Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Keith Ferrell
RSS
E-Mail

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell
posted in March 2008

Manage Your Risk Before It Mangles Your Business

3/31/2008
Informationweek has a good long piece on risk management that will more than repay your attention -- if only in calling your attention to the rapidly evolving nature of risk management -- and the risks we all need, or at least seek, to manage.

Post a Comment

Passport Privacy Problem Offers Business Lessons

3/21/2008
The current news cycle hot-button -- State Department contractors poking into Barack Obama's passport files -- will give the pundits plenty to spout and sputter about from all sides. It should give small and midsize businesses pause to consider some of their own security procedures, policies and potential vulnerabilities.

Post a Comment

Disaster Recovery: Practice = Protection

3/11/2008
How prepared can you be for a data disaster? Clearly the answer is never enough -- no matter how prepared you are, the recovery will undoubtedly reveal aspects of your preparation that can be improved upon. So why not start scouting out those improvable aspects before disaster strikes? Why not practice for problems and rehearse your recovery? Doing so now might eliminate post-disaster disasters later.

Post a Comment

Missing White House E-Mail -- Politics Or Bad Tech Policy?

3/5/2008
The White House's assertion that as many as 5 million e-mails have gone missing has raised a lot of political hackles on both sides of the aisle and throughout the pundit-sphere over the last couple of years. Far less attention has been paid to a far more serious (and less politically secular) question: just what is the tech infrastructure underlying the White House's electronic communications?

Post a Comment

A Dozen Thumb Drives With Security Features

3/3/2008
Thumb drives are convenient, cheap -- and all too easily lost, stolen, left behind or otherwise compromised... with potentially catastrophic consequences. Informationweek recently took a look at twelve drives that include security features.

Post a Comment
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.