Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Patricia Keefe
RSS
E-Mail

Profile of Patricia Keefe

News & Commentary Posts: 25
Articles by Patricia Keefe

Should IT Departments Oversee Spying Operations?

4/6/2007
Wal-Mart always seems to be in the news for one reason or another. Supporters tout its pioneering marketing model and groundbreaking success in offering low-cost goods to consumers and keeping operational costs low. And then there is Wal-Mart's leading-edge IT department and its cutting-edge use and investigation of bleeding-edge technology -- ever in the pursuit of keeping costs low and maximizing profit.

Post a Comment

The TJX Haul: Largest Ever AND The Perfect Crime?

3/30/2007
The California Secretary of State web site gets to keep it's title as number one in the race to be the longest running data breach. It left three years of files exposing personal data up online, practically for the taking. But the TJX Companies take the cake when it comes to known harm. The company has the dubious distinction of having the largest ever number of stolen credit and debit cards - 45.7 million - whi

Post a Comment

Got Time?

3/2/2007
That whole time-change thing that has everyone rolling their eyes -- you know, early daylight-saving time? OK, it's not Y2K. (What could be?) And as I noted in a recent column (which goes into this issue in greater detail), no one is talking disasters of biblical proportions. But there is a little more to this than the momentary irritation of missed appointments and calendars being off an hou

Post a Comment

Combating The Black Market In Personal Data

2/9/2007
Be afraid, be very afraid - but read today's cover story on the hacker economy anyway. It will both fascinate and scare the pants off you at the same time, as it details how our personal identities and financial histories are harvested, dissected in online chop shops and sold in multi-pack bundles to anyone willing to fork over a small investment in cash in return for making a big score in hours or days. (If you read nothing else, che

Post a Comment

Trust: It's A Terrible Thing To Waste

1/18/2007
Kill me now. The latest data hack at the TJX companies has me, and a lot of other people I know, on the edge of their seats. We shop a lot at the TJX family of companies -- T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright and Bob's Stores -- and yesterday's announcement that the company had been hit hard by a data hack is not sitting well.

Post a Comment

Making A List And Checking It Twice

11/21/2006
Thanksgiving on the doorstep means December is just around the corner, bringing with it expressions of cheery good will to all buttressed by those endless, frantic holiday to-do lists. This year, though, before turning out the lights to hit the company party, IT is going to have to check off one more item, and it's a doozy.

Post a Comment

A Lesson Plan For The Department Of Education

8/28/2006
Another week, another preventable exposure of citizen data at a government agency. Last week's spillage in the spotlight came courtesy of the U.S. Department of Education. A glitch in a new software program created a situation where the wrong client data was being shown to people trying to update their student loan accounts. After a number of complaints, the ED shut down the affected Web pages. Then, apparen

Post a Comment

Dude! Wanna Be In The National Student Database?

7/18/2006
It's been a while since I've been in college or hung around with anyone who is, but I distinctly recall that no matter who was paying the freight, a student's grades were delivered only to the student. Even paying parents had no right to see the results. In the weird halfway house of adulthood that makes up the college experience, students are considered adults in some areas, children in others. Grades fell into the adult side of the class. And my guess is this goes for student health and other

Post a Comment

Upping The Ante On Data Collection

6/27/2006
So much about the overall issue and recent incidents of data loss are astounding, it's hard to know where to start. One good place is the Privacy Rights Clearinghouse, which offers up some sobering statistics on stolen data: Since Feb. 15, 2005 there has been over 200 data breaches (with some companies starring as repeat offenders) affecting the data of 88,399,953 individuals. At least - that's what's been report

Post a Comment

Homeland Insecurity

12/19/2005
It's interesting that our government is so concerned about homeland security that it does not mind bypassing secret courts to even more secretly eavesdrop on citizens, and yet it cannot seem to find the time, energy, and/or dollars to successfully bring its own agencies up to snuff security-wise.

Post a Comment

Baked-In Security

9/7/2005
While much of the Monday-morning quarterbacking of the response to Hurricane Katrina revolves around poor communication, bureaucratic missteps, sluggishness, and red tape on both the state and federal levels, the disaster got me thinking about something entirely different: the readiness of our national infrastructure--roughly 80% of which lies in private hands--to withstand or bounce back from a disaster or cyberattack of similar proportions.

Post a Comment

Data Security: IT's Oxymoron

6/22/2005
In case you haven't noticed, the last decade in banking has been all about mergers (each one bigger than the last), big-buck CEOs, increasing fees, and decreasing access to human beings. Sure, some consumer accounts got lost or crunched in the slamming together of newlywed bank systems, but who cared? Not the regulators and not the banks.

Post a Comment

Security Is the New Cold War

5/27/2005
Electronics, technology and ubiquitous computing have made the world a far more convenient and efficient place to live. The speed with which the things we can now do, get done, is as mind boggling as is the rate at which they quickly become obsolete, or melded with yet another cool, useful technology. Just look at the speed with which cell phones have been turned into the Swiss Army Knife of personal technology. Nevermind calling, it's fundamental use. How 80s.You can use cell phones today to ta

Post a Comment
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26180
PUBLISHED: 2021-07-28
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
CVE-2020-5341
PUBLISHED: 2021-07-28
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated ...
CVE-2020-5351
PUBLISHED: 2021-07-28
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privilege...
CVE-2021-32788
PUBLISHED: 2021-07-27
Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal mes...
CVE-2021-32796
PUBLISHED: 2021-07-27
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes durin...