Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Akamai Withdraws Proposed Heartbleed Patch
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/14/2014 | 4:34:33 PM
Dark Corners of Security
SSL encryption is just one small aspect of security in this digital age, albeit an important one, since the padlock icon is probably the dominant symbol of trust in the mind of an online consumer, about to part with her coveted credit card information. However, if you consider all the online accounts she may have, and how many passwords that would be to remember individually (she has to write them down somewhere) and the fact that most allow login using an email address, then the possibility of duplicating passwords over multiple logins is quite likely (or just one, say Facebook?). Therein lies a serious breach issue.  As a responsible designer do you ensure your client's passwords are stored in the database in encrypted form?

Now consider the shared information in the "bright" web. Advertizing (somewhat) miraculously appears on the website she next visits relating to good/services searched for on another. But wait, what if this is a shared computer, is it now just simply a harmless random ad, or is her personal information being unwittingly disclosed?
Charlie Babcock
Charlie Babcock,
User Rank: Ninja
4/14/2014 | 3:47:51 PM
The kind of assurance that is not reassuring
Akamai CSO Andy Ellis says " we had a bug" in withdrawing Akamai's OpenSSL HeartBleed patch. It  seems like more than a bug. It seems like a fundamentally flawed approach to security. This is not reassuring.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
PUBLISHED: 2022-06-28
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
PUBLISHED: 2022-06-28
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
PUBLISHED: 2022-06-28
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.