Dark Reading | Security | Protect The Business

Large Attacks Hide More Subtle Threats In DDoS Data

May 18, 2013

While distributed denial-of-service attacks topping 100Gbps garner the headlines, they are not the threat that should worry most companies

| Read Article >>
More >>

The Future Of Web Authentication

May 20, 2013

After years of relying on passwords, technology vendors -- and enterprises -- are ready for new methods of proving user identity

| Read Article >>

Strategies For Improving Web Application Security

May 20, 2013

Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure

| Read Article >>
More >>

Websense Signs Definitive Agreement To Be Acquired By Vista Equity Partners

May 20, 2013

Shareholders to receive $24.75 per share in cash in transaction valued at approximately $1 billion

| Read Article >>
More >>

Today from Dark Reading

Tim Wilson

Rethinking Identity Management

Secret identities are a good thing. Multiple identities? Not so much

| Read Article >>

Commentary

Security War Games

By David Schwartzberg
Sophos

Information security keeps evolving but our educational methods are not evolving rapidly enough to win the cold cyberwar.

| Read Article >>
Why Database Monitoring?

By Adrian Lane

Hoping other people detect your breach before you lose millions is not a good strategy

| Read Article >>
Know Your Pen Tester: The Novice

By Vincent Liu

Beware of the tool-obsessed pen-tester

| Read Article >>
Use A Human Trust Model For Endpoints

By Tim Rohrbaugh

Use anthropomorphic references to engage your brain and strengthen your approach to security

| Read Article >>
The Dragon In The Room

By Kelly Jackson Higgins

China, China, China

| Read Article >>
I Think We're All Botnets On This Bus

By Wendy Nather

How many undercover researchers can fit under one cover?

| Read Article >>
Five Questions To Ask When Choosing A Threat Intelligence Service

By Tim Wilson

Threat intelligence services are becoming an essential weapon in the enterprise security arsenal. Do you know how to choose one?

| Read Article >>
Panic Now

By Glenn S. Phillips

There is a big difference between panic and anxiety

| Read Article >>

More >>

Labs Insights

David Schwartzberg
Sophos

Security War Games

Information security keeps evolving but our educational methods are not evolving rapidly enough to win the cold cyberwar.

| Read Article >>

More SophosLabs Insights >>

Products & Releases

More >>

Best of the Web

More >>

Security Video

More >>

Dark Reading Slideshows

More >>

News

'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others

Operation Hangover signals new franchise model in cyberespionage with cyberspying services for hire

| Read Article >>
The Future Of Web Authentication

After years of relying on passwords, technology vendors -- and enterprises -- are ready for new methods of proving user identity.

| Read Article >>
Large Attacks Hide More Subtle Threats In DDoS Data

While distributed denial-of-service attacks topping 100 Gbps garner the headlines, they are not the threat that should worry most companies

| Read Article >>
Black Hat USA 2013 Rolls Out SIM Card, Femtocell Hacking Talks

Organizers have confirmed some early details on Briefings talks

| Read Article >>

More >>

Quick Hits

Strategies For Improving Web Application Security

Web apps are essential to your business -- and easy targets for hackers. Here are some tips for keeping them secure

| Read Article >>
Pakistan Hit By Targeted Attack Out Of India

Information-stealing malware campaign spreads via phishing email attachments posing as Indian military secrets

| Read Article >>

More >>

Events

Last Post

Maybe that's what used up all of the IPv4 addresses. They are all being used as honeypots

Follow Dark Reading

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

Tech Insight

04.26.2013
Time To Set Up That Honeypot

03.12.2013
Securing Cisco IP Telephony

02.17.2013
Attribution Is Much More Than A Source IP

02.14.2013
New CA Group Has Big Names, Small Impact

02.04.2013
How To Build An IT Security Budget

01.22.2013
5 Approaches To Decaffeinating Java Exploits

06.01.2012
Making Data Leak Prevention Work In The Enterprise

Bugs

Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database

CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Today from Dark Reading

Commentary

Products & Releases

Best of the Web

Security Video

Dark Reading Slideshows

News

Quick Hits

Events

UBM Tech Events

Black Hat Events

Other Security Events

Last Post

Follow Dark Reading

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

Tech Insight

Bugs

Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database