Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Keith Ferrell
RSS
E-Mail

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell
posted in July 2008

DNS Woes: How Worried Should You Be? Pretty Dang Worried!

7/25/2008
Yesterday's news that the first DNS attack strategies are circulating was no surprise: once a vulnerability -- large, small or in-between -- is discovered, the exploit code follows like rats nipping at the heels of the Pied Piper. The question is, how worried should you be about this particular vulnerability? Pretty worried, is my take.

Post a Comment

DNS Flaw Attacks Coming: Patch Now!!!

7/24/2008
The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)

Post a Comment

Why Isn't Internet Infrastructure Security A Bigger Issue?

7/14/2008
The ongoing debate and discussion about the domain name server vulnerability disclosed last week may be getting a bit of traction in the world beyond IT, but the size and potential seriousness of the problem ought to raise other questions: Namely, why the security of the Net itself, as well as its users, doesn't loom larger (or at all) on the campaign trails.

Post a Comment

New Media Trojan Exploits Bad Old Piracy, P2P Habits

7/11/2008
A particularly aggressive new Trojan takes advantage of the oldest of vulnerabilities -- human nature. Hiding in pirate software sites, the Trojan infects the music and video files of illegal software seekers, then spreads when those files are peer-shared.

Post a Comment

Justice Breyer's Data Exposure A Reminder Of P2P File Risks

7/10/2008
The news that Supreme Court Justice Stephen Breyer's personal information was among thousands of other personal data files compromised as a result of a file-sharing snafu raises a couple of issues, chief among them whether or not peer-to-peer file sharing via public programs is ever appropriate for business info.

Post a Comment

Faster Laptop Check-Throughs May Be In The Bag

7/3/2008
Just in time for higher airline ticket prices, reduced numbers of flights and capacities, cutbacks in travel budgets and the rest of the annoyances and irritations of what are quickly becoming the unfriendly skies, a new approach to laptop/notebook cases promises to speed road warriors' transit through airport security checks.

Post a Comment

Player Beware: PS3 Site Hacks Can Game Your Systems

7/2/2008
Whether or not you're a gamer, the detection of malware infestation on the Sony USA PlayStation Web site should give you pause. Compromises of popular commercial sites -- the sorts that employees and family members might visit, even if you don't -- are precisely the sort of thing that can have anything but a playful effect on your business.

Post a Comment

Mishandling Information Overload A Security and Legal Risk

7/1/2008
Small and midsize businesses generate digital information a furious rate -- same as bigger business (and individuals, for that matter.) What to save and what to toss -- and the consequences of either -- looms large among security, business, compliance and fiduciary concerns. A new slideshow offers some interesting and provocative takes on taking out (and keeping in) the digital trash.

Post a Comment
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24288
PUBLISHED: 2021-05-17
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
CVE-2021-24289
PUBLISHED: 2021-05-17
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
CVE-2021-24290
PUBLISHED: 2021-05-17
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
CVE-2021-24292
PUBLISHED: 2021-05-17
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The â€&oe...
CVE-2021-24295
PUBLISHED: 2021-05-17
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via...