Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in January 2008

Toward Buffer Overflow Extinction

1/31/2008
The first time a buffer overflow was used as part of an attack on information systems, at least the best I can find, was the infamous 1988 Morris worm. While the Morris worm propagated across Unix, buffer overflows have been the bane of Windows security for years. Microsoft is furthering its efforts to push this problem into the history books.

Post a Comment

When Criminal Intent Lurks One Cube Away

1/31/2008
The ongoing Société Général fraud story is a case study in insider threats. The costs, north of $7 billion for the French bank, are high and likely to go higher. For the rest of us, it leaves an uneasy question: Do we have a rogue in our organization? And if so, what do we do about it?

Post a Comment

Federal Government To Spend $30 Billion On New Security Efforts

1/30/2008
One of the most interesting IT security news stories to hit this week is that the Bush administration is apparently proposing $6 billion (maybe this is an increase on existing spending. That's not yet clear) be invested to shore up federal network security next year, and up to $30 billion across seven years. This is good news. Maybe.

Post a Comment

The Four (Non) Myths Of IT Security

1/30/2008
Some of the reports and surveys security firm Symantec has provided over the years I've found both useful and informative. This most recent report, which hit today, isn't one of them.

Post a Comment

Are You SCAP Ready?

1/29/2008
In case you missed it, about a year ago the Office of Management and Budget issued policy memorandum M-07-11, aka the Implementation of Commonly Accepted Security Configurations for Windows Operating Systems. Essentially, this mandates that all federal agency systems must adhere to the Federal Desktop Core Configuration (FDCC) by February 2008. That's this Friday.

Post a Comment

Point. Click. Phish.

1/29/2008
Are you ready to launch your own phishing scam, but don't know where to start? Too tired from your day job to copy write your own fraudulent e-mails? Or, are you like millions of others who just don't know how to leverage Facebook or Orkut for illicit profit? These are no longer problems for you.

Post a Comment

Whoops: $73 Billion In Fraudulent Trades Just Slipped By Us

1/28/2008
While there's no hard evidence yet released on what could prove to be one of the largest frauds in financial history, some details are starting to surface. It's my hunch that this case, other than its financial magnitude, will not prove much different than previous insider frauds.

Post a Comment

IT Security Vs. Censorship

1/28/2008
In a memo distributed to employees, Tribune Co. owner Sam Zell called for all of Tribune's business units to yank the use of content filters. Now, I'm not sure anyone, myself included, would list content filters among their most favorite things. Yet, I'm not so sure Zell made a good move -- at least not for Tribune's IT security.

Post a Comment

Recent Vista Metrics: Don't Be Fooled

1/26/2008
Microsoft's security strategy director, Jeff Jones' recent report card bestowing high marks on the security of his employer's most recent operating system release has garnered plenty of ink. But what's it mean?

Post a Comment

CyberWar! Not So Much

1/24/2008
It's looking more like the distributed denial-of-service attacks that crippled the Web site of the Estonian Reform Party last spring were not the result of grim-faced Russian warriors vigorously clicking their mice. No.

Post a Comment

Trusted Web Site? Not So Fast

1/23/2008
It's not been a great year for Web security, so far. First we learn that HackerSafe isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they Post a Comment

Drive-By Pharming: This Nasty Attack Technique Looks Significant

1/23/2008
The first time I learned of the concept of drive-by pharming was when reading about a presentation given by application security expert Jeremiah Grossman at Black Hat in mid-2006. It's a concerning attack technique, not just because it enables an attacker to do nasty things, but also because of how passively Web users can become victimized. Until very recently, this attack was merely theoretical.

