Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Dark Reading Marks 10th Anniversary With Month Of Special Coverage

Looking back at the decade in security.

In February 2006, I got a call from Steve Saunders, founder and editor of Light Reading, who had an idea. He and a couple of other editors planned to start a new publication about IT security – a publication that would be very different than anything else the infosec industry had seen before. He wanted to know if I wanted in on it.

On May 1, 2006 – 10 years ago this week -- Dark Reading was launched. Wow, were we in for a wild ride. Dark Reading is now a part of UBM, working every day with other important industry communities, including InformationWeek, Black Hat, Interop, and Network Computing. And we're still a very different type of industry publication.

In the past decade, the IT security industry has seen everyday changes that would seem like earthquakes in other industries. We’ve seen the emergence of botnets that were bigger than some service provider networks. We’ve seen single breaches that affected billions of end users. We’ve seen vulnerabilities that affected not only whole industries, but the very fabric of the Internet.

The attackers have changed. Over the last decade, the face of the hacker has evolved from the nerdy teenager to the organized criminal, the political hacktivist, the state-sponsored hacking team. And their methods are as varied as their motivations.

The nature of the security profession has changed, too. We’ve gone from guards at the gates to online detectives, constantly searching for that one unseen attack hiding deep in our code. Signatures gave way to behavior. Perimeter security gave way to a risk-based approach. And the IT security person – once sequestered in a small cube in the data center – now is part of some of business’ most crucial risk discussions.

For most security professionals, today’s issues have to do with the future: the next attack, the next vulnerability, the next compromise of critical data. That’s as it should be. But periodically, it makes sense to look back at where we’ve been – where we failed, what we’ve accomplished, and what we’ve learned. Looking back sometimes helps us understand where we’re going.

For 10 years, Dark Reading has had the good fortune to document the many changes and developments that have happened in infosec – the successes, the failures, the things that changed and the things that sometimes, regrettably, never changed.

Over the next month, with the help of Dark Reading’s many great writers and contributors, we will attempt to remember this past decade and the lessons we learned from it. You’ll see stories on some of the biggest breaches and vulnerabilities that challenged the industry. You’ll see articles on some of the people who changed security thinking, and some of the sea changes that altered the landscape. And you’ll hear from some of the industry’s top experts – including some of Dark Reading’s original contributors -- on where we’ve been and where we’re going.

We hope you’ll enjoy this month’s retrospectives, presented alongside our usual fare of the latest threats, breaches, and defense trends. We hope you’ll take the time to help us remember where the security industry has been – and perhaps use our search engine to go back and take your own trip down memory lane.

Here’s to the last 10 years – and to making the most out the next 10.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Ninja
4/26/2016 | 4:17:52 PM
You've come a long way, Dark Reading
Dark Reading has come a long way in 10 years. And it will have to keep tyring to help those of us who are trying to invoke maximum resources to do so in a secure way.  
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9385
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
CVE-2020-9382
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
CVE-2020-1938
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...
CVE-2020-9381
PUBLISHED: 2020-02-24
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
CVE-2019-17569
PUBLISHED: 2020-02-24
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind...