Author

 Keith Ferrell

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell

Slideshow: Cloud Security Pros And Cons

7/20/2010
Securing your business in the cloud can offer substantial savings and resources balanced by large and unexpected risks. In this review of cloud security silver linings and storms warnings, we look at some of the brightest and darkest security clouds.

Post a Comment

Porn Tops Web Watching, Gaming Growing Fast

6/17/2010
Pornographic Web content accounted for a whopping one-third of all page views, according to security firm Optenet. Online gaming sites are also dramatically growing in popularity. If their popularity is growing with your employees, it's time to review your usage policies.

Post a Comment

Vulnerability Scanners Must Be Used Carefully

6/14/2010
Automated network and Web app vulnerability scanners can make strengthening your business's defenses a lot simpler -- or a lot more complicated, depending on how much you and your team know about their uses. A new report looks at some of the challenges accompanying vulnerability scanning.

Post a Comment

iPad Email Hack Shows AT&T Security Sloppiness

6/10/2010
Info on more than 100,000 iPad email addresses grabbed from AT&T by a self-proclaimed security group will cause far more problems for AT&T than for Apple. But Apple's single-mindedness about AT&T deserves more than a bit of the blame, too.

Post a Comment

Facebook Privacy Protection: Symantec's Six Steps

5/31/2010
Symantec has offered six steps to protecting your privacy on Facebook -- and the fact that the tips are so obvious, basic and self-evident doesn't make them any less worthwhile. In fact, their obviousness may make them among the most valuable tips to offer employees doing anything on the Internet.

Post a Comment

Symantec Broadens SMB Protection Services

5/25/2010
Symantec's expansion of its SMB security and protection services in the latest edition of its Protection Suite, aims to offer a single-vendor solution for small and midsized business security, protection, endpoint, messaging, mobile, backup and recovery.

Post a Comment

VaporStream Takes E-mail "Off The Record"

5/6/2010
Not every e-mail needs to be part of the permanent record -- which is the point VaporStream is making with 256-bit encrypted "vanishing" e-mail service. Could be just what the doctor ordered for dealing with e-mail overload -- although more than a few divorce lawyers and tabloid headline writers might disagree.

Post a Comment

McAfee's Mess, SEC's Sex Problem And What SMBs Can Learn From Each

4/26/2010
Last week's McAfee release of a virus def file that didn't play well (to say the least!) with Windows XP SP3, along with unrelated revelations about the amount of pornsurfing going on at the SEC offers the chance to think a little bit about each problem -- and what your business has done and can do to avoid getting tagged by similar ones.

Post a Comment

Google Chrome Attracting Hacker Attention

4/20/2010
The good news: at a recent security conference, Google Chrome got kudos as the hardest to browser hack. The bad news: a new hack is targeting possibly overconfident Chrome users and tagging them with malware.

Post a Comment

Tax Time Is Hacks Time -- Time To Be Wary!

4/8/2010
Over the next week or so as you, and, odds are, more than a few others in your workplace are scrambling to make the April 15th deadline, bear in mind that there are plenty of scams hoping to catch and bilk you mid-scramble.

Post a Comment

Conficker Dead -- Long Live Conficker

4/5/2010
Whether or not the Conficker worm is essentially dead, just lying low or somewhere in-between, the lessons of the massive botnet are likely to live on for a long time. Bad news is that there are lessons learned by the botnet makers, too.

Post a Comment

March Madness: Hoop Dreams Spawn Malware Nightmares

3/24/2010
Some interesting stats from security firm Zscaler, Cisco Scansafe and eSoft point out the surge in business bandwidth consumption during NCAA games -- and warn that unwary searching for bracket listings could result in malware being dunked into your system.

Post a Comment

Cyber Cities Attract Cyber Crooks -- Ya THINK?

3/23/2010
Symantec's new list of the top cities for cyber crime risks rounds up the usual suspects (the more cyber-savvy the city, the more crooks that come there) -- and offers some important reminders no matter where you work and live.

Post a Comment

End User Security: Why Bother?

3/22/2010
According to some new research, that's precisely the reason end users don't trouble themselves with strong passwords and safe surfing practices. The risks they believe they're exposed to just don't outweigh the annoyances security imposes.

