) devices, especially in the SMB part of the market, and with its $465 million acquisition McAfee is making a big move that will shore its network security products.
McAfee Acquires Secure Computing
Commentary  |  9/22/2008  | 
McAfee is buying Secure Computing for $465 million, rounding out its network security business and strengthening its security risk management offerings among companies of all sizes.
Cloud Storage 2.0
Commentary  |  9/22/2008  | 
Cloud storage 1.0 as it exists today has one primary service; it stores data. Not very exciting. Cloud storage 2.0 will have to provide the ability to do more with that data than just store it.
Untangle Offers Free Open Source Security
Commentary  |  9/22/2008  | 
Untangle's new open source security gateway aims to free small and midsized businesses from dedicated security machines -- and to do so for free.
Australian Spy Warns Of Rising Corporate Espionage
Commentary  |  9/19/2008  | 
The deputy-director general of the Australian Security Intelligence Organization, who cannot be named under Australian law, warned attendees of Australia's Security in Government Conference 2008 earlier this week that commercial and national espionage are becoming more intertwined.
Commentary  |  9/19/2008  | 
Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. Up until we started virtualizing servers, you generally only needed this at the network switch level. Now with the multitenant nature of virtualization hosts, we need QoS at the network interface.
Palin E-Mail Hack Was "Easy"; FBI Investigating
Commentary  |  9/18/2008  | 
Person who purportedly hacked VP hopeful Sarah Palin's Yahoo E-mail account posted what he or she claimed to be a first-person account of the attack. Meanwhile, the FBI is on the case of the pwned candidate's account.
From VMworld To Houston...
Commentary  |  9/18/2008  | 
Sorry for the delay in getting this entry posted. I arrived in Houston last night to a city that is about 60% blacked out, including my office. Thanks to the kindness (a common theme in Houston) of a local storage integrator, Unique Digital, I am able to be back in business and send you today's entry, "From VMworld to StorageWorld."
Even Hockey Moms Not Safe: Palin Hack Shows Cloudmail Security Concerns
Commentary  |  9/18/2008  | 
The hacking of vice presidential candidate Sarah Palin's Yahoo Mail account is a reminder of the vulnerability of Web-based mail -- and that's a cause for concern, or at least heightened vigilance, whatever side of the political spectrum you mail from.
VP Hopeful Sarah Palin's Yahoo E-Mail Account Hacked
Commentary  |  9/17/2008  | 
A team of hackers dubbed "Anonymous" claims to have breached vice presidential hopeful Gov. Sarah Palin's Yahoo e-mail account, based on a number of announcements and screenshots posted to the Web and Wikileaks.org
GAO States Obvious: U.S. Cybersecurity Is Stinko
Commentary  |  9/16/2008  | 
The Government Accountability Office finds government's cybersecurity efforts lacking.
Hiding Breach News Makes A Bad Situation Worse
Commentary  |  9/16/2008  | 
Retailer Forever 21, tagged by credit card data thieves, is dealing with letting the public know about the breach -- sort of.
SEC Fines Wall Street Firm LPL
Commentary  |  9/15/2008  | 
The Securities and Exchange Commission took -- relatively -- harsh action against financial services firm LPL Financial for failing to protect its customer data. While the fine levied against LPL certainly isn't the most important news to break on Wall Street this week, it is the first step in what I hope is a long-term harsher stance taken by the SEC.
Survived Ike? Time Will Tell...
Commentary  |  9/15/2008  | 
Ike tore through Houston, home one of our office and our lab. Once again, businesses have to learn that surviving the initial hit is only the beginning. The "P" part of a Disaster Recovery Plan is very critical to the long-term survival of the business.
IBM SMB Servers Get Hardware-Based Encryption
Commentary  |  9/15/2008  | 
With a new $1,099(and up) hardware-based data encryption device, IBM is talking directly to small and midsize businesses that operate their own servers (their own meaning IBM's.)
UAE Bank Breach Spreads
Commentary  |  9/13/2008  | 
International investigators still aren't sure, or they're not saying, how criminals managed to generate counterfeit bank and credit cards of legitimate users and conduct fraudulent charges from about 20 countries.
FCoE Or iSCSI, Does It Really Matter?
Commentary  |  9/12/2008  | 
There is a lot of debate about Fibre Channel over Ethernet and converged network adapters. A CNA is a 10-GbE network interface card that supports multiple data networking protocols, basically TCP/IP traffic and storage networking. These adapters are going to support Fibre Channel over Ethernet (FCoE). The plan is to reduce networking cost of ownership by converging the data and storage networks onto a single adapter, which results in lower adapter, cabling, switch, power, and cooling costs.
