Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How To Avoid Collateral Damage In Cybercrime Takedowns
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
7/3/2015 | 10:42:27 AM
Re: More Stringent Vetting Process
> Even though you used reductio ad absurdum to make it

What's wrong with that?  :p  It's a technique, not a logical fallacy.

> I don't think registration of trusted parties is comparable to a myriad of ID's.

Just another form of multifactor identification.  ;)

In any case, tell NSTIC that...
RyanSepe
RyanSepe,
User Rank: Ninja
7/2/2015 | 7:42:08 AM
Re: More Stringent Vetting Process
Very much agree with your statement. Even though you used reductio ad absurdum to make it as I don't think registration of trusted parties is comparable to a myriad of ID's.

To your point, balance is important. Otherwise, other methods that provide an increased ease of use will be leveraged and those could contain even less security measures then the previously mentioned. This premise is not exclusive to OpenDNS.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
6/30/2015 | 11:03:41 PM
Re: More Stringent Vetting Process
Well, that's always the detriment/tradeoff, isn't it?  Alas, security and accessibility are fated to be eternal mortal foes.

We could secure access to email and other systems rather well by eliminating networks altogether by requiring face-to-face authentication at a designated computer terminal with three forms of government ID, along with eye and fingerprint scans, but that would be highly impractical.  Cybersecurity is only partly about protection; it's about finding the balance -- the line -- in that tradeoff between functionality and protection.
RyanSepe
RyanSepe,
User Rank: Ninja
6/25/2015 | 11:37:23 AM
More Stringent Vetting Process
I think a better approach from a security standpoint would be a more stringent registration practice. This way, all malicious intenders would have a more difficult time getting into the "group". This would minimize the collateral damage substantially as any outside the database could be purged with minimal risk. Some would slip through obviously but revocation is always available upon discovery. Benefits: It would strengthen security posture. Detriments: It would take longer to register due to more stringent protocols and handling. This is also dependent on a centralized model of DNS providers.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4282
PUBLISHED: 2022-12-05
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VD...
CVE-2022-4281
PUBLISHED: 2022-12-05
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely...
CVE-2022-41807
PUBLISHED: 2022-12-05
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASK...
CVE-2022-41830
PUBLISHED: 2022-12-05
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKa...
CVE-2022-42496
PUBLISHED: 2022-12-05
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.