Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Simple Security Is A Better Bet
Newest First  |  Oldest First  |  Threaded View
Shidisu
50%
50%
Shidisu,
User Rank: Apprentice
11/18/2013 | 10:20:14 PM
re: Simple Security Is A Better Bet
Your analogy is flawed. Its more like "Well, he really should have this <insert complexity=""> and that <insert complexity=""> to be 99% cured, but since this guy is performing the procedure himself and dosnt have the expertise/time/resources to get to 99%, he can perform a simpler procedure that will get him to 90% NOW and will be able to get the other 9% down the road.</insert></insert>
knowlengr
50%
50%
knowlengr,
User Rank: Apprentice
11/16/2013 | 5:41:42 AM
re: Simple Security Is A Better Bet
So you go to the hospital and you overhear the physicians saying, "Well, he really needs this <insert complexity=""> and that <insert complexity="">, but since this guy doesn't know the difference, let's go with something simple instead.

Speaking of simple, the Schneier link has been moved.</insert></insert>
webbjh3
50%
50%
webbjh3,
User Rank: Apprentice
11/15/2013 | 9:38:57 PM
re: Simple Security Is A Better Bet
Adrian, I fully support the idea of simplifying our systems and our lives. However, one solution that addressed all use cases? I really would like for you to share that silver bullet with us all... As a very small start up I am already looking at 5-6 technologies.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki &quot;Report&quot; extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a &quot;zip-slip&quot; vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions &lt; 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting