Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Dark Reading Marks 10th Anniversary With Month Of Special Coverage

Looking back at the decade in security.

In February 2006, I got a call from Steve Saunders, founder and editor of Light Reading, who had an idea. He and a couple of other editors planned to start a new publication about IT security – a publication that would be very different than anything else the infosec industry had seen before. He wanted to know if I wanted in on it.

On May 1, 2006 – 10 years ago this week -- Dark Reading was launched. Wow, were we in for a wild ride. Dark Reading is now a part of UBM, working every day with other important industry communities, including InformationWeek, Black Hat, Interop, and Network Computing. And we're still a very different type of industry publication.

In the past decade, the IT security industry has seen everyday changes that would seem like earthquakes in other industries. We’ve seen the emergence of botnets that were bigger than some service provider networks. We’ve seen single breaches that affected billions of end users. We’ve seen vulnerabilities that affected not only whole industries, but the very fabric of the Internet.

The attackers have changed. Over the last decade, the face of the hacker has evolved from the nerdy teenager to the organized criminal, the political hacktivist, the state-sponsored hacking team. And their methods are as varied as their motivations.

The nature of the security profession has changed, too. We’ve gone from guards at the gates to online detectives, constantly searching for that one unseen attack hiding deep in our code. Signatures gave way to behavior. Perimeter security gave way to a risk-based approach. And the IT security person – once sequestered in a small cube in the data center – now is part of some of business’ most crucial risk discussions.

For most security professionals, today’s issues have to do with the future: the next attack, the next vulnerability, the next compromise of critical data. That’s as it should be. But periodically, it makes sense to look back at where we’ve been – where we failed, what we’ve accomplished, and what we’ve learned. Looking back sometimes helps us understand where we’re going.

For 10 years, Dark Reading has had the good fortune to document the many changes and developments that have happened in infosec – the successes, the failures, the things that changed and the things that sometimes, regrettably, never changed.

Over the next month, with the help of Dark Reading’s many great writers and contributors, we will attempt to remember this past decade and the lessons we learned from it. You’ll see stories on some of the biggest breaches and vulnerabilities that challenged the industry. You’ll see articles on some of the people who changed security thinking, and some of the sea changes that altered the landscape. And you’ll hear from some of the industry’s top experts – including some of Dark Reading’s original contributors -- on where we’ve been and where we’re going.

We hope you’ll enjoy this month’s retrospectives, presented alongside our usual fare of the latest threats, breaches, and defense trends. We hope you’ll take the time to help us remember where the security industry has been – and perhaps use our search engine to go back and take your own trip down memory lane.

Here’s to the last 10 years – and to making the most out the next 10.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Ninja
4/26/2016 | 4:17:52 PM
You've come a long way, Dark Reading
Dark Reading has come a long way in 10 years. And it will have to keep tyring to help those of us who are trying to invoke maximum resources to do so in a secure way.  
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
Jai Vijayan, Contributing Writer,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19227
PUBLISHED: 2019-11-22
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
CVE-2019-10203
PUBLISHED: 2019-11-22
PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10206
PUBLISHED: 2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.