Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Mitch Wagner
RSS
E-Mail

Profile of Mitch Wagner

California Bureau Chief, Light Reading
News & Commentary Posts: 28

Mitch Wagner is California bureau chief for Light Reading.

Articles by Mitch Wagner

New Security Threats For VoIP

1/5/2007
Panda Software looks at some scary security threats posed by VoIP. The top part of the article in IT-Observer looks at new ways that VoIP might be used for denial-of-service attacks, but the author, Fernando de la Cuadra, dismisses those threats as unlikely (too quickly, I think). The article then goes on to deal with possible threats posed by social engineering.


Post a Comment

Technology Jeopardizes The Secret Ballot

12/15/2006
Ed Felten at Freedom to Tinker has several brief, but meaty, posts this week on the erosion of a pillar of Western democracy: The secret ballot. The secret ballot offers two forms of protection: Because nobody can look over your shoulder to see how you voted, it's hard to coerce your vote. And, because you can't prove to anybody how you voted, you can't sell your vote. But technology and social trends are making the secret ballot harder to preserv

Post a Comment

Protecting Against Insider Threats

12/11/2006
When you visualize what a computer criminal looks like, you probably think of a teen-ager living in his mother's basement, or a shady-looking character in a lawless country far away. But if you want to know what the most dangerous computer criminals look like, take a look at the guy sitting in the next cube.


Post a Comment

Technology Makes Fraud Trivially Easy

11/14/2006
Identity theft expert Frank Abagnale describes how technology has made fraud trivially easy:

Abagnale was subject of the 2002 Steven Spielberg movie Catch Me If You Can, starring Leonardo DiCaprio, which depicted his exploits as a teenager in the 60s, posing as an airline pilot to live the glamorous life of a jet-setter around the world, until he was caught.


Post a Comment

Blue Security Shoots Itself, And Thousands Of Other People, In The Foot

5/5/2006
When an outfit called Blue Security launched a service to go after spammers with vigilante justice, any idiot could've foreseen big problems. In fact, an idiot did. It wasn't a tough prediction to make. Vigilante justice is always a bad idea because it often results in innocent people getting hurt. And that's what happened, as a spammer's counterattack against Blue Security brought down thousands of

Post a Comment

Security Research Isn't Pretty, But It's Necessary

4/17/2006
Security research is a dirty job, but somebody has to do it. Security researchers run an assembly line of self-aggrandizing publicity, churning out press releases and announcements patting themselves on the back for discovering security vulnerabilities in software by Microsoft, Oracle, and other major vendors. The researchers operate under a constant cloud of suspicion: Are they simply creating a climate of useless fear, stifling innovation, E-commerce, and technology implementation? Are they

Post a Comment

Let's Make 2006 The Year We Wipe Out Spam

12/30/2005
We don't care about spam anymore, and that's wrong. Spam is a crime highway that runs straight through your computer, carrying a cargo of worms, fraud, viruses and other attacks. Security vendor Sophos reported that attacks jumped 48% in the first 11 months of 2005. The most dangerous threats were spam-distributed. Spam has direct financial costs, as network managers are required to spend money on software and

Post a Comment

EFF Releases List Of Spyware-Infected Sony CDs

11/9/2005
The Electronic Frontier Foundation has released a partial list of what it claims are the CDs that sony has infected with its copy-protection software. The titles include CDs by Celine Dion, Neil Diamond, Dion, and Ricky Martin. The EFF article also has tips on how you can tell if a CD you bought from Sony contains the copy protection.

Post a Comment

How Not To Stop Online Bank Fraud

10/24/2005
In the name of protecting against phishing, identity theft and other forms of fraud, federal regulators handed banks and consumers an enormous job recently. The work required will make online transactions a great deal more expensive for banks--who will no doubt pass the expense on to customers. The requirement will make online transactions far less convenient for consumers. And it'll be, at best, partially effective. As reported in a story by my colleague Steve Marlin, Post a Comment
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22166
PUBLISHED: 2021-01-15
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVE-2021-22167
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168
PUBLISHED: 2021-01-15
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171
PUBLISHED: 2021-01-15
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2020-26414
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.