Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme
RSS
E-Mail

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in January 2008

Toward Buffer Overflow Extinction

1/31/2008
The first time a buffer overflow was used as part of an attack on information systems, at least the best I can find, was the infamous 1988 Morris worm. While the Morris worm propagated across Unix, buffer overflows have been the bane of Windows security for years. Microsoft is furthering its efforts to push this problem into the history books.

Post a Comment

When Criminal Intent Lurks One Cube Away

1/31/2008
The ongoing Société Général fraud story is a case study in insider threats. The costs, north of $7 billion for the French bank, are high and likely to go higher. For the rest of us, it leaves an uneasy question: Do we have a rogue in our organization? And if so, what do we do about it?

Post a Comment

Federal Government To Spend $30 Billion On New Security Efforts

1/30/2008
One of the most interesting IT security news stories to hit this week is that the Bush administration is apparently proposing $6 billion (maybe this is an increase on existing spending. That's not yet clear) be invested to shore up federal network security next year, and up to $30 billion across seven years. This is good news. Maybe.

Post a Comment

The Four (Non) Myths Of IT Security

1/30/2008
Some of the reports and surveys security firm Symantec has provided over the years I've found both useful and informative. This most recent report, which hit today, isn't one of them.

Post a Comment

Are You SCAP Ready?

1/29/2008
In case you missed it, about a year ago the Office of Management and Budget issued policy memorandum M-07-11, aka the Implementation of Commonly Accepted Security Configurations for Windows Operating Systems. Essentially, this mandates that all federal agency systems must adhere to the Federal Desktop Core Configuration (FDCC) by February 2008. That's this Friday.

Post a Comment

Point. Click. Phish.

1/29/2008
Are you ready to launch your own phishing scam, but don't know where to start? Too tired from your day job to copy write your own fraudulent e-mails? Or, are you like millions of others who just don't know how to leverage Facebook or Orkut for illicit profit? These are no longer problems for you.

Post a Comment

Whoops: $73 Billion In Fraudulent Trades Just Slipped By Us

1/28/2008
While there's no hard evidence yet released on what could prove to be one of the largest frauds in financial history, some details are starting to surface. It's my hunch that this case, other than its financial magnitude, will not prove much different than previous insider frauds.

Post a Comment

IT Security Vs. Censorship

1/28/2008
In a memo distributed to employees, Tribune Co. owner Sam Zell called for all of Tribune's business units to yank the use of content filters. Now, I'm not sure anyone, myself included, would list content filters among their most favorite things. Yet, I'm not so sure Zell made a good move -- at least not for Tribune's IT security.

Post a Comment

Recent Vista Metrics: Don't Be Fooled

1/26/2008
Microsoft's security strategy director, Jeff Jones' recent report card bestowing high marks on the security of his employer's most recent operating system release has garnered plenty of ink. But what's it mean?

Post a Comment

CyberWar! Not So Much

1/24/2008
It's looking more like the distributed denial-of-service attacks that crippled the Web site of the Estonian Reform Party last spring were not the result of grim-faced Russian warriors vigorously clicking their mice. No.

Post a Comment

Trusted Web Site? Not So Fast

1/23/2008
It's not been a great year for Web security, so far. First we learn that HackerSafe isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they Post a Comment

Drive-By Pharming: This Nasty Attack Technique Looks Significant

1/23/2008
The first time I learned of the concept of drive-by pharming was when reading about a presentation given by application security expert Jeremiah Grossman at Black Hat in mid-2006. It's a concerning attack technique, not just because it enables an attacker to do nasty things, but also because of how passively Web users can become victimized. Until very recently, this attack was merely theoretical.