Post a Comment

P2P Business Problems Growing: FTC Issues Warnings

2/23/2010
The FTC's announcement that nearly 100 private and public organizations had insecurely transmitted confidential, personal data over P2P networks is a wakeup call not just to those receiving the warnings, but to every business whose employees may be using file-sharing technology -- and especially to those who don't know whether employees are P2Ping or not.

Post a Comment

Security Scoreboard Lists Services By Specialty

2/2/2010
A new service, Security Scorecard, aims to help simplify the search for qualified security specialists simpler by listing them, categorizing them, making them searchable. Service providers will have the option of buying premium display space.

Post a Comment

BBB Offers SMB Security Info

1/25/2010
The Better Business Bureau, working with technology and financial companies, unveiled a new online educational resource intended to help small businesses get a grip on data and online security. Based on the BB's numbers, it's past time for plenty of those businesses and their staffs to go back to school.

Post a Comment

IE Hole Enables "Most Sophisticated" Attacks Yet

1/15/2010
The latest critical vulnerability in Microsoft's Internet Explorer, tagged as the key vector in a series of corporate attacks over the past three weeks, is being exploited in what one security expert calls "the most sophisticated" attacks ever committed against commercial targets.

Post a Comment

Top 10 Threats: Malware List From Sunbelt

1/5/2010
Sunbeltlabs' look at December's top ten malware threats offers a reminder that while Trojans remain the biggest threat, search strings are gaining fast, particularly searches involving young dead celebrities (Brittany Murphy)and -- surprise! -- Tiger Woods.

Post a Comment

Here Come The Holiday Devices -- And The Post-Holiday Risks

1/4/2010
Smartphones and thumb-drives and players and everything else digital and USB-equipped (and wireless!), oh my! How many of the people in your business received digital, connect-able gifts this holiday season? How many of them brought those gifts to work with them today? And more to the point, how many of those devices are now connected to your network?

Post a Comment

2010 Cybercrime Goals: Symantec

12/16/2009
What do cybercrooks want next year? According to Symantec Hosted Services, they want bigger and badder botnets, pathways through CAPTCHA traps, local language spam and plenty of hooks as good as Michael Jackson and Tiger Woods.

Post a Comment

Top 15 Threats: How The Crooks Are Coming At You

12/10/2009
The latest Verizon Data Breach Report lists the top outside threats -- keyloggers, spyware, SQL injections, remote access and control -- and inside threats -- access and privilege abuse, usage and other policy violations -- that businesses have faced. The report is based on actual business's data breach experiences.

Post a Comment

Security Pro Market Heating Up

12/2/2009
The good news for IT security professionals is that demand for their skills is likely to increase in the next few months, according to Robert Half Technology. The challenging news for small and midsized businesses looking for security pros is that rising demand for their skills is going to make finding and hiring them harder.

Post a Comment

Cyber Monday Security Risks Are All Business

11/25/2009
Why Cyber Monday for the online shopping surge? Because for many, Monday's the first working day after Thanksgiving. Which means they can do their online shopping on business time, on the business dime, using business machines over business connections. You may not be able -- or want -- to do anything about the productivity drop, but at least you can tell your people to shop safely.

Post a Comment

Twilight's Latest Hacking: Vampire Byte Scam Targets Stephanie Meyer Fans

11/20/2009
Scareware masquerading as an interview with Twilight author Stephanie Meyer is making the rounds, and fast. Time to pass the word to any of your employees who are Twilight-obsessed and, more importantly, have them pass the word to their kids who may well be chasing the phenomenon on the same computers their parents may use for work-at-home.

Post a Comment

Panda Launches SMB Cloud Security

11/10/2009
Building on its cloud-based anti-virus service for consumers, Panda Security is launching Panda Cloud Protection, a hosted security service for small and midsized businesses.

Post a Comment

FBI: SMBs Losing Millions To Cybercrooks

11/4/2009
Cybercrooks may have tried to nab as much as $100 million from small and midsized U.S. businesses in payroll scams over he last year. Now the FBI is talking about how to protect yourself from this automated threat.