Password Crackers For Hire
Commentary  |  9/12/2008  | 
Earlier this week we wrote about how attackers are selling bogus security software suites to not only rip unsuspecting Web surfers off, but also infect their systems with malware. Now, an IBM researcher says many of those Webmail online password "recovery" services may actually be hackers for hire.
Amazon Pitches The Security Of Its Cloud
Commentary  |  9/11/2008  | 
Amazon Web Services, in an effort to foster faith in the security of its infrastructure, on Thursday published a white paper about its security processes.
New Norton, Trend Micro Security Products Released
Commentary  |  9/11/2008  | 
'Tis the season for security suite updates, with new ones just out from Symantec (Norton) and Trend Micro.
Video: KFC Hires Armed Guard To Transport Chicken Recipe
Commentary  |  9/11/2008  | 
This is a cute publicity stunt: The president of KFC decided that the famous original recipe lockdown wasn't secure enough, so they hired a Brinks guard to transport the document to a new, more secure location.
XP Security 'Scareware' Scams Skyrocketing
Commentary  |  9/10/2008  | 
More users than ever before seem to be falling for scams being levied by fraudsters looking to make a quick -- and lucrative -- buck from bogus security applications. It's sad to see people get scammed from their money when they're seeking some level of protection from Internet threats -- but instead they end up paying to install software that does nothing, at best, or is in fact itself malware. At least one security firm says criminals are raking in hundreds of thousands a month doing so.
SSD Domination, Sooner Than You Think
Commentary  |  9/10/2008  | 
Based on the recent news that Intel has announced an 80-GB Solid State Disk for less than $600, the end for the mechanical drive may get here within the next five years.
Microsoft: Four Patches, Eight Vulnerabilities, One Biggie
Commentary  |  9/10/2008  | 
Earlier this week we predicted that Microsoft would release a massive update, and the software giant certainly did. While it's not big in megabytes, it touches nearly every Windows user on the Internet. Make sure you're aware of the risks, and get yourself patched.
Top Tips For Preventing Identity Theft
Commentary  |  9/9/2008  | 
Your customers' and clients' private information should be as important to you as their business -- and should be protected just as carefully, according to a new book on identity theft prevention techniques. Take a look at the top tips below.
Google Chrome Polishes Its First Security Update
Commentary  |  9/8/2008  | 
Last week, Google released its shiny new Chrome browser. However, before the week finished, Google also had to issue a patch for one of security's most common -- and most well-known to developers -- application security issues: a buffer overflow vulnerability that would make it possible for an attacker to completely take over your system.
UPDATE: Some Google Chrome Problems Patched, Blended Threat Vulnerability Remains
Commentary  |  9/8/2008  | 
Update Google Chrome now! (We tell you how below.) A buffer overflow vulnerability in the new browser has been identified and patched but, contrary to early reports, the blended WebKit/Java vulnerability has NOT been patched yet.
Security Finally a CEO Level Concern
Commentary  |  9/8/2008  | 
Facing an ongoing threat from hackers and needing to comply with more government regulations have forced many businesses to recognize security as an important corporate initiative. Consequently, companies are increasing their spending on security products as well making it a top management concern.
Cloud Storage's Weakness
Commentary  |  9/8/2008  | 
Cloud storage has one glaring weakness compared with traditional storage offerings; it does not get cheaper over time. Today, some services each year will increase your capacity at "no extra charge," but you are still paying the same amount of money for data written last year and data written this year.
Patch Tuesday: Potentially Massive Windows XP, Vista Update Ahead
Commentary  |  9/7/2008  | 
On Tuesday, Microsoft will release four security fixes as part of its monthly patch update cycle. There are four patches slated for release and all are rated as critical. Yet, one of the bulletins strikes me as unusually vague. Is this cause for alarm?
In The Cloud, Architectures Matter
Commentary  |  9/5/2008  | 
There is a common statement that I hear when talking with members of the cloud community, that the user should not be concerned with what is the architecture of the cloud. I disagree -- details matter.
Google Picasa Picture-Perfect For Spammers
Commentary  |  9/5/2008  | 
Google's picture-sharing service, Picasa, has found favor not only with image-happy users, but also as a filter-evading route for spammers to stuff your mailbox with junk, according to a new Message Labs report.
Google Chrome Quick Security Precaution (Not A Fix)
Commentary  |  9/4/2008  | 
A couple of quick clicks can help you lessen (but not eliminate) the security risks in the brand-new Google Chrome browser.
Google Chrome Security Risks Already Announced
Commentary  |  9/3/2008  | 
Barely a day after Google's new browser was released, Chrome is showing some scratches: researchers have pointed out known security vulnerabilities that can put users at risk of malicious exploits.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file