Post a Comment

Bank Failure Spawns New Regulations

1/22/2008
Few may have noticed, but during the real-world summer stock slump Ginko Financial, a bank within Second Life, went bust. And ever since its failure, Second Life citizen complaints of interest-rate scams seem to have soared. "Since the collapse of Ginko Financial in August 2007, Linden Lab has received complaints about several in-world "banks" defaulting on their promises. These banks often promise unusually high rates of L$ return, reaching 20%, 40%, or even 60% annualized, reads a recent blog

Post a Comment

Vote. Get Your Identity Stolen

1/22/2008
Fortunately, the stolen notebook was recovered. Unfortunately, it's now up to the forensics experts to determine if any of the data, including the names and Social Security numbers of register voters, was accessed or tampered with. I'm talking about the notebook that was allegedly stolen from the Election Commission in the Nashville area last month. According to this report, the notebook held the names and Social Security n

Post a Comment

Protecting Bob In Accounting, From Himself

1/21/2008
Of the hundreds of data loss incidents in 2007, it seems the majority involved some type of lost storage media or notebook. If only the companies had used, or were certain that encryption had been in place, then the customers of GE Money, Accenture, the Department of Veterans Affairs, and too many others to list would be sleeping better. It's a problem that's only going to get worse as more data is held on portable storage devices, such as USB devices, smartphones, and even MP3 players.

Post a Comment

RIAA Attacked: The SQL

1/21/2008
The Recording Industry of America's (RIAA) Web site was attacked -- again -- over the weekend. According to numerous breaking news stories, it seems a lack of proper security controls enabled some to take parts of the site down, and tweak its pages. Get serious.

Post a Comment

Hackers Threaten Power Grid. FERC Strengthens Security Standards

1/19/2008
While I enjoyed the first two Bruce Willis Die Hard movies, Live Free or Die Hard was a different story. The coordinated, near simultaneous cyberattacks of the power grid, financial systems, government databases, and media satellites was so over-the-top that I couldn't suspend my disbelief long enough to enjoy the movie. Maybe that's because I've long been suspicious of the terms cyberterrorism and cyberwarfare. In fact, the threats of thunderstorms, tornadoes, and overgrown trees

Post a Comment

Yahoo Users Get OpenID: No Game Changer

1/18/2008
There seems to be plenty of buzz surrounding Yahoo's decision to choose OpenID as a way to enable users to sign on once and seamlessly access all of their Yahoo services, as well as any other Web site that supports the OpenID Web authentication standard. It's not going to change much.

Post a Comment

Don't Do As Bruce Does

1/17/2008
I'm talking about encryption and security expert, speaker, book author, and restaurant critic Bruce Schneier. Don't follow his security advice. At least when it comes to securing home wireless networks.

Post a Comment

Identity Theft Is A Drag For Everyone

1/17/2008
There's yet more evidence that privacy and security concerns, when it comes to online shopping, are on the rise. This time it's from a phone survey, released today, conducted by the University of Southern California's Center for the Digital Future.

Post a Comment

Web 2.0 And Social Networks Ripening Targets For Hackers And Fraudsters

1/16/2008
We're on the verge of an upswing in Web 2.0 and social networking security attacks and fraudulent scams. Just yesterday, Thomas Claburn reported on a serious Universal Plug and Play (UPnP) vulnerability that can be exploited through malicious SWF (Flash) files on Web sites. Successful attacks can be used to sidestep firewalls, access Web router admin pages, and alte

Post a Comment

Hackers Targeting Microsoft Zero-Day Excel Flaw: Microsoft Offers Kludgey Fix

1/16/2008
Late yesterday, Microsoft confirmed in a security advisory (947563) that hackers are targeting a significant vulnerability in multiple versions of Excel. The vulnerability appears to be a previously unknown zero-day, and a successful attack could result in various levels of control over the affected system -- depending on how user rights have been configured.

Post a Comment

A Couple More Things Apple Needs To Do To Become IT (Security) Friendly

1/15/2008
As Macworld kicks off, more companies, especially SMBs, are bound to be eyeing the possibility of displacing Microsoft in favor of Apple. And there are plenty of good reasons why: Vista has been a disappointment, and OS X is simply more elegant and easier to use than anything Microsoft has to offer. And if my personal experience with OS X is any indicator, OS X is a lot more stable. But when it comes to security, Apple has some work to do.

Post a Comment
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18442
PUBLISHED: 2021-06-18
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-3604
PUBLISHED: 2021-06-18
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.
CVE-2005-2795
PUBLISHED: 2021-06-18
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-32954
PUBLISHED: 2021-06-18
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
CVE-2021-32956
PUBLISHED: 2021-06-18
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.