Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Security's Past Gives Hints To Its Future

Julius Caesar didn't see the need for a bodyguard when he went to the floor of the Roman senate on a March day in 44 B.C. That little oversight cost him 23 stab wounds and the throne of the empire. More than 1,900 years later, Abe Lincoln entered the presidential box at Ford's Theater in Washington, D.C. -- again, no bodyguard seemed necessary. We all know how that decision turned out.

Julius Caesar didn't see the need for a bodyguard when he went to the floor of the Roman senate on a March day in 44 B.C. That little oversight cost him 23 stab wounds and the throne of the empire. More than 1,900 years later, Abe Lincoln entered the presidential box at Ford's Theater in Washington, D.C. -- again, no bodyguard seemed necessary. We all know how that decision turned out.In fact, you could argue that history is full of poor security decisions, including many that have been made over and over again. Sometimes a look back at history makes you want to go back, shake the principals by the lapels, and say, "not again! Haven't you learned anything?"

Which brings us, inevitably, back to the subject of IT security.

This week we're celebrating the third birthday of Dark Reading, which launched its maiden story on May 1, 2006. One of the goals of the site was to cover everything that had to do with computer security, from bug reports and major breaches to best practices and product news. Our idea was to give security pros a single place to look for news and information, whether they wanted to know about the latest application vulnerabilities or develop an RFI for a new firewall.

The site still has plenty of flaws, but one thing we've successfully built is a pretty nice archive of what's happened in the industry during the past few years. If you enter the work "vulnerability" in our search bar, you'll find almost 1,000 stories. "Insider" brings up 365 articles. "XSS" -- the acronym for cross-site scripting -- will net you 84 different items. We've started to develop a little bit of searchable history on the site, giving you a bit of a window into what has happened in many different areas of IT security.

As I look back over the content we've published during our short life on the Web, I'm struck by how many times organizations have made the same mistakes over and over again. The lost laptop that exposed the personal data of millions of soldiers at the Department of Veterans Affairs in 2006 doesn't seem very much different than the lost laptop that exposed the data of more than 225,000 individuals at the Oklahoma Housing Finance Agency this past weekend. The P2P vulnerability that exposed thousands of Pfizer employees to identity theft in 2007 is the same sort of flaw that exposed the president's Marine One helicopter plans to users in Iran just one month ago.

Clearly, malware is proliferating with a pace and sophistication that has never been seen before on the Web -- and that's scary. But shouldn't we have already fixed these problems that have been happening for years and years? After 25 years of viruses, why are we still trying to convince employees not to click on links from unknown email senders? A recent study by Verizon Business Systems indicates that more than 90 percent of security breaches are the result of hacks and vulnerabilities that are more than 2 years old.

Not again! Haven't you learned anything?

As we enter our fourth year of serving the security community, we at Dark Reading would like to thank you, our readers, for your interest and loyalty since we opened our home page in 2006. We hope we've helped to inform you of some of the newest hacks on the Web, and gave you the information you needed to protect your organization against the most innovative new threats.

At the same time, however, we invite you to take a look back through the history of attacks we're amassing on the site. See anything familiar? You're not the only one. Attackers often like to exploit old vulnerabilities, as well.

It's hard for an old newsman to admit, but maybe we ought to spend a little less time focused on the industry's newest threats and a little more time focused on the ones that have consistently come back to bite us, again and again, during the relatively short history of computer security. Maybe learning from old mistakes is just as important as avoiding new ones.

In any case, we at Dark Reading are committed to spending the coming year doing what we've been doing since 2006 -- bringing you the latest news, analysis, opinion, and product news that the industry has to offer. We know that in order to do your job, you need to understand the full spectrum of threats to your business, both old and new, and that your livelihood depends on getting the information you need -- when you need it. We also know that in many cases, those who don't learn from history -- even just a few years of it -- may be doomed to repeat it.

Just ask Honest Abe.

-- Tim Wilson, Site Editor, Dark Reading Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27852
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2021-3137
PUBLISHED: 2021-01-20
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
CVE-2020-27850
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2020-27851
PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
CVE-2020-13134
PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...