Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Tom Smith

Profile of Tom Smith

News & Commentary Posts: 9
Articles by Tom Smith

Some Data Protection Miscreants Never Learn

11/15/2007
We know the gory details about TJX Cos. and its mind-boggling data breach. But a hard-hitting new report on the worst data offenders from Byte & Switch shows that in some cases these organizations still haven't cleaned up their security act. Following their own high-profile breaches, the goings-on at Los Alamos National Laboratory, the Department of Veterans Affairs, and Iron Mountain are shocking indeed.

Post a Comment

Personal Data Protection Legislation: Readers Have Their Say

10/17/2007
Reader comments on my post about the California governor's veto of a bill that would increase the state's data protection standards included some points warranting further discussion and some intriguing ideas. A related poll shows readers share my skepticism about businesses' will and capacity to fix the data loss problem.

Post a Comment

Data Protection: It Doesn't Get Any Better Than This

9/13/2006
Corporate America's efforts at data protection--in particular, protecting sensitive personal information about customers--have in many cases failed miserably. There's a long and dubious list of data breaches, losses, thefts, and mishandlings from the past 20 months, with the total number of records containing sensitive personal information involved in security breaches now topping 93 million. Time and again, we've taken to task

Post a Comment

7 Lessons From IT Security Trial

6/30/2006
Over the last several weeks, InformationWeek has been covering the trial of a former UBS PaineWebber systems administrator, Roger Duronio, who's accused of writing and setting off a highly destructive logic bomb at his former employer as revenge for not receiving the maximum yearly bonus. The government prosecution contends that Duronio was not only looking to wreak havoc, but also to profit by purchasing securities whose valu

Post a Comment
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.