Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why Identity Has Become A Top Concern For CSOs
Threaded  |  Newest First  |  Oldest First
MattS054
100%
0%
MattS054,
User Rank: Apprentice
2/14/2017 | 4:41:24 PM
The Much Needed Evolution of IP
The protocol we're using today to power global commerce over the Internet was developed almost 50 years ago. Development efforts in the late 1960s and early 1970s created the TCP/IP protocol, which was originally designed to allow smaller local networks to communicate between short distances in ways they had never before. However at the time of its inception, reliability was the only concern as the idea of security was a man with a machine gun guarding the facility. Despite being an incredible development, as a result we are left with a protocol that is incredibly reliable, yet inherently unsecure as trusted identities was not part of the design. This has led to today's environment, where components are bolted-on for security, rather than baked in from the start. And given the number of data breaches we see in the headlines, we can all see how that's working out.

The time has more than come to re-evaluate the Gremlin of Internet protocols, TCP/IP. The Internet Engineering Task Force recently approved a standard-track network security protocol: The Host Identity Protocol, which many in the IETF community recognize as the next big change in IP-architecture. The protocol has been under development for nearly 20 years, in coordination with standards bodies, as well as many large corporations (Verizon, Ericson, Yokogawa, etc.).

HIP is an alternative encryption technology that was first deployed within the defense and aerospace industry, where nation-state attacks occur every hour. Specifically designed to be secure by default, HIP shifts the network trust model completely, by introducing trusted cryptographic identities within any network.
UnHackable.Rocks
50%
50%
UnHackable.Rocks,
User Rank: Apprentice
6/25/2017 | 4:10:46 PM
Unicorn UnHackable Servers... 1 Group of them UnHacked since 1999. Hows your Record?
Subject line says it all.  UnHackable.Rocks


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...