Post a Comment

Bank Failure Spawns New Regulations

1/22/2008
Few may have noticed, but during the real-world summer stock slump Ginko Financial, a bank within Second Life, went bust. And ever since its failure, Second Life citizen complaints of interest-rate scams seem to have soared. "Since the collapse of Ginko Financial in August 2007, Linden Lab has received complaints about several in-world "banks" defaulting on their promises. These banks often promise unusually high rates of L$ return, reaching 20%, 40%, or even 60% annualized, reads a recent blog

Post a Comment

Vote. Get Your Identity Stolen

1/22/2008
Fortunately, the stolen notebook was recovered. Unfortunately, it's now up to the forensics experts to determine if any of the data, including the names and Social Security numbers of register voters, was accessed or tampered with. I'm talking about the notebook that was allegedly stolen from the Election Commission in the Nashville area last month. According to this report, the notebook held the names and Social Security n

Post a Comment

Protecting Bob In Accounting, From Himself

1/21/2008
Of the hundreds of data loss incidents in 2007, it seems the majority involved some type of lost storage media or notebook. If only the companies had used, or were certain that encryption had been in place, then the customers of GE Money, Accenture, the Department of Veterans Affairs, and too many others to list would be sleeping better. It's a problem that's only going to get worse as more data is held on portable storage devices, such as USB devices, smartphones, and even MP3 players.

Post a Comment

RIAA Attacked: The SQL

1/21/2008
The Recording Industry of America's (RIAA) Web site was attacked -- again -- over the weekend. According to numerous breaking news stories, it seems a lack of proper security controls enabled some to take parts of the site down, and tweak its pages. Get serious.

Post a Comment

Hackers Threaten Power Grid. FERC Strengthens Security Standards

1/19/2008
While I enjoyed the first two Bruce Willis Die Hard movies, Live Free or Die Hard was a different story. The coordinated, near simultaneous cyberattacks of the power grid, financial systems, government databases, and media satellites was so over-the-top that I couldn't suspend my disbelief long enough to enjoy the movie. Maybe that's because I've long been suspicious of the terms cyberterrorism and cyberwarfare. In fact, the threats of thunderstorms, tornadoes, and overgrown trees

Post a Comment

Yahoo Users Get OpenID: No Game Changer

1/18/2008
There seems to be plenty of buzz surrounding Yahoo's decision to choose OpenID as a way to enable users to sign on once and seamlessly access all of their Yahoo services, as well as any other Web site that supports the OpenID Web authentication standard. It's not going to change much.

Post a Comment

Don't Do As Bruce Does

1/17/2008
I'm talking about encryption and security expert, speaker, book author, and restaurant critic Bruce Schneier. Don't follow his security advice. At least when it comes to securing home wireless networks.

Post a Comment

Identity Theft Is A Drag For Everyone

1/17/2008
There's yet more evidence that privacy and security concerns, when it comes to online shopping, are on the rise. This time it's from a phone survey, released today, conducted by the University of Southern California's Center for the Digital Future.

Post a Comment

Web 2.0 And Social Networks Ripening Targets For Hackers And Fraudsters

1/16/2008
We're on the verge of an upswing in Web 2.0 and social networking security attacks and fraudulent scams. Just yesterday, Thomas Claburn reported on a serious Universal Plug and Play (UPnP) vulnerability that can be exploited through malicious SWF (Flash) files on Web sites. Successful attacks can be used to sidestep firewalls, access Web router admin pages, and alte

Post a Comment

Hackers Targeting Microsoft Zero-Day Excel Flaw: Microsoft Offers Kludgey Fix

1/16/2008
Late yesterday, Microsoft confirmed in a security advisory (947563) that hackers are targeting a significant vulnerability in multiple versions of Excel. The vulnerability appears to be a previously unknown zero-day, and a successful attack could result in various levels of control over the affected system -- depending on how user rights have been configured.

Post a Comment

A Couple More Things Apple Needs To Do To Become IT (Security) Friendly

1/15/2008
As Macworld kicks off, more companies, especially SMBs, are bound to be eyeing the possibility of displacing Microsoft in favor of Apple. And there are plenty of good reasons why: Vista has been a disappointment, and OS X is simply more elegant and easier to use than anything Microsoft has to offer. And if my personal experience with OS X is any indicator, OS X is a lot more stable. But when it comes to security, Apple has some work to do.

Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.