Comments
Vigilante Justice on the Digital Frontier
Newest First  |  Oldest First  |  Threaded View
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/16/2014 | 10:16:22 AM
Re: Vigilante Justice Catching Innocent Bystanders/Business in the digital age
This is a fascinating account of how a business can be dragged into a server shutdown if accused of harboring malware. I can understand how there would be zero tolerance for malware, but on the otherhand this can exact a heavy toll on customers relying on the business whose servers are temporarily shutdown.

With the growing use of managed services in financial markets, many securities and investments firms rely on hosted applications. I am curious if the scenario of policing malware in the digital ages comes up in these agreements. Would the hosting servces shut down an application for live trading or risk management if they detected malware?
Becca L
50%
50%
Becca L,
User Rank: Author
7/16/2014 | 12:55:26 AM
Re: Vigilante Justice Catching Innocent Bystanders/Business in the digital age
Thanks for sharing, Wayne. This is an interesting problem we don't hear about too often. Thee consequences are clearly significant, and it's interesting to see hosting sites take matters into their own hands to protect their business.
Wayne.Olson
50%
50%
Wayne.Olson,
User Rank: Apprentice
7/15/2014 | 6:56:04 PM
Vigilante Justice Catching Innocent Bystanders/Business in the digital age
My wife and I both were caught a number of years ago in this very same situation where the hosting company was complete taken down along with a bunch of us innocent business and our web sites.  They did eventually come back up but it took several days and the potential losses were bad enough that we moved to a new hosting company.  The reason they taken down was the abuse being reported by a couple of web sites they had been hosting again unbeknownst to the hosting service provider.

Just wanted to say that happened in the early 2000s and since we moved we have had no problems other than technical with our hosting service.

 

Wayne.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.