Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 George V. Hulme

Profile of George V. Hulme

News & Commentary Posts: 529
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
Articles by George V. Hulme
posted in August 2008

BNY Mellon Data Breach Potentially Massive

8/29/2008
It was in May when we noted an investigation launched by the authorities in the state of Connecticut into a backup tape lost by the Bank of New York Mellon. The results of that investigation are in, and they don't look good.

Post a Comment

Web Application Hacks: Upping The Arms Race

8/27/2008
It doesn't seem that long ago since Web applications attacks supplanted network and worm attacks. But they have, and now the attackers are finding ways to obfuscate these attacks. It's an ever-evolving arms race. And we have an updated Top 10 Web site vulnerabilities list.

Post a Comment

Best Western Hotel Chain Pwned

8/24/2008
According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.

Post a Comment

FEMA Phones Get Hacked

8/21/2008
If you are going to hack a phone system, do you really want to hack DHS? That's what happened this weekend when someone made hundreds of illegal calls from a Federal Emergency Management Agency (FEMA) Private Branch Exchange (PBX) to the Middle East and Asia. It appears that it was the usual culprits of poor change control and misconfigurations that left FEMA's digital doors open.

Post a Comment

Sneak Peek: New PCI DSS Rules

8/20/2008
Updates to the Payment Card Industry Data Security Standard (PCI DSS) have been released by the PCI Security Standards Council. The updates, hopefully, will bring some clarity to a number of areas which retailers, merchants, and auditors say are foggy.

Post a Comment

Microsoft Snags Another Security Researcher

8/18/2008
There was a time when it seemed Microsoft viewed security researchers as the enemy, and a big public relations problem. They were the troublemakers who poked holes in Microsoft's operating systems, browser, and desktop software. And they published exploits that helped to automate attacks. Today, Microsoft announced that it hired one of them.

Post a Comment

MBTA: Legally Shackling Security Researchers Rarely Works

8/14/2008
As many security and technology followers know, three MIT students had planned on presenting their findings on a number of vulnerabilities they found in the Massachusetts Bay Transportation Authority's CharlieTicket and CharlieCard payment cards at last week's Defcon conference. That was, until a gag order was put in place to keep them quiet. Today, a federal judge in Boston let the temporary restraining order stand. And so this Saga of Stupidity continues.

Post a Comment

Securing Virtualization, Or Is That Virtualizing Security?

8/12/2008
One of the big topics at last week's Black Hat and Defcon security confabs was virtualization security, but few speakers talked about what is really important: how we approach virtualizing security, and how virtualization itself changes the way we approach information security. All of that changed when I was trampled over by The Four Horsemen Of the Virtualization Security Apocalypse.

Post a Comment

Defcon/Black Hat: Social Network Security = Fail!

8/11/2008
Social networks such as LinkedIn, MySpace, Facebook, and microblogging sites such as Twitter are all fertile grounds for both social engineering and technical attacks. It can get even nastier when you combine the two. Too bad we haven't learned anything about secure coding practices and proper authentication in the past 20 years or so.

Post a Comment

Defcon 16 Kicks Off In Controversy

8/10/2008
Would you expect the 16th annual hackfest to begin any other way? Whether it's the arrest of security researchers, or the outted undercover TV producer of years gone by, Black Hat's sister security and hacking conference, Defcon, always causes a stir. This year, it was the press conference that wasn't to be.

Post a Comment

Black Hat Disputes Charles Edge Talk Even Submitted

8/7/2008
Last week we covered two incidents surrounding Apple's (non) participation at this year's Black Hat conference. Apparently, the first was a potential talk pulled for consideration because Apple just doesn't like its engineers explaining anything about how they handle software security. The other, Black Hat contends, was never even submitted.

Post a Comment

Black Hat 2008, First Day Sessions

8/5/2008
I've been in Las Vegas for a couple of days now, meeting with some old friends in the information security community, and making a few new ones. This year, the annual Black Hat confab will be serving interesting talks on the security implications of virtualization, social networks, and Web 2.0. Should make a good conference that will highlight some of the big security concerns going forward.

Post a Comment

Hacking Nukes

8/4/2008
It's rare that I read something in a press release that I agree with, let alone find frightening, but this release from Lumeta scared the heebe geebees out of me.

Post a Comment

FileVault Is Flawed; And Apple's Not Talk'n

8/1/2008
A security researcher hoping to discuss an undisclosed Apple flaw at next week's annual Black Hat conference in Las Vegas pulls his talk. Then, Apple suddenly jumps ship on a planned security panel to be conducted by its engineers. These incidents expose Apple's being a laggard in its approach to IT security.

Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.