Dark Reading | Security | Protect The Business

Large Attacks Hide More Subtle Threats In DDoS Data

May 18, 2013

While distributed denial-of-service attacks topping 100Gbps garner the headlines, they are not the threat that should worry most companies

| Read Article >>
More >>

The Future Of Web Authentication

May 20, 2013

After years of relying on passwords, technology vendors -- and enterprises -- are ready for new methods of proving user identity

| Read Article >>

IDs Of 22 Million At Risk Following Breach At Yahoo Japan

May 21, 2013

Yahoo Japan officials say they "can't deny the possibility" of epic data breach

| Read Article >>
More >>

Websense Signs Definitive Agreement To Be Acquired By Vista Equity Partners

May 20, 2013

Shareholders to receive $24.75 per share in cash in transaction valued at approximately $1 billion

| Read Article >>
More >>

Today from Dark Reading

Adrian Lane

Why Database Monitoring?

Hoping other people detect your breach before you lose millions is not a good strategy

| Read Article >>

Commentary

Rethinking Identity Management

By Tim Wilson

Secret identities are a good thing. Multiple identities? Not so much

| Read Article >>
Security War Games

By David Schwartzberg- Sophos

Information security keeps evolving, but our educational methods are not evolving rapidly enough to win the cold cyberwar

| Read Article >>
Know Your Pen Tester: The Novice

By Vincent Liu

Beware of the tool-obsessed pen-tester

| Read Article >>
Use A Human Trust Model For Endpoints

By Tim Rohrbaugh

Use anthropomorphic references to engage your brain and strengthen your approach to security

| Read Article >>
The Dragon In The Room

By Kelly Jackson Higgins

China, China, China

| Read Article >>
I Think We're All Botnets On This Bus

By Wendy Nather

How many undercover researchers can fit under one cover?

| Read Article >>
Five Questions To Ask When Choosing A Threat Intelligence Service

By Tim Wilson

Threat intelligence services are becoming an essential weapon in the enterprise security arsenal. Do you know how to choose one?

| Read Article >>
Panic Now

By Glenn S. Phillips

There is a big difference between panic and anxiety

| Read Article >>

More >>

Labs Insights

David Schwartzberg- Sophos

Security War Games

Information security keeps evolving, but our educational methods are not evolving rapidly enough to win the cold cyberwar

| Read Article >>

More SophosLabs Insights >>

Products & Releases

More >>

Best of the Web

More >>

Security Video

More >>

Dark Reading Slideshows

More >>

News

Myth-Busting SQL- And Other Injection Attacks

Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks

| Read Article >>
Black Hat 2013 Showcases Home Security, Bootkits, Cellular OPSEC Failures

Black Hat announces three more featured talks

| Read Article >>
Even SMBs Should Look To Log Management For Security

A firewall, patch procedure, anti-malware and, possibly, an IDS are a good start. But to detect breaches, small and medium businesses should focus on logging activity and looking out for suspicious behavior

| Read Article >>
'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others

Operation Hangover signals new franchise model in cyberespionage with cyberspying services for hire

| Read Article >>

More >>

Quick Hits

The Eight Most Common Causes Of Data Breaches

Why do bad breaches happen to good companies? Here's a look at the most frequent causes

| Read Article >>
IDs Of 22 Million At Risk Following Breach At Yahoo Japan

Yahoo Japan officials say they "can't deny the possibility" of epic data breach

| Read Article >>

More >>

Events

Last Post

Maybe that's what used up all of the IPv4 addresses. They are all being used as honeypots

Follow Dark Reading

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

Tech Insight

04.26.2013
Time To Set Up That Honeypot

03.12.2013
Securing Cisco IP Telephony

02.17.2013
Attribution Is Much More Than A Source IP

02.14.2013
New CA Group Has Big Names, Small Impact

02.04.2013
How To Build An IT Security Budget

01.22.2013
5 Approaches To Decaffeinating Java Exploits

06.01.2012
Making Data Leak Prevention Work In The Enterprise

Bugs

Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database

CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Today from Dark Reading

Commentary

Products & Releases

Best of the Web

Security Video

Dark Reading Slideshows

News

Quick Hits

Events

UBM Tech Events

Black Hat Events

Other Security Events

Last Post

Follow Dark Reading

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

Tech Insight

Bugs

Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database