Post a Comment

AVG Sends Speedy Small Business Security Signal

10/27/2009
New Internet security and anti-virus products for small businesses from AVG are being touted by the company as both secure and speedy, with an array of promised features and administrative tools that address some of the tech-challenges smaller firms face.

Post a Comment

Smartphones Call For Security-Smarter Users

10/26/2009
Smartphones, and all the other smartstuff filling our pockets, bags, lives, make for mobile convenience and access -- including access by crooks. Time to get your smartphone-using staff to dial up their security practices.

Post a Comment

Sidekick Failure Highlights Security Demands Cloud Customers Must Make

10/14/2009
Whether or not Sidekick recovers from the data debacle that may have cost hundreds of thousands of customers their cloud-stored material, the disaster shows into sharp relief a couple of great and greatly unasked questions about doing business in and with the cloud: How confident can you be of your cloud service providers? How confident should you insist on being?

Post a Comment

Top Database Threat? Legit Users And Sloppy Company Policies!

10/1/2009
A new Dark Reading report makes clear what's been strongly suspected for some time: Authorized users are business databases' biggest vulnerabilities. Actually, as the report makes clear, the biggest vulnerability is the array of shoddy and hole-filled data policies many companies put in place to protect" data.

Post a Comment

Spammers To Idaho: You're The Tops!

9/24/2009
Spam targeting is one of those categories you don't want to be Number One in, but somebody has to be. According to a new report from MessageLabs, the top spam targets in the U.S. live in Idaho. But the rest of the states aren't that much better off.

Post a Comment

Credit Card Compliance Still Poorly Practiced

9/23/2009
A new survey from Imperva and the Ponemon Institute finds that despite the rising number of data breaches, many companies still do not fully adhere to compliance standards. And many of those that are protecting credit card information are neglecting security when it comes to other, equally sensitive data. Smaller businesses may be having the most trouble with the standards.

Post a Comment

Live Chat With A Cybercrook! Popup Talk Latest Scam

9/18/2009
Phishers have always counted on volume and automation to generate revenues: scam mails by the millions, proliferating malware links, a deluge of devious and deceptive tools designed to grab info from the unsuspecting. Now they're using chat to pluck their pigeons one-on-one.

Post a Comment

Facebook Bug Month

9/2/2009
A researcher plans to unveil a raft of Facebook vulnerabilities in September, one every few days or so. Which means a regular reminder to remind employees and staff to take care when social networking.

Post a Comment

Data Breach Silence Breached: 5 Good Security Tips

8/31/2009
For every high profile big headline data breach, there are plenty of others that are kept quiet. A good piece in Informationweek takes a peek behind the curtain of quiet and offers some solid lessons in how to avoid having your data compromised.

Post a Comment

What Are Botmasters Thinking?

8/21/2009
They're thinking that bots are where the money is, according to a fascinating piece over at Dark Reading. Did you know, for instance, that the average bot is worth between a dime and quarter on the market? You gotta sell a lotta bots at that price to make real money -- and people are making real money doing just that.

Post a Comment

Twitterbot Tweets Malware Orders

8/17/2009
The discovery of a Twitter profile being used to tweet botnet updates and link is one more indication (not that we needed one) that cybercriminals are using the same tools that we are.

Post a Comment

Twitter Takedown: DDoS Attack Beats Tweets

8/6/2009
Twitter was shut down for a couple of hours this morning by a Distributed Denial of Service (DDoS) attack; blogsite LiveJournal went down too, and the rumors flew that FaceBook was having traffic troubles of its own.

Post a Comment

Turn Off Auto-Updates Before Hitting the Road

8/4/2009
The convenience of automatic software updates can create major problems if apps are updated via unsecured public Wi-Fi connections. Hotspots make great hijack spots, and as a result, your mobile employees need to make some adjustments in their update settings.

Post a Comment

Secure Certificate Vulnerabilities Revealed

8/3/2009
The SSL Certificate that tells visitors a site is certified as trustworthy may be easier to fake than previously thought. And that's one more reminder that the whole system of trust authorization is in need of work.

Post a Comment
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.