Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Keith Ferrell
RSS
E-Mail

Profile of Keith Ferrell

News & Commentary Posts: 437
Articles by Keith Ferrell
posted in September 2007

Getting to the Real Endpoint of Endpoint Security

9/26/2007
Endpoint device and access control for small to midsize businesses is itself becoming a big business, with vitually every major security vendor offering device and access control programs tailored -- and increasingly priced -- for the market.

Post a Comment

Secure Computer Recycling II

9/21/2007
The first step (admittedly paranoid but also, I think, practical) in recycling computers is to physically remove any storage devices. The second is to smash those devices to smithereens. The third step is to find the right place to drop off the now storage-less (and business data-less) remains of the computer.

Post a Comment

What ISPs Are Scared Of

9/20/2007
A new study of Internet service providers (ISP) and their top security concerns lets us know what they're most scared of: armies of zombie computers mounting huge distributed denial of service (DDoS) attacks.

Post a Comment

Cybercrooks Outpacing Cybercops: McAfee

9/19/2007
It's that time of year when the major security vendors release updates, upgrades... and public statements. McAfee's CEO this week pointed out that cybercrime is now bigger than the illegal drug trade -- and continues to grow.

Post a Comment

Cybercrime Gets More Organized

9/17/2007
The increasingly organized -- and commoditized -- nature of cybercrime should make all of us more alert than ever to the risks our information, and our customers' information, face on our networks.

Post a Comment

Don't Do As TD Ameritrade Does -- And Don't Do As They Say, Either

9/14/2007
The security breach that let spammers get hold of as many as 6.3 million TD Ameritrade customer names, phone numbers and e-mail addresses is being spun as a "Well, they didn't get Social Security numbers, account numbers, PINs or other confidential info; still we apologize for any inconvenience or annoyance," sort of problem. Mistake. Big mistake.

Post a Comment

QuickTime Patch Procrastination Poses Firefox Problems

9/13/2007
Said it before, say it again: Bad enough to have flawed and vulnerable software out there, but probably unavoidable as code gets more and more complex. Completely unavoidable and equally inexcusable is letting a known vulnerability languish for any amount of time, much less a full year. Yet that's exactly what Apple's done with a QuickTime media player security hole that's been known of for at least that long.

Post a Comment

Company Computers Not Safe At Home

9/12/2007
A warning from Computer Associates that home computers are increasingly vulnerable and threatened -- surprise! -- set me to wondering how many of those computers aren't really home computers at all, but business computers used at home... and, more critically, used at home by people other than the authorized employee.

Post a Comment

Skype Worm Bubbles Up

9/11/2007
The latest worm wriggling from Skype (for Windows) user to Skype user by way of the network's chat function gives a good opportunity to remind employees not to click on unexpected messages or images on free VoIPware any more than they should anywhere else.

Post a Comment

Botnet Storm Surge: Insecurity In Numbers

9/10/2007
Whatever the summer heavy weather season has been like in your neck of the woods, the cyber-season saw the explosive growth of a monster security storm. After building strength all year, the Storm botnet worm has created a zombie grid so large that it could be a threat to... pretty much whatever the hackers who created it want it to be a threat to.

Post a Comment

Bandwidth Is A Business Security Matter, Too

9/7/2007
The more we can get, the more want to get -- nowhere truer than on the Internet, and getting truer by the day as rich video, audio, effects and extras become an expected part of the traffic. Not just entertainment traffic -- more and more small to midsized businesses are taking advantage of rich media and Web 2.0-ish techniques to send sophisticated sales, marketing and communications signals. But is their richness a business risk? It may be if your customers are Comcast customers.

Post a Comment

Recycle Your Computers -- Not Your Business Info

9/4/2007
The news that Sony's opening a number of electronics recycling centers across the country is good news for businesses that have stacks and scads of old, outdated, underpowered and otherwise unused computers and other electronic devices cluttering their closets and storage spaces. (It's even better news for landfills, which do not need the toxic materials the devices contain.) Just be sure that what you're putting into the system is the equipment, not your business data.

Post a Comment
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...