Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


 George V. Hulme

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in August 2008

BNY Mellon Data Breach Potentially Massive

It was in May when we noted an investigation launched by the authorities in the state of Connecticut into a backup tape lost by the Bank of New York Mellon. The results of that investigation are in, and they don't look good.

Post a Comment

Web Application Hacks: Upping The Arms Race

It doesn't seem that long ago since Web applications attacks supplanted network and worm attacks. But they have, and now the attackers are finding ways to obfuscate these attacks. It's an ever-evolving arms race. And we have an updated Top 10 Web site vulnerabilities list.

Post a Comment

Best Western Hotel Chain Pwned

According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.

Post a Comment

FEMA Phones Get Hacked

If you are going to hack a phone system, do you really want to hack DHS? That's what happened this weekend when someone made hundreds of illegal calls from a Federal Emergency Management Agency (FEMA) Private Branch Exchange (PBX) to the Middle East and Asia. It appears that it was the usual culprits of poor change control and misconfigurations that left FEMA's digital doors open.

Post a Comment

Sneak Peek: New PCI DSS Rules

Updates to the Payment Card Industry Data Security Standard (PCI DSS) have been released by the PCI Security Standards Council. The updates, hopefully, will bring some clarity to a number of areas which retailers, merchants, and auditors say are foggy.

Post a Comment

Microsoft Snags Another Security Researcher

There was a time when it seemed Microsoft viewed security researchers as the enemy, and a big public relations problem. They were the troublemakers who poked holes in Microsoft's operating systems, browser, and desktop software. And they published exploits that helped to automate attacks. Today, Microsoft announced that it hired one of them.

Post a Comment

MBTA: Legally Shackling Security Researchers Rarely Works

As many security and technology followers know, three MIT students had planned on presenting their findings on a number of vulnerabilities they found in the Massachusetts Bay Transportation Authority's CharlieTicket and CharlieCard payment cards at last week's Defcon conference. That was, until a gag order was put in place to keep them quiet. Today, a federal judge in Boston let the temporary restraining order stand. And so this Saga of Stupidity continues.

Post a Comment

Securing Virtualization, Or Is That Virtualizing Security?

One of the big topics at last week's Black Hat and Defcon security confabs was virtualization security, but few speakers talked about what is really important: how we approach virtualizing security, and how virtualization itself changes the way we approach information security. All of that changed when I was trampled over by The Four Horsemen Of the Virtualization Security Apocalypse.

Post a Comment

Defcon/Black Hat: Social Network Security = Fail!

Social networks such as LinkedIn, MySpace, Facebook, and microblogging sites such as Twitter are all fertile grounds for both social engineering and technical attacks. It can get even nastier when you combine the two. Too bad we haven't learned anything about secure coding practices and proper authentication in the past 20 years or so.

Post a Comment

Defcon 16 Kicks Off In Controversy

Would you expect the 16th annual hackfest to begin any other way? Whether it's the arrest of security researchers, or the outted undercover TV producer of years gone by, Black Hat's sister security and hacking conference, Defcon, always causes a stir. This year, it was the press conference that wasn't to be.

Post a Comment

Black Hat Disputes Charles Edge Talk Even Submitted

Last week we covered two incidents surrounding Apple's (non) participation at this year's Black Hat conference. Apparently, the first was a potential talk pulled for consideration because Apple just doesn't like its engineers explaining anything about how they handle software security. The other, Black Hat contends, was never even submitted.

Post a Comment

Black Hat 2008, First Day Sessions

I've been in Las Vegas for a couple of days now, meeting with some old friends in the information security community, and making a few new ones. This year, the annual Black Hat confab will be serving interesting talks on the security implications of virtualization, social networks, and Web 2.0. Should make a good conference that will highlight some of the big security concerns going forward.

Post a Comment

Hacking Nukes

It's rare that I read something in a press release that I agree with, let alone find frightening, but this release from Lumeta scared the heebe geebees out of me.

Post a Comment

FileVault Is Flawed; And Apple's Not Talk'n

A security researcher hoping to discuss an undisclosed Apple flaw at next week's annual Black Hat conference in Las Vegas pulls his talk. Then, Apple suddenly jumps ship on a planned security panel to be conducted by its engineers. These incidents expose Apple's being a laggard in its approach to IT security.

Post a Comment